Privacy statement

The Norwegian Space Agency, represented by the Director General, is responsible for the processing of personal data in the organization. Where daily responsibilities are delegated, it is specified within each respective section. Delegation only pertains to tasks and not the responsibility itself. This statement contains information that you are entitled to when information is collected from our website and general information about how we process personal data.

The web editor is responsible for the daily handling of data on romsenter.no, unless otherwise specified. It is voluntary for visitors to provide personal information in connection with services, such as submitting questions to the Norwegian Space Agency via "feedback." The legal basis for processing is consent from individuals, unless otherwise specified.

07 Interaktiv is the data processor for the Norwegian Space Agency and is our supplier for website development and maintenance, as well as the service provider for operations.

Information collected in connection with the operation of the website is stored on dedicated servers managed by the service provider. Only the Norwegian Space Agency and 07 Interaktiv have access to the information collected. A separate data processing agreement between the Norwegian Space Agency and 07 Interaktiv regulates what information the provider has access to and how it should be processed.

Our website uses encryption with HTTPS. To ensure that a page is encrypted, you will see "https" instead of just "http" in the browser, and most browsers will also display a padlock icon. The purpose of encryption is to ensure secure data communication between the server (our website) and the client (your computer). This includes a digital certificate that is intended to prove the authenticity of the website and its sender.

The Norwegian Space Agency collects anonymized information about visitors to romsenter.no. The purpose is, among other things, to gather information about which web pages are well-visited and less-visited, how long visitors stay on the pages, where the visitors come from, and which browsers are being used.

The information is processed in anonymized and aggregated form. Anonymized means that we cannot trace the information we collect back to individual users. We collect IP addresses, but these IP addresses are anonymized in a way that only the first three groups in the address are used to generate statistics. Additionally, IP addresses are processed at an aggregated level, meaning that all data is grouped together and not processed individually.

We use Google Analytics for analytical purposes and Craft CMS as a publishing platform.

Cookies are small text files placed on your computer when you download a web page.

Storing and processing of this information is not allowed unless the user has been informed about it and has given their consent to the processing. The user should be informed about and approve which information is processed, the purpose of the processing, and who processes the information.

On this page, we use Google Analytics 4 to gather information about all users.

The _ga cookie is set to identify unique users. This cookie is used to recognize you as a user when you return to the website. It stores data about what you click on and which pages you visit. Everything you do is sent in as a client ID. Google Analytics cannot recognize you as an individual person.

The _ga cookie lasts for 2 years of inactivity. Every time a user returns to the website, the _ga cookie is extended for 2 years from that date. The client ID is "browser-specific." This means that it is stored for each browser (Safari, Firefox, Google Chrome, etc.). So, a new Client ID is created for each browser you use.

The Norwegian Space Agency uses the Documaster archive system for electronic journaling and document storage. Documaster is an archive system from the supplier Documaster that complies with public standards (NOARK). The archive manager is delegated the daily responsibility for the system and manual archives, and necessary procedures have been developed for its use.

The Norwegian Space Agency processes personal data to fulfill our legal obligations under laws such as the Personal Data Act, Administrative Act, Public Access to Information Act, and Archive Act.

Various types of personal data are recorded in the archive system. These include information such as name, address, email address (basic data), and other relevant information provided in the correspondence. Registration, storage, and retention are carried out in accordance with archive legislation. The case documents may also contain sensitive personal data. As part of the legally required case processing, the Norwegian Space Agency may, in some cases, obtain information from other authorities on its own initiative as authorized by law (Section 17 of the Administrative Act).

Upon request for access, personal data is disclosed in accordance with the Public Access to Information Act and the Administrative Act. Information necessary for processing complaints will be disclosed to the Ministry of Trade, Industry, and Fisheries, which is the Norwegian Space Agency's appeals body.

Special security measures and procedures have been established for highly confidential information in the archive.

The Norwegian Space Agency is required to make its public post journals available to the public on the internet. A journal is a systematic and continuous registration of all incoming and outgoing case documents. The journals are made available on a common portal called eInnsyn. This means that there is coordination of public post journals in a publicly accessible internet service.

