Privacy policy

Diku is the owner of the webpage studyinnorway.no. This privacy policy describes how Diku collects and processes personal data.

Below you will find a general overview over the various context where we collect such data, how the data is processed by us, and which rights you have in relation to our processing of data connected to your person. The responsibility for our processing of personal data is held by the Director General of Diku. 

The privacy policy is continuously updated to reflect changes in how we collect and process personal data. 

In what contexts does Diku collect personal data through studyinnorway.no?

In general, Diku receives and processes personal data in the following contexts:  

  • Use of the webpage and web-based services. 
  • Inquiries received by us
  • Requests for guidance
  • Registration for seminars/webinars etc. arranged by us.
  • Ordering of various forms of printed information that we prepare and distribute.
  • Participation in surveys and polls that we initiate .
  • Assessment of applications/nominations received in connection with our various programmes and schemes.
  • Submittal of various notes, reports and notifications etc., containing information connected to private persons.
  • Evaluations of programmes and schemes.
  • Production of relevant statistics for the educational sector.
  • Administration of employees, personal assignments and the like.
  • Keeping and ensuring access to public records 

What is registered when you use our webpages?

Web-analysis and ‘information cookies’

When you visit studyinnorway.no we use Google Analytics and Siteimprove to analyse the use of the sites. Google Analytics  and Siteimprove employ information cookies (small text files saved on the users’ device) registering the user’s IP address and providing information regarding the user’s navigation on our sites. Examples of what the statistics include is the number of users per site, how long the visits last, which webpage the used navigated from and which browser services are used. 

Read more about how to administer information cookies. 

The information is not tied to specific persons and are deleted at regular intervals. The information is used to cater for improved functionality on our webpage, and to increase the quality of the information provided. 

Google Analytics

The information collected via Google Analytics, is stored on Google’s servers in the USA and is subject to Google’s privacy policy. Information such as IP-address, timestamps, web addressHTTP status, the number of bytes sent, HTTP referer and HTTP user agent is also logged on our servers. We also store information about keywords users apply in the search fields available studyinnorway.no. Also this information is deleted at regular intervals.

The legal basis for such processing is the General Data Protection Regulation (GDPR) article 6, para. 1 f), which allow processing based on legitimate interests when this does not contradict central privacy interests. The legitimate interest is to ensure proper maintenance and development of our web services. 

Siteimprove    

Siteimprove is a tool we use to make all our webpages better for the end-user. Siteimprove helps us detect misspellings, issues with accessibility and broken links, and we can also see how the users navigate through our web pages. All ip-addresses are anonymized.

Hotjar

We use the technology service Hotjar to better understand the needs of our visitors and to optimalise the experience of www.studyinnorway.no. This makes us able to further develop and maintain our service based on feedback from our visitors. Hotjar is using information cookies and other technology to collect data on the visitors pattern and their units (in particular the IP-address – saved only in anonymous form), unit screen size, unit type (unique unit identificators), web reader information and geographical location (country only). Hotjar saves this data as pseudonymised user profiles. Neither Hotjar or Diku will use this information to identify the individual user, nor match it with additional data from individual users. For details, see Hotjars guidelines for privacy policy by clicking here. 

You can exclude Hotjar and all future tracking by following this link: https://www.hotjar.com/legal/policies/do-not-track/

What is registered when you contact us? 

Telephone

When you telephone us, your phone number and information about when you called and how long the call lasted, will be stored on the phone of the person you called. Such logs are necessary in order to ensure proper handling of cases/request and to answer your inquiries. If a telephone conversation is related to a specific case, we may also prepare a short note to be archived on the case, in line with the applicable rules for archiving of public documents.  
The legal basis for such processing is the General Data Protection Regulation article 6, para. 1 f), which allow processing based on legitimate interests when this does not contradict central privacy interests. The legitimate interest is to ensure an effective and proper public administration.  

E-mail

We use TLS encryption to secure our e-mail correspondence and the information we receive via e-mail. Most webmail services support such encryption, which then will serve to secure your e-mail correspondence with us. We nevertheless ask that you avoid sending information that you regard sensitive via e-mail, as we cannot guarantee that your e-mail service support TLS. In addition to such encryption, we also carry out virus and malware scans of all incoming and outgoing e-mails.

