Version 2 – Revised December 2023. Previous version, January 2021.
This privacy policy describes how the Institute for Social Research (ISF) processes your personal data if, for example, you contact ISF, participate in our events, etc.
If you have questions regarding ISF’s processing of your personal data or wish to exercise your rights when we process your personal data, please contact:
- Institute for Social Research, personvern@samfunnsforskning.no
- Our data protection officer at Sikt, personvernombud@sak.sikt.no
- You can also contact the Norwegian Data Protection Authority, post@datatilsynet.no
General information regarding ISF’s responsibilities
The Institute for Social Research (ISF) is responsible for the personal data we collect, the tools we use and that our processing of personal data is lawful.
If ISF uses external data processors (parties which deliver services to us), a data processor agreement must be signed. The responsibility for processing personal data is called processing responsibility.
Your rights
The most important rights you have are the right to access and to have personal data rectified or deleted. You can read more about this under Your rights.
When does ISF process your personal data?
We process your personal data under the following circumstances:
- You have signed up for an event
- You subscribe to our newsletter
- You have applied for a job or contract with us
- You have sent us a query or complaint
- You are visiting our website
ISF is a research institute and also often processes personal data in order to carry out research projects. Any such processing of personal data for research purposes is assessed separately. In cases where consent has not obtained and the legal basis for the processing is in the ‘public interest’, this will be stated on the individual project descriptions on the ISF website. On our website, you will find more information regarding guidelines for privacy and ethics in our research.
ISF may also process personal data in other contexts:
- Your personal data is provided in a report or query sent to ISF from an external party, for example another company
- We receive personal data about you from public authorities or other companies
- A job applicant has provided you as a reference
- You are registered as a contact person for an external company or organisation
Processing of personal data on our website
IT UiO, the central IT department at the University of Oslo, is the processor for the majority of ISF’s systems and also provides the ISF website solution (Vortex). ISF and IT UiO have data processing agreements that regulate access to and the processing of personal data. The data collected are stored on our own servers operated by IT UiO, which only IT UiO and ISF have access to.
Vortex has integrations with Cristin, Weblogin, Feide (all through the subcontractor Unit – the Norwegian Directorate for ICT and Joint Services in Higher Education & Research) and WebID (through the University of Oslo). Personal data are exchanged with these systems for logged-in users. Users of the systems must provide their consent before the systems are accessible.
Cookies
The use of cookies is regulated under section 2-7b of the Electronic Communications Act. The use of cookies is not permitted unless users are informed of and have consented to the information that will be processed, the purpose of this processing and who is processing the data.
Below you will find information on ISF’s use of cookies. By accessing the ISF website, you consent to cookies being saved to your browser.
Purpose of cookies:
- Necessary functionality
- Analysis of user patterns and statistics
- Cookies from third party services such as registration forms and event streaming
If you do not want us to use third party cookies, you can withdraw your consent by changing the settings in your browser. You can read how to do this on Nettvett.no under How to manage cookies (in Norwegian, nettvett.no).
ISF collects unidentifiable information about visitors to our website. The purpose of this is to develop statistics that are used to improve and further develop the informational offering on our website. All cookies are aggregated and anonymised to prevent us from linking the information about your use of our website to you as an individual.
The processing basis for generating anonymous statistics is article 6, number 1, letter f of the General Data Protection Regulation, which allows us to process data necessary to protect a legitimate interest that is more important than the concern for the individual’s data protection. The legitimate interest here is to improve and further develop information on our website.
Google Analytics
ISF uses Google Analytics to analyse the use of the ISF website. The website analytics service uses cookies to analyse how users use our website. IP addresses are anonymised before they are sent to Google. In accordance with a new framework from the European Commission, the transfer of personal data to third countries that usually occurs here is in line with the General Data Protection Regulation.
Searches
Information is stored about the search words used in search tools on our website. Search words are used to for analysis through Google Analytics. The purpose of this is to improve our informational offering. Search words cannot be linked to users or information about users.
Sharing content
If you share content from the ISF website, information regarding this is not stored with ISF. The social network you share the content to may store the information – this is regulated by your agreement with the social network in question.
Newsletters and invitations
ISF sends out newsletters to those who want them. We have three different newsletters on offer:
One which covers all of ISF’s research areas and two which provide news from ISF’s research centres: CORE – the Centre for Research on Gender Equality and the Centre for Research on Civil Society and Voluntary Sector.
