Privacy and data protection policy
Last updated: 30 October 2020
The purpose of this Privacy and Data Protection Policy (PDPP) is to describe how the U4 Anti-Corruption Resource Centre (U4) processes personal data. U4 shall only process personal data that is necessary, and the data shall be processed in accordance with data protection legislation.
Definitions and contacts
Personal data is any information that relates to an identified or identifiable individual.
U4 Privacy and Data Protection PolicyAs part of CMI, in addition to the present PDPP, U4 also complies with CMI PDPP. You can access CMI Privacy and Data Protection Policy here.
Data Protection Officer
As part of CMI, U4 has a Data Protection Officer to safeguard the privacy interests of all whose personal data we process. NSD – Norwegian Centre for Research Data AS is the Data Protection Officer for CMI, and therefore U4, and has a duty of confidentiality in this role.
If you wish to inquire about what information U4 is processing about you, how your data is being processed, or wish to exercise your rights, then you can contact our Data Protection Officer via firstname.lastname@example.org. You are entitled to a response without undue delay, and no later than 30 days.
Principles for processing personal data
Our principles for processing personal data are:
- Fairness and lawfulness. When we process personal data, individual rights must be protected. All personal data must be collected and processed in a legal and fair manner.
- Restricted to a specific purpose. The personal data must be processed only for specific purposes.
- Transparency. Any individual from whom personal data is processed must be informed of how his/her data is being collected, processed and used.
Legal basis for collecting and processing personal data
U4’s legal basis for collecting and using the personal data described in this Data Protection Policy depends on the personal data we collect and the specific context in which we collect the information. Data can be collected on the following legal basis:
- U4 needs to perform a contract with you
- You have given your consent to U4 to do so
- Processing your personal data is in U4’s legitimate interest
- U4 needs to comply with the law
What personal data we collect and process
U4 collects several different types of personal data for various purposes. Personal Data may include, but is not limited to:
- Email address
- First name and last name
- Phone number
- Address, State, Province, ZIP/Postal code, city, country
When does U4 collect personal data
At U4, personal data is processed for administrative purposes, for archiving purposes, for reporting and monitoring, evaluation and learning (MEL) purposes, and for research purposes.
In general, we will process information about you when:
- You have subscribed to the U4 newsletter
- You have signed up for an event hosted or co-hosted by U4 (including Bergen Hub events and U4 webinars)
- You have signed up to access a U4 knowledge product or service
- You have registered to a training (including U4 in-country or virtual workshops and U4 online courses)
- You have been a participant in a research project or for other research purposes
- You have been in contact with us via email or telephone
- You have applied for a position with us
- You are, or have been, employed with us (by CMI)
How we use the personal data
U4 uses the collected personal data for various purposes, including for administrative purposes, for archiving purposes, for reporting and monitoring, evaluation and learning (MEL) purposes, and for research purposes. These can include:
- Providing you with relevant activities and knowledge products
- Notifying you about news and changes about our activities and/or products
- Providing user support
- Detecting, preventing and addressing technical issues
- Gathering analysis or valuable information so that we can improve our services and/or products (including by sending you user/feedback surveys)
- Gathering analysis or valuable information to report to our funding partners
Retention of personal data
U4 will retain your personal information only for as long as is necessary for the purposes set out in this Data Protection Policy.
U4 will retain and use your information to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our policies.
Data protection rights
Any person that have had his/her personal data processed have rights. These rights could include the right to access and to receive a copy of your personal data, the right to have incorrect personal data corrected, the right to have your personal data deleted, the right to limit the processing and the right to object to the processing.
The rights you have will depend on the basis on which your data is being processed and if any exemptions apply. Below you will find explanations of what these rights mean and what exemptions may apply.
Note that you always have the right to send a complaint to The Norwegian Data Protection Authority about how your personal data is being processed.
