Privacy policy

1. Roles and regulatory conditions

Studentsamskipnaden SiO is a company established by special statue and governed by the Student Welfare Organisation Act (“Lov om Studentsamskipnader LOV-2007-12-14-116” including later amendments). According to this act, SiO aims to address student's welfare needs at each individual school. A student welfare organisation provides services to students. To a limited extent, a student welfare organisation may also offer services to non-students.

Under the Student Welfare Organisation Act, SiO may establish or participate in a company in order to conduct business. Companies in which SiO is a majority shareholder are regarded as subsidiaries. This Privacy Statement applies to SiO and SiO's subsidiaries.This Privacy Statement addresses how personal data collected by SiO is processed, shared and stored in connection with how SiO offers services and communicates with you. This also applies to the use of the SiO handheld device application (the "Mitt SiO" app) and the website www.sio.no.

2. Purpose of collecting personal data

In order to offer all our customers good quality services, ensure transparent information and availability of our service offering, as well as reduce complexity for customers managing their entire customer relationship with SiO, we collect, process and store personal data about our customers.

The purpose of the collection is to provide you with an overview of all SiO services and information regarding your student offerings, memberships, applications, agreements and leases through SiO. The SiO services provide you with tools to organize your student life on a digital platform, including services related to student housing, day care, training, health and other student activities.

This Privacy Statement describes how we process your personal data to fulfill the stated purpose. It is important that you familiarize yourself with this as you use SiO services, as it requires SiO to process personal data about you.

Personal data are processed in accordance with the Personal Data Act, EU’s General Data Protection Regulation, the Accounting Act and any other relevant laws. Where collection, processing and storage is not permitted by law / regulation or specified in the agreement and contract you enter as a customer, we are required to obtain your explicit consent.

3. Your rights

SiO is obligated to comply with the current privacy laws and regulation. Current regulation give you as a customer of SiO the right to:

• Rescind and change your consents
• Delete personal data
• Change incorrect personal data
• Access to personal data processed by SiO
• Require that the information processed by SiO is transferred to a third party of your choice
• Complain to the Data Protection Authorities (Datatilsynet) if you believe that SiO does not comply with legislation and regulation when processing your personal data

You can edit your personal data and change your consent on My Page (Min Side).

4. What data is collected and processed?

SiO receives data from its member institutions, which include all students who pay a semester fee to SiO. These data are stored in our membership register, which include name, address, date of birth, national identity number, educational institution and semester. The purpose of collecting the data is to ensure that the allocation of student housing, purchase of training memberships, access to health services etc. is done on fair terms and to validate that customers who pay a semester fee have the right to apply for or order services from SiO. Data from the SiO member register is imported into our customer systems based on the services you use. If you have no customer relationship with SiO, data will be deleted when you no longer pay a semester fee to SiO.For persons who have a customer relationship with SiO in addition to paying a semester fee, specifics of the personal data we collect, process and store appear in agreements / contracts for the specific services.

• Applicants to/Tenants in student residence: By signing a rental contract, you allow SiO to process and store personal data. The data is stored for 3 years after requested rental period has passed, or for 3 years after you finish your tenancy if you become a tenant. SiO also needs to process personal information such as contact information and case information to ensure, among other things, a good living environment that should be safe and secure for you as a tenant. In addition, this can be used to ensure that any deviations, disorder and noise are handled in the best possible way for tenants. The basis for our use of personal data for this purpose is justified interest. Detailed information about processing of personal data for tenants of SiO Housing can be found here.
• Member of SiO Athletica: By signing a training agreement, you give SiO the right to process and store personal data. If you wish to having your workout history stored, we will request a separate consent for this. The data is stored for 6 months after you terminate your customer relationship. 
• SiO healthcare users: Services covered by the Health Care Act (“Pasientjournalloven”) are treated in accordance with this legislation and are kept separate from SiO's other data. Users of advisory services and courses are required to consent to data collection from SiO in specific service and course terms and conditions. Helsenorge.no receives national identity numbers from the SiO member register. This to ensure that students that have paid a semester fee to SiO gets access to digital services from SiO Health at Helsenorge.no.
• Users of SiO's kindergartens: Admission takes place through the Oslo City Children's Care Systems, and follows the municipality's guidelines.
• Registration on My Page (Min Side) and in the app: When you sign up for My Page or download the Mitt SiO app, you will be prompted to create a user account and provide information such as name, address, phone number and email address. SiO will be able to collect information about your subsequent use of the user account, geographical location, IP address, information from cookies and diagnostics data.
• SiO will occasionally send out surveys to customers who have registered their SiO email address for the purpose of receiving feedback on our services.
• By consenting to benefits in Mitt SiO: In order to provide you with loyalty cards, as well as relevant and customized offers in Mitt SiO, you must give us your consent to generate a personal QR code associated with your profile on Mitt SiO. That way you can take advantage of SiO Food and Beverage benefits in the Mitt SiO app. SiO will store information from purchases made after registering your personal QR code in the Mitt SiO app with SiO Food and Beverage. Upon given consent, a personal QR code will be generated, so that future purchases from SiO Food and Beverage are automatically linked to your personal QR code. Registration of shopping history will only be done by actual payment made after the personal QR code is registered.
• If you have consented to Mitt SiO, you have agreed that SiO, based on your personal information as described above, collects and analyzes information about you and your customer relationship to provide you with more relevant information and to tailor SiO's offerings. SiO stores information from purchases made after the registration of your personal QR code, when the customer transacts with SiO Food and Beverage, to provide loyalty cards and relevant offers in the Mitt SiO app, as well as send information and offers on goods and services based on personal data analysis, such as shopping history. SiO will send information in the Mitt SiO app and if consent is registered, also via SMS and e-mail. Consents can be withdrawn at any time on sio.no/en/mypage and in the Mitt SiO app. By withdrawing your consent, you will lose your access to loyalty cards and offers in Mitt SiO. Access and data associated with the consent will then be deleted.