The newsletters contain news and invitations to events and webinars. These are sent out via email. ISF newsletters are sent out on a regular basis, while CORE – the Centre for Research on Gender Equality and the Centre for Research on Civil Society and Voluntary Sector newsletters are sent out two to four times a year. Invitations to events are sent out when relevant.
In order for use to be able to send you newsletters and invitations, you must register your email address and state that you want to receive one, two or three newsletters. When you sign up, you are consenting to ISF processing the following information about you: email address(es) and the newsletter(s) you want to receive. This information is stored in a database operated by our processor Make AS. No additional information is shared with third parties.
You may unsubscribe from our newsletters at any point through the link at the bottom of the newsletter or invitation. ISF processes personal data until you unsubscribe from the newsletter. The information is deleted once you unsubscribe from the newsletter.
The processing basis for the processing of your email address in relation to our newsletters is article 6, number 1, letter a of the General Data Protection Regulation, consent. You can withdraw your consent at any point by unsubscribing from our newsletter.
Events
Registration
Upon registration to an event, we will ask for your email address. For individual events, we may also collect information such as your name, place of work, contact information and additional information we may need (for example allergies or step-free access). The purpose of this information is to provide us with the necessary information to able to manage and organise events for participants.
The processing basis is article 6, number 1, letter f of the General Data Protection Regulation, which allows us to process data necessary to protect a legitimate interest that is more important than the concern for the individual’s data protection. The legitimate interest is to carry out events in a proper manner.
ISF uses Nettskjema as the processor when registering for events. The information is not used for any other purpose than the implementation of the relevant event, and is deleted as soon as possible and no later than four weeks after the event has concluded. See also Nettskjema’s Privacy Policy.
Photography
Pictures are taken at public and internal events. The pictures are securely stored on our ISF servers. The pictures are published on www.samfunnsforskning.no with the basis that it is in our interest to be able to provide information about the activities we carry out.
Streaming and videos
When you watch one of our events as a video or by streaming it, the provider of this service (LiveStream) will collect personal data through the use of cookies.
We will inform you of this on the invitation and online if an event is streamed so that participants are aware of this. The legal basis for this processing of personal data is article 6, number 1, letter f of the General Data Protection Regulation. This allows the processing of personal data that is necessary to protect a legitimate interest. ISF’s legitimate interest in this case is the importance of outreach regarding the results of our research.
Case management and archives
ISF uses the Public360 archiving system for electronic journaling and storage of documents.
Public360 is an archiving and case management system from Tieto under the approval of a framework agreement with Sikt.
Queries from external parties, private individuals or companies that are archived will contain the personal data provided in the query. Further case management will include personal data to the extent necessary to carry out the task. Registration and storage occurs in accordance with the NOARK standard. Specific security measures and routines have been established for highly confidential information in the archive, such as sensitive personal data. All information is password-protected and access to sensitive information is limited through access control.
Email and telephone
ISF employees use email for general dialogue with internal and external contacts. The individual is responsible for deleting messages that are no longer relevant. If someone resigns, their email account is deleted, and relevant emails will be transferred for follow-up. In accordance with the employees’ Security Instructions, special categories of personal data may not be sent using email unless it is encrypted.
ISF uses Telia as the supplier of its telephony solutions. Through this solution, ISF has access to a log on the switchboard that shows activity (telephone numbers from and to, as well as the time of the conversation) over the last 14 days. In addition, employees have an overview of the most recent calls on their telephones. No other systematic registration of telephone conversations is carried out where the caller can be identified. See also Telia’s Privacy Policy (in Norwegian).
Job applicants
ISF uses the job application portal JobbNorge to manage applications received. The employment process entails processing of the personal data you provide to us through your application, CV, certificates and references. In addition to information from any interviews, ISF may collect data on its own accord, for example for reference checks.
In accordance with section 28 of the Personal Data Act, the applicant’s personal data may not be stored for longer than necessary in order to carry out the purposes of the processing. We delete personal data about applicants depending on where you are in the employment processes. If you are not called to an interview the application is deleted four months after the first processing. If you are called for an interview, the application is deleted 18 months after the process has ended.
Access control – camera function on door phones
At the street entrance to ISF, there is a camera and microphone installed to ensure that we do not let in an unauthorised party. The camera and microphone are activated manually when you ring the buzzer. The image of the entryway is shown in real time and has no recording capabilities.
The processing basis for this is article 6, number 1, letter f of the General Data Protection Regulation, which allows us to process data necessary to protect a legitimate interest that is more important than the concern for the individual’s interests or basic rights and freedoms. The legitimate interest is to protect access to ISF premises.
