Kristiania University College Privacy Policy

Kristiania University College, and it´s CEO, is responsible for the processing of personal data by the company.

Questions about access and deletion should be directed to the head of treatment at Kristiania University at e-mail: behandlingsansvarlig@kristiania.no.

The Marketing and Communication Department has the day to day responsibility of the university college's processing of personal data on kristiania.no, unless otherwise stated below. It is voluntary for visitors to the website to provide personal information in connection with services, such as receiving newsletters. The basis of processing personal information is the consent of the individual, unless otherwise specified.

At Kristiania University, personal data is processed for administrative purposes, for archival purposes and for research purposes. As a general rule, information collected for one particular purpose cannot be used for other purposes without the consent of the person in question.

Mainly, we process information that you have provided to us for one of the following reasons:

• You have contacted us about study programs or you are, or have been a student with us
• You have applied for a job with us or you are,or have been employed with us
• You have been a participant in a research project or other research purposes
• You are, or have been, a patient at our student clinic
• You have signed up for studies, courses or events
• You have subscribed to our newsletter

We also process personal information about you indirectly for the following reasons:

• We receive information about you from another government agency
• A complaint or guidance case contains information about you
• A nonconformity message contains information about you
• An employee, student, patient or research participant has given you as their closest relative
• A job seeker has provided you as a reference
• When previously collected information is permitted to be reused for research or quality assurance purposes

4.1 Web statistics

Kristiania University collects unidentified visitor information on kristiania.no. The purpose of this is to compile statistics, that are used to improve and further develop the functionality on the website. Examples of what the statistics respond to are how many people visit different pages, how long the visits last, what websites the users come from and which browsers are used.

Forte Digital, Knowit and Gurusoft are Kristiania University College´s data processors, and is the university college's supplier of website development analytics and maintenance. Information collected in connection with the operation of a website is stored on its own servers operated by the provider. Only Kristiania University College, Knowit, Forte Digital and Gurusoft have access to the information collected. A separate data processing agreement between Kristiania University College, Knowit, Forte Digital and Gurusoft regulates what information the supplier has access to and how it should be processed.

4.2 Cookies and analysis tools

Cookies are a text string that is stored on your PC between one minute and two years from the time when you visit kristiania.no. Cookies are necessary for kristiania.com (and other websites) to function in an optimal way for you, for example in order to make a purchase. Cookies help us look at the user patterns of those who visit the site, so that we can make it more user-friendly. No information is stored in a cookie that can be linked to your use of the site as an individual.

At Kristiania University, three cookies are stored:

_ga is stored for two years and used to separate users
_gid is stored for 24 hours and used to separate users
_gat stored for one minute and used to process request data
Most modern browsers are set to automatically accept cookies, but you can change these settings in your browser yourself.

Here you can read more about how to accept and delete cookies in your own browser.

Please note that if you do not accept cookies, it will cause very many websites to not work in an optimal way.

4.3 Google Analytics

This site uses Google Analytics, a web analytics service provided by Google, Inc. ("Google").

Visits to this site are recorded as anonymous information. The information is used for statistical measurement and analysis to improve the site's functionality. The information contains non-identifiable personal information. This measurement uses scripts from the Google Analytics tool. During your visit, cookies are stored as text files on your computer.

The information that the cookie collects about your use is sent to Google and stored on the company's servers.

What does Google use the information for?

• To consider your use of the website
• Create reports to the site owner about the activity on the site
• Create reports to provide other services related to website activity and internet usage.

Google may also transfer this information to third parties if there is a legal obligation to do so, or if such third parties process the information on behalf of Google. Google will not match your IP address with any other information Google may have in its possession.

Google Analytics privacy policy gives you the right to refuse Google Analytics to store this visit data.

Information received is subject to Google's Privacy Policy.

Don't want to be tracked? Use Google Analytics Opt-out Browser Add-on.

4.4 Adform

Adform uses cookies to measure the impact of ads and to display more relevant ads. Adform does not register any personal information on the site and the data is anonymous.

The cookies make it possible to

• control frequency of ads based on activity
• see user behavior on the site against the direct advertising that is happening 
• gather product interest information to serve more relevant ads
• targeted ads to selected customer groups

4.5 Google Remarketing

In order to make our advertising more relevant to those who have shown interest in our products, Kristiania University College uses something called Google Adwords Remarketing. This is a Google service that uses third-party cookies and allows us to make the ads more relevant to you as a user through Google's advertising services.

