Privacy Statement

This privacy statement describes how NOKUT processes personal data. NOKUT is committed to ensuring the privacy, confidentiality and availability of personal information.

  • The EU Regulation No. 2016/679 General Data Protection Regulation (GDPR) came into force in the EU on 25 May 2018. The Regulation will be incorporated into Norwegian law when the new Personal Data Act enters into force and, from the same date, the Personal Data Act from 2000 will be annulled. This privacy statement is based on the new regulations; however, NOKUT complies with the current regulations at all times.

    The data controller is the person or body responsible for the correct processing of personal data. The NOKUT director, on behalf of NOKUT, is the controller of personal data for the organization.

    A data subject is a person whose personal data is recorded.

    Personal data means any form of information about an identified or identifiable natural person.

    The data processor is the person or body that has been assigned by the controller to process personal data on the controller’s behalf. In such a case, there must be a data processing agreement between the two parties that regulates the duties of the data processor and the framework for the processing.

  • NOKUT has its own data protection officer. The duties of the data protection officer are to:
    • Inform and advise the data controller or data processor and employees who perform processing of their obligations under GDPR and other privacy regulations.

    – Verify compliance with privacy regulations
    – Advise on privacy impact assessments
    – Collaborate with the Data Protection Authority and be the public relations contact for privacy issues

    Requests to the data protection officer for disclosure, correction or deletion of personal data will receive a reply within 30 days. See Section 10 for contact information.

  • 3.1 General information

    The web editor has everyday responsibility for NOKUT's personal data processing at nokut.no. People who visit the website are not obliged to provide personal information in relation to services, such as receiving newsletters. The basis for processing such information is the consent of the individual concerned, unless otherwise specified. See Section 3.5 for further information about newsletters.

    3.2 Web statistics, web analytics and cookies

    NOKUT has a strong focus on creating a user-friendly website, and we therefore study the usage patterns of visitors to our site. To analyse this information, we use the Google Analytics tool.

    Google Analytics uses cookies. These are small text files stored on your computer, browser or phone by the site you are visiting. They record IP addresses, and provide information about how each visitor uses the site. Examples of the statistics provided are: how many people visit different pages, how long each visit lasts, what websites users come from and what browsers are used. None of the cookies enable us to link information about your site usage to you as an individual.

    The information collected from Google Analytics is stored on Google servers in the US. The information received is subject to the Google Privacy Policy.

    The Electronic Communications Act states that all visitors to a website using cookies must have access to information about cookies and what the website uses them for.

    Visitors must also agree to the use of cookies. This is done via the browser settings.

    To learn more about cookies, you can read about them on the website of the Data Protection Authority or the Norwegian Communications Authority (Nkom).

    If you do not want to use cookies, you must change the settings in your browser. There you can choose to block all cookies or choose which ones to accept.

    Cookies previously downloaded can also be deleted via the browser. For information on how to do this, please see the instructions for the browser you are using.

    3.3 Sharing service

    NOKUT has created its own sharing service that allows the user to share articles from its website or send them to different social networking sites. How a particular networking site handles the data is governed by the agreement you have with the site. We do not store any personal or identifiable information.

    3.4 Registration for events

    When NOKUT holds an event, we use electronic registration forms on our website. By completing the form, you agree that we store personal information about you for use for the particular event. We need this information to know the details of the participants. After an event, we sometimes send out a questionnaire for you to evaluate the event. You may also give NOKUT your consent to keep your personal information (name, email address and the event you attended) in order to invite you to other relevant events on later occasions. If you do not agree to this, we will delete the information about you after the event.

    This information is only shared with our partners, and is necessary in order for them to perform their respective tasks. This includes

    Server and CMS: Intility AS, Laboremus Oslo AS, Quesnay AS, Episerver og EpiCentrum (Serbia)
    Payment: Nets
    Accounting system: Contempus
    Evaluation: SurveyXact

    Information processed in connection with invoicing participants directly complies with accounting legislation, and we are required to store this data in the accounting system for ten years. This information is not used for other purposes and is restricted to those working with NOKUT's accounts.

    3.5 Newsletters

    You can subscribe to electronic newsletters from NOKUT. In order to send email to the correct recipient, we must store your name and email address. This information is stored in a separate database. We do not share the information with others than our server supplier (see 3.4). When you unsubscribe, your information will be deleted.

    3.6 Application portal and institution portal

    On our website you can access our application portal and institution portal to apply for approval of your qualifications or approval and accreditation of institutions, subjects and courses. You can see details of the personal data processed in the application portal under "case processing and archives".

  • NOKUT processes personal data in the recruitment process using the Webcruiter recruitment tool. This tool is provided by Webcruiter AS, which processes data for NOKUT. The purpose is to manage and implement recruitment processes in NOKUT. Applications are anonymized (equivalent to deletion under GDPR) in Webcruiter about once a year.

    All job applications are entered into NOKUT's post journal, but personal data is protected in the public records.

    See Section 8 for the processing of personal information about employees.

  • NOKUT uses the Public 360 archiving and case management system for electronic recording and storage of documents. Public 360 is supplied by Tieto and complies with public standards (NOARK). The archive manager has been delegated everyday responsibility for the system and manual archives.

    Applications for approval of qualifications and accreditation/approval of institutions are recorded in eSam, NOKUT's own system, which includes the application portal and institution portal.

