This privacy statement provides information about how Norges Bank collects and uses personal data concerning members of the public, including visitors to the Bank’s website, to the Bank’s premises and to events organised by the Bank. The privacy statement contains information you have a right to under the Personal Data Act when personal data are collected, and general information about how we process personal data you share with us. 

Norges Bank works continuously to ensure that your personal data are processed in an appropriate and secure manner. Personal data refers to any information or assessment that can be directly or indirectly linked to you as an individual. Norges Bank treats information about you in accordance with the Personal Data Act and other relevant rules and regulations.

Controller

Norges Bank, as represented by the Governor, is the controller for the Bank’s processing of personal data. The controller is responsible for ensuring that the processing of personal data complies with current privacy legislation.

Processing of personal data

When you visit the Bank in person, register your e-mail address or visit the Bank’s website, or contact the Bank in some other manner, the Bank receives various kinds of personal data from you. You can read more about this below. In some cases, personal data are collected from third parties. You will be informed of this, unless otherwise specified by law.  

There are a number of legal bases for Norges Bank to process your personal data. These may include consent or a statutory authorisation.

Norges Bank may only disclose personal data if the Bank has a legal basis for doing so under the Personal Data Act or the EU General Data Protection Regulation (GDPR).

The purpose of processing personal data

The purposes for which Norges Bank processes your personal data may vary. The Bank processes personal data for the compilation of statistics and preparation of analyses, for sending out e-mail news alerts, for processing enquiries and receiving visits by the general public, for administrative purposes and to protect the security of Norges Bank.

The Bank processes personal data in the following manner:

Statistics, web analyses and use of cookies

As part of its effort to make its website user-friendly, Norges Bank collects data on page visits. The purpose is to compile statistics in order to improve the website and its editorial content.

The Bank uses the Siteimprove and Microsoft Application Insight website usage analysis tools. 

Norges Bank uses Microsoft Applications Insight's tracking code, which anonymises your IP address before the data are stored. The Bank is therefore unable to link information about your website usage to you as an individual and you cannot be identified.

News alerts and RSS feeds

Visitors to the Bank’s website may, if they choose, disclose their e-mail address in order to receive news alerts from the Bank. E-mail addresses are used only for sending out news alerts linked to selected topics, and news alerts may be stopped at any time. Your e-mail address is then erased from our database. The legal basis is your consent.

RSS (Really Simple Syndication or Rich Site Summary) may be used to subscribe for news about publications on the Bank’s website. You will be alerted about new publications on the topics you have selected via an RSS feed. Norges Bank does not store information about the RSS feed you subscribe to. You administer the subscription yourself and can unsubscribe from the feed at any time.

Recruitment

Norges Bank collects and uses personal data about individuals applying for a position at the Bank. This typically includes name, e-mail address and phone number, CV and the application. This information is used for evaluating job candidates. The legal basis is the applicant’s consent.

Employees, temporary staff, consultants and next of kin

Norges Bank collects and processes personal data about employees, temporary staff and consultants. Employees and other personnel with access to the Bank’s intranet can read the Bank’s privacy statement there for further information.

The Bank also processes personal data about its employees’ next of kin and emergency contacts, including their name, contact information and date of birth. The Bank collects this information from its employees at the time they are hired and in the course of their employment. This information is used in emergencies and for managing insurance and pension schemes. The legal basis is Norges Bank’s legitimate interest in being able to get in touch with next of kin and emergency contacts if the need arises and for performance of contracts with individuals.

Contact with Norges Bank and visits to the Bank

When you contact Norges Bank, we may collect your name, e-mail address and other information provided to us in order to respond to your enquiry.

When you visit Norges Bank’s premises in person, the Bank will register your name and employer when you arrive. In addition, you will be requested to identify yourself with a passport or driving licence. This procedure is a physical security measure. The legal basis is legitimate interest.

Norges Bank’s security measures include video surveillance of the Bank’s premises and recording calls made to some Bank phone lines. If a call is being recorded, this will be disclosed at the beginning of the call. Video surveillance and phone call recording are authorised by the Security Act and the Norges Bank Act.