Google's Privacy Policy does not collect information that can be used to identify individuals.

You can opt out of these types of ads by changing your Google Ads settings.

By using the Website, you agree that Google will process information about you in the manner and for the purposes described above.

5.1 Facebook and Instagram

We use cookies and similar technology to serve ads on and off Facebook services. Facebook gives the institution access to visitor statistics from our Facebook pages so that we can analyze how our content (posts, videos, articles, etc.) is viewed and used. We can also set up ads based on user profiles that have visited our pages.

Kristiania does not disclose or sell personal data we access through Facebook.

Learn more about how Facebook determines which ads to see.

You can adjust your ad settings if you want to control and manage the type of ads you see on Facebook.

Read about Facebook's privacy policy and the ability to prevent Facebook from registering your behavior.

Through a legitimate interest, Kristiania University uses Facebook pages as a communication medium. Facebook collects personal information from everyone who visits Kristiania University's Facebook pages, both those who are logged in with Facebook profiles, and those who visit the pages without being logged in. This is to enable communication to stakeholders.

Here you can read more about how Facebook processes your personal information.

5.2 Google Tag Manager

Google Tag Manager is used to organize and manage scripts that run on Kristiania University's domains.

6.1 Mailing of newsletters

Isave AS is the University of Kristiania's data processor for sending out newsletters.

Our goal is that the information we send out should be as relevant as possible to the recipient. In order to be able to adapt the information to your wishes and needs, as well as previous education, we ask for names, emails, etc. At the same time, this helps to avoid duplicate broadcasts by avoiding duplicates in the database. We do not disclose the information to others.

A prerequisite for receiving newsletters with advertising content is that you have given prior consent to this (does not apply to information that is necessary to disseminate to you in connection with having applied for a study place or being a student at Kristiania University College). You can at any time request to be deleted from the distribution list via behandlingsansvarlig@kristiania.no or unsubscribe via the unsubscribe link in the newsletter.

6.2 Chat / Phone / Email / Personal attendance

Kristiania University College has a legitimate interest in maintaining the quality of customer follow-up. Therefore, chat, call information and email are stored in our systems. When using chat, only the sender's IP address is logged, as well as the content of the conversation. If we receive telephones, information about the time and duration of the call is stored. At the same time, phone number information is stored for 30 days before it is automatically deleted from our systems.

By personal attendance, we will log that the visit has taken place and what the purpose of the visit was. This information is used to increase the quality of guides later. If this information is requested to be deleted, this will be done individually if we receive a notification.

Emails are archived by category after the inquiry is answered. Sender and content in connection with e-mail are handled exclusively by Kristiania University College and the information is not shared with external players.

Personal information that appears in communication is not automatically deleted if it is included in communication with you as an applicant, student or former student, or as the recipient of our newsletters.

6.3 Follow-up on sale

When you have chosen a program, we send out ordering and sending documents, surveys and follow-up emails related to your studies and relationships with the college. We collect this information in order to be able to complete the admission and the college has a legitimate interest in following you up as a student after the election. This information is stored for two weeks.

If your shopping on our online store is interrupted, we will send you emails reminding you of the products you added to your cart. We do this as an extra service, to make the shopping experience with us as smooth and simple as possible.

6.4 Reservations in the Central Reservation Register

Kristiania University College adheres to the current rules for updating against the Central Reservation Register, consent to or reservation against newsletters, and performs ongoing maintenance of personal data against publicly available sources.

7.1 Purpose

The purpose of processing personal information about applicants and students is to fulfill legal obligations and agreements that the college has. The legal basis for the processing of personal data on applicants and students is the Personal Data Act and Article 6 (1) (a), (b), (c), (e), (f), Article 9 (2) (a), (b), and the University and College Act § 4-15.

7.2 Application and admission processing

When you create a applicant profile and application on the Kristiania University College´s application form web, cookies will be created in your browser that will store data in the middle of the application process. When your application is complete, these are deleted and your browser is reset.

You can find more information about the use of cookies here.

