- What is personal data?
- Brief presentation of EpN
- The purpose of the processing of personal data in EpN
- Which kinds of personal data are processed by EpN, and for how long do we store your personal data?
- Automatic processing
- Disclosure of your personal data to third parties
- Personal data safety
- Your rights
- Contact information
The term personal data includes any data, information and assessment that can be linked to you as an individual, cf. GDPR Article 4 no. 1. The determining factor in whether data is considered personal information, is whether it is fit to identify a specific person. In some cases, data which, on its own, cannot be linked to an individual person, may constitute personal data if it is used in combination with other data.
EpN is a web application where institutions can edit course offerings, both in terms of when the course is offered, but also the description of the course itself. Institutions control who has access to edit and what may be edited, as well as when edits can be made.
The purpose of processing personal data in EpN is to give you, as a user, access to the right courses and programmes of study, facilitating for collaboration in connection with the editing process.
EpN is subject to the provisions of the Personal Data Act and Personal Data Regulations. The legal basis for processing personal data in EpN is regulated in the contract between you, as an employee, and your employer, cf. GDPR Article 6 no 1, letter b. GDPR takes effect during summer 2018.
4. Which kinds of personal data are processed by EpN, and for how long do we store your personal data?
No sensitive personal data is stored in EpN.
When you log on to EpN, we log your name, national identity number (11 digits), IP address, employment affiliation and contact information (preferred e-mail address), as well as your roles and role status. This personal data will only be erased if they are incorrect.
The personal data presented in EpN is retrieved directly from the databases of the university/university college where you work.
We also store information about your actions in EpN. This data is erased after a period of 6 months.
Your personal data will not be made subject to automated processing or profiling.
Disclosure or export of data is defined as any transfer of data save for use in the controller’s own systems/processing or to the data subject itself or any other party receiving data on the data subject’s behalf.
OsloMet may disclose or export data including personal data to other systems, i.e. external data processors, whenever it is deemed necessary in the pursuit of EpN’s objectives.
Your personal data will not be disclosed to countries outside of the EU/EEA, or to any international organizations.
Your personal data may be disclosed to the following parties/agencies:
- Unit – The Norwegian Directorate for ICT and Joint Services in Higher Education and Research
EpN is developed by Unit. Unit staff who need to access your personal data as part of their job will be granted such access. They need this access in order to provide user support and, if relevant, correct errors as part of their duties.
- University Center for Information Technology (USIT) at the University of Oslo (UiO)
EpN is operated by USIT at UiO. USIT staff who need to access your personal data as part of their job will be granted such access. They need this access in order to provide user support and, if relevant, correct errors as part of their duties.
- UNINETT AS
When you log on to EpN, you use the log-in service FEIDE. FEIDE is developed and provided by UNINETT AS. UNINETT AS staff may access your FEIDE user name and IP address, provided they need such access in order to perform their duties. They need this access in order to provide user support and, if relevant, correct errors as part of their duties. Your personal data will be erased from FEIDE after six months.
- Other employees at your institution
In order to facilitate for collaboration in connection with the editing process in EpN, other employees may in some cases have access to personal data about you. Other users who are logged in to EpN can see your name and user name, as well as a list of actions performed by you in connection with courses you edited. EpN users with admin privileges can also see your e-mail address.
OsloMet regularly perform risk and vulnerability analyses to protect your personal data in EpN. In addition, various security measures have been implemented, such as access control, to keep the number of people who have access to your personal data as low as possible. Employees have confidentiality regarding personal information they receive in their work.
See weebpadge about Your rights.
See webpadge about Contact.
Unit – The Norwegian Directorate for ICT and Joint Services in Higher Education and Research is the provider of EpN. This means that Unit develops and maintains EpN, and Unit is also responsible for the day-to-day operation of EpN. As part of this task, a select few of Unit’s staff have access to all personal data registered in EpN.
Contact information for Unit: firstname.lastname@example.org.