Privacy statement for students

The University of Agder, henceforth UiA, is the data controller of personal information that we have registered and process in connection with your relationship to UiA as a student. 

This privacy statement provides you with information about how we handle your personal data and what rights you have.

What personal data does UiA collect about you?

Personal data includes all kinds of information which can be connected to you as an individual.  

The following personal data can be processed: Profile information (such as your name, birth number/identity (D) number/S number (11 digits), gender, contact information about your background, mother tongue, photo), application information, consent that you have given, status (of, for example, residence permit and criminal record certificate, if relevant), semester registration information, invoice information, and information connected to your study programmes and courses.
As a general rule, sensitive personal data about you will not be saved or processed. In exceptional cases, such information may be saved if it is necessary to make some adaptations to your study situation.

What UiA uses your personal data for

The most central purposes that the personal data are used for are indicated below. The legal basis is either that the processing is founded on the Act Relating to Universities and University Colleges § 4-15, namely that the handling of data is necessary in order to attend to the requisite interests of the student in the best possible way, or otherwise that we have a legitimate interest in the treatment of data which takes precedence over any potential privacy protection-related drawbacks for you. In certain cases, we have also chosen to supplement the legal grounds used with declarations of consent.

The purpose of the handling of personal data is to attend to your rights as applicant, student, course participant, or PhD candidate, and to fulfil the institution’s tasks and duties according to the Act Relating to Universities and University Colleges.

The handling of personal data is necessary so that UiA can:

• process your application for admission to study programmes/examinations/courses
• undertake necessary administration in connection with your studies and you as a student 
• document your educational results

Who we share your data with

The issue or export of data is defined as every release of data besides that which takes place within one’s own systems/processes, or to the registered individual themselves or to anyone who receives the data on the behalf of said individual. UiA can issue or export data, which includes personal information, to other systems – which means external data processors in cases where it is seen to be necessary.

Your personal data can be issued to the following parties/organisations:

1. Sikt– Norwegian Agency for Shared Services in Education and Research (service provider for Common Student System FS, Feide (a national solution for secure log-in and data sharing in education), library system, Student ID app and European Student Card.
2. University of Oslo, central IT-department (IT UiO) (runs FS and service provider for user administration system and My Studies).
3.  Student Assocation Agder (SiA)
4. Tietoevry (Folkeregisteret)
5. The Norwegian State Educational Loan Fund
6. Instructure (service provider for LMS)
7. Inspera AS (service provider for the digital examination system)
8. Service Now (UiA’s service provider for the help-desk system)
9. University of Oslo (service provider for the timetable system)
10. Unit4 (service provider for the accounting system)
11. Other universities and university colleges
12. NOKUT – the Norwegian Agency for Quality Assurance in Education
13. Statistics Norway (SSB)
14. NSD Norwegian Centre for Research Data 
15. Norwegian Directorate for Higher Education and Skills (the Database for Statistics on Higher Education (DBH))
16. NIFU – Nordic Institute for Studies in Innovation, Research and Education
17. The Norwegian Directorate of Health
18. Watermark (service provider for the student evaluation system)
19. Software Innovation AS (service provider for the case and archive system)
20. The Student Organisation in Agder (STA)
21. Cooperative practice institutions
22. NOA A/S (provider of attendance registration system)
23. MIRA (provider of Alumni system)
24. Prio Infocenter AB (provider of Plagiarism control system
25. Lovdata (provider of a collection of online legale resoures)
26. MOSO (provider of platform for practical student training)
27. The National Archives of Norway
28. Other parties which, according to the Freedom of Information Act, have a right of access to information concerning your personal data.

Geographical storage of personal data

UiA ensures that your personal data is stored in accordance with privacy protection regulations for geographical storage. Any storage in third countries is carried out legally through the EU’s approved transfer mechanisms. If it is desirable to be provided with concrete information concerning where individual sets of personal information are stored, you can contact our data protection officer. See contact information specified under the point "contact". 

How long do we store your personal data?

Your personal data connected to admissions and study programmes is, as a general rule, stored indefinitely within UiA’s databases. There are some exceptions:

• Documents for applicants who apply through the Norwegian Universities and Colleges Admission Service (NUCAS/SO), and which do not result in a study programme place, are deleted when the admissions process is completed.
• Personal data connected to sanctions cf. the Act Relating to Universities and University Colleges §§3-7 (8), 4-8 (1) to (3) or 4-10 (3) are automatically deleted from FS six months after the period of sanctions has expired.
• If UiA receives information that you are dead, we will delete your contact information. Any applications concerning admissions, registration for teaching, courses, and examinations etc. will be closed.
• We also save information about logins and actions undertaken in web applications, together with your IP address. This is in order that we have documentation concerning your registrations. This personal information is saved in FS and deleted after 12 months.

Your rights

The privacy protection regulations give you a number of rights connected to your personal data:

• Even though this privacy protection statement provides considerable information, you can request more thorough details concerning how we handle data about you, and you have the right to access your personal data.
• If your personal data are incorrect, you have a right to see them corrected.
• Personal data that we might not have grounds to handle shall be deleted, and you can demand that this be done if we have not taken initiative to do so ourselves.
• You can request that we limit the use of your data.
• You have the right to what is known as data portability, and to request that your personal data be transferred to you, or to another organisation in a structural, universally applied and machine-readable format.
• You can oppose our use of your personal data. You can also oppose being subject to wholly automated individual decisions of a legal nature.
• If you think that we process your personal data without a legal basis, you can complain to the Norwegian Data Protection Authority, but we do urge you to contact us, in part in order that we can review your objections, and in part so that we can clear up any possible misunderstandings. 

The privacy protection regulations have extensive terms and conditions concerning the above, and exceptions from certain rights might apply. If you wish to make use of these
rights, contact us, and we will respond to your enquiry as quickly as possible, and normally within 30 days.

Contact the Data Protection Office

UiA has a data protection officer whose job it is to take care of the privacy protection interests of both students and staff at UiA. The data protection officer for administrative processing of personal data at UiA can be reached via:

• personvernombud@uia.no
• Address: Data Protection Officer (Personvernombud) at the University of Agder, Postboks 422, 4604 Kristiansand