Personvernerklæring for Studentweb | Helse, miljø og sikkerhet - Ansatt

Privacy policy for Studentweb

Privacy policy for Studentweb

This privacy policy describes how OsloMet manages your personal data in the FS system. The purpose of this privacy policy is to inform you of the types of personal data processed, how it is processed, who is responsible for the processing, your rights and whom to contact.
Published
Latest update

Content

  1. What is considered personal data?
  2. Brief presentation of Studentweb
  3. The purpose of and legal basis for the processing of personal data in Studentweb?

  4. Which kinds of personal data are processed in Studentweb, and how long do we store your personal data?

  5. I In some cases, we process cases automatically

  6. We disclose your personal data to third parties

  7. Personal data safety

  8. Your rights

  9. Contact information

1. What is considered personal data?

The term personal data includes any data, information and assessment that can be linked to you as an individual, cf. GDPR Article 4 no. 1. The determining factor in whether data is considered personal information, is whether it is fit to identify a specific person.

In some cases, data which, on its own, cannot be linked to an individual person, may constitute personal data if it is used in combination with other data.

2. Brief presentation of Studentweb

Studentweb is a web application that allows students to perform a number of study administration tasks, such as semester registration and registration for lectures and examinations. Studentweb also gives you access to the data <Navn på utdanningsinstitusjon> has stored about you in the study administration system Common Student System (FS), such as contact information, examination results and data forwarded to the Norwegian State Educational Loan Fund.

Studentweb is linked to the study administration system Common Student System (FS). This means that any data registered in Studentweb will also be stored in FS. In various contexts, data stored in FS is shared with a number of different parties/institutions. Please cf. the privacy policy for FS (link to privacy policy for FS).

3. The purpose of and legal basis for the processing of personal data in Studentweb

Purpose

The purpose of the processing of personal data in Studentweb is to enable you to administer your studies at <Navn på utdanningsinstitusjon>.

Legal basis

Data processing is authorized under the provisions of the Act Relating to Universities and University Colleges § 4-15, that probably takes effect during summer 2018, and GDPR Article 6 no 1 letter b or e, cf. no 3 letter b. The treatment is necessary to exercise public authority and to comply with provisions of the Act relating to Universities and University Colleges. In some cases, we have also chosen to supplement the legal basis with consent statements. Data processing is also necessary for OsloMet to be able to perform its contract with you as a student. Certain types of processing, e.g. approving registrations for lectures and examinations, are necessary in the exercise of official authority.

4. Which kinds of personal data are processed in Studentweb, and how long to we store your personal data?

Currently, no sensitive personal data about you is stored or processed in Studentweb.

The following personal data may be processed in Studentweb: profile information (including your name, national identity number/D-number/S-number (11 digits)), sex, contact information, information about your background, native language, photograph, application information, consents you have given, criminal records certificate where relevant, semester registration data, billing information and information about programmes and courses of study.

Any personal data registered in EVUweb is shared with the study administration system Common Student System (FS). In principle, all personal data in FS is stored permanently. Please cf. the privacy policy for FS (link to privacy policy for FS).

We store information about your actions in Studentweb, as well as your IP address. We do this in order to be able to document the data you register. This type of personal data is stored in FS and erased after a period of 12 months.

Your personal data may come from:

  1. You, submitted via Studentweb
  2. Administrative officers at

Voluntary registration

1. You, submitted via Studentweb

Registration of personal data in Studentweb is voluntary, but without your personal data, we may not be able to process your applications. In Studentweb you can register information about yourself and link it to your application to a programme of study (information about your background, enrolment in classes and registration for exams, applications for recognition, etc.) and any documents you upload. This information may be necessary for us to process your applications and for you to study at OsloMet.

Information registered without your express consent

2. Administrative officers at OsloMet

In certain circumstances, it is necessary for administrative staff at OsloMet to register information about you in connection with your studies. Examples of this includes assessments linked to applications for admission, explanations for grades and appeals against grading, registrations linked to study completion. These types of data are only sent to Studentweb so that you can have access to your data.

5. In some cases, we process cases automatically

When use Studentweb at OsloMet, a number of processes related to your studies will be performed automatically, either entirely or in part. Automatic processing is used in the following circumstances:

  • calculation of eligibility for courses
  • registration for lectures and examinations
  • creation of invoices
  • explanation of grades/complaints against grading in connection with examinations
  • various applications for recognition/approval

6. We disclose your personal data to third parties

Disclosure or export of data is defined as any transfer of data save for use in the controller’s own systems/processing or to the data subject itself or any other party receiving data on the data subject’s behalf.

OsloMet may disclose or export data including personal data to other systems, i.e. external data processors, whenever it is deemed necessary.

Your personal data will not be disclosed to countries outside of the EU/EEA, or to any international organizations.

Your personal data may be disclosed to the following parties/agencies:

  • Unit – The Norwegian Directorate for ICT and Joint Services in Higher Education and Research
    • Studentweb is developed by Unit. Unit staff who need to access your personal data as part of their job will be granted such access. They need this access in order to provide user support and, if relevant, correct errors as part of their duties.
  • University Center for Information Technology (USIT) at the University of Oslo (UiO)
    • Studentweb is operated by USIT at UiO. USIT staff who need to access your personal data as part of their job will be granted such access.
  • UNINETT AS
    • It is possible to log in to Studentweb using the log-in solution FEIDE. FEIDE is developed and provided by UNINETT AS. UNINETT AS staff may access your FEIDE user name and IP address, provided they need such access in order to perform their duties. They need this access in order to provide user support and, if relevant, correct errors as part of their duties. Your personal data will be erased from FEIDE after six months.
  • Agency for Public Management and eGovernment (Difi)
    • It is possible to log in to Studentweb using the log-in services MinID, BankID, Buypass and Commfides through ID-porten. The Agency for Public Management and eGovernment (Difi) is the data controller for any and all personal data processed in ID-porten, as well as for personal data used in the administration of MinID.
  • If you log in through ID-porten, Difi’s user support and administrative staff may, if necessary, access your national identity number and contact information, as well as a limited log-in history.
    • This need arises when Difi is asked to provide user support or troubleshoot/correct errors in the service.
  • Providers of electronic IDs (BankID, Buypass and Commfides) are data controllers for any and all personal data required for the administration of their log-in solutions.

Other parties

Any personal data you register in Studentweb is shared with the study administration system Common Student System (FS). Please see the privacy policy for FS for more detailed information about who the recipients of personal data from FS are.

7. Personal data safety

OsloMet regularly perform risk and vulnerability analyses to protect your personal data in Studentweb. In addition, various security measures have been implemented, such as access control, to keep the number of people who have access to your personal data as low as possible. Employees have confidentiality regarding personal information they receive in their work.

8. Your rights

See webpage about your rights.

9. Contact

See webpage about contact.

Service provider

Unit – The Norwegian Directorate for ICT and Joint Services in Higher Education and Research is the provider of Studentweb. This means that Unit develops and maintains Studentweb, and Unit is also responsible for the day-to-day operation of Studentweb. As part of this task, a select few of Unit’s staff have access to all personal data registered in Studentweb.

Contact information for Unit: fs-sekretariat@unit.no.