- What is consideres personal data?
- Brief presentation of Studentweb
- The purpose of and leagel basis for the processing of personal data in Studentweb?
The term personal data includes any data, information and assessment that can be linked to you as an individual, cf. GDPR Article 4 no. 1. The determining factor in whether data is considered personal information, is whether it is fit to identify a specific person.
In some cases, data which, on its own, cannot be linked to an individual person, may constitute personal data if it is used in combination with other data.
Studentweb is a web application that allows students to perform a number of study administration tasks, such as semester registration and registration for lectures and examinations. Studentweb also gives you access to the data <Navn på utdanningsinstitusjon> has stored about you in the study administration system Common Student System (FS), such as contact information, examination results and data forwarded to the Norwegian State Educational Loan Fund.
The purpose of the processing of personal data in Studentweb is to enable you to administer your studies at <Navn på utdanningsinstitusjon>.
Data processing is authorized under the provisions of the Act Relating to Universities and University Colleges § 4-15, that probably takes effect during summer 2018, and GDPR Article 6 no 1 letter b or e, cf. no 3 letter b. The treatment is necessary to exercise public authority and to comply with provisions of the Act relating to Universities and University Colleges. In some cases, we have also chosen to supplement the legal basis with consent statements. Data processing is also necessary for OsloMet to be able to perform its contract with you as a student. Certain types of processing, e.g. approving registrations for lectures and examinations, are necessary in the exercise of official authority.
4. Which kinds of personal data are processed in Studentweb, and how long to we store your personal data?
Currently, no sensitive personal data about you is stored or processed in Studentweb.
The following personal data may be processed in Studentweb: profile information (including your name, national identity number/D-number/S-number (11 digits)), sex, contact information, information about your background, native language, photograph, application information, consents you have given, criminal records certificate where relevant, semester registration data, billing information and information about programmes and courses of study.
We store information about your actions in Studentweb, as well as your IP address. We do this in order to be able to document the data you register. This type of personal data is stored in FS and erased after a period of 12 months.
Your personal data may come from:
- You, submitted via Studentweb
- Administrative officers at
1. You, submitted via Studentweb
Registration of personal data in Studentweb is voluntary, but without your personal data, we may not be able to process your applications. In Studentweb you can register information about yourself and link it to your application to a programme of study (information about your background, enrolment in classes and registration for exams, applications for recognition, etc.) and any documents you upload. This information may be necessary for us to process your applications and for you to study at OsloMet.
Information registered without your express consent
2. Administrative officers at OsloMet
In certain circumstances, it is necessary for administrative staff at OsloMet to register information about you in connection with your studies. Examples of this includes assessments linked to applications for admission, explanations for grades and appeals against grading, registrations linked to study completion. These types of data are only sent to Studentweb so that you can have access to your data.
When use Studentweb at OsloMet, a number of processes related to your studies will be performed automatically, either entirely or in part. Automatic processing is used in the following circumstances:
- calculation of eligibility for courses
- registration for lectures and examinations
- creation of invoices
- explanation of grades/complaints against grading in connection with examinations
- various applications for recognition/approval
Disclosure or export of data is defined as any transfer of data save for use in the controller’s own systems/processing or to the data subject itself or any other party receiving data on the data subject’s behalf.
OsloMet may disclose or export data including personal data to other systems, i.e. external data processors, whenever it is deemed necessary.
Your personal data will not be disclosed to countries outside of the EU/EEA, or to any international organizations.
Your personal data may be disclosed to the following parties/agencies:
- Unit – The Norwegian Directorate for ICT and Joint Services in Higher Education and Research
Studentweb is developed by Unit. Unit staff who need to access your personal data as part of their job will be granted such access. They need this access in order to provide user support and, if relevant, correct errors as part of their duties.
- University Center for Information Technology (USIT) at the University of Oslo (UiO)
Studentweb is operated by USIT at UiO. USIT staff who need to access your personal data as part of their job will be granted such access.
- UNINETT AS
It is possible to log in to Studentweb using the log-in solution FEIDE. FEIDE is developed and provided by UNINETT AS. UNINETT AS staff may access your FEIDE user name and IP address, provided they need such access in order to perform their duties. They need this access in order to provide user support and, if relevant, correct errors as part of their duties. Your personal data will be erased from FEIDE after six months.
- Agency for Public Management and eGovernment (Difi)
It is possible to log in to Studentweb using the log-in services MinID, BankID, Buypass and Commfides through ID-porten. The Agency for Public Management and eGovernment (Difi) is the data controller for any and all personal data processed in ID-porten, as well as for personal data used in the administration of MinID.
If you log in through ID-porten, Difi’s user support and administrative staff may, if necessary, access your national identity number and contact information, as well as a limited log-in history.
This need arises when Difi is asked to provide user support or troubleshoot/correct errors in the service.
Providers of electronic IDs (BankID, Buypass and Commfides) are data controllers for any and all personal data required for the administration of their log-in solutions.
- Other parties
OsloMet regularly perform risk and vulnerability analyses to protect your personal data in Studentweb. In addition, various security measures have been implemented, such as access control, to keep the number of people who have access to your personal data as low as possible. Employees have confidentiality regarding personal information they receive in their work.
See weebpadge about Your rights.
See webpadge about Contact.
Unit – The Norwegian Directorate for ICT and Joint Services in Higher Education and Research is the provider of Studentweb. This means that Unit develops and maintains Studentweb, and Unit is also responsible for the day-to-day operation of Studentweb. As part of this task, a select few of Unit’s staff have access to all personal data registered in Studentweb.
Contact information for Unit: email@example.com.