• What is personal data?

  Personal data

  Personal data is defined as all information and assessments that can be linked to you as an individual. This typically includes your name, address, telephone number, email address and national identity number. Both images and audio recordings can also be classed as personal data. You can read more about what is defined as personal data on the Norwegian Data Protection Authority’s website or in the EU’s General Data Protection Regulation (GDPR).

  Processing of personal data

  This covers all operations that are performed on personal data, such as collecting, recording, using, deleting, anonymization or disseminating.

  Special categories of personal data

  Special categories of personal data cover information on race or ethnic origin, political views, religion, philosophical beliefs or trade union membership, as well as information related to genetics and biometrics for the purpose of uniquely identifying a natural person, health data or information about a natural person’s sexual relationships or sexual orientation.

• What projects does the procedure cover?

  This procedure applies to all research projects and student projects at VID who will process personal data in their research.

• Who is responsible for processing personal data in research at VID?

  Overall responsibility

  The rector is the data controller at VID, and as such has overall responsibility for all administrative and research-related processing of personal data.

  The day-to-day responsibility for processing personal data lies with the pro-rector for research.

  Responsibility of the researcher/project leader

  The project leader for each research project has day-to-day responsibility for compliance in terms of procedures and legislation. In connection with student projects, responsibility lies with the appointed supervisor. PhD students are project leaders for their own project.

  You can read more about the project leader’s responsibility in the Guidelines for processing personal data in research and student projects at VID Specialized University (pdf).

  Responsibility of the student

  The student is bound by confidentiality and is responsible for compliance with the procedure and for carrying out the project in accordance with the notification form submitted to Sikt.

  Responsibility of the faculty

  The dean shall ensure that the individual researcher or supervisor has been informed about the procedure and has received the relevant training. The project leader must report any non-compliance to the pro-rector as soon as possible in order to limit any adverse effects this could have.

• Safeguarding the security of information during execution of the project

  As a student or project leader, you are expected to process personal data with due care. Guidelines for processing personal data in research and student projects at VID Specialized University (pdf) provides detailed instructions on how to do this.

  The most important points are that you

  1. work on a secure computer, i.e. one with password protection and antivirus software;
  2. ensure safe storage of computers, audio recorders, cameras and other storage media, and preferably in a locked cabinet in cases where they contain personal data;
  3. only record sound/images on mobile phones that are equipped with approved encryption software;
  4. are not connected to the internet when processing personal data. If you are working on your own laptop, either use an encrypted memory stick or encrypt the files on your laptop; and
  5. consider using VID’s scheme for hiring audio recorders.
• Important to know

  Information and consent

  Researchers are generally required to provide information to the persons they will be obtaining information on. NSD/Sikt has prepared a template for information letter and consent.

  All processing of personal data must have a legal basis, also called basis for processing. The most common practice in research is to obtain consent, but there are also other legal bases.

  Notifying the project to Sikt

  VID has a duty to register and document the processing of personal data in research. Sikt data protection services must be notified of all research projects that entail the processing of personal data as defined in this procedure. In order to ascertain whether your project is notifiable, see Sikt's website: Notification Form for personal data.

  Data processor agreement

  If, in your role as a researcher at VID, you outsource all or part of the processing of personal data to an external party, this party is defined as the data processor. Relevant tasks for a data processor can include data collection and processing through digital questionnaires, transcription, etc. A data processor agreement sets out how the responsibility for personal data should be distributed and safeguarded. VID’s template for data processor agreements is available from the data protection officer: personvernombud@vid.no.

  Access

  Requests for access should be sent to the project leader or supervisor, who must respond to the request without undue delay and within a maximum of 30 days.

  Disclosure of personal data

  Personal data in research and student projects must not be disclosed to third parties. Disclosures of this nature require the approval of VID. Send an email to personvernombud@vid.no for further information.

  Storage of personal data upon completion of the project

  As a general rule, personal data should be deleted upon completion of the project. If personal data is to be retained after the project is completed, Sikt must be informed of this in the notification form. Data stored after the end of the project is subject to VID’s assessment and approval.

• Who can I contact?
  • If you have questions concerning the practical implementation of procedures, please contact: personvernforskning@vid.no
  • For questions about research data management: forskningsdatahandtering@vid.no
  • General questions about privacy protection should be directed to: personvernombud@vid.no

Personvernerklæringer der andre er behandlingsansvarlige

• Brage (VID:Open)

  Brage is a service in which academic articles, student dissertations, writing series and other material produced by an institution (data controller) can be archived and made freely accessible. The institution records and maintains the content, and configures the distribution rules for the material. Brage provides access to the institution’s open material via open interfaces, with the aim of making the material known to and searchable by the outside world and of promoting indexing in search engines and search portals. Brage also imports material that the institution has obtained from other data sources.

  The service does not permit the processing of sensitive personal data.

  Sikt’s privacy policy.

• Cristin

  Cristin (current research information system in Norway) is a national research information system that endeavours to collect and provide access to information about Norwegian research, simplify research administration tasks by facilitating the re-use of research data, and oversee the reporting of scientific publications to the Ministry of Education and Research and the Ministry of Health and Care Services (NVI reporting).

  See privacy policy for Cristin

• Nettskjema

  Nettskjema is a secure solution for data collection. Online forms can be used to create questionnaires, registrations and multiple-choice tasks.

  See privacy policy for Nettskjema (in Norwegian)

• Zoom

  Zoom is a video conferencing platform that can be used for video conferencing meetings, audio conferencing, webinars, meeting recordings, and live chat.

  See privacy policy for Zoom (in Norwegian)

• Sikt

  Sikt – Norwegian Agency for Shared Services in Education and Research was established on 1 January 2022 through a merger between NSD (Norwegian Centre for Research Data AS),Uninett AS, and Unit – the Directorate for ICT and Joint Services in Higher Education & Research.

  Sikt’s privacy policy.