When you submit the application, Kristiania University College will process this and the information you have entered, such as name, address, telephone number, id number, e-mail address and password, information about previous education and any work experience, along with accompanying documentation, as well as any name at the employer with contact details. In some cases, Kristiania University College will process health information related to your study situation.

We also save time for login, IP address and login path, as well as changes to the web application that is made at each login. Kristiania University College will be able to collect and store information from other sources, and will also store application processing information. The purpose of collecting and storing your personal information is to process your application for admission to a study or course at Kristiania University College.

You can see the personal data we have stored about you in the application and there you can also correct the information. On "My page" for your application you can further see the status and result of the processing of your application. When the applicant has become a student at Kristiania University College, personal information is transferred to the Common Student System (FS).

Your personal information related to admissions and studies is basically stored forever in the databases of Kristiania University, with certain exceptions:

• Personal information related to actions you take on Studentweb, including IP address and for example if you sign up or withdraw from the exam, is stored for 365 days before being deleted.
• Personal data related to sanctions cf. The Sections 3-7 (8), 4-8 (1) to (3) or 4-10 (3) of the University and College Act are automatically deleted from the Common Student System six months after the sanction period has expired.
• If Kristiania University College receives information that you are dead, we will delete your contact information. Any applications for admission, teaching and exam reports will be withdrawn.
• Sensitive personal data is stored for a maximum of six years before being deleted.

7.3 Student register and student data

In order to manage you as a student, it is necessary for us to process the following data: Name, address, telephone number, birth number (11 digits), email address, possible employer and employer address, as well as information about previous education and possible work experience. In addition, information about the courses and studies you complete, as well as exam results (grades) are recorded and stored. This information is stored in the Common Student System (FS). The basis for this is legal interest, given by the university and the College Act.

This is information that the college is required to keep in accordance with national decisions on archiving, and this cannot therefore be deleted.
The information is not disclosed to unauthorized persons.

If your employer pays for your education and wants information about your exam results, Kristiania University cannot disclose this information without the consent of you as a student.

Kristiania University College uses student data (grades, study progression, drop-out, etc.) for statistical purposes internally. The student data is anonymized and in accordance with the requirements and guarantees of the Privacy Regulation. The college has a legitimate interest in using student data for internal analysis.

Kristiania University College has a legitimate interest in sharing your personal information (name, email, phone number and degree program) with the local student organization. This is to ensure that the student organization performs student welfare services for the students.

7.4 Follow-up of active students

To safeguard the individual student and study progression, information on health conditions, contact information and study progression will be processed. This information is processed by the Student Administration on the basis of §4-15 of the University and College Act.

7.5 Registration of mandatory attendance

Some courses have compulsory attendance, where the university college needs to register and check your attendance. This is stated in the individual course description where compulsory attendance is required. This treatment is based on admissions, studies, degrees and exams at Kristiania University College.

7.6 Follow-up of former students

The college has a legitimate interest in contacting former students. Contact information and study history are stored for two years after graduation in order to provide career-promoting information and / or information on relevant courses and further education.

7.7 Who can obtain personal information about you?

Kristiania University College provides information to the following organizations in accordance with the University and College Law:

• Statistisk Sentralbyrå  (Statistics Norway)
• BIBSYS
• Lånakassen (Loan Fund)
• Database for høyere utdanning (DBH) (Higher Education Database)
• NOKUT (National Agency for Quality in Education)

7.8 Student welfare organisation

If you have paid a semester fee this semester, or have been granted a study right during the past two months, the Student Union can obtain personal information about you from Kristiania University College. This is to let them know that you are a student and that you are entitled to student discounts on the student union services. The student union can retrieve your birth number (11 digits), your name, when you last paid the semester fee and the ID for your student card.

7.9 Det sentrale folkeregisteret (Population Register)

If you come to Norway to study and are not registered in the National Register yet, Kristiania University College will apply for a coordinated admission that you will receive a provisional birth number (S-number). Coordinate admissions checks with the National Register that you are not already in the National Register until you receive an S number.

7.10 Utlendingsdirektoratet (UDI), (The Directorate of Immigration)

If you are not registered with a permanent residence permit in Norway, Kristiania University will prepare a report on you regarding study progression and part-time work permit. You get the report in paper from Kristiania University College, and then you submit it yourself to the Directorate of Immigration (UDI). Read more on UDI's regulations.

