Declaration on data protection at the University of Oslo
Information on how the University of Oslo handles your personal data when you have applied for admission and while you are a student with us.
About the declaration on data protection
This declaration on data protection concerns:
- How the University of Oslo (UiO) collects and uses personal data when you have applied for admission and while you are a student with us.
- Who is responsible for processing your personal data.
- The obligations that UiO has when processing personal data.
- What rights you have when registered with us.
The declaration on data protection conforms to the requirements set out by the Norwegian Act relating to the processing of personal data (the Personal Data Act).
What are personal data?
Personal data constitute all forms of data, information and assessments that may be linked to you as an individual, cf. the Personal Data Act, Section 2, point 1. What decides whether an information element constitutes personal data is whether that information may identify a specific person. Examples of personal data about you that are registered and processed at UiO are your name, photo, contact information, teaching and examination reports and grades.
Processing of personal data at UiO
The purpose of the Personal Data Act is to protect the individual against violations of data protection through the processing of personal data. It is important for UiO that the processing of personal data comprises as little interference as is practically, technically and economically possible for the registered individual, cf. the Personal Data Act Sections 8, 9, 11 and 28. As a registered person you therefore have essential rights that shall be safeguarded.
All processing of personal data at UiO shall be conducted in compliance with relevant Acts and regulations. UiO shall not process personal data to a greater extent than necessary to fulfil the University’s objectives. The University’s activities are described in detail in the Act relating to universities and university colleges Section 1-3.
What personal data does UiO process?
If you apply for admission to and/or are a student at UiO, we must collect and register your name, personal identification number and contact information. If you have given your consent, we can also retrieve your results from some other learning institutions. The purpose of these registrations is to administer your application and your studies with us. You normally register the information yourself via the Norwegian Universities and Colleges Admission Service, on the UiO online application service Søknadsweb, or on Studentweb. Some admissions use the paper application form, in which case we register the information you have given us in our systems.
The information is stored in the Common Student System (FS) which is the system that UiO uses for administrative data related to studies. Søknadsweb and Studentweb are part of FS. If you are in the process of applying to and/or awaiting a decision from the University, this will be registered in the University’s case-processing and archiving system.
As a student at UiO you will have an individually tailored calendar and messaging software solution. This solution retrieves information from FS on the study programme and subjects for which you are registered.
Digital systems for teaching and examinations receive and process personal data about students.
Your information will also be registered in the university’s access control system in order to give you access to university buildings and rooms during the course of your studies, with the help of the student card. Students who want a student card are photographed at the SiO Customer Service Centre. For students who choose to use digital student identification, the image on the active student card is stored in FS and transferred to the student ID app.
Personal data to third parties
Transmission or export of data is defined as any release of data except to the organization’s own system/processing, to the registered person themselves or to someone who receives data on their behalf. UiO will be able to transmit or export data containing personal information to other systems, i.e. an external data processor, for example the Norwegian State Educational Loan Fund, where this is considered necessary.
Surrender of personal data according to the Norwegian Freedom of Information Act
At regular intervals, UiO receives requests for access to information pursuant to the provisions of the Norwegian Freedom of Information Act. Please note that the provisions of the Personal Data Act will be unable to set restrictions on this right to access information when the enquiry concerns personal data.
Access to information
You are entitled to know what personal data is registered about you at UiO and how this data is processed, cf. the provision in Section 18 of the Personal Data Act.
As a registered person with UiO, in some cases you are entitled to require correction and deletion of data about yourself, cf. Sections 27 and 28 of the Personal Data Act. This may, for example, apply to data that is incorrect and/or incomplete, or data to which UiO has no access for processing.
A requirement from you as a registered person shall be responded to free of cost and within a maximum of 30 days.
Whom can I contact?
Pursuant to the provision in Section 2, point 4 of the Personal Data Act, the University Director at UiO has overall responsibility for all processing of personal data, and is the data controller. Daily follow-up of this responsibility is delegated to the IT Director, and it is he and his staff who respond to enquiries about the processing of personal data at UiO.
If you want information on the type of data that is registered about you, would like access to or correction/deletion of data that is registered about you, or have general questions about processing of personal data at UiO, you may contact firstname.lastname@example.org.
Data Protection Officer
UiO has a Data Protection Officer who shall safeguard the data protection interests of both students and employees at UiO. The scheme is facilitated and administered by the Norwegian Data Protection Authority. The Data Protection Officer can support individuals who have personal data registered with UiO in safeguarding their rights, but it is the Data Controller who is responsible for ensuring that UiO follows the established rules. However, the Data Protection Officer can provide assistance and answer any questions. You can contact the Data Protection Officer at email@example.com.