We store history related to your response (opening and clicking links) on digital campaigns, email, text messages and logged in activity on My Page and in My SiO. You can request your history at any time by contacting us by email. Data is automatically deleted in accordance with item 6, archiving and deleting personal data.

SiO stores cookies. We use Google Analytics and Matomo to collect information about your activities in SiO services. We use Google Analytics at sio.no/en and Matomo at ny.sio.no/en (beta). This information is used for statistics and data analysis purposes, and to improve your user experience by providing your user preferences and information when using the SiO services. The information from Google Analytics and Matomo can be aggregated and anonymized and linked to you as a user. For more information about cookies, see sio.no/snarveier/om-sio/cookies (in Norwegian).

5. How does SiO use your data?

Data collected by SiO, data disclosed by the customer and data produced in an ongoing customer relationship are used to fulfill our agreements with you and to develop and improve our services.SiO uses the data to provide offers and communications in accordance with the consent you have given. You may withdraw your consent at any time, and we will delete the data that was stored in connection with the associated consent.We may:

• Use your contact information to send you information and to invite you customer satisfaction surveys in regards to using SiO's services.
• Provide offers on SiO's services and other inquiries from SiO for marketing purposes directly in SiO services, and other contact information you have registered in SiO services, such as email and phone.
• Use your personal data and information about your use of the service anonymized to help us make decisions about sales, marketing and product development.

6. Archiving and deletion of personal data

When you no longer pay a semester fee to SiO and no longer use SiO's services, SiO keeps personal data for a limited period after a customer relationship has been terminated. Then all information about you will be deleted, excluding necessary information required to comply with the Accounting Act (“Bokføringsloven”) and any other special legislation (i.e. “Pasientjournalloven”).The deletion takes place automatically and is controlled every six months by the data controller. (The deletion will be made after the deadline for paid semester fee).

7. Data controller

In accordance with the Personal Data Act, SiO holds the role as a data controller. CEO of SiO has the authority to act as a data controller on behalf of SiO and SiO's subsidiaries. Data processing responsibilities for the various services can be delegated to the head of the relevant service area.If information is provided to you to SiO's service providers, the service provider will be the data processor for this information and SiO will handle the responsibility of the data processor's handling of personal data through data processing agreements.

8. Which entities are SiO sharing data with (disclosure)?

SiO may in certain cases, regulated by law, disclose information to the authorities. SiO does not share your personal data for commercial or marketing purposes without your prior consent.

9. Which third parties are processing your data (data processors)?

SiO may use subcontractors to deliver, develop and improve SiO services. These subcontractors are not allowed to use personal data for other purposes. Subcontractors are regarded as data processors while SiO remains as the data controller. SiO are required to enter into data processing agreements with all data processors who receive / process / store personal data from SiO.

10. Security

We utilize security software and measures to keep your information safe when transferred from you through the internet to our servers.All information and all files uploaded to SiO services will be encrypted by uploading to our data hall in Oslo. Your account and bank details are also encrypted before it is stored in our databases.

11. Social Media

SiO publishes news on Facebook, Twitter, Instagram, Snapchat and the Mitt SiO app. SiO will not post personal data in these locations. However, we will use customer feedback to further develop our services.Social media features are operated by either a third party or directly on our site. Your use of such third party features is subject to the privacy statement of the company that supplies these features.

12. Changes

SiO may change the terms of consent and privacy statement to comply with new legal requirements and due to changes in our own practices for collecting and processing personal data. In case of changes that require consent, you will be asked to agree to new terms when you log in to sio.no before the changes are made.Information about other changes will be provided on www.sio.no.

13. Your rights

As a SiO user, you can rest assured that SiO takes responsibility for protecting your personal data. You can trust that we collect, use and protect your personal data in a safe and secure manner.SiO guarantees:

• To be open about how we collect, store and process your personal data
• To only use your personal data for the purpose we have collected for
• Not to collect or process more information about you than we need in order to offer you SiO services or otherwise have consented to

As a registered user of SiO, you have the right to access your personal data and the right to have your data changed, deleted or disclosed, if this is not in violation of other laws.You can control your consent and choice on My Page (Min Side) when logged in to sio.no. When you are logged in, you have access to your personal data and customer history.You can get access to any other stored information by contacting SiO Customer Service. SiO Customer Service should also be contacted if you require personal data changed, deleted or disclosed to third parties.If you have any questions regarding SiO’s data processing, please email kundeservice@sio.no and mark it with "personal data".If you have an inquiry for SiO's data protection officer, please contact personvernombud@sio.noFor complaints regarding SiO personal data processing, please contact:

Norwegian Data Protection Authority (Datatilsynet)e-post: postkasse@datatilsynet.noPhone: 22 39 69 00.