Events

In line with its desire to be a transparent and accessible central bank, Norges Bank regularly sends out invitations to events organised by the Bank. For these events, the Bank aims for a relevant and representative guest list. Names of relevant persons have been registered in the Bank’s contact register, and contact information (name, title organisational affiliation, mobile phone number, e-mail) is being stored to enable the Bank to invite them to events that may be of interest. Information is also collected regarding the particular event, if necessary. The legal basis is legitimate interest.

In some cases, Norges Bank organises events that are open to the public. Members of the public are given the opportunity to give their consent to Norges Bank to store contact information in order to send out information about future events.

Suppliers/service providers and business contacts

Norges Bank collects and processes personal data about individuals associated with suppliers/service providers and business contacts. Such information may include name, employer, business information, CV, communication, etc. The information is used wherever necessary to evaluate tenders, enter into and perform contracts with suppliers/service providers and other business associates and to communicate and administer the business relationship. The legal basis is Norges Bank’s legitimate interest in being able to administer suppliers/service providers and business contacts. Processing is also necessary for compliance with legal obligations to which Norges Bank is subject.

Debtor’s right of discharge by deposit

Norges Bank processes personal data received by post or e-mail in connection with depositing cash or securities with Norges Bank. This may be the name, address, account number and other information about the depositor and claimant(s). Processing is necessary for compliance with a legal obligation to which Norges Bank is subject under the rules in the Act relating to a debtor’s right of discharge by deposit.

Exchanging withdrawn and replacement of damaged banknotes and coins

Norges Bank processes personal data received when exchanging withdrawn banknotes and coins and replacing damaged banknotes and coins. These data may include name, address, e-mail, telephone number, account number, and in some case, a copy of a valid identification and/or certificate of probate. Processing in necessary for compliance with a legal obligation to which Norges Bank is subject under Sections 13 and 14 of the Norges Bank Act, the Regulation relating to compensation for lost, burnt or damaged notes and coins and the Money Laundering Act. 

Ordering informational material

To order informational material for banks and retailers, a user account must be set up with the user’s name an e-mail address. Personal data are used to administer orders. The legal basis is the user’s consent.

Research and analysis

Norges Bank collects personal data from third parties used for research and analyses that form the technical basis for the Bank’s decisions connected with the conduct of monetary policy and with providing advice in the area of financial stability. Processing is necessary for performance of a task carried out in the public interest.

Information security

Norges Banks processes your personal data in a secure and appropriate manner, and personal data are protected against unauthorised access or unlawful use and against unintentional loss, destruction or damage. Access to your personal data is restricted to personnel with a job-related need for this.

Processors and sharing of personal data

Norges Bank employs external service providers, eg, to operate and maintain IT systems and to carry out background checks of job candidates. If third parties process personal data on behalf of the Bank, a data processing agreement shall be concluded that sets requirements for security and the use of data.

In some cases, Norges Bank shares data with third parties. This is done only when the Bank has a legal basis to do so. Examples of such third parties are the authorities and service providers.

Storage of personal data

Norges Bank stores personal data as long as storage is necessary to fulfil the purpose for which it was collected or to comply with requirements of a public authority or legal obligations, including for archiving, accounting or reporting purposes. The Bank determines the storage period for various personal data on the basis of the scope, nature and sensitivity of the data, potential risk of harm from unauthorised use or sharing, the purpose of processing, statutes of limitation for claims and statutory time limits for storage and erasure.

Your rights

If Norges Bank processes personal data about you, you have rights. The scope of these rights will depend on the circumstances and on privacy legislation. Normally they include the following:

• The right upon request to be informed about the personal data about you the Bank processes and to receive a copy of these data
• The right to have incomplete or incorrect personal data rectified or erased
• The right to restrict  the processing of your personal data

If you wish to receive more information or to exercise your rights or wish to lodge a complaint about the Bank’s processing of your personal data, you may contact the Bank at personvern@norges-bank.no.

If you prefer, you may lodge a complaint with the Norwegian Data Protection Authority. Information about this procedure can be found on the Authority’s website.

Data protection officer

If you have questions regarding the Bank's processing of your personal data you can contact our data protection officer: personvern@norges-bank.no