Skip to main content
Eval ENEval

Privacy policy

This privacy policy applies to:

Norwegian Agency for Exchange Cooperation (Norec)

Independent Evaluation Department of Norwegian Development Cooperation (Eval)

Eval is an independent department within Norec, with its own mandate. Eval shares administrative services with Norec, such as IT, finance, communications, and human resources. This policy is formulated for Norec as a whole and therefore also applies to Eval.

The policy explains how Norec collects and uses personal data.

It provides the information you are entitled to receive when Norec processes personal data about you, whether we obtain the data from you or from others. It describes how Norec processes personal data in accordance with the Personal Data Act and the General Data Protection Regulation (GDPR).

The statement is updated as needed. Norec is the data controller.

Data Protection Officer

If you have questions about how we process personal data, you can contact Norec’s Data Protection Officer, Linn-Helen Evensen, by email: linn-helen.evensen@norec.no.

Your rights

You have the right to request access, correction, or deletion of personal data we process about you. You can also request restriction of processing, object to processing, and demand data portability.

Read more about these rights at the Norwegian Data Protection Authority or in the Personal Data Act.

To exercise your rights, send an email to norec@norec.no. You will receive a response as soon as possible and no later than 30 days.

If you believe that Norec does not comply with the regulations, you can contact the Data Protection Officer. You also have the right to lodge a complaint with the Norwegian Data Protection Authority.

How we collect and process personal data

Norec uses Microsoft Dynamics to store personal data, send newsletters, and manage event registrations. The data is only accessible to Norec employees, who are bound by confidentiality.

Websites norec.no and noreval.no

Norec collects anonymised statistics about the use of norec.no to improve the website. This may include the number of visits, duration, traffic sources, and browser types.

The legal basis for processing is legitimate interest under Article 6(1)(f) of the GDPR.

Event registration

When you register for an event, you provide your name, workplace, and email address. For larger events, we also request your mobile number. Information about allergies and food intolerances is voluntary.

The data is used for administration and security. We may send you information before and after the event.

The data is stored so you do not have to register it again for future events. You can request deletion by contacting the Data Protection Officer.

By participating, you consent to receiving information about upcoming events and newsletters. You can withdraw your consent at any time by sending an email to norec@norec.no.

Newsletters

You can subscribe to newsletters and register for events through norec.no and noreval.no. Providing personal data when using our services is voluntary.

The legal basis for processing is consent unless otherwise stated. You give consent when you register your information, and you can withdraw it at any time by unsubscribing from the service.

Nordlo is the data processor and supplier for development, operation, and maintenance. FrontKom maintains the websites. Norec has data processing agreements with both, which also apply to any subcontractors.

Web statistics

Norec collects anonymised statistics about the use of norec.no to improve the website. This may include the number of visits, duration, traffic sources, and browser types.

The legal basis for processing is legitimate interest under Article 6(1)(f) of the GDPR.

Cookies

Cookies are small text files stored on your device when you visit the website. They are used to improve user experience and load pages faster.

You can reject cookies when you visit norec.no or noreval.no if you wish. This may affect website functionality.

Google Analytics is used on norec.no with IP anonymisation enabled.

Points of contact

Email and telephone

Norec uses email and telephone in daily work. Relevant information included in case processing is archived.

Regular email is unencrypted. We therefore recommend that you do not send sensitive or confidential information by email.

Case processing and archiving

Personal data is registered in the case and archiving system according to case type. This may include name, address, telephone number, email, and in some cases national identity number.

Norec uses Public 360° from TietoEvry, in accordance with archiving legislation and the NOARK standard. Special routines have been established for protected information.

Information in complaint cases may be disclosed to the Ministry of Foreign Affairs as the appeal body.

Whistleblowing

Norec has a whistle-blowing service for critical matters. Whistleblower reports are handled confidentially and stored in a protected area in Public 360°. Access is strictly limited.

Personal data is archived in accordance with archiving legislation and deleted from other systems when no longer needed for official purposes.

eInnsyn (public journal)

Norec keeps a public journal of incoming and outgoing documents. The journal is published in eInnsyn. Personal names cannot be searched after one year.

Requests for access are logged.

Surveys

Norec uses Microsoft Dynamics 365 Customer Voice for surveys. The purpose and whether the survey is anonymous are always stated.

For identifiable surveys, the legal basis for processing is consent.

Job applications and recruitment

When applying for a job, personal data is processed to assess the application. Applications are handled via JobbNorge. Information about privacy is provided in the confirmation of receipt.

Data processing agreements

Norec has data processing agreements with all suppliers who process personal data on our behalf.

Other relevant legislation

The processing of personal data is also regulated by the Freedom of Information Act, the Public Administration Act, and the Archiving Act with regulations.

Definitions

The data subject is the person to whom the personal data relates. Processing of personal data means any use of personal data. The data controller determines the purpose of processing. The data processor processes data on behalf of the controller. Consent is a voluntary, explicit, and informed declaration.

Contact information — data controller

Data controller: Norec — Norwegian Centre for Exchange Cooperation

Data Protection Officer: Linn-Helen Evensen

Email: norec@norec.no

Telephone: +47 57 99 00 00

Postal address: Fjellvegen 9, 6800 Førde