Salta al contenuto principale
Norway The Norwegian Ministry of Foreign Affairs

Privacy notice for the Norway Portal (www.norway.no)

The Norway Portal (norway.no) is the web portal for Norway’s diplomatic and consular missions (embassies, consulates, consulates general and permanent missions).

Anchors:
Logging / monitoringStatistics / analysis | Searches | Metadata | Newsletter | Feedback | 

Processing of VIS data.

Responsibility

The Norway Portal (norway.no) is the web portal for Norway’s diplomatic and consular missions (embassies, consulates, consulates general and permanent missions).

  • These missions have their own editorial teams who have an independent responsibility for their webpages on no.
  • The Communication Unit in the Ministry of Foreign Affairs owns and has the overall responsibility for the portal.
  • The Norwegian Government Security and Service Organisation (DSS) has responsibility for coordinating the operation and development of the portal.

The Director of DSS has overall responsibility for the processing of information that has been collected automatically. This information is needed in order to make the portal easy to use and ensure that it is secure and stable. This includes ‘cookies’, and logs of the Internet Protocol (IP) addresses of computers that connect to the portal and of traffic to and from the portal.

The processing of this information is carried out in accordance with Norway’s personal data legislation and the EU General Data Protection Regulation (GDPR), which set out technical and administrative measures, rules, and requirements regarding employees’ skills and expertise in this field.


Logging and monitoring

When you visit norway.no, your IP address is registered. This is necessary in order for you to be able to connect with the portal. DSS has a legitimate interest in logging traffic to the portal in order to identify or prevent any undesirable activity directed towards the portal. These logs can be used to help prevent illegal access to electronic communication networks and the spreading of malwares (malicious codes), and can also be used to help stop Denial-of-Service attacks and prevent damage to computers. Traffic is only logged to the extent strictly necessary and proportionate for the purposes of ensuring network and information security.

Personal data is electronically held at the following locations:

  • In firewall logs. The information that is held includes the timestamp, source IP address, destination IP address, and destination port number for all visitors to the site. This information is held for one month.
  • In back-ups of logs. These back-ups are stored separately, and contain the same personal data as the firewall logs. The information is held for as long as appropriate for the service concerned.

In Norway, the logs are stored by the portal service provider, Evry, with which DSS has a data processing agreement. The logs may only be passed on to others by Evry with the approval of DSS, and as a rule this only happens in connection with criminal investigations.

F5 Silverline

The portal norway.no uses the F5 Silverline DDoS Protection  service for protection against Denial-of-Service attacks. This service directs all traffic through  network points (cloud-scrubbing centres)  that remove malicious traffic. The personal data that is used in this process is the user’s IP address. This IP address is only used for establishing a connection  between the portal norway.no and you as user. Aggregate data, from which all information that could identify an individual user is removed, may be used to develop new functionality and new products, and for market research.

Cookies

Like most other websites, norway.no uses cookies. Cookies are small text files that are placed on your computer by websites that you visit. DSS uses cookies for various purposes, including statistics, technical monitoring, and technical functionality. The storage and processing of information that has been collected by cookies is not permitted, unless the user has been informed and has consented to this. Under section 2-7b of the Electronic Communications Act, the user must be informed about the information that is to be processed, what the purpose is, and who will be processing the information, and the user must consent to this.

Cookies do not entail any security risk for you, but you can at any time block the storage of cookies on your machine.

The cookie ‘ASP.NET_SessionId’ is a ‘session cookie’, which is used to store a unique identifier for your visit to the portal. It is required if the portal norway.no is to work on your machine, and is generated when the site is loaded and erased when you close your browser.


Statistics and analysis

DSS collects information about visitors to websites. Statistics are used to improve and further develop webpages. We use the tools Google Analytics and Google Tag Manager to analyse the information collected.

The statistics can, for example, tell us:

  • how many people visit the various pages;
  • how long each visit lasts;
  • which websites the users come from; and
  • which browsers are used.

Google Analytics and Google Tag Manager both use cookies that register users’ IP addresses, and that provide information on the individual user’s browsing activity. DSS anonymises the user’s IP address before this information is stored and processed by Google. This means that the IP address cannot be used to identify the individual user. In addition, the IP addresses are processed at the aggregate level, i.e., all the data is processed in groups, not at the individual level.

The information that is collected by Google Analytics is stored on Google’s servers in the US. This information is subject to.


Searches

The portal norway.no uses Episerver as its built-in search engine. Search words are not stored, and cannot be linked to you as user.


Metadata

The portal may contain personal data that is embedded in documents, for example names, titles or places of work. Metadata of this kind may also show who has been involved in producing a document. Photographs may also contain metadata, for example about where they were taken. This means that visitors to the portal can download photos and extract this information from them.

