A new data protection regulation based on an EU regulation (GDPR) is coming and will probably come into force in Norway effective on the 1st of July 2018, We therefore refer to both the current regulation (the Personal Data Act) and the new Personal Data Act (shortened to GDPR) below.
Section 18 of the Personal Data Act (article 15 of GDPR) provides everyone requesting it the right to know what a data controller does with personal data. The data controller at Kartverket is the director-general of Kartverket or the individual who has been authorised by the director-general. At the Norwegian Data Protection Authority, you can read more about data controllers (Norwegian).
In general, you are entitled to find out what information is registered about you, and you can request detailed information for some areas:
- Name and address of the data controller
- Who has the responsibility for the obligations of the data controller on a daily basis
- What kind of personal data is being processed
- The aim of the processing of personal data
- Where the personal data is collected from
- Who the personal data is delivered to
- How long the personal data is stored for
- The right to demand changes or deletion
- The right to lodge a complaint with a supervisory authority
When you make contact with us and ask for information, the data controller must answer without undue delay. You can ask to receive the answer in writing if you so wish. The data controller can refer to places where the information is already available for public inspection. Some of the questions are answered in this statement.
Use of Kartverket’s information
All of our users and partners act as data controllers with regard to the information they receive from Kartverket. This applies to users of the maps and property data as well as municipalities and Norway’s digital partners.
The suppliers of services and systems are also data controllers for their systems, including when they process personal data received from Kartverket.
Kartverket operates the national registers for public property information, the land registry and the cadastral registry. In this context, Kartverket processes personal data for everyone who owns property, has a right in a property or is involved in enterprises that are registered in the cadastral registry.
Registration, processing and disclosure of information from and about the registers is regulated by The Land Registration Act and The Cadastral Register Act with associated regulations.
The personal data being processed is primarily name, address and personal ID number associated with the rights an individual has in property, or in connection with enterprises registered in the cadastral register. It is completely necessary to use the personal ID number in order to ensure the correct individual is registered. The personal ID number is processed according to Section 12 of the Personal Data Act.
Communication with Kartverket
The primary rule in the Public Administration Act is that case documents, records and similar registers for the authority are open for inspection unless otherwise covered by regulation. Making contact with or making a request to Kartverket may therefore also be a public matter, whether this applies to a letter, telefax, form, e-mail or chat.
Pursuant to the Archives Act Section 6, cf. Section 1, Kartverket is obliged to archive all communication that is of any cultural or research value or that contains any legal or administrative documentation. With regard to corrections or deletions of such information the regulations of the Archives Act apply.
We keep an official record of all outgoing and incoming correspondence that in general shows the name of the sender and recipient, the date of the document and a brief summary of the contents of the document. E-mail is processed in the same manner as incoming letters. You can readmore about gaining access to the information held by Kartverket here (Norwegian).
There are some issues concerning the data security of e-mails. We therefore ask that you do not send your personal ID number or any information of a sensitive or confidential nature via e-mail.
When you chat with our customer services, you will need to supply a valid e-mail address. This will, together with the dialogue (the chat), be stored by our chat supplier, eDialog24, in order that you may be sent a copy and for any follow-up by Kartverket. The rules for processing a chat dialogue are the same as for e-mails (refer to the section above).
Personal and other data that you enter into various forms for registration, bookings etc. at kartverket.no will not be used for other purposes. The data will be stored on Kartverket's servers and deleted in accordance with our procedures.
Use of Kartverket’s website - cookies and consent
By retrieving information and/or using the services at kartverket.no and our other websites (rettikartet.no, seeiendom.no, norgeskart.no, geonorge.no, seplan.no, status.kartverket.no, ehandel.statkart.no, satref.geodesi.no, kartverket.no/nrl, sesolstorm.kartverket.no, hoydedata.no, hack4.no, video.kartverket.no, geomatikkordbok.kartverket.no), you agreed to cookies being placed in your browser, since most browsers are configured in such a manner that cookies are automatically approved.
An IP address is defined as personal data because it can be traced to a specific computer and to a single individual. Kartverket has therefore added a script (code) that removes the last digits from the IP address before the information is stored by Google. This means that the stored IP address cannot be used to identify a single user.
Several of our publishing solutions use the cookie ASP.NET_SessionId to improve the reading experience when you, for example, navigate between different pages. No personal or identifiable information is stored. The cookie is removed from your computer when you close the browser.
It is possible to subscribe to several different newsletters from Kartverket, which are sent by e-mail. Common to all of these is that the e-mail address and the associated personal data are stored in a database at our newsletter provider; Apsis. The information is not used for purposes other than sending newsletters to the subscriber. The database is contained in the Apsis cloud solution, which is inside the EU. Encryption ensures that only Kartverket has access to the information. When you cancel your subscription, all of your information is deleted.
The share service for web articles at kartverket.no can be used to forward tips or share articles from the website. The information on sharing is not logged, but is only used there and then to enter the tip where you wish to. How the relevant social networking community further processes the data is regulated by your agreement with the social networking community.
If you use the function to send a link via e-mail, we only use the specified e-mail address to forward the message. This happens automatically, and the e-mail addresses are not stored.
Kartverket uses Enalyzer’s net-based computer tools to perform questionnaires. Data that is collected via Enalyzer is stored in Microsoft's cloud services within the EU. All the data is encrypted so that only Kartverket has access to the information. For questionnaires where we promise anonymity, we will not be able to link the e-mail address to the answer. Reminders are issued automatically and we are unable to see who the reminders are sent to.
Safeguarding the information
Kartverket will do what we can to make sure that all the types of information we are responsible for are safeguarded in accordance with the requirements of the legislation and authorities. Please refer to Section 13 of the Personal Data Act and article 15 and 17 of GDPR.
Responsibility and error correction
Section 27 of the Personal Data Act and articles 15 and 17 of GDPR mean that if incorrect or incomplete personal data has been processed or the data should not have been accessed for processing, the data controller must correct the data or on request from the registered individual correct the incomplete information.
Correction of errors in the land registry or the cadastral registry is in line with the legislation for these registers. If we collect information from other registers such as the National Registry, the errors must be corrected there. The regulations in the Archives Act apply to correction and deletion of information archived in accordance with the Archives Act.
If you are unsure regarding the access to correct errors, please contact us for more information.
Data protection officer
Kartverket has, since the 25th of March 2009, had a data protection officer, pursuant to the Personal Data Regulations. The task of the data protection officer is to ensure that Kartverket adheres to the Personal Data Act and to be a resource for the organisation in the technical field of expertise, to assist those registered with their rights and to be the contact person for the Data Protection Authority.
GDPR strengthens the role of a data protection officer by legislating what role and what tasks the officer shall have, and by making the arrangement mandatory for many public bodies and companies. Read more about this on the Data Protection Authority’s website.
Contact information for the data protection officer at Kartverket: Laila Aslesen, email@example.com
If you would like more information or have questions about cookies and online privacy, please contact the website editor at Kartverket: firstname.lastname@example.org or phone +47 32 11 80 00. If you want more information about the processing of personal data by Kartverket, you can use the contact information at the bottom of this page.