It is the objective of the City of Bergen that privacy and information security shall form a natural part of the City’s activities. This Privacy Policy describes how and why the City collects and processes personal data on you as a citizen and user of services. We also inform you about your rights.
The City of Bergen is the controller for all processing of personal data for which we determine the purpose and means. As data controller we must ensure your rights and the other provisions following from the Personal Data Act.
In the City of Bergen, the Data Controller is the City Government. This means that the City Government has the overall responsibility for the processing of your personal data. The responsibility for daily follow-up has been delegated to the various City Government Departments, in line with the City of Bergen's power-of-attorney structure.
You can read more about data control on the Norwegian Data Protection Authority’s webpages.
For questions about the City of Bergen’s processing of personal data, please contact the City’s Data Protection Officer. The Data Protection Officer has an independent role, whose duty it is to ensure the City processes personal data in accordance with privacy rules and regulations.
You may contact the Data Protection Officer of the City of Bergen at: personvernombud@bergen.kommune.no. You should not send sensitive information by email.
If you do not wish to use email, please find our contact details at the bottom of this page
The City of Bergen processes personal data about you to be able to perform statutory functions, deliver services, and process your enquiries. Which data we process depends on which service you are using. The most common personal data that we process are:
You can read more about personal data on the Norwegian Data Protection Authority’s webpages.
In many cases, the City of Bergen will collect personal data from you directly.
We also collect personal data from public registries, and in some cases from third parties. When the City does not collect personal data from you directly, we collect personal data based on your consent or the authority of acts and regulations. The City of Bergen may collect your personal data from i.a.:
The City’s webpages use cookies so that we may provide you with customised web services and ensure a positive user experience. A cookie is a small text file that is stored temporarily on your device and collects certain data about you.
Here you can read more about the cookies used by the City of Bergen on the webpages.
The City of Bergen will process personal data in a secure manner. The City takes multiple measures to protect your personal data. Among other things, the City uses encryption, access control, firewalls, backup, and tracing. In addition, the City conducts risk and vulnerability analyses and security revisions to check that the data is processed in a secure manner. All City of Bergen employees are trained in personal data protection and information security.
The City has emergency preparedness plans to limit any possible damage if something should go wrong.
The City of Bergen will share personal data with other public agencies or enterprises whenever the City has a statutory duty to do so. Among other things, this may mean that we will transfer your personal data to other public agencies, such as NAV, various hospitals, the Norwegian Directorate of Education and Training, the Norwegian Tax Administration, etc.
Your data may also be processed by external vendors that the City enters into data processor agreements with. When the City of Bergen uses data processors, the vendors process data on behalf of the City. In such cases the City is still responsible for ensuring that your data is processed in a secure manner and pursuant to the Personal Data Act.
The City of Bergen strives to ensure that all personal data it processes shall only be processed within the EU/EEA. In some cases, however, personal data will be transferred beyond the EU/EEA. If so, a valid basis for transfer must exist.
Read more about transfers beyond the EU/EEA on the Norwegian Data Protection Authority’s webpages.
The City of Bergen deletes personal data that we do not have a statutory duty to store, and that we no longer need.
The City will often have a statutory duty to store personal data to observe the requirements of the archiving legislation. The City of Bergen must be able to document which services we have provided to you and what has happened in your case, for as long as prescribed by the legislation. When the City has completed its delivery of services to you or processing your case, the data will be transferred to the archive if the data is required by law to be archived.
The City of Bergen collects and processes your personal data in order to offer you our services, perform statutory functions, and process your enquiries. To be able to process your personal data the City of Bergen must have a specific purpose and a legal basis for such processing.
The purpose of the processing depends on which services the City provides for you. For example, the City may process your personal data in order to process an application or provide health care.
The term legal basis is also referred to as lawful basis for processing personal data. The Personal Data Act and the General Data Protection Regulation (GDPR) govern what might constitute a legal basis.
Most of the services provided by the City of Bergen are services we have to provide by law. In these cases, the legal basis will be that data processing is required to fulfil a legal obligation, to perform a service that is in the public interest, or to exercise public authority that befalls the City of Bergen. The City may also process personal data when this is required to protect someone’s vital interests, for example in the event emergency medical attention is needed.
