Privacy protection is about the right to private life and the right to control your own personal information, including the right to know what information others have about you and what that information is used for. Privacy protection is a basic right, and the legal basis can be found both in the Constitution and the European Human Rights Convention.
Personal data are information or assessments that can be linked to an individual person; examples include email address, name and age. Information concerning behavioural patterns is also considered as personal data.
Sensitive personal data are:
Racial or ethnic background or political, philosophical or religious views
That a person has been a suspect or has been charged with or sentenced for a criminal act
By processing of personal data is meant all kinds of handling of personal data, such as collection, storage, transfer, publishing and deletion.
UiA processes a significant amount of personal data on students, employees and other persons linked to the university. In the Personal Data Act, there are requirements as to how such processing should take place, and these requirements must be met by everyone who deals with personal data as well as the systems which are meant to handle such information.
On 25 May 2018, the General Data Protection Regulation Act (GDPR) came into force in the EU. GDPR is implemented in Norwegian legislation through a reference clause in the new Personal Data Act. Many of the requirements and principles in today's’ legislation will be continued, and some new duties and rights are introduced. In general, the rights of those who are registered are strengthened by the increased compliance requirements on personal data processing.
Your privacy protection rights
You can ask for more comprehensive information on how we process information about you and you are also entitled to have access your own personal data. If there are errors in your personal data, you have the right to get them corrected. Any personal data that we do not have a reason for processing should be deleted, and you may require that this is done in case we failed to delete these data on our own initiative. You may ask for limited use of personal data, and you have the right to ask for data portability and that your personal data are transferred to you or to another institution in a structured, commonly used and machine-readable format. You may oppose our use of your information, and you may also oppose being the object of wholly automatized individual decisions of a legal character. If you believe that we process your personal data without having the necessary legal basis, you may appeal to the Norwegian Data Protection Authority. However, we strongly encourage you to contact us to make it possible for us to both consider your objections and to explain possible misunderstandings.
The set of rules applying to personal data contains comprehensive regulations on privacy protection rights and exceptions from certain rights may apply. If you wish to make use of these rights, please contact us. We will respond to your enquiry as quickly as possible and normally within 30 days.