    NOKUT processes personal information to fulfil our statutory obligations as laid down in e.g. the Higher Education Act, the Tertiary Vocational Education Act, the Education Act, the Public Administration Act, the Freedom of Information Act and the Archives Act.

    5.1 Archives

    Various types of personal data are recorded in Public 360, such as names, addresses, telephone numbers, email addresses and other relevant information mentioned in inquiries.

    NOKUT is required to make its public mail records available on the Internet, in the Norwegian Electronic Public Records (OEP). The records are a systematic and continuous recording of all incoming and outgoing case documents.

    The recording, saving and storing of data take place as required by archiving legislation.

    5.2 Applications for recognitions of qualifications

    Individuals seeking recognitions of their foreign educational qualifications create a profile and application in our application portal. The application portal is part of our own case management system eSam. In the application portal, you can apply for recognition of higher and vocational education qualifications from abroad. The processing of these applications is part of NOKUT's statutory duties under the Higher Education Act and the Education Act.

    In order for NOKUT to process applications, applicants must enter necessary information about themselves and their education. In the application portal, we ask for your consent to verify your educational documents at the institution(s) where you studied. You are not obliged to give consent and you may apply without giving us consent, but please note that we cannot approve qualifications if we are unsure whether the documents are authentic. In many cases, this can only be done by direct verification with the educational institution concerned.

    We encourage you not to provide sensitive information in your profile. If you choose to provide us with more information than we need, please note that this information will also be part of your application and profile.

    For applicants for the recognition of higher education qualifications, there is a messaging feature in the application portal where you can communicate with the case officer about your case. Please only use this feature, not email or telephone, for communication about your application. This provides security for you as an applicant; we can identify you when we provide information and personal information is not compromised as it may be when using unencrypted email. You can ask general questions and be given advice by e-mail and telephone.

    5.3 Institutional applications

    Institutions enter their applications in our institution portal. Information from the Central Coordinating Register for Legal Entities (Enhetsregisteret) is automatically retrieved when the director of the institution logs on to the portal to create an application. In order to process applications, we will need to have personal information about the director, the board of directors (if any) and the contact person(s) of the institution.

    There is also some personal data in applications from institutions. Applications from institutions with attachments are public documents accessible by any person interested. Please note therefore that applications should not contain sensitive personal data or other personal information that should not be made public.

  • NOKUT conducts the Student Survey, the Vocational School Survey and the Teacher Survey every year. The surveys are sent to students and teachers throughout the country, with voluntary participation. The personal data collected for the surveys consists of names, email addresses and IP addresses. NOKUT receives the names and email addresses from the Common Student System (FS) or educational institutions. IP addresses are recorded for technical reasons when the questionnaire is accessed and will be automatically deleted a few days later. Names and e-mail addresses are deleted by NOKUT at the end of each project. Information from the surveys is transferred to the Database for Statistics on Higher Education (DBH). The Norwegian Centre for Research Data (NSD) is in charge of data protection for surveys conducted by NOKUT, and we follow the instructions for processing personal data provided by NSD. We use the SurveyXact tool, and our supplier and data processor for this software is Rambøll.

  • On behalf of the Ministry of Education and Research, NOKUT organizes national exams. Here, NOKUT is the data processor and the Ministry is the data controller. Our processing is thus based on a data processing agreement. The Ministry is responsible for determining how personal data related to national exams is processed and NOKUT follows these guidelines.

  • NOKUT processes employee personal data in order to manage human resources. NOKUT also records information necessary for salary payments, such as basic data, salary level, hours worked, tax rate, tax authority and union membership. Other information about employees is related to their job description, instructions and organization. NOKUT also processes information necessary to pay fees to expert assessors and external examiners. This information is provided only in connection with salary payments and other statutory information. Personal data is deleted in accordance with the Accounting Act and the Archives Act.

    We have personnel files in our archives for all previous and current employees. The personnel files are removed when the employee leaves. Personnel files have to be transferred to the National Archives of Norway.

  • Any person whose data is recorded in our system is entitled to request access to his/her data and, in the event of incorrect or incomplete information, has the right to request that the information be corrected or completed. If NOKUT processes personal data that it is not allowed to process, the data subject may request deletion of this information. If consent was the basis for processing, the data will be deleted if consent is withdrawn or is no longer valid.

    Please note that in some cases legislation entitles us to make an exception to the right to delete data. For example, this will apply if we are obliged to store personal data to fulfil a legal requirement or to safeguard important societal interests such as archiving, research and statistics.

    We process requests for access, correction and deletion within 30 days.

  • Below you will find information on how to get in touch with NOKUT. Please note that normal email is not encrypted. We therefore suggest that you do not send confidential, sensitive or other private information by email.

    10.1 NOKUT

    Email: postmottak@nokut.no
    Address: Postboks 578, 1327 Lysaker
    Telephone: +47 21 02 18 00

    For questions about foreign academic or vocational qualifications:
    Email: utland@nokut.no
    Telephone: +47 21 02 18 60 (Mondays and Tuesdays from 12:00 to 15:00)

    10.2 The NOKUT data protection officer

    Questions related to the processing of personal data by NOKUT should be addressed to the data protection officer.
    Email: personvernombud@nokut.no

  • Changes may be made to the NOKUT Privacy Statement. Date of last change: 04.06.2018.