In some cases, we use other legal bases, such as consent. The City will only use consent when we have no other legal basis for the data processing. Consent is voluntary and may be withdrawn at any time. The City cannot perform its functions on the basis of a legitimate interest. In some cases, we will process personal data to protect a legitimate interest for other purposes, for example to protect the City’s security.
Here you can read more about legal basis and consent:
You have a number of statutory rights when the City of Bergen processes your personal data. Your rights follow from the Personal Data Act and other legislation.
To exercise your rights, you must contact the City. You will find our contact details at the bottom of the page.
When you are required by law to give the City relevant personal data, it is not voluntary to give us the required data. When you are not required by law to give us the data, it is voluntary to give your personal data to the City. The City cannot order you to give us data without having the legal authority to do so.
You have the right to receive information about:
You can read more about the right of access on the Norwegian Data Protection Authority’s webpages.
You have the right to demand rectification of any data about you that is inaccurate, out-of-date or incomplete. If the data has been obtained from other public agencies, you must address the agency that has recorded the data to have it rectified.
In some situations, you may ask us to erase your personal data.
You can read more about the right to erasure on the Norwegian Data Protection Authority’s webpages.
In some situations, you may ask us to restrict the processing of your personal data.
If we process data about you based on our functions or following a balancing of interests, you have the right to object to our processing of your personal data.
You can read more about the right to object on the Norwegian Data Protection Authority’s webpages.
If the City processes your data based on your consent or a contract, you can ask us to transfer your data to you or another data controller.
If you are dissatisfied with how the City of Bergen processes your personal data or you think such processing violates privacy rules you may complain to the Norwegian Data Protection Authority.
The City of Bergen's Data Protection Officer may be contacted for assistance.
If you have reason to suspect that someone has or will abuse your electronic ID, you should block your electronic ID and contact the police.
When you block your electronic ID, this may restrict your access to electronic services from banks, the government and/or the City. In order to reactivate an electronic ID, you must contact the vendor.
To opt out of electronic communication by SMS and email from the City of Bergen you must opt out in the Contact and Opt-out Register. When you have opted out of electronic communication you will no longer receive electronic letters, email or SMS from public agencies. Normally you will instead receive a letter in the post.
Public agencies may send you an SMS, email or digital letter with reminders for appointments or service messages, for example when the water supply is closed down, even if you have opted out.
You can opt out of electronic communication with public agencies here: Update you contact details in the Contact and Opt-out Register.
City of Bergen, in collaboration with Meta/Facebook, is responsible for the processing of personal data on the municipality's Facebook pages.
This concerns personal data necessary for creating aggregated statistics for the analytics service Page Insights. This includes actions you perform on Facebook related to the municipality's page, such as viewing the page, commenting or liking a post, recommending a page, and so on.
Additionally, Facebook will collect information about the action, such as the time, geographic area, and the age and gender group.
The municipality and Facebook share a common purpose for the information collected through actions on the page, which is the dissemination of information and public debate.
Facebook also has its own purposes for processing that we do not jointly determine. This is outlined in your agreement with Facebook and the privacy statement of the company.
For the municipality to publish pictures and other personal information on Facebook, we need consent from the individuals involved. At the same time, we need a legal basis for the general presence on Facebook.
This is necessary because our presence involves processing personal data of those who view the municipality's Facebook pages through Page Insights as mentioned above.
The municipality has determined that it is necessary for us to be present on Facebook. We believe the municipality has a legitimate interest in our presence.
If you want to read more about legitimate interest, you can do so here: The Data Protection Authority on legitimate interest.
One of the measures we have taken to reduce the risk to the privacy of residents and employees is to disable Messenger.
We will also ensure that citizens, who do not wish to use Facebook, can receive the same information on our website and other channels.
If you want to limit Facebook and the municipality's collection of personal data on our Facebook pages, you can do so by using Facebook's privacy tools.
Data collected on the municipality's Facebook page is stored as long as you have an account on Facebook.
