Protection of privacy statement
This privacy statement (In Norwegian only) concerns how HiOA collects and processes personal data.
Notification requirement and concession
The processing of personal data must be registered or conceded, unless otherwise prescribed by laws or regulations.
Data Protection Officer
From 01.03.2017, HiOA has got its own Data Protection Officer for Administrative Processing (In Norwegian only). The Data Protection Officer will receive notification formes on administrative processing and is a resource person who will help strengthen HiOA's handling of privacy issues.
Data processing agreement
If certain parts of the processing have been made the responsibility of external companies (data processors), a data processing agreement must be signed. The UH-sector has made a proposal for data processing agreement under new privacy legislation (GDPR, which will enter into force on 1 July 2018). Here is an english version too. This data processor agreement template is to be used, but has to be customized in each case. There is also made a checklist for data processing agreements (in Norwegian only).The checklist can be used for the quality assurance of data processing agreements offered by providers of cloud services or other types of online services.
It is your responsibility to ensure that the agreement is in place. The data processing areement must be filed in P360. See procedures for document management and the Norwegian Data Protection Authority's guidelines for data processor agreement. Case number must be communicated to the Data Protection Officer Ingrid.Jacobsen@hioa.no.
Sensitiv personal information
What is sensitive personal information (in Norwegian only) is defined in the Norwegian Personal Data Act.
Access to information and disclosure requirements
All those registered are allowed access to their personal data (In Norwegian only). HiOA has a disclosure requirement in relation to these individuals. Personal data must be sufficiently secured.