City of Bergen Privacy Policy

It is the objective of the City of Bergen that privacy and information security shall form a natural part of the City’s activities.

This Privacy Policy describes how and why the City collects and processes personal data on you as a citizen and user of services. The Policy also contains information on your rights when the City processes data about you.

Data controller

The City of Bergen is the controller for all processing of personal data for which we determine the purpose and means. As data controller we must ensure your rights and the other provisions following from the Personal Data Act.

In the City of Bergen, the Data Controller is the City Government. This means that the City Government has the overall responsibility for the processing of your personal data. The responsibility for daily follow-up has been delegated to the various City Government Departments, in line with the City of Bergen's power-of-attorney structure.

You can read more about data control on the Norwegian Data Protection Authority’s webpages.

Data Protection Officer

For questions about the City of Bergen’s processing of personal data, please contact the City’s Data Protection Officer. The Data Protection Officer has an independent role, whose duty it is to ensure the City processes personal data in accordance with privacy rules and regulations.

You may contact the Data Protection Officer of the City of Bergen at: personvernombud@bergen.kommune.no. You should not send sensitive information by email.

If you do not wish to use email, please find our contact details at the bottom of the page

How do we process personal data about you?

Which personal data about you does the City of Bergen process?

The City of Bergen processes personal data about you to be able to perform statutory functions, deliver services, and process your enquiries. Which data we process depends on which service you are using. The most common personal data that we process are:

  • Contact details such as name, addresses, telephone number and email address.
  • Information that is necessary to identify you, such as date of birth and national identity number, D-number, gender, and citizenship.
  • Information about your relations with others, for example the name of your spouse, partner, children and marital status.
  • Health information, such as your diagnoses and medications you take.
    Information linked to the services that you as a citizen use, for example day-care centre, school, building application, waste management, health care services and similar.

You can read more about personal data on the Norwegian Data Protection Authority’s webpages.

Where do we collect the personal data from?

In many cases, the City of Bergen will collect personal data from you directly.

We also collect personal data from public registries, and in some cases from third parties. When the City does not collect personal data from you directly, we collect personal data based on your consent or the authority of acts and regulations. The City of Bergen may collect your personal data from i.a.:

  • The Contact and Opt-out Register
  • From other public agencies, for example the Norwegian Tax Administration, the Norwegian Labour and Welfare Administration (NAV), and the National Population Register

Cookies

The City’s webpages use cookies so that we may provide you with customised web services and ensure a positive user experience. A cookie is a small text file that is stored temporarily on your device and collects certain data about you.

Here you can read more about the cookies used by the City of Bergen on the webpages.

How is your personal data secured?

The City of Bergen will process personal data in a secure manner. The City takes multiple measures to protect your personal data. Among other things, the City uses encryption, access control, firewalls, backup, and tracing. In addition, the City conducts risk and vulnerability analyses and security revisions to check that the data is processed in a secure manner. All City of Bergen employees are trained in personal data protection and information security.

The City has emergency preparedness plans to limit any possible damage if something should go wrong.

Will personal data be shared with others?

The City of Bergen will share personal data with other public agencies or enterprises whenever the City has a statutory duty to do so. Among other things, this may mean that we will transfer your personal data to other public agencies, such as NAV, various hospitals, the Norwegian Directorate of Education and Training, the Norwegian Tax Administration, etc.

Your data may also be processed by external vendors that the City enters into data processor agreements with. When the City of Bergen uses data processors, the vendors process data on behalf of the City. In such cases the City is still responsible for ensuring that your data is processed in a secure manner and pursuant to the Personal Data Act.

The City of Bergen strives to ensure that all personal data it processes shall only be processed within the EU/EEA. In some cases, however, personal data will be transferred beyond the EU/EEA. If so, a valid basis for transfer must exist.

Read more about transfers beyond the EU/EEA on the Norwegian Data Protection Authority’s webpages.

How is the data deleted and stored by the City?

The City of Bergen deletes personal data that we do not have a statutory duty to store, and that we no longer need.

The City will often have a statutory duty to store personal data to observe the requirements of the archiving legislation. The City of Bergen must be able to document which services we have provided to you and what has happened in your case, for as long as prescribed by the legislation. When the City has completed its delivery of services to you or processing your case, the data will be transferred to the archive if the data is required by law to be archived.

Why do we process personal data about you?