The legal basis for such processing is the General Data Protection Regulation article 6, para. 1 f), which allow processing based on legitimate interests when this does not contradict central privacy interests. The legitimate interest is to secure our IT infrastructure, and to ensure an effective and proper public administration.  

How is personal data collected and processed when you are in touch with us?  

Requests for guidance 

When you get in touch to for obtaining our advice, we may process personal data in order to provide such guidance. We store data insofar it is necessary to answer your requests. If you telephone us, we will store your telephone number and the duration of the call, plus any notes which may be taken, cf. above. If you contact us via e-mail, we will store your request, our answers and your e-mail address. If the matter is subject to the applicable rules regarding public access/archiving, the information will be stored for 25 years. 

The legal basis for such processing is the General Data Protection Regulation article 6, para. 1 e), which allow processing necessary for the performance tasks carried out in the public interest/exercise of official authority. Insofar your request contains special categories of personal data, the legal basis for our processing is article 9, para. 2) g).  

Registration for seminars/webinars etc. 

When we arrange seminars, webinars, conferences etc., we use various registration systems. Information collected during such registration may include i.a. names, e-mail addresses, job titles, organisations, payment details, health information (food allergies, special needs) and information related to reservation of accommodation. The information is solely used for administering participation in and execution of the relevant seminars etc., and is deleted when the relevant event is completed. Diku has entered into data processing agreements with the various service providers used in connection with such registrations, to ensure that your information remains safe.    

The legal basis for such processing is the General Data Protection Regulation article 6, para. 1 b), which allow processing information necessary prior to entering into a contract. Insofar your request contains special categories of personal data, the legal basis for our processing is article 9, para. 2) g).  

Participation in surveys and polls

When we carry out surveys and polls, we will always inform you of the purpose of the survey/poll, and whether it is anonymous or not. Diku will not share personal data received with any other party, and we will not use the information for any other purpose than that which the participants have been informed of.

If the survey/poll is anonymous, neither Diku or any external service providers will collect any personal data. If the survey is not anonymous, Diku and its service providers may identify the respondents. The legal basis for such processing is the General Data Protection Regulation article 6, para. 1 a), which allow processing of personal data when consent has been given to such processing. 

Material distributed via post

For information material distributed via post, Diku use various distributors. In order to execute such distribution, we need to collect names and post addresses for those interested. This information is shared insofar necessary with the distributors used, whom we also have entered data processing agreements with. 

The legal basis for such processing is the General Data Protection Regulation (GDPR) article 6, para. 1 a), which allow processing of personal data when consent has been given to such processing. 

Processing of applications/nominations in relation to our programmes and schemes

Upon receipt of applications to our various programmes and schemes, we receive and process various kinds of personal data. What information is requested will vary depending on the programme or scheme in question. 

Typical personal data received via applications to institutional projects may be name, contact details, job titles/organization for the project management etc. at the involved institutions, as well as information regarding relevant experience etc. (CV) for persons central to the project. The information is exclusively used for assessing applications, administering allocations and ensuring proper control and follow-up of the projects. 

For applications to schemes for study places, exchange, scholarships etc., typical personal data may include name, contact details, account details, CV/transcripts/grade sheets, various declarations regarding motivation etc. For schemes concerning persons under 18 years, we may also request information from the persons’ legal guardians. The information is exclusively used for assessing applications, administering allocations and ensuring proper control and follow-up of the  allocations made.

Information received and processed in connection with assessment of applications to our progammes and schemes, will be stored in our electronic application and reporting systems, and in our archive systems approved under the applicable standards for such systems (NOARK). The information will be stored as long as the cases are pending, and insofar the information is subject to the applicable rules regarding public access/archiving, the information will be stored for 25 years.  

The legal basis for such processing is the General Data Protection Regulation (GDPR) article 6, para. 1 e), which allow processing necessary for the performance tasks carried out in the public interest/exercise of official authority. Insofar your request contains special categories of personal data, the legal basis for our processing is article 9, para. 2) g).  

Submittal of various notes, reports, notifications etc. 

In connection with our control and follow-up of administrative decisions and contracts relating to allocations made under our programmes and schemes, we receive and process various kinds of information relating to persons involved in project management, use of funds and implementation of project activities, etc. In cases where we are notified of potential breach of anti-corruption regulations, we may also receive information regarding suspicion about concrete persons’ breach of legal norms. Such information will form part of our assessments of whether breach has occurred, and if so, how they shall be handled.  

