Add English and Norwegian privacy policy documents
Add metadata for privacy policy page Add privacy policy page with GDPR compliance details
This commit is contained in:
Ruben
parent
4a5d035c2e
commit
ec7f87a574
3 changed files with 275 additions and 0 deletions
135
content/personvern/index.en.md
Normal file
135
content/personvern/index.en.md
Normal file
|
|
@ -0,0 +1,135 @@
|
|||
# Privacy Policy for Petition Campaigns
|
||||
|
||||
*Last updated: January 15, 2026*
|
||||
|
||||
## Who We Are
|
||||
|
||||
**Data Controller:** Stopp Lidelsen
|
||||
**Organization Number:** 835314162
|
||||
|
||||
You can contact us through our [contact form](/en/contact).
|
||||
|
||||
<a class="button" href="/om-oss">Learn more about us</a>
|
||||
|
||||
## When Does This Privacy Policy Apply?
|
||||
|
||||
This policy applies when you sign a petition campaign on stopplidelsen.no.
|
||||
|
||||
## What Personal Information We Collect
|
||||
|
||||
When you sign a petition campaign, we collect the following information:
|
||||
|
||||
- **First and last name** - used to register and display your signature, but you choose whether your signature will be displayed publicly.
|
||||
- **Email address** - used only to confirm your signature and contact you if needed
|
||||
- **County** - displayed with your name to show geographic support
|
||||
- **Time of signature** - when you signed the campaign
|
||||
- **IP address (hashed)** - used only for security and to prevent misuse, deleted after 30 days
|
||||
|
||||
## Why We Collect Your Data (Purposes)
|
||||
|
||||
We process your personal information for the following purposes:
|
||||
|
||||
1. **Register your support** - to document that you support the campaign
|
||||
2. **Public display** - to show your signature on the website (based on your display preference)
|
||||
3. **Delivery to recipient** - when the campaign ends, the signature list is delivered to the relevant recipient (e.g., the Norwegian Parliament, government ministries, or other authorities)
|
||||
4. **Confirmation** - to send you an email confirming your signature and give you the option to withdraw it.
|
||||
|
||||
## Legal Basis (GDPR Art. 6)
|
||||
|
||||
The processing of your personal data is based on **your explicit consent** (GDPR Art. 6(1)(a)).
|
||||
|
||||
By checking the consent box and submitting the form, you agree that we may process your information as described in this policy.
|
||||
|
||||
## Who Has Access to Your Data
|
||||
|
||||
### Visibility
|
||||
Based on your display preference, the following information may be shown publicly on the website:
|
||||
|
||||
- **Anonymous:** Only county is displayed
|
||||
- **Semi-anonymous (default):** First name and county are displayed
|
||||
- **Full name:** First name, last name, and county are displayed
|
||||
|
||||
**Your email address is NEVER displayed publicly.**
|
||||
|
||||
### Data Controller and Processors
|
||||
- **Stopp Lidelsen:** Has access to all information for campaign administration
|
||||
- **Web server:** Data is stored on web servers hosted by Domeneshop
|
||||
|
||||
### Campaign Recipients
|
||||
Our petition campaigns are informal initiatives, not formal legislative proposals. When a campaign ends, we submit it to the relevant recipient (such as the Norwegian Parliament, government ministries, or other authorities) as specified in the campaign details.
|
||||
|
||||
**Important information about name sharing:**
|
||||
- The recipient may request verification that signatures are genuine
|
||||
- Your name will **only be shared according to your chosen display preference**
|
||||
- If you select "Anonymous," you will remain anonymous to the recipient as well
|
||||
- To change your display preference, you can delete your signature and sign again with a different choice
|
||||
|
||||
If verification is needed, we can provide the recipient with confidential access to the data or use an independent third party (such as a lawyer or auditor) to confirm the number of signatures without disclosing names.
|
||||
|
||||
## How Long We Store Your Data
|
||||
|
||||
We retain your personal information:
|
||||
|
||||
- **While the campaign is active**
|
||||
- **For up to 2 years after the campaign ends** - for documentation and potential follow-up
|
||||
- **IP addresses (hashed):** Automatically deleted after 30 days
|
||||
|
||||
You can withdraw your consent and have your information deleted by using the deletion link sent to your email when you sign (see Your Rights below).
|
||||
|
||||
## How We Protect Your Data
|
||||
|
||||
We take data security seriously and have implemented the following measures:
|
||||
|
||||
- **Encryption:** HTTPS/TLS encryption for all communications
|
||||
- **Access control:** Only authorized administrators have access to raw data
|
||||
- **Hashed IP address:** IP addresses are stored only as hashes for security
|
||||
|
||||
## Your Rights (GDPR Art. 15-21)
|
||||
|
||||
Under GDPR, you have the following rights:
|
||||
|
||||
### 1. Right of Access (Art. 15)
|
||||
You can request a copy of the personal information we have stored about you at any time.
|
||||
|
||||
### 2. Right to Rectification (Art. 16)
|
||||
If any of your information is incorrect or inaccurate, you can ask us to correct it.
|
||||
|
||||
### 3. Right to Erasure / "Right to be Forgotten" (Art. 17)
|
||||
You can withdraw your consent and have your signature deleted at any time. You will receive a deletion link in your confirmation email, or you can contact us directly.
|
||||
|
||||
**Note:** If the campaign has already been delivered to the recipient (e.g., the Norwegian Parliament), we cannot delete data that has already been shared.
|
||||
|
||||
### 4. Right to Data Portability (Art. 20)
|
||||
You can request to receive your personal information in a machine-readable format.
|
||||
|
||||
### 5. Right to Lodge a Complaint (Art. 77)
|
||||
If you believe we have processed your personal data in violation of GDPR, you have the right to lodge a complaint with the [Norwegian Data Protection Authority](https://www.datatilsynet.no/en/).
|
||||
|
||||
## How to Exercise Your Rights
|
||||
|
||||
To exercise any of your rights, please [contact us](/contact) through our contact form.
|
||||
|
||||
Include the following information in your request:
|
||||
- Full name
|
||||
- Email address you used to sign
|
||||
- Which right you wish to exercise
|
||||
- Which campaign it concerns (if you remember)
|
||||
|
||||
We will respond to your request within 30 days.
|
||||
|
||||
## Withdrawing Your Consent
|
||||
|
||||
You can withdraw your consent at any time by:
|
||||
|
||||
1. **Using the deletion link** you received in your confirmation email, or
|
||||
2. **Contacting us directly** through our contact form.
|
||||
|
||||
Withdrawing your consent does not affect the lawfulness of processing that occurred before the withdrawal.
|
||||
|
||||
## Changes to This Policy
|
||||
|
||||
We may update this privacy policy from time to time. Any changes will be published on this page with an updated date.
|
||||
|
||||
If significant changes are made that affect your rights, we will notify you by email if we have your email address.
|
||||
|
||||
*This privacy policy is prepared in accordance with the EU General Data Protection Regulation (GDPR) and the Norwegian Personal Data Act.*
|
||||
Loading…
Add table
Add a link
Reference in a new issue