Privacy at the institute
Personal information consists, for example, of your name and contact information. Information can also identify you indirectly; for example, names of municipalities with information about position or memberships in associations.
You have the right to know exactly what personal information we process about you. We are obliged to protect your rights and must be able to document all processing of (your) personal data. We assist if you have questions or comments regarding the processing of personal data.
- Responsibility for processing
- When does ISF process personal information?
- Privacy and ethics in research
- Processing of personal data on our website
- Case processing and enquiries
- Newsletter and invitations
- JobbNorge and other personal data
When using external data processors (actors who provide services to us), ISF bears the responsibility for processing the data, a relationship is governed by a data processor agreement.
Processing of personal information about employees is set out in a separate privacy statement.
Data protection officer
ISF has an agreement with Sikt (formerly NSD) concerning data protection officer-related tasks. You can contact our data protection officer at Sikt by e-mail: firstname.lastname@example.org.
The data protection officer is the contact point for everyone that we process personal information about and shall ensure that personal information about you is processed correctly and that your rights are protected. The data protection officer has a duty of confidentiality.
- The purpose of the processing of information
- The lawfulness of processing personal data, i.e., that ISF as the data controller must be able to demonstrate that we have a legal basis under the Personal Data Act and the General Data Protection Regulation (GDPR) for the processing. Under the GDPR, ISF has different legal bases depending on the type of processing: Consent is governed by Article 6 (1)(a), contractual relationships by Article 6 (1)(b), legal obligations by Article 6 (1)(c) and legitimate interests by Article 6 (1)(f).
- Collection of personal information
- How personal data is processed
- What rights you have to access, correct or delete information and that you have the right to withdraw your consent to processing throughout the processing.
We process information about you in the following situations:
- You have registered for an event.
- You subscribe to our newsletter.
- You have applied for a job or assignment with us.
- You would like copies of lectures, reports or brochures.
- You have contacted us as a journalist or similar for a statement.
- You have sent us an enquiry or complaint.
- You visit our website.
We may also receive information about you in other contexts:
- Your information appears in a statement or enquiry that is sent to ISF from external parties, such as another company.
- We receive information about you from public authorities or other companies.
- A job seeker has listed you as a reference.
- You are registered as a contact person for an external company or organisation.
ISF's website has various offerings and functionalities that are relevant to your privacy, both directly and indirectly. This applies to:
- Cookies that are imported into your computer when downloading a website and when searching and downloading.
- User statistics based on users' activity on the website.
- Storage of the keywords that are used in the free text field.
- Feedback function.
- Comments on blogs on ISF's website.
- Sharing of posts published on the website.
- Photos of attendees at public events at ISF.
Case processing and archive
ISF uses the Public360 archive system for electronic recordkeeping and electronic storage of documents. Public360 is an archive and case processing system from the supplier Tieto following the conclusion of a framework agreement with Uninett/an administrative body under the Ministry of Education.
Enquiries from external, private individuals or a company that is archived will contain the personal information that is included in the enquiry. Further case processing will include personal data to the extent necessary to perform the task. Registration, saving and storage takes place in accordance with the NOARK standard. Special security measures and routines have been established for highly protected information in the archive, such as sensitive personal data. All information is password-protected and access to sensitive information is restricted through access control.
E-mail and phone
ISF employees use e-mail in general dialogue with internal and external contacts. The individual is responsible for deleting messages that are no longer relevant. Upon resignation, the employee’s e-mail accounts will be deleted, and relevant e-mails will be transferred for follow-up. According to the employees' security Instructions, special categories of personal information must not be sent by e-mail unless they are encrypted.
Telephone calls (telephone number and the time of the call) are logged in our telephone exchange. Call logs are automatically deleted by Telia. Incoming and outgoing traffic data are not stored for more than 90 days. No other systematic registration of telephone calls is done where callers can be identified.
Our newsletters provide information on our different research areas and invitations to events and webinars. We offer three different newsletters. One that covers all ISF's research fields, and two that offer news from ISF's research centers:
- CORE – Centre for Research on Gender Equality
- Centre for Research on Civil Society and Voluntary Sector
ISF distributes newsletters by e-mail monthly, while the research centers newsletters are sent out two to four times a year. Invitations to our events and webinars are sent by e-mail sporadically, as required.
In order for us to send you the newsletters and invitations, you must register your e-mail address and indicate whether you want one, two or three newsletters. When you sign up, you agree that ISF processes this information about you: email address and which newsletters you wish to receive. This information is stored by Make as the data processor. The information is not shared with any additional parties.
You can unsubscribe from the newsletter at any time by clicking the link at the bottom of a newsletter or invitation. ISF processes your personal information until you unsubscribe from the newsletter. The information is deleted when you unsubscribe from the newsletter.
We process your e-mail address based on your consent. The grounds for data processing our e-mail address for our newsletters are stated in The Personal Data Act, 6 (1) a, i.e., consent. You can withdraw your consent at any time by unsubscribing from the newsletter. Withdrawal of your consent will not affect the legality of the processing of personal data that occurred before you withdrew the consent.
If you have questions about the newsletters or processing of personal data, you are welcome to contact us: email@example.com
When registering for an event, we ask for your e-mail address. For certain events, we may also collect information such as name, place of work, contact information and additional information we must take into account (for example allergies or stairless access). The purpose of obtaining this information is the registration and administration of participants at our events, as well as accommodations for participants.
The grounds for data processing are stated in The Personal Data Act, 6 (1) f, which allows us to process information that is necessary to preserve a legitimate interest that outweighs the consideration of the individual's privacy. The legitimate interest is to run the events in an adequate manner.
ISF uses Nettskjema as a data processor when registering for events. This information is used only in connection with the actual event and the information will be deleted as soon as possible and not later than four weeks after the event.
Applying for a job at ISF
ISF uses the job search portal JobbNorge to administer submitted applications. The hiring process involves processing the information you provide to us through your application, CV, diplomas and certificates. In addition to information collected during any interviews, ISF may obtain information on its own initiative, for example by checking references.
Pursuant to Section 28 of the Personal Data Act, applications with personal data shall not be stored longer than necessary to carry out the purpose of the processing. While you are an applicant, we delete information about you according to where you are in the hiring process. If you are not called for an interview, your application will be deleted four months after the first processing. If you are called for an interview, your application will be deleted after 18 months after the announcement process is completed. This also applies if you are hired.
Entrance control - camera function in intercom
A camera with a microphone is installed at ISF’s street-level entrance to ensure that we do not let in unauthorised persons. The camera and microphone are activated manually when the doorbell rings. The image of the entrance area is displayed in real time and has no snapshot option.
The basis for processing this processing is Article 6 (1) (f) of the GDPR, which allows us to process information necessary to safeguard a legitimate interest that outweighs the interests of the individual or fundamental rights and freedoms. The legitimate interest is to ensure access to ISF's premises.