Privacy statement
For NIFU, it is important that you know what kind of personal data we process, so that you can protect your rights according to the data protection legislation. Personal information is information that can be linked to you as an individual. Correct processing of personal data is absolutely fundamental in research ethics. Both out of consideration for the integrity, safety and welfare of individuals and out of consideration for groups who may have a special need for protection.
NIFU is data controller for all processing of personal data where we ourselves determine the purpose of processing the data and the means we use for this. In the privacy statement on this page, you can read more about the treatments NIFU is responsible for. The declaration has been prepared so that you can feel confident that NIFU processes personal data in line with the privacy legislation and research ethics guidelines.
1. What kind of personal data does NIFU process?
NIFU collects and processes personal data for research purposes and communication. Read more about how NIFU processes personal data here:
- Personal information in NIFU's research activities
- Personal information in NIFU's communications activities
2. How is the information secured?
NIFU's internal control system ensures that personal data is safeguarded in accordance with the Personal Data Act and the EU's data protection regulation. The system contains rules and routines for how personal data is processed, including how it is secured, who has access and whether it can be disclosed to others. The system also describes NIFU's security strategy and ICT contingency plan, as well as how risk assessments are to be carried out.
Personal data with a high risk for the rights and freedoms of the data subjects (red data) is processed by Services for Sensitive Data (TSD) at UiO. Personal data with a lower risk (green, yellow and orange data) is processed in Microsoft's cloud solutions at data centers in Norway. Here, separate agreements have been entered into, risk assessments have been carried out and security routines have been established which satisfy the GDPR.
3. Contact information of the data protection officer
Name: Claes Lampi, head of administration NIFU
Address: NIFU, PO Box 2815 Tøyen, 0608 Oslo
Telephone: 22 59 51 00
Email: claes.lampi@nifu.no
We also draw attention to the fact that NIFU has entered into an agreement with Sight about advice in the field of privacy. All processing of personal data in research is reported to Sikt to ensure that the Personal Data Act is complied with.