7.11 Lånekassen (Loan Fund)

In order to avoid having to document that you are a student, that you have taken the exam and obtained results from part-time studies abroad, Lånekassen receives this personal information about you directly from FS at Kristiania University College. They also get information about your birth number / D-number (11 digits) and at which university / college you are admitted as a student.

7.12 Nordic Institute for the Study of Innovation, Research and Education (NIFU).

Kristiania University College will in some cases send personal information about you to NIFU for research purposes. This is personal information related to your education with us (bachelor's and master's degree. The shipment goes via DBH.

8.1 Canvas (digital learning environment system)

Kristiania University College uses Canvas in a teaching context. This means that Instructure, which develops and operates Canvas, will have access to your name, your username and your Kristianias University College email address.

In order to fulfill the university college's obligations in the University and College Act, personal information is processed in the teaching platform. Including sharing of names and contact information so that lecturers and fellow students can get in touch with you. No personal data is processed other than you register yourself in Canvas.

8.2 WiseFlow and other providers of digital exam systems

At Kristiania University we use the digital exam system Wiseflow on a number of exams. In order for you to be able to conduct a digital exam, we send personal information about you to Wiseflow, who develops and operates the Wiseflow system. They will have access to this personal information: Feide ID, candidate number, other examination data from FS, IP address.

8.3 Frame.IO

In some subjects, Fram.IO is used to submit assignments. Each student must create an account in Frame.IO to approve their terms of use.

8.4 Microsoft Office365

Microsoft Office365 is used for data storage for university college students and staff.

8.5 Other Internet-based teaching tools

As part of the implementation of effective teaching, Kahoot and various other systems are available through the Internet. These systems will be able to process personal information and the individual student must himself or herself approve the individual system's terms of use if they wish to participate in this part of the course.

The marketing of Kristiania University College uses photographs and video recordings of and from the school premises, classrooms, work areas, etc., as well as facades, the cityscape around m. (hereinafter cold surfaces). These are recordings made by own and external photographers. You will find this footage on the school's website, in social media, in print and more.

With video and photography, persons that feature on the recordings or pictures are notfied and consent is obtained. Where recordings are made of individuals and students, consent is obtained through the use of a declaration of consent.

When recording during major events, or where a large number of people are present, it is informed that pictures are being taken and video is being recorded.

Staff at Kristiania University College are filmed in a teaching context. This based on a contractual obligation.

Images or video recordings may be published on the college's premises, for example, recordings made where you yourself are part of a larger assembly or event. Pictures or video recordings, excluding lectures, will be stored in the school's database for up to three years. Lectures are stored as long as it is considered to be academically relevant.

If you want photos or video recordings of you to be deleted, please contact the treatment officer at the Kristiania University College, behandlingsansvarlig@kristiania.no. Note that when using images on printed material, this will not be deleted after it has been used. Images or video recordings used in digital surfaces are possible to delete.

Electronic access control and video / camera surveillance is used to improve the security at Kristiania University College's premises. This information is stored for 7 days before it is deleted. Security is considered to be a legitimate interest for anyone who is registered.

The purpose of processing personal information about employees is to fulfill legal obligations and agreements. The legal basis for the processing of personal data on employees is the Personal Data Act and Article 6 (1) (a), (b), (c), (e), (f), Article 9 (2) (a), (b), and Article 88.

11.1 What personal information does Kristiania University process?

Employees at Kristiania University College are registered with name, birth number and contact information. In addition, job and salary information, education and seniority, as well as names and ages of children under the age of 12 and names and contact information for the next of kin are recorded. Employee side employment is also recorded.

In addition, history of sick leave is kept to enable follow-up of the employee.

The information is collected from you as a job seeker or employee and from other agencies, such as the tax authorities, NAV and former employers.

Employee personal information can be disclosed to public authorities such as the Tax Administration, the Norwegian Public Service Pension Fund and the Norwegian Labor and Welfare Administration. Salary information can also be provided to trade unions on the basis of a collective agreement. In addition, information can be provided to cooperating companies such as pension and insurance companies.

Information about name, position and field of work is considered to be public information and can be published on the university college's website. A portrait of you as an employee will be published unless you wish to refrain from  such publication.

