Privacy Policy for Kong Arthur StudentWeb (SelfService)
Last modified: 01.11.2023
SelfService is a web application that allows you as a student to perform study administrative tasks, such as changing your own contact data and possible registration for exams. SelfService also gives you access to the information that Norwegian School of Leadership and Theology has stored about you in the study administrative system Kong Arthur Admin (KA Admin), such as contact information, exam results, and what has been sent to Lånekassen.
SelfService is linked to the study administrative system KA Admin. This means that data registered in SelfService is stored in KA Admin. Data in KA Admin is reported in various contexts to several parties/enterprises. Feel free to review the privacy policy for KA Admin. https://hlt.no/personvernerklaering-for-kong-arthur-admin-ka-admin/
This privacy policy describes how Norwegian School of Leadership and Theology handles your personal information in the KA Admin data system. The purpose of this privacy policy is to inform you about which personal data is processed, how they are processed, who is responsible for the processing, what rights you have and who you can contact.
Personal information is all forms of data, information, details, and assessments that can be linked to you as an individual. Whether a detail is considered personal information depends on whether the information can identify a specific person.
Information that alone cannot be linked to an individual can, in cases where the information occurs together with other data, constitute personal information.
Purpose
The purpose of processing personal data in SelfService is for you to be able to manage your studies at Norwegian School of Leadership and Theology.
Legal basis
The processing is grounded in the University and College Act. The processing is also necessary for Norwegian School of Leadership and Theology to fulfill its agreement with you as a student. Some processing activities are the exercise of public authority.
Which personal data is processed in SelfService and how long do we store your personal data?
The following personal data will be displayed in SelfService: name, birth number/D-number/S-number (11 digits), gender, address, phone number, email address, photo (portrait/for ID card), citizenship, educational background, application information, invoice information, registration for subjects and courses, and results.
Personal data registered in SelfService is sent to the study administrative system KA Admin. Personal data in KA Admin is initially stored indefinitely. Feel free to review the privacy policy for KA Admin. https://hlt.no/personvernerklaering-for-kong-arthur-admin-ka-admin/
Your personal data can be obtained from:
Voluntary registrations
It is voluntary for you to register/change personal information in SelfService, but if correct information is not registered, this may prevent Norwegian School of Leadership and Theology from contacting you.
Registrations made without your explicit consent
In some cases, it is necessary for caseworkers at Norwegian School of Leadership and Theology to register information about you related to your studies. These data are only sent to SelfService so that you can access your data.
Disclosure or export of data is defined as any transfer of data other than to one’s own system/treatment or to the registered individual themselves or someone who receives the data on their behalf.
Norwegian School of Leadership and Theology may disclose or export data containing personal data to other systems, i.e. external data processors, in cases where it is deemed necessary.
Your personal data will not be disclosed to countries outside the EU/EEA, or any international organizations.
Your personal data may be disclosed to the following parties/enterprises:
SelfService is developed/operated by NN. Employees at NN who need it for their job will have access to your personal data. This is to be able to provide user support and any error correction in the service.
Personal data you register in SelfService are sent to the study administrative system KA Admin. See the privacy policy for KA Admin for more details on which enterprises receive personal data from KA Admin https://hlt.no/wp-content/uploads/2018/06/Personvernerklæring-for-Kong-Arthur-Admin_HLT.pdf
Norwegian School of Leadership and Theology regularly conducts risk and vulnerability analysis to secure your personal data in SelfService. In addition, security measures, such as access controls, have been implemented to prevent more employees than necessary from accessing your personal data.
Only Norwegian School of Leadership and Theology employees who need your personal data to perform their duties have access to them. Access is controlled via access controls in SelfService.
Right of Information and Access
You are entitled to receive information about how Norwegian School of Leadership and Theology processes your personal data. This privacy statement is intended to provide the information you are entitled to receive.
You also have the right to view/access all personal data registered about you at Norwegian School of Leadership and Theology. You are also entitled to receive a copy of personal data about you, if you wish.
Right of Correction
You have the right to have incorrect personal data about you corrected. You also have the right to have incomplete personal data about you supplemented. If you believe we have registered incorrect or incomplete personal data about you, we ask you to contact us. It is important that you justify and possibly document why you believe the personal data is incorrect or incomplete.
Right of Restrict Processing
In some cases, you may be entitled to request that the processing of your personal data be restricted. Restriction of personal data means that the personal data is still stored, but the possibilities for further processing are limited.
If you believe that the personal data is incorrect or incomplete, or have filed an objection to the processing (see more about this below), you have the right to demand that the processing of your personal data be temporarily restricted. This means that the processing is restricted until we have possibly corrected your personal data, or have assessed whether your objection is justified.
In other cases, you can also demand a more permanent restriction of your personal data. To have the right to demand restriction of your personal data, the conditions in the Personal Data Act and GDPR Article 18 must be met. If we receive a request from you for restriction of personal data, we will assess whether the legal requirements are met.
Right of Deletion
In some cases, you have the right to demand that we delete personal data about you. The right to deletion is not an unconditional right, and whether you have the right to deletion must be assessed in light of applicable privacy laws, that is, the Personal Data Act and GDPR. If you wish to have your personal data deleted, we ask you to contact us. It is important that you justify why you want the personal data to be deleted, and if possible also inform which personal data you wish to have deleted. We will then assess whether the conditions for demanding deletion in the law are met. Be aware that the law in some cases allows us to make exceptions from the right to deletion. For example, this will be the case when we are required to store the personal data to fulfill a task we are obliged to under the University and College Act, or to safeguard important societal interests such as archiving, research, and statistics.
Right to Object
You may have the right to object to the processing, that is, protest against the processing, if you have a specific need to stop the processing. E.g., if you have a protection need, confidential address, or similar. The right to object is not an unconditional right, and it depends on what is the legal basis for the processing, and whether you have a specific need. The conditions are set out in GDPR Article 21. If you file an objection to the processing, we will assess whether the conditions for filing an objection are met. If we conclude that you have the right to protest against the processing, and that the objection is justified, we will stop the processing and you will also be able to demand deletion of the information. Be aware that in some cases we may still make exceptions from deletion, e.g., if we are required to store the personal data to fulfill a task we are obliged to under the University and College Act, or to safeguard important societal interests.
Right to Complain About Processing
If you believe we have not processed personal data in a correct and lawful manner, or if you believe we have failed to fulfill your rights, you have the opportunity to complain about the processing. You can find information on how to contact us in section 9.
If we do not uphold your complaint, you have the opportunity to submit the complaint to the Data Protection Authority. The Data Protection Authority is responsible for ensuring that Norwegian enterprises comply with the provisions of the Personal Data Act and GDPR in the processing of personal data.
Data Controller
Norwegian School of Leadership and Theology is the data controller for personal data in SelfService, cf. the Personal Data Act § 2 no. 4 and §19 a. If you wish to exercise your rights mentioned in section 8 above, you can contact us at post@hlt.no. We will process your inquiry without undue delay, and within 30 days at the latest.
Data Protection Officer
Norwegian School of Leadership and Theology has a Data Protection Officer who is responsible for protecting the privacy interests of both students and staff at Norwegian School of Leadership and Theology. The Data Protection Officer for administrative processing of personal data at Norwegian School of Leadership and Theology can be reached via email: post@hlt.no.
Service Provider
NetNordic Norway (NN) is the service provider of SelfService. This means that NN develops and manages, and has the daily responsibility for the operation of SelfService. Through this work, selected individuals at NN have access to all personal data that is registered in SelfService, and with that also personal data sent to and from KA Admin.
Contact information for NN: NO-GDPR@netnordic.com
