Privacy policy – Conference store
Overview
This document describes how the National Library collects and processes personal data in accordance with the general data protection regulation (GDPR) (2018).
At the bottom of the page you will find information about your rights as a registrant together with general information about how the National Library processes your personal data. Do not hesitate to contact the library if you have any questions about personal data processing that you cannot find answers to in this document.
Contact information
Data controller: National Library of Norway
Data protection officer: Pål Rosseland Tvedt
Queries about privacy should be addressed to personvern@nb.no
Processing of Personal Data for Those Who Wish to Shop in the National Library’s online Conference Store
System: WooCommerce (plugin for WordPress)
Background: To offer the sale of conference fee
Purpose: Provide the user with an interface to pay for goods and the National Library with a tool to manage orders.
Data processing:
- Storage and collection of contact information
- Storage and collection of order information
- Storage and collection of payment information
- Sending automatic emails upon ordering and delivery
- Contacting the user if clarifications about orders, returns, and delivery are needed
Personal data categories:
- Name
- Address
- Email address
- Phone number
- Payment information
The information is collected directly from the users themselves via the National Library’s online store, using a form that the user fills out.
Basis for processing: Article 6 (1) b – Processing is necessary for the performance of a contract.
Period of storage: All information is deleted when it is no longer necessary to retain personal data:
- Orders that are pending, failed, or canceled are deleted after 30 days
- Completed orders are deleted after 12 months
Processing of Personal Data for Those Who Wish to Pay by Bank Card in the National Library’s online Conference Store
System: Nets (Easy), payment by bank card
Purpose: Facilitate users to pay by bank card in the National Library’s online store.
Data processing:
- Sharing, storage, and collection of contact information
- Sharing, storage, and collection of order information
- Sharing, storage, and collection of payment information
Personal data categories:
- Name
- Address (billing address)
- Email address
- Phone number
- Order information (item name, item ID, and quantity)
- Payment information (account number, card number, expiration date, security code, cardholder’s name, amount spent, transaction date, and payment method)
The information is collected directly from the users in the online store, using a form that the user fills out. The information is sent to Nets when the user completes the payment.
Basis for processing: Article 6 (1) b – Processing is necessary for the performance of a contract.
Limitation: The information shall not be processed for other purposes.
Period of storage: All information is deleted when it is no longer necessary to fulfil the agreement.
The Freedom of Information Act, archiving legislation and the Public Administration Act:
The National Library is subject to the Freedom of Information Act. The Freedom of Information Act and associated regulations stipulate when a document should be made accessible to the general public and when it should be exempt from public disclosure. This means that your communication with the National Library may be placed in the public domain.
The Public Administration Act contains provisions on processing, including rules on confidentiality. As party to a case, you are granted certain rights, e.g. access to the case documents.
The Archival Act, the Archives Regulations and the regulations issued by the Director General of the National Archives all contain rules on how the National Library should treat and store case documents and transfer them to institutional archives.
How does the National Library keep your personal data safe?
The National Library has adopted the necessary technical and organisational security measures to ensure the safety of your personal data in compliance with the GDPR.
Please note that we are unable to guarantee the safety of personal data being transferred over the internet. Communications sent over the internet, e.g. emails, are not secure, although security can be improved by encrypting them. We therefore advise you not to send personal data to us via the internet unless you accept the security risk it poses.
Breaches of the terms
A breach of the terms for the use of materials provided by the National Library’s services may result in temporary or permanent expulsion from the service.
Contact information
If you would like to request rectification, erasure or access to data we hold on you or if you have any other questions about how we process your personal data, please contact us by email: personvern@nb.no
Complaining to the Norwegian Data Protection Authority
You are more than welcome to contact us if you object to the way we process your personal data. You may also complain to:
The Norwegian Data Protection Authority
Postboks 458 Sentrum
0105 Oslo
postkasse@datatilsynet.no