11.2 Archiving and deletion of personal data

The information is archived in the college's recruitment tool, staff computer system, central user management system at the IT department for access to electronic tools and archive system with personnel files. The systems are access controlled, and no one but those who need it have access to personal information.

The starting point is that personal data should not be stored longer than necessary to carry out the purpose of the processing. If personal data is not to be stored in accordance with the Archives Act or other legislation, they must be deleted.

11.3 Storing employee personal data

Kristiania University College uses the following tools to process personal data in the work context of the staff of the university college; Unit 4 Business World, Simployer and Microsoft Office365. The college's providers of these computer systems are data processors.

Personal data is processed in accordance with Sections 8-10 of the Personal Data Act, cf. Articles 5, 6 and 9 and Article 89 of the Privacy Act, and the Health Research Act.

The Personal Data Act gives access to the processing of personal data for research purposes, provided that the privacy of the participants is safeguarded through technical and organizational measures implemented by the controller, that the consequences of privacy have been assessed and a privacy representative / adviser is consulted where necessary. Kristiania University College has an agreement with the Norwegian Center for Research Data (NSD) for advice on privacy issues in research. Health research projects must have prior ethical approval from the Regional Ethical Committee for Medical and Health Research (REK)

Which personal data is to be registered is assessed on the basis of which personal data is necessary to achieve the purpose of the research project. As a general rule, personal data collected for research purposes cannot be used for other purposes without consent.

The General Research Ethics Guidelines, drawn up by the national research ethics committees, state that consent is the main rule in research on people or on information and material that can be linked to individuals. Consent should be informed, expressed, voluntary and documentable. Consent requires consent competence. Caution must be exercised to ensure real voluntariness where the participant is in an addiction relationship with the researcher or is in an unfit situation. The consent may be withdrawn at any time during the execution of the research project.

Researchers, students and supervisors who have access to personal data have a duty of confidentiality.

Procedures for the processing of personal data have been established. The main rule is that there should never be a greater degree of personal identification than is necessary for the research project. The personal data can be de-identified or anonymised.

• Unidentified information identifies personal data where names, birth numbers and other direct personal identifiers have been removed and replaced by a number or code (link key), so that the information cannot be directly associated with an individual.
• Anonymous Information where names, birth numbers and other unique characteristics have been removed so that the information can no longer, directly or indirectly, be associated with an individual. Anonymous data is therefore not considered personal data.

Personal data should normally not be stored for longer than is necessary to carry out the research project. If there is a need for storage beyond the period specified at the start of the project, new consent must be obtained or an exemption must be sought.

13.1 Information on how Kristiania University College processes personal data in logs from IT systems.

The legal basis for the processing of personal data in logs is the Personal Data Act and the Privacy Regulation Article 32.

The purpose of logging the activity in IT systems is to manage systems, ensure stable operation and detect and resolve unwanted events.

The logs are categorized as:

• Operational logs - logs that are normally stored in Kristianias University College or the partners' IT systems and have information about the technical state of a solution but may also have information about logins and other activities related to people.
• application logs - logs from services that can contain data that identifies people and activities in applications.

Kristiania University College has regular operating logs and application logs in its IT systems.

There are also flow logs that contain information about which devices are communicating and how much data is being sent. This means that most of the activities users of the systems undertake, will leave electronic traces.

The information exists in the logs as part of a larger technical logging activity. They are obtained from a number of systems where central machines ensure reliable traffic between the user and the systems.

Initially, the logs are not provided, as they are intended as technical operating logs to ensure stable operation and detect unwanted or abnormal events. They can be handed over to police or prosecutors on the basis of a court order. The University Director may request that logs be handed out in accordance with Articles 32 and 33 of the Privacy Regulation.

All logs from the IT systems are collected in a central log receipt where they are processed and deleted in accordance with the guidelines set by the IT Director.

Logs are only available to those in the IT department who run the central logging facility. Those who have access to search the logs must have a service need and such searches are also logged. Everyone at the IT department has signed a confidentiality agreement. 

Kristiania University College's primary legal basis for the processing of personal data and health information related to the student clinic will be by consent. Kristiania University College processes personal information about patients in accordance with the quality requirements of the Archives Act, the Patient Records Act, the Health Personnel Act and the Health Research Act.