The City of Bergen collects and processes your personal data in order to offer you our services, perform statutory functions, and process your enquiries. To be able to process your personal data the City of Bergen must have a specific purpose and a legal basis for such processing.

Purpose

The purpose of the processing depends on which services the City provides for you. For example, the City may process your personal data in order to process an application or provide health care.

Legal basis

The term legal basis is also referred to as lawful basis for processing personal data. The Personal Data Act and the General Data Protection Regulation (GDPR) govern what might constitute a legal basis.

Most of the services provided by the City of Bergen are services we have to provide by law. In these cases, the legal basis will be that data processing is required to fulfil a legal obligation, to perform a service that is in the public interest, or to exercise public authority that befalls the City of Bergen. The City may also process personal data when this is required to protect someone’s vital interests, for example in the event emergency medical attention is needed.

In some cases, we use other legal bases, such as consent. The City will only use consent when we have no other legal basis for the data processing. Consent is voluntary and may be withdrawn at any time. The City cannot perform its functions on the basis of a legitimate interest. In some cases, we will process personal data to protect a legitimate interest for other purposes, for example to protect the City’s security.

Here you can read more about legal basis and consent:

What are your rights?

You have a number of statutory rights when the City of Bergen processes your personal data. Your rights follow from the Personal Data Act and other legislation.

To exercise your rights, you must contact the City. You will find our contact details at the bottom of the page.

Is surrendering personal data voluntary?

When you are required by law to give the City relevant personal data, it is not voluntary to give us the required data. When you are not required by law to give us the data, it is voluntary to give your personal data to the City. The City cannot order you to give us data without having the legal authority to do so.

Access to information

You have the right to receive information about:

  • Which personal data about you the City is processing
  • Where the data is collected from
  • What the purpose of the personal data processing is
  • How long the personal data will be stored
  • Whether your personal data will be disclosed to other parties and, if so, who it will be disclosed to

You can read more about the right of access on the Norwegian Data Protection Authority’s webpages.

Rectification of errors

You have the right to demand rectification of any data about you that is inaccurate, out-of-date or incomplete. If the data has been obtained from other public agencies, you must address the agency that has recorded the data to have it rectified.

You can read more about the right to rectification on the Norwegian Data Protection Authority’s webpages.

Erasure

In some situations, you may ask us to erase your personal data. 

You can read more about the right to erasure on the Norwegian Data Protection Authority’s webpages.

Restriction of personal data processing

In some situations, you may ask us to restrict the processing of your personal data. 

You can read more about the right of restriction on the Norwegian Data Protection Authority’s webpages.

Objection to processing of personal data

If we process data about you based on our functions or following a balancing of interests, you have the right to object to our processing of your personal data. 

You can read more about the right to object on the Norwegian Data Protection Authority’s webpages.

Data portability

If the City processes your data based on your consent or a contract, you can ask us to transfer your data to you or another data controller. 

You can read more about the right to data portability on the Norwegian Data Protection Authority’s webpages.

You can complain against our processing of your personal data

If you are dissatisfied with how the City of Bergen processes your personal data or you think such processing violates privacy rules you may complain to the Norwegian Data Protection Authority. 

You will find information on how to complain to the Norwegian Data Protection Authority on its webpages.

The City of Bergen's Data Protection Officer may be contacted for assistance.

Blocking access to your electronic ID on suspicion of abuse

If you have reason to suspect that someone has or will abuse your electronic ID, you should block your electronic ID and contact the police.

When you block your electronic ID, this may restrict your access to electronic services from banks, the government and/or the City. In order to reactivate an electronic ID, you must contact the vendor.

You can read more about privacy and information security when using electronic ID on the Norwegian Digitalisation Agency’s webpages.

You may opt out of electronic communication

To opt out of electronic communication by SMS and email from the City of Bergen you must opt out in the Contact and Opt-out Register. When you have opted out of electronic communication you will no longer receive electronic letters, email or SMS from public agencies. Normally you will instead receive a letter in the post.

Public agencies may send you an SMS, email or digital letter with reminders for appointments or service messages, for example when the water supply is closed down, even if you have opted out.

You can opt out of electronic communication with public agencies here: Update you contact details in the Contact and Opt-out Register.

Contact

  • Send email: postmottak@bergen.kommune.no
  • Call: +47 55 56 55 56
  • Visit the Citizens’ Service Desk (Innbyggerservice) in Kaigaten 4
  • Send letter: PO Box 7700, N-5020 Bergen