Privacy policy

The purpose of this privacy policy is to describe how Chr. Michelsen Institute (CMI) processes personal data. When CMI decides why and how personal data will be processed it is the data controller and this comes with certain responsibilities and obligations. CMI shall only process personal data that is necessary and the data shall be processed in accordance with data protection legislation. 

When we process your personal data then you have several rights. Your personal data is any information that can be linked back to you. In this privacy policy we will explain: 

  • When and why CMI will process your personal data
  • What obligations CMI has when we process personal data
  • What your rights are when we are processing your personal data 


Contact CMI’s Data Protection Officer 

CMI has a Data Protection Officer to safeguard the privacy interests of all whose personal data we process. NSD – Norwegian Centre for Research Data AS is the Data Protection Officer for CMI and has a duty of confidentiality in this role. 

If you wish to inquire about what information CMI is processing about you, how your data is being processed, or wish to exercise your rights, then you can contact our Data Protection Officer via dpo@cmi.no. You are entitled to a response without undue delay, and no later than 30 days.  

Please also get in touch if you find any information in this privacy policy to be incorrect or lacking.  

 

When does CMI collect personal data? 

 
At CMI, personal data is processed for administrative purposes, for archiving purposes and for research purposes.  

In general, we will process information about you when: 

  • You have signed up for an event or subscribed to a newsletter 
  • You have been a participant in a research project or for other research purposes 
  • You have visited our websites 
  • You have been in contact with us via email or telephone 
  • You are, or have been, a student at CMI 
  • You have applied for a position with us  
  • You are, or have been, employed with us  
     

We may also process information about you in cases where you have not provided the information yourself. This may be when:  

  • A complaint or guidance case contains information about you 
  • A non-conformity matter or personal data breach contains information about you
  • An employee, student or research participant has named you as their next of kin 
  • A job applicant has provided you as a reference 
  • When previously collected data is permitted to be reused for scientific research or quality assurance or auditing purposes 

 

What are my rights? 

If you can be identified in the data being processed by CMI then you have rights. These rights could include the right to access and to receive a copy of your personal data, the right to have incorrect personal data corrected, the right to have your personal data deleted, the right to limit the processing and the right to object to the processing.  

The rights you have will depend on the basis on which your data is being processed and if any exemptions apply. Below you will find explanations of what these rights mean and what exemptions may apply.  

Note that you always have the right to send a complaint to The Norwegian Data Protection Authority about how your personal data is being processed.  
 

Access to information 

The right to access means that you are entitled to know: 

  • what type of information about is being processed by CMI 
  • how your personal data is being processed 
  • what the purpose of the processing is 
  • whether the data has been or will be disclosed to others and, if so, to whom  
  • how long the data will be stored and any procedures for erasure   
  • the extent to which you have the right to rectification, erasure, restriction of processing or to object to the processing  
  • how the information was collected 

You are also entitled to a copy of all the data that CMI is processing about you, including electronic tracking. You have the right to access without undue delay and within one month. 

Read more about the right of access here, on the website of The Norwegian Data Protection Authority.  

Correction of personal data 

In certain cases you have the right to request that incorrect information about yourself is corrected or deleted. You must be able to prove that the registered information is incorrect, and what the correct information is. 

You are entitled to rectification without undue delay and normally within one month. In cases where correction is not practicable or where the information is correct but gives an incorrect impression, you may require that the information be supplemented. 

Read more about the right to correct or supplement information here, on the website of The Norwegian Data Protection Authority.  

Deletion of personal data 

In certain cases you have the right to request that information be deleted. This is also called "the right to be forgotten". Unless one of the exceptions applies, you may request that CMI deletes your personal data in the following cases: 

  • If you exercise the right to object to the use of your information 
  • If the information is processed on the basis of consent and you withdraw your consent 
  • If the purpose of the use of the information has been achieved 
  • If the information has been obtained illegally 
  • If CMI has a duty of deletion under the law 

In the above cases, CMI shall carry out deletion without undue delay and normally within one month at the latest. 

The right to delete does NOT apply in the following cases (exceptions): 

  • The personal information is part of an expression that is protected by freedom of expression and information 
  • Storage is necessary for archiving in the public interest, scientific or historical research or statistical purposes. The exception only applies if deletion will make it impossible or extremely difficult to achieve the purposes.  
  • CMI has a duty to store your data by law (for example, pursuant to the Accounting Act or Archiving Act)  
  • Storage is necessary to establish, enforce or defend legal claims 

Read more about the right to delete here, on the website of The Norwegian Data Protection Authority.  

 

Limitation of processing of personal data 

In certain cases you may request that the processing of your personal data is restricted. In such cases the information can be stored by CMI but not used for anything.  

Read more about the right of restriction here, on the website of The Norwegian Data Protection Authority.  

 

Protesting against processing of personal data 

If CMI is processing information about you for the purpose of legitimate interests, or for research purposes, without your consent, then you have the right to object to our processing of your personal data.  

The right to protest does NOT apply in the following cases (exceptions): 

  • If CMI is required to process your personal data for the establishment, exercise or defence of legal claims  
  • if CMI has compelling legitimate reasons for processing your personal data that override the basis of your protest (balancing of interests). 

Read more about the right to protest here, on the website of The Norwegian Data Protection Authority.  

 

Use of cookies on www.cmi.no 

What are cookies? 

Cookies are small text files that are stored locally on your computer when you visit a website, such as www.cmi.no. Cookies are a standard technology that most websites use. 

The revised Electronic Communications Act of 2013, § 2-7b, "the cookie section" requires that we provide information about how we use cookies on the website. As long as we have informed about which cookies we use, what information we process, what the purpose of the processing is and who handles the information, the setting in your browser is enough for consent that we use cookies. 

Most browsers (such as Google Chrome, Safari, Internet Explorer) are set to automatically accept cookies, but you can choose to change these settings if you prefer. Doing so can cause some websites to not work optimally. See information down the page if you want to withdraw your consent or change your browser settings. 

By using www.cmi.no you agree that we set cookies in your browser. 

What do we use cookies for? 

CMI records statistics on the use of the website. The statistics are a tool for improving our website, as well as assessing the impact of marketing on other digital platforms. When you visit the website, the following information is recorded: 

  • Which page you look at, and which page you come from  
  • If you have visited our site before 
  • Date and time 
  • Which browser you use, which device and which operating system you have 
  • An anonymized version of your IP address (which cannot be associated with you as a person) 

The cookies are used to determine which page views belong to the same session, and to detect whether a visitor has visited the website before. We use Google Analytics to analyse visits to our website.  

Which cookies do we use? 

The www.cmi.no website uses the following cookies from Google Analytics and from our web server application (ColdFusion).  

Cookie 

Purpose 

Expiration time 

_ga 

To distinguish between first-time visitors and returning visitors 

2 years 

_gid 

To distinguish between multiple visits by same user 

24 hours 

CFID, CFTOKEN 

To track a user, so a user can log in and stay logged in for example 

24 hours 

JSESSIONID 

To keep track of a session 

Session 

CMI 

to distinguish between users who download pdf files 

Session 

 

You can opt out of cookies from Google Analytics by  visiting Google's web site. 

On nettvett.no you can read more about managing cookies in your browser: 

More about cookies on the National Communications Authority's (Nkom) website