In the Public Access to Information Regulation § 7, cf. § 6, fourth paragraph, specific information is specified that should not be included in the public journal and journals posted on the internet. Furthermore, it is stipulated that personal names cannot be searched in the Public Electronic Post Journal (OEP) when the entry is more than one year old.

Please note that requests for access via eInnsyn are recorded in the journal.

The Norwegian Space Agency uses telephone as one of our daily work tools. Case handlers have the daily responsibility for the processing of personal data in this context. Relevant information that arises from telephone calls and email exchanges as part of case processing is logged and treated as described above under "Archive."

Incoming telephone calls to the Norwegian Space Agency are not logged; only the number of calls is registered. As for outgoing telephone calls, the 30 most recent calls are logged in the device.

The employees of the Norwegian Space Agency use email for regular communication with internal and external contacts. Each individual is responsible for deleting messages that are no longer relevant and, at least annually, reviewing and deleting unnecessary content in their email inbox. The trash folder must also be emptied. When an employee leaves the organization, their email accounts are deleted, but relevant emails are normally transferred to colleagues.

We would like to emphasize that regular email is not encrypted. Therefore, we encourage not to send confidential, sensitive, or other confidential information via email.

At the main entrance door and at the entrance to the garage facility, there is a camera that is activated when someone rings the doorbell. The images from these cameras are displayed in real-time, and the cameras do not have recording capabilities.

Records of visitors who sign in at the controlled part of the Norwegian Space Agency's premises are kept for a maximum of one year after the visit.

When registering for events organized by the Norwegian Space Agency, registration information including name, company, email address, and any allergies are stored in the email system. A list is created for internal use in a Word document. This list is used as an attachment for meeting meal payments and similar purposes in accordance with the state's financial regulations and is stored for 10 years. Otherwise, the list is deleted after a maximum of one year, both in the email system and in Word.

The Norwegian Space Agency processes personal data about its employees for the purpose of managing payroll and personnel responsibilities. The legal basis for this processing is governed by the Personal Data Act § 8, paragraphs a), b), or f), as well as § 9, paragraphs a), b), and f). The Head of the Administrative Department is responsible for this on a daily basis. Necessary information for payroll processing, such as name, address, date of birth, social security number, bank account number, tax percentage, union membership, and time registrations, is recorded. Other information about employees is related to their job description and the arrangements for their work. All current and former employees have a personnel file in our archive system. Access to these files is restricted to official needs.

Data retention procedures for personnel information comply with the Accounting Act and the Archive Act. Information about names, positions, and job areas is considered public information and may be published on our website.

In the Norwegian Space Agency's access control system, information about access to the premises is recorded. This information is only used in the event of suspected security breaches. The data is deleted after a maximum of 2 years.

All job applications are registered in the Webcruiter recruitment system. These are typically deleted approximately 6 months after the position was advertised. Applicant lists and recommendations are archived.

In addition to the Personal Data Act, several other laws have significance for the Norwegian Space Agency's processing of personal data, including:

The Public Access to Information Act with regulations contains rules for when a document is publicly accessible to the general public and when a document can be exempted from public access. The Norwegian Space Agency practices the principle of openness, which means that, to the extent possible, it aims to make documents public.

The Administrative Act contains procedural rules for how cases should be handled within the Norwegian Space Agency. Parties to the case have specific rights, including the right to access the case's documents.

The Archive Act provides rules on how archives should process and retain case documents.

The Security Act with regulations aims to facilitate the prevention of threats to Norway's independence and security, as well as other vital national security interests. It also aims to protect individual legal rights and secure trust and simplify the basis for controlling preventive security services.

Everyone who asks has the right to basic information about the processing of personal data in an organization under the Personal Data Act § 18, first paragraph. The Norwegian Space Agency has provided this information in this statement and will refer to it in case of any inquiries. Those registered with the Norwegian Space Agency have the right to access their own information. They also have the right to request that incorrect, incomplete, or information that the Norwegian Space Agency is not authorized to process be corrected, deleted, or supplemented.

The Data Protection Officer for the Norwegian Space Agency is Elin Stange Heikvam.