Privacy statement for BISO
contractors, as well as stakeholders and visitors to BISO’s website, services and applications.
The statement applies to the following services:
- BISOs applications such as Google Play and App store
Contact information for BISO
BISO is responsible for handling your personal data. If you have questions about the treatment or want to get in touch with us to exercise your rights, you will find our contact information below:
BISO – BI Student Organization
Address: Nydalsveien 37
Postcode/location: 0484, Oslo
Organization number: 987713380
E-mail address: firstname.lastname@example.org
What is considered personal data?
A privacy statement must provide information about what personal data is collected and how the personal data is processed, as well as the rights associated with this processing.
Personal data is defined as information that alone or together with other information can be used to identify, locate or contact a person . Information, which alone cannot be linked to an individual, may in cases where the information occurs together with other data still constitute personal information. Examples of personal data are name, telephone number and e-mail address.
BISO is the data controller.
Processing of personal data involves all forms of handling personal data, such as data collection, analysis, registration, and storage. Who determines the purpose of processing personal data and which information is requested is the data controller. It is the data controller who is responsible for the handling of your personal data in accordance with the applicable Personal Data Act.
BI Student Organization – BISO – is responsible for processing personal data that is collected and processed by BISO, cf. the EU’s Personal Data Protection Regulation (GDPR) article 4 no. 7. The general manager is the overall controller for the processing of personal data at BISO.
Purpose and background for processing personal data.
BISO, as the controller, determines the purpose of the processing of personal data. All processing of personal data must have a specific, expressly stated purpose which is factually justified in BISO’s operations. This follows from GDPR article 5 no. 1b where it is stated that personal data must be collected for “specific, expressly stated and legitimate purposes”.
Personal data that is obtained and collected is consequently limited to what is absolutely necessary to fulfill the purpose of the processing. The personal data collected for one specific purpose cannot later be used for another purpose. A new assessment will then have to be made as to whether there is a processing basis for a possible new purpose.
What does BISO offer its members?
BISO wants to be a welcoming, inclusive and diverse arena for the students at BI. We therefore work to offer our members an opportunity to maximize their student life with the help of our main pillars;
- Safety and Benefits
- Career Advantage
- Social Network
For students who choose to get involved in BISO, we want to offer a good working environment with many different people. The tasks are varied, sometimes demanding and not least fun and educational. Committed students are left with relevant experience, a complementary CV and a large network.
Cookies are small text files that are placed on your computer when you download a website.
Storage of information and processing of this information is not permitted unless the user has both been informed about and has given his consent to the collection. The information on how BISO collects the user’s data must be easily accessible by the user, and the information on about how the data is processed, and what the purpose of the collection is should be just as accessible.
General information collection. What kind of information do we collect?
When you apply for a position via the recruitment portal, order a service or product, become a member, or visit our application/website, you may be asked to provide information. Depending on the situation, we may request the following personal data:
- E-mail address
- Telephone number
- S number
- Position or area of responsibility
- Other information such as in-depth questions or answers to forms/surveys
- Technical information: which web address you use to access our website, your IP address and user behaviour, browser type, language and information about identification and operating system.
What does BISO record when you visit our websites?
When you visit our website, information about you is recorded. Below you can read a list of what information we register when you visit our website.
- When purchasing a product through the online store, we register the following:
- First name and last name
- Telephone number
- Postal code
- Post office
- When filling in the “Apply selection” form (vervsportalen), we register the following:
- First name and last name
- Telephone number
- Stripe: Read Stripe’s privacy statement
- Cookies: Read what cookies are
What does BISO collect when you register in our application?
By registering a user account in our application, you consent to BISO collecting personal data about the user. The data is used to speed up reimbursement submissions by auto filling fields based on your identity. When the user submits a request for expense/reimbursement, BISO uses the stores the personal data, to be able to payout the due reimbursement.
Below is a list of personal data we collect through registering an account in the application:
- First and last name
- Phone number
- Postcode and city
- Bank account number
Legal basis for processing personal data. Consent via Terms & Conditions.