If you discover that information of this kind is visible and you want to rectify this, you should contact the relevant webpage owner.


Newsletters

The email addresses of people who have subscribed to newsletters from the respective embassies are stored. Recipients of the newsletters may end their subscription by using the ‘unsubscribe’ link in the newsletters.   

In order for us to send you emails, you must register your email address in the portal norway.no. Your email address will be stored in the portal’s database.

DSS uses a third-party service provider, the US-based company SendGrid (www.sendgrid.com), for sending emails with links to news stories.

SendGrid meets the requirements set out in the EU General Data Protection Regulation (GDPR). The links below provide more information about SendGrid’s privacy and data protection policies: 


Feedback function

At the end of some of the articles in the portal, you will see the question ‘Did you find what you were looking for?’

This allows you to give feedback on whether or not you found the information you were looking for. We use your feedback to improve the content on the site.

When you use the feedback function, a ‘form cookie’ is stored on your computer, but this cookie cannot be used to trace your feedback back to you.

Information is stored anonymously. We are not able to answer questions you send us via the feedback function.

We advise you not to send sensitive personal information about yourself or others through the feedback function.


Processing of personal data in relation to your visa application

The Visa Information System (VIS) is a central IT-system for all Schengen-countries. The system contains personal information of persons who apply for a short stay Schengen-visa.

The collection of your personal data required by the standardized Schengen application form, the taking of your photograph and the taking of your fingerprints are mandatory for the examination of your visa application. Failure to provide such data will result in the application being inadmissible.

The authority responsible for processing the data in Norway is the Norwegian Directorate of Immigration (see contact details below).

The legal basis for the collection and processing of your personal data is set out in Regulation (EC) No 767/2008 (VIS Regulation), Regulation (EC) No 810/2009 (Visa Code) and Council Decision 2008/633/JHA, the Norwegian Immigration Act article 83 a., and the General Data Protection Regulation Article 6.1 (c), 6.1 (e), and 9.2 (g).

The data will be shared with the relevant authorities of the Member States[1] and processed by those authorities for the purposes of a decision on your visa application.

The data and data concerning the decision taken on your application or a decision whether to annul, revoke or extend a visa issued will be entered into, and stored in the Visa Information System (VIS) for a maximum period of five years, during which it will be accessible to the visa authorities and the authorities competent for carrying out checks on visas at external borders and within the Member States, immigration and asylum authorities in the Member States for the purposes of verifying whether the conditions for the legal entry into, stay and residence on the territory of the Member States are fulfilled, of identifying persons who do not or who no longer fulfil these conditions, of examining an asylum application and of determining responsibility for such examination. Under certain conditions the data will be also available to designated authorities of the Member States and to Europol for the purpose of the prevention, detection and investigation of terrorist offences and of other serious criminal offences.

Your personal data might also be transferred to third countries or international organisations for the purpose of proving the identity of third-country nationals, including for the purpose of return. Such transfer may only take place under certain conditions[2]. You can contact the authority responsible for processing the data (see contact details above) to obtain further information on these conditions and how they are met in your specific case.

Under the General Data Protection Regulation[3] and the VIS Regulation[4], you are entitled to obtain access to your personal data, including a copy of it, as well as the identity of the Member State which transmitted it to the VIS. You also have the right that your personal data which is inaccurate or incomplete be corrected or completed, that the processing of your personal data be restricted under certain conditions, and that your personal data processed unlawfully be erased.

You may address your request for access, rectification, restriction or erasure directly to the Norwegian Directorate of Immigration. In order to request access, please fill in the form Request for access to information on the Visa Information System (VIS). You may download the form here.

Please send the filled in form directly to the Directorate of Immigration either by post or e-mail:

Utlendingsdirektoratet
P.O. Box 2098 Vika
NO-0125 Oslo
Norway
E-post: visumservice@udi.no

Further details on how you may exercise these rights, including the related remedies according to the national law of the State concerned, are available on its website and can be provided upon request.

You may also address your request to any other Member State.

You are also entitled to lodge at any time a complaint with the national data protection authority of the Member State of the alleged infringement, or of any other Member State, if you consider that your data have been unlawfully processed.

The data protection authority of Norway is:

Datatilsynet
P.O. Box 458 Sentrum
NO-0105 Oslo
Norway
www.datatilsynet.no

Please refer to the competent visa authority for information on the processing of other personal data that may be necessary for the examination of your application.

[1] The Immigration Authorites of the Member States

[2] Article 31 of Regulation (EC) No 767/2008 (VIS Regulation)

[3] Articles 15 to 19 of Regulation (EU) 2016/679 (General Data Protection Regulation)

[4] Article 38 of Regulation (EC) No 767/2008 (VIS Regulation)