When received, such information will be stored in our electronic application and reporting systems, and in our archive systems approved under the applicable standards for such systems (NOARK). The information will be stored as long as the cases are pending, and insofar the information is subject to the applicable rules regarding public access/archiving, the information will be stored for 25 years.  

The legal basis for such processing is the General Data Protection Regulation (GDPR) article 6, para. 1 e), which allow processing necessary for the performance tasks carried out in the public interest/exercise of official authority. Insofar your request contains special categories of personal data, the legal basis for our processing is article 9, para. 2) g).  

Submittal of request for access to public information and appeals

When Diku receives requests for access to public information and appeals, we process personal data in order to carry out our legal duty to answer such requests. This may inter alia include contact information and such other information which is necessary in order to process the requests. Upon requests for access, we provide such access in line with the Public Administration Act and the Freedom of Information Act. For data requiring particular protection, Diku have in place special routines to safeguard internal and external access. The information will be stored as long as the cases are pending, and insofar the information is subject to the applicable rules regarding public access/archiving, the information will be stored for 25 years.  

The legal basis for such processing is the General Data Protection Regulation (GDPR) article 6, para. 1 e), which allow processing necessary for the performance tasks carried out in the public interest/exercise of official authority. Insofar your request contains special categories of personal data, the legal basis for our processing is article 9, para. 2) g).  

Evaluation of programmes and schemes

From time to time Diku carries out evaluations of the programmes and schemes we administrate, either with internal resources or through use of various external service providers we have entered into a data processing agreement with. During such evaluations we may, depending on the circumstances, initiate surveys, polls, personal interviews and analysis of project documentation and statistics which contain personal data. 

For surveys initiated in connection with evaluations, we consult the Norwegian Centre for Research Data (NSD) in order to safeguard our processes. For personal interviews, we may use external consultants in order to ensure e.g. impartiality. Diku enters into data processing agreements with such external service providers/consultants in order to safeguard a prudent processing of any personal data processed. At Diku, access to such information is also subject to restrictions during their processing into aggregate information of relevance for the evaluation. After our processing is concluded, the information is deleted from our systems.  

The legal basis for such processing is the General Data Protection Regulation (GDPR) article 6, para. 1 e), which allow processing necessary for the performance tasks carried out in the public interest/exercise of official authority. Insofar your request contains special categories of personal data, the legal basis for our processing is article 9, para. 2) a) and g).

Production of statistics 

On basis of various data sources, Diku develop a broad range of statistics of relevance for the various parts of the education sector. During such production, we use information available from previous and current allocation processes, as well as data collected from other relevant entities (e.g. NSD and the Norwegian State Educational Loan Fund). 

The information is aggregated and de-identified prior to publishing and may thus not be used to identify any particular person. For data received from other entities, we enter into data processing agreement which i.a. regulate access, use and confidentiality. 

Maintainance and publishing in Diku’s the public journal

Diku keep a systematic and continuous record of all incoming and outgoing documents. The journal is accessible via the public electronic mail journal (eInnsyn), and is maintained in line with the rules applicable for the public’s access to such documents. 

The legal basis for such processing is the General Data Protection Regulation (GDPR) article 6, para. 1 c), which allow processing personal data insofar this is necessary in order to meet a legal obligation, cf. Section 6 of regulation no. 1119 to the Freedom of Information Act.

Which rights do you have when Diku store and process personal data concerning yourself? 

If Diku store and process personal data concerning yourself, you retain several rights put in place to enable you to control that our processing is legitimate and correct: 

  • You may request access to personal data that we store/process in relation to yourself; 
  • You may request that personal data concerning your person is corrected/supplied if they otherwise would be erroneous or incomplete;
  • You may, in certain circumstances, request that personal data about yourself is deleted;
  • You may, in certain circumstances, request that our processing of your personal data shall be limited;  
  • You may, in certain circumstances, request that our processing of your personal data shall cease. 
  • You may, in certain circumstances, request that personal data we store is transferred to yourself or another data controller; and
  • You may appeal our decisions to process personal data concerning yourself.  

See more information on your rights.

We kindly ask that questions and requests concerning our processing of personal data is directed to our Data Protection Officer. Requests will be answered free of cost and latest within 30 calendar days. 

share