In order to process personal data, in addition to the purpose, there must be a legal basis. The general requirement for a legal basis follows from GDPR Article 6. For the processing of sensitive personal data, an additional legal basis regulated in GDPR Article 9 is required. The legal basis must be fulfilled before the processing of personal data begins.
When you as a user accept our Terms & Conditions, an agreement has been entered between the user and BISO, and there is consent. Consent means that BISO has a legitimate reason to send the user information. This is equated with consent in accordance with the Marketing Act as the law is in Norway.
You can withdraw your consent for us to process your personal data at any time. If you withdraw your consent, we will remove the information we have about you. However, this will mean that any memberships will be cancelled. We therefore point out that any deletion of information by us may affect the delivery of information within the framework of the customer relationship, as well as affect ongoing dialogues.
Information from other sources.
When you agree to us processing your personal data, you also approve that we can register other information about you that you have given us on a previous occasion. Based on publicly available information, we can also supplement your registered information with additional contact information. If you are a customer of ours, we can also add additional contact information to your information, which you have registered with us via e.g. e-mail, the employment portal, the website or membership in the BI Student App as well as BISO app. Other information that is necessary for the services you will use may also be stored.
The security of your personal data.
BISO.no has strict routines and measures to secure your personal data. Information will only be disclosed/transferred to others in a secure manner. If the data subject submits the request electronically, and unless the data subject requests otherwise, the information must be provided in a normal electronic form.
BISO.no uses HTTPS communication (HTTP over TLS / HTTP over SSL / HTTP Secure ) for encrypted and secure transmission of data between you and us.
The purpose of the processing of the personal data?
The information you provide is used for the following purposes:
- Sales and marketing activities in the form of direct e-mail contact.
- Customer care and information about our products
- For obtaining statistics and information on user behavior to ensure improvement of both the website, membership, the application and the user experience itself.
- So that we can give you a more personal experience and deliver products and other content that interests you and strengthens your student life
We ask for your personal data in order to:
- Respond to inquiries and/or requests
- Sending the desired material, or other ways of being able to fulfill our obligations in return for you submitting your information
- Create and maintain a dialogue
- Sending information that may be of interest to you
- Add yourself to the e-mail list for updates, news in the membership, newsletters and other content that may be of interest to you
If we are to use the personal data for a purpose other than that for which it was collected, the obligation to provide information will start again and we must then state what the new purpose is and give parts of the information to the recipient again.
Consent to email correspondence, direct marketing and further contact.
When you consent to us processing your personal data in accordance with the above-mentioned purposes, you consent to the following:
- We process your personal data in accordance with this personal statement
- We process your personal data in accordance with Norwegian law
- We may send you direct marketing via email about our products and services
- We may contact you by email. You can opt out of further e-mails by following the links at the bottom of our e-mails, or by contacting us directly
With whom can the information be shared?
Information provided will be available to a limited number of people in the organisation, who either hold a position within IT, Marketing, Consulting or customer support. The general manager, student assistants and permanent staff will also be granted access.
Information sharing with third parties
We do not sell your personal data to third parties. If there is an ongoing sale or customer dialogue between you, us and any of our partners, we share information such as:
- Type of membership
If you have registered your information in connection with an event that is carried out together with an external party, we may transfer the same categories of personal data as indicated above.
We obtain your information from others
Primarily, BISO processes personal data provided by you. In addition to information provided by you, we can also obtain further information from the Business School BI’s register. If there is a need for further personal information about you for necessary processing, this will be collected from various public authorities depending on your role and function.
Where is the information stored?
BISO stores information about the user according to the regulations stated in this policy.
Below is a list of where data about the user is stored from our websites:
- no: Our database where we store user information from our websites.
- Google Analytics: Statistical data about the websites, application, and its users to provide BISO with accurate data about users’ overall behavior.
- Google Firebase: Our database for mobile applications, such as the BISO application. We store user information detailed above.
General information about your rights.
You have the right to receive information about what information we have about you. You can also demand that we correct incorrect information or delete your information.
If you wish to withdraw your consent or demand an overview of information, correction or deletion, contact us at the e-mail address we have specified under the section for contact information. If you want to move information, we can also help you with that.
What rights do you have as a registered user?
