NUPI, represented by its director, is responsible for the entity’s processing of personal data.
2. Data protection officer
NUPI has a data protection officer responsible for ensuring that the management complies with privacy requirements when processing personal data on employees and users. The data protection officer has an independent role.
The Norwegian Centre for Research Data (NSD) is NUPI’s data protection official for research. The data protection officer acts as the intermediary between the Institute and the NSD and is responsible for ensuring that NUPI’s research practice complies with the General Data Protection Regulation at all times.
3. Online processing of personal data
It is voluntary for visitors to our website to enter personal data for services such as signing up for newsletters, registering for events etc. Unless otherwise specified, individual consent forms the grounds for processing. Consent may be withdrawn at any time by emailing firstname.lastname@example.org.
Personal data is stored for a maximum of 6 months for security purposes and for use in biannual reports to the Norwegian Ministry of Education and Research, NUPI’s owner.
3.1 Web analysis and cookies
An important part of our efforts to provide a user-friendly website consists of examining the usage patterns of our website’s visitors. To analyse this information, we use the analytical tool Google Analytics.
IP addresses are defined as personal data because they can be traced back to specific hardware and therefore a specific individual. NUPI uses Google Analytics’ tracking code, which anonymises the IP address before the information is stored and processed by Google. As a result, the stored IP address cannot be used to identify individual users.
NUPI stores information about the search terms entered by users on our websites in Ibexa DXP and Google Analytics. We store the terms in order to improve the information we offer. Search usage patterns are stored in aggregated form. Only the search term is stored, and cannot be linked to other user data, such as IP addresses.
3.3 The sharing function
The ‘Share with others’ function can be used to forward links to our website by email, or to share content on social media. We do not log data about the use of this function. However, we cannot guarantee that the social media platforms used do not log this data. Any such service should therefore be used with care. If a website visitor selects the email function, we will only use the email addresses supplied to forward the email; nothing is stored.
All who wish to do so have the option of subscribing to NUPI’s newsletter and information about our events. To ensure that we email the correct person, we need to register the subscriber’s name and email address. This data is not shared with other entities and is deleted if and when the subscriber decides that they no longer wish to receive information from us. We will also delete the information if we receive feedback indicating that the email address is no longer active.
NUPI uses external suppliers to collect and store this data
When signing up for seminars and events, we ask for the attendee’s name, organisation, email address and sector. With the exception of an attendee’s name and organisation, which we sometimes publish on attendance lists after obtaining explicit consent, this data is not shared with others. NUPI stores the data for a maximum of 6 months for security and reporting purposes, and to provide event information.
NUPI uses external suppliers to collect and store this data.
All job applications for positions at NUPI are made through the recruitment portal JobbNorge. Applicants are informed of NUPI’s privacy routines and which data will or may be stored about employees during their employment, as well as their right of access and right to have data corrected and supplemented. This information is supplied in the written confirmation that is sent to all applicants to confirm receipt of their application.
7. Personnel data
As an employer, NUPI stores data on employees for payroll administration purposes and to fulfil other personnel obligations. Personal data is stored for as long as required for the employment. NUPI has a supply agreement with the Norwegian Government Agency for Financial Management (DFØ) for use of the systems SAP, Agresso and Contempus.
8. Rights of the data subject
Individuals registered in NUPI’s systems are entitled to a confirmation that NUPI is processing their data and if so a copy of the data NUPI has registered on them.
The data subject has a right to object to NUPI processing their data. If the data proves incorrect or incomplete, or if NUPI comes to process personal data we do not have grounds for processing, the data subject has a right to demand that NUPI corrects, supplements or deletes the data within 30 days of being notified. The data subject has a right to demand that, during the time it takes NUPI to verify the validity of the processing, the processing of their data is restricted. The data subject has a right to receive, in a structured, readily available and machine-readable format, the personal data they have provided to NUPI, and a right to transfer said data to another controller.
In order to exercise your rights, email email@example.com
The data subject also has a right to complain to the Norwegian Data Protection Authority (DPA) of any processing that is in contravention of the privacy regulations in force at a given time.
NUPI does not share registered personal data with other controllers or countries outside the EU/EEA.
9. How to manage cookies in your browser
Controller: the Norwegian Institute of International Affairs, firstname.lastname@example.org
C.J. Hambros plass 2D
PB 7024 St. Olavs Plass
Data Protection Officer: Christel Nguyen, Senior Adviser, email@example.com