14.1 Information processed at the student clinic

Patient information is stored in the electronic patient record. It contains information about names, birth numbers and contact information, as well as information about diagnosis, course of disease, treatment, information provided and other matters that may be of importance.

Which personal data is processed is assessed based on the personal data needed to conduct an diagnosis and give treatment. As a general rule, information about you collected for a particular purpose cannot be used for other purposes without your consent. The information may be re-used for quality assurance purposes and for other purposes incompatible with the original purpose.

Both the student treating you and the supervisor are subject to confidentiality.

Information is obtained in the form of conversations, surveys, treatment, observations and the like. Information may also be collected from other therapists, such as a GP or hospital, or from relatives. In order for Kristiania University College to obtain information from others, consent is generally required.

Information that is registered about patients at Kristiania University College is, as a general rule, only provided to the person concerned.

Kristiania University College has established guidelines for how a journal should be processed, kept and who can access it. The journal information is stored electronically in a separate system.

Records must be kept until they are no longer thought to be of use. When this is the case, as a general rule, the journals must be safely shredded or deleted.

15.1 Right to information and access

You are entitled to receive information about how Kristiania University College processes your personal information. This privacy statement is intended to contain the information you are entitled to receive.

You also have the right to view / access all personal information registered about you at Kristiania University College. You also have the right to be provided with a copy of your personal data if you wish.

15.2 Right to rectification

You have the right to have incorrect personal information about you corrected. You also have the right to have incomplete personal information about you supplemented. If you believe we have registered errors or insufficient personal information about you, please contact us. It is important that you justify and possibly document why you believe the personal data is incorrect or incomplete.

15.3 Right to restriction of treatment

In some cases, you may have the right to request that your personal data processing be restricted. Limitation of personal data means that personal data is still stored, but the possibilities for further use and processing are limited.

If you believe that the personal data is incorrect or incomplete, or you have objected to the processing of said data, you have the right to demand that the processing of your personal data be temporarily restricted. That is, processing will be restricted until we have corrected your personal information, or have considered whether the objection is warranted.

In other cases, you may also require a more permanent restriction on your personal information. In order to have the right to demand the limitation of your personal data, the terms of Article 18 of the Privacy Regulation must be fulfilled. If we receive a request from you about limitation of personal data, we will assess whether the terms of the law are fulfilled.

15.4 Right to delete

In some cases, you have the right to require us to delete personal information about you. The right to delete is not an unconditional right, and whether you have the right to delete must be considered in the light of the Personal Data Act and the Privacy Policy. If you would like to have your personal information deleted, please contact us. It is important that you give reasons why you want your personal data to be deleted and, if possible, also indicate what personal data you want to delete. We will then consider whether the legal requirements for deletion are met. Please note that in some cases the legislation allows us to make exceptions to the right to delete. For example, this will be the case when we have to store personal information to fulfill a task we are required by the University and College Act, or to safeguard important societal interests such as archiving, research and statistics.

15.5 Right to protest

You may have the right to object to the processing, that is, to protest the processing, if you have a particular need to have the processing of your personal data stopped. Examples may be if you have a protection need, confidential address, or similar. The right to protest is not an unconditional right, and it depends on what is the legal basis for the treatment and whether you have a special need. If you object to the treatment, we will consider whether the conditions for protesting are met. If we find that you have a right to object to the processing and that the objection is justified, we will stop the processing and you may also be required to delete the information. Please note that in some cases we may still make exceptions to deletion, for example if we have to store personal information in order to fulfill a task we are required by the University and College Act or to safeguard important social interests.

15.6 Right to complain about the treatment

If you believe that we have not processed your personal information properly and legally, or if you believe that we have failed to fulfill your rights, you have the opportunity to complain about the processing. You can contact us via behandlingsanvarlig@kristiania.no or the privacy officer at personvernombud@kristiania.no.

If we do not accept your complaint, you have the opportunity to bring the complaint to the Data Inspectorate. The Data Inspectorate is responsible for verifying that Norwegian companies comply with the provisions of the Personal Data Act and the Privacy Regulation when processing personal data.

Questions regarding personal information should be addressed to the privacy officer at personvernombud@kristiania.no.

Questions about access and deletion should be addressed to the processing manager at behandlingsansvarlig@kristiania.no.