The registered person is the person to whom the personal data can be linked. The processing of personal data must involve as little intervention as possible for the individual registered, based on what is practically, technically and economically possible. As registered, you therefore have important rights that must be safeguarded.
Right to information
Right to access
You have the right to know which personal data BISO processes about you. If you request access, you will receive a copy of your personal information, for what purposes it is used and whether the information has been passed on and to whom.
If for reasons of protection of other persons or uncovering violations of laws and regulations, BISO cannot in some cases give you access if this is necessary and the conditions for it are met.
Right to correction/rectification of errors
If you update that BISO has registered incorrect, out-of-date or incomplete information about you, you have the right to have this corrected or updated. If correction of errors concerns information submitted by others, inquiries about errors must be directed to the source.
Right to deletion
You have the right to demand that we delete personal data about you. If you wish to have your personal data deleted, please contact email@example.com . When making an inquiry, it is important that you justify why you want the personal data to be deleted, as well as state which personal data you wish to have deleted.
The legislation gives BISO the opportunity to make exceptions to the right to erasure. For example, this will be the case when we process personal data to fulfill a statutory task, or to safeguard important societal interests such as archiving, research and statistics.
Right to object/raise a protest
You have the right to file an objection or object to the processing of your personal data under certain conditions, if the processing is based on legitimate or public interest, or the exercise of public authority. An example is processing that involves direct marketing, profiling or if it is done with a view to scientific/historical research or statistics.
Right to limitation
In some cases, you may have the right to demand that the processing of your personal data is to be restricted. Limited processing means that the personal data is still stored, but that it cannot be used for anything. You can find more about the right to restriction at the Norwegian Data Protection Authority.
Right to complain about the treatment
If you believe that BISO has not processed the personal data in a correct and legal manner, or if you believe that we have not been able to fulfill your rights, you have the opportunity to complain about the processing.
If you believe that BISO processed your personal data in breach of the regulations or if you wish to make use of your rights, you can send the inquiry to firstname.lastname@example.org . The data protection officer must look after the data protection interests of stakeholders, students and employees of BISO.
If we do not accept your complaint, you have the opportunity to submit the complaint to the Norwegian Data Protection Authority. The Norwegian Data Protection Authority is responsible for checking that Norwegian businesses comply with the provisions of the Personal Data Act and the Personal Data Protection Regulation when processing personal data.
How long is the information stored?
We only process the personal data for as long as it takes to fulfill the purpose of their collection, after which we delete the information.
If you have an active membership or an active position with us, we will take care of your information for 6 months from the last contact; then we remove the information we have about you. An active dialogue is defined as that you have interacted with BISO, via e-mail, by answering e-mails, downloaded material or bought products in the webshop, registered via the registration portal, have an active membership with us or have held an active positions in the last 6 months .
If you have consented to the processing of your personal data in connection with the fact that you have accepted regular e-mails and updates, we will continue to process your personal data until you terminate your membership. We then store your personal data for 6 months before deleting the information.
In the event that you are employed by BISO or a business that is a customer of ours, we process your information within the scope of customer processing. For active customer relationships, we process your information until (1) you terminate your position in the business, or (2) the business no longer has an active customer relationship with us. When a customer relationship ends, the terms for storing and processing information change to the same terms as described in the previous sections. If you end your employment with BISO or the business in question, you yourself are responsible for letting us know so that we can delete your information. If BISO does not receive such a message, we consider this to be consent to the further storage of your information.
Processing of e-mail correspondence
We use e-mail, ID/s number and telephone as part of the daily work. Relevant information that emerges from telephone conversations and e-mail exchanges that take place as part of customer processing is registered in the customer system.
Our employees also use e-mail in general dialogue with internal and external contacts. The individual is responsible for deleting messages that are no longer relevant, and at least every year to review and delete unnecessary content in the e-mail box. This is carried out by replacing the office role. Upon resignation, e-mails are deleted, but certain relevant e-mails will normally be transferred to colleagues.
Sensitive personal data must not be sent by e-mail.
We draw your attention to the fact that regular e-mail is unencrypted. We therefore do not encourage you to send confidential, sensitive or other confidential information via e-mail.