To main content
Norsk
Home

Privacy policy

This individual privacy protection declaration explains how NIVA collects and uses personal information. The intention is to give you general information about our processing of personal information. The Norwegian Institute for Water Research (NIVA) is responsible for the processing of private information which we collect and store.  

Contents in the privacy policy

  • When does NIVA collect personal information?
  • What is registered when you use our website?
  • What is registered when you are in contact with us?
  • Information about job applicants and employees 
  • Rights
  • Information security

When does NIVA collect personal information?

We primarily process information which you have provided us for one of these reasons:

  • You are (employed with) a potential or active customer
  • You are (employed with) a potential or active partner in cooperation
  • You are (employed with) an authority related to our activities
  • You have signed up for a seminar, course or workshop
  • You subscribe to our newsletter
  • You have applied for a job here
  • You have an employee relationship with NIVA

NIVA can also receive information indirectly by:

  • An employee has submitted your name as their closest relative
  • A job applicant has named you as a reference

What is registered when you use our website?

We want to process as little personal data as possible when you use our website. That's why we have chosen Fathom Analytics for our website analytics, which does not use cookies and complies with GDPR, ePrivacy (including PECR), COPPA and CCPA. When using this privacy-friendly analytics software, your IP address is processed only briefly and we (who operate the website) have no way of identifying you. In accordance with the CCPA, your personal data is de-identified.

The purpose of using this software is to understand our website traffic in the most privacy-friendly way possible so that we can continuously improve our website and our business. The lawful basis under the GDPR is "Article 6(1)(f); where our legitimate interests are to continuously improve our website and our business." According to the explanation, no personal data is stored over time.

What is registered when you are in contact with us?

Email and telephone

Email to post@niva.no is reviewed and prospectively relayed to relevant receivers. We ask you to refrain from sending sensitive personal information or information needing protection via email, unless the information is in a password protected/encrypted enclosure. Email to post@niva.no is stored for a maximum of 5 years.

Telephone conversations (telephone numbers of caller and recipient, as well as the time of the conversation) is logged in a telephone central. This log is necessary for the administration and operations of the system and this information is erased after 3 months.  

Visitors

Visitors who are allowed on their own to NIVA premises must sign a confidentiality statement and when necessary obtain an access card for visitors. The list of visitors’ access cards and signatures committing them to confidentiality is stored for two years after the end of a visit.  

Other visitors register themselves in a digital log at the entrance/reception, where the information is erased after 3 months.

Scientific discipline and customer system

Various elements of personal information in NIVA’s system for the documentation of project work and financial data are registered. This is basic data such as name, telephone number, email, residential address and billing address. The registration and storage are in accordance with archiving laws. The information that is stored is needed to fulfil the interests of the principal (tendering offers, entering customer contracts, invoicing) or following up obligations to partners in cooperation, authorities, etc.  

Newsletter

NIVA published newsletters as email to those who wish this service. In order to send you a newsletter we need to register your email address. The email address will be used to send out newsletters and possibly user surveys about the newsletter to obtain feedback about what the readers need and what they think interesting. The email address is stored in a special database, is not shared with others and is erased when a user cancels the subscription. An un-subscribe link is always available in the emails we send out.

Questionnaires

When NIVA issues questionnaires we will always inform about their purpose and whether they are anonymous. NIVA will not share the information with others or use the information for other purposes than named. If the survey is anonymous, NIVA will not collect information that can be linked to you. If it is not anonymous, NIVA can identify those who have answered the questionnaire. The processing of such data is in compliance with the privacy regulation article 6, no. 1a, where you agree to our processing of your information.  

When obtaining and processing personal information in research, NIVA has an agreement with NSD (Data Protection Services). NSD helps in securing and demonstrating that personal information for research purposes complies with the privacy regulations and the Personal Data Act.  

Seminars, conferences, courses

When people sign up for courses, conferences, etc., we usually require names, email addresses and similar contact information. Personal information is not used for other purposes than the form/registration is designed for.  

Webstore

Information is registered in NIVA’s webstores which are needed for payment and postage. This information is not used for any other purposes.

Information about job applicants and employees

Job applicants

We need to process information about you if you are applying for a job at NIVA in order to consider your application. Contact information, CV, education and testimonials are registered and stored in an electronic portal. Information about jobseekers is erased after 1 year.

Employees

NIVA processes information about employees in order to administer salaries and work conditions. Such treatment is necessary to fulfil our contract with the employee.  Information is only disclosed in connection with salary payments and other legal releases. Information about names, positions and fields of work can be published on our webpages.

Assignment based employment/ contractual work

Agreements about assignment based contractual work or employment are made directly NIVA’s projects. Information about salary payments are stored with a limited access, but the person’s name and contact information are stored in the project documentation for the individual project. Such information is needed to fulfil the contract to which the registered person is a party. 

Rights

All who request such have a right to basic information about the processing of personal information in a business according to the Personal Data Act § 18, 1st section. We will ensure that registered persons can count on their rights being respected on our part. This includes the right of access to information, the opportunity to correct mistakes, have certain data erased, etc. A person can also make complaints about NIVA to the Norwegian Data Protection Authority.

We shall answer requests from registered persons without undue delay (within 1 month). Requests should be sent to: post@niva.no.

Information security

NIVA has an ICT operations model in which the operations of certain systems have been delegated to external partners. All our ICT suppliers must sign a data processing agreement which regulates which information the supplier has access to and how it is to be secured and treated.