Access to information
The right to access means that you are entitled to know:
- what type of information about you is being processed by U4
- how your personal data is being processed
- what the purpose of the processing is
- whether the data has been or will be disclosed to others and, if so, to whom
- how long the data will be stored and any procedures for erasure
- the extent to which you have the right to rectification, erasure, restriction of processing or to object to the processing
- how the information was collected
You are also entitled to a copy of all the data that U4 is processing about you, including electronic tracking. You have the right to access without undue delay and within one month.
Read more about the right of access on The Norwegian Data Protection Authority website.
In certain cases you have the right to request that incorrect information about yourself is corrected or deleted. You must be able to prove that the registered information is incorrect, and what the correct information is.
You are entitled to rectification without undue delay and normally within one month. In cases where correction is not practicable or where the information is correct but gives an incorrect impression, you may require that the information be supplemented.
Read more about the right to correct or supplement information on The Norwegian Data Protection Authority website.
Deletion of personal data
In certain cases you have the right to request that information be deleted. This is also called "the right to be forgotten". Unless one of the exceptions applies, you may request that U4 deletes your personal data in the following cases:
- If you exercise the right to object to the use of your information
- If the information is processed on the basis of consent and you withdraw your consent
- If the purpose of the use of the information has been achieved
- If the information has been obtained illegally
- If U4 has a duty of deletion under the law
In the above cases, U4 shall carry out deletion without undue delay and normally within one month at the latest.
The right to delete does NOT apply in the following cases (exceptions):
- The personal information is part of an expression that is protected by freedom of expression and information
- Storage is necessary for archiving in the public interest, scientific or historical research or statistical purposes. The exception only applies if deletion will make it impossible or extremely difficult to achieve the purposes.
- U4 has a duty to store your data by law (for example, pursuant to the Accounting Act or Archiving Act)
- Storage is necessary to establish, enforce or defend legal claims@
Read more about the right to delete on The Norwegian Data Protection Authority website.
Limitation of processing of personal data
In certain cases you may request that the processing of your personal data is restricted. In such cases the information can be stored by U4 but not used for anything.
Read more about the right of restriction on The Norwegian Data Protection Authority website.
Protesting against processing of personal data
If U4 is processing information about you for the purpose of legitimate interests, or for research purposes, without your consent, then you have the right to object to our processing of your personal data.
The right to protest does NOT apply in the following cases (exceptions):
- If U4 is required to process your personal data for the establishment, exercise or defence of legal claims
- If U4 has compelling legitimate reasons for processing your personal data that override the basis of your protest (balancing of interests).
Read more about the right to protest on The Norwegian Data Protection Authority website.
To exercise your rights, please contact our DPO at email@example.com.
U4 website cookies
What are cookies?
Cookies are small text files that are stored locally on your computer when you visit a website, such as www.u4.no. Cookies are a standard technology that most websites use.
Most browsers (such as Google Chrome, Safari, Internet Explorer) are set to automatically accept cookies, but you can choose to change these settings if you prefer. Doing so can cause some websites to not work optimally. See information down the page if you want to withdraw your consent or change your browser settings.
By using www.u4.no you agree that we set cookies in your browser.
U4 records statistics on the use of the website. The statistics are a tool for improving our website, evaluating our products and services performance, as well as assessing the impact of marketing on other digital platforms. When you visit the website, the following information is recorded:
Which page you look at, and which page you come from
- If you have visited our site before
- Date and time
- Which browser you use, which device and which operating system you have
- An anonymized version of your IP address (which cannot be associated with you as a person)
The cookies are used to determine which page views belong to the same session, and to detect whether a visitor has visited the website before. We use Google Analytics to analyse visits to our website.
Which cookies do we use?
The www.u4.no website uses the following cookies from Google Analytics and from our web server application (ColdFusion).
Storage of personal data
U4 is responsible to ensure the security of the stored personal data.
Communication to third parties
U4 commit to not communicate any personal data collected to third parties. U4 being part of CMI the data collected might be shared with CMI.
Notification of policy changes
Changes to this Privacy and Data Protection policy will be communicated by email (if available) and by update on this page.