The Norway Portal (norway.no) is the web portal for Norway’s diplomatic and consular missions (embassies, consulates, consulates general and permanent missions).
- These missions have their own editorial teams who have an independent responsibility for their webpages on no.
- The Communication Unit in the Ministry of Foreign Affairs owns and has the overall responsibility for the portal.
- The Norwegian Government Security and Service Organisation (DSS) has responsibility for coordinating the operation and development of the portal.
The Director of DSS has overall responsibility for the processing of information that has been collected automatically. This information is needed in order to make the portal easy to use and ensure that it is secure and stable. This includes ‘cookies’, and logs of the Internet Protocol (IP) addresses of computers that connect to the portal and of traffic to and from the portal.
The processing of this information is carried out in accordance with Norway’s personal data legislation and the EU General Data Protection Regulation (GDPR), which set out technical and administrative measures, rules, and requirements regarding employees’ skills and expertise in this field.
When you visit norway.no, your IP address is registered. This is necessary in order for you to be able to connect with the portal. DSS has a legitimate interest in logging traffic to the portal in order to identify or prevent any undesirable activity directed towards the portal. These logs can be used to help prevent illegal access to electronic communication networks and the spreading of malwares (malicious codes), and can also be used to help stop Denial-of-Service attacks and prevent damage to computers. Traffic is only logged to the extent strictly necessary and proportionate for the purposes of ensuring network and information security.
Personal data is electronically held at the following locations:
- In firewall logs. The information that is held includes the timestamp, source IP address, destination IP address, and destination port number for all visitors to the site. This information is held for one month.
- In back-ups of logs. These back-ups are stored separately, and contain the same personal data as the firewall logs. The information is held for as long as appropriate for the service concerned.
In Norway, the logs are stored by the portal service provider, Evry, with which DSS has a data processing agreement. The logs may only be passed on to others by Evry with the approval of DSS, and as a rule this only happens in connection with criminal investigations.
The portal norway.no uses the F5 Silverline DDoS Protection service for protection against Denial-of-Service attacks. This service directs all traffic through network points (cloud-scrubbing centres) that remove malicious traffic. The personal data that is used in this process is the user’s IP address. This IP address is only used for establishing a connection between the portal norway.no and you as user. Aggregate data, from which all information that could identify an individual user is removed, may be used to develop new functionality and new products, and for market research.
Cookies do not entail any security risk for you, but you can at any time block the storage of cookies on your machine.
The cookie ‘ASP.NET_SessionId’ is a ‘session cookie’, which is used to store a unique identifier for your visit to the portal. It is required if the portal norway.no is to work on your machine, and is generated when the site is loaded and erased when you close your browser.
DSS collects information about visitors to websites. Statistics are used to improve and further develop webpages. We use the tools Google Analytics and Google Tag Manager to analyse the information collected.
The statistics can, for example, tell us:
- how many people visit the various pages;
- how long each visit lasts;
- which websites the users come from; and
- which browsers are used.
The information that is collected by Google Analytics is stored on Google’s servers in the US. This information is subject to.
The portal norway.no uses Episerver as its built-in search engine. Search words are not stored, and cannot be linked to you as user.
The portal may contain personal data that is embedded in documents, for example names, titles or places of work. Metadata of this kind may also show who has been involved in producing a document. Photographs may also contain metadata, for example about where they were taken. This means that visitors to the portal can download photos and extract this information from them.
If you discover that information of this kind is visible and you want to rectify this, you should contact the relevant webpage owner.
The email addresses of people who have subscribed to newsletters from the respective embassies are stored. Recipients of the newsletters may end their subscription by using the ‘unsubscribe’ link in the newsletters.
In order for us to send you emails, you must register your email address in the portal norway.no. Your email address will be stored in the portal’s database.
DSS uses a third-party service provider, the US-based company SendGrid (www.sendgrid.com), for sending emails with links to news stories.
SendGrid meets the requirements set out in the EU General Data Protection Regulation (GDPR). The links below provide more information about SendGrid’s privacy and data protection policies:
At the end of some of the articles in the portal, you will see the question ‘Did you find what you were looking for?’
This allows you to give feedback on whether or not you found the information you were looking for. We use your feedback to improve the content on the site.
When you use the feedback function, a ‘form cookie’ is stored on your computer, but this cookie cannot be used to trace your feedback back to you.
Information is stored anonymously. We are not able to answer questions you send us via the feedback function.
We advise you not to send sensitive personal information about yourself or others through the feedback function.