Personvernerklæring

Nordlys Læringsakademi AS

Privacy Policy

Nordlys Læringsakademi AS values your privacy and is committed to protecting personal data in accordance with applicable privacy laws, including the General Data Protection Regulation (GDPR) and relevant Norwegian data protection legislation.

1. Introduction and Company Information

This privacy policy explains how Nordlys Læringsakademi AS collects, uses, stores, shares, and protects personal data in connection with our educational activities and related services.

Data controller: Nordlys Læringsakademi AS

Address: Karl Johans gate 25, 0159 Oslo, Norway

Email: [email protected]

Phone: +47 22 86 41 73

Business type: School

2. Data Collection and Processing

We may collect and process the following categories of personal data, depending on your relationship with us:

  • Identification data: name, date of birth, national identification number where necessary, student number, and contact details.
  • Contact information: address, email address, telephone number, and emergency contact details.
  • Educational information: enrollment details, attendance records, grades, assessments, learning progress, special educational needs, and support measures.
  • Communication data: correspondence with students, parents/guardians, applicants, employees, and other stakeholders.
  • Technical data: IP address, device information, log data, and usage data when using our digital services and platforms.
  • Financial data: payment information, invoicing details, and scholarship or fee-related information where applicable.
  • Other relevant data: photographs, video recordings, and other information used in educational, administrative, or safety-related contexts, where permitted by law.

We generally collect personal data directly from the individual concerned, from parents or guardians, from public authorities where permitted, or from third parties such as educational service providers when necessary for our operations.

3. Purpose of Data Processing

We process personal data for the following purposes:

  • to provide education, training, and student support;
  • to administer admissions, enrollment, attendance, examinations, and grading;
  • to communicate with students, parents/guardians, employees, and applicants;
  • to fulfill legal and regulatory obligations applicable to schools;
  • to manage school operations, including safety, discipline, and welfare;
  • to handle billing, payments, and financial administration;
  • to improve our teaching methods, digital services, and administrative processes;
  • to protect our rights, property, and the safety of students, staff, and visitors;
  • to document and archive information as required by law or legitimate educational interests.

4. Legal Basis for Processing

We process personal data only when we have a valid legal basis. Depending on the context, our legal bases may include:

  • Performance of a contract: where processing is necessary to provide educational services or related agreements.
  • Legal obligation: where processing is required to comply with Norwegian or EU legal requirements.
  • Legitimate interests: where processing is necessary for our legitimate educational, administrative, security, or operational interests, provided these interests are not overridden by the rights and freedoms of the individual.
  • Consent: where we rely on your consent for specific processing activities, such as certain communications, photographs, or optional services.
  • Vital interests: where processing is necessary to protect the vital interests of a person, such as in emergencies.
  • Public interest / official authority: where applicable to educational institutions carrying out tasks in the public interest or under official authority.

5. Data Sharing and Third Parties

We may share personal data with third parties only when necessary and in accordance with applicable law. Such recipients may include:

  • public authorities, including education, child welfare, tax, or supervisory authorities where required;
  • IT and cloud service providers supporting our systems and digital learning platforms;
  • payment processors, accounting providers, and financial service providers;
  • external consultants, auditors, and legal advisors;
  • health, welfare, or emergency services when necessary to protect a person’s safety or well-being;
  • other schools or educational institutions when transfer is necessary for enrollment, transition, or educational continuity and permitted by law.

All third parties are required to protect personal data and may only process it on our instructions or as otherwise permitted by law.

6. Data Transfer to Third Countries

In some cases, personal data may be transferred to or accessed from countries outside the European Economic Area (EEA). Such transfers will only take place where appropriate safeguards are in place, such as:

  • an adequacy decision by the European Commission;
  • Standard Contractual Clauses approved by the European Commission;
  • additional technical and organizational safeguards where necessary;
  • other lawful transfer mechanisms permitted under applicable privacy laws.

Where required, we will assess the risks associated with such transfers and implement measures to protect personal data.

7. Storage Duration

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as long as required by law, contractual obligations, or legitimate institutional needs.

  • Student records: retained for the period required by educational and archival rules.
  • Financial and accounting records: retained in accordance with accounting and tax laws.
  • Communication records: retained for as long as needed to manage the relevant matter.
  • Consent-based data: retained until consent is withdrawn, unless another legal basis applies.
  • Security logs: retained for a limited period unless needed for investigation or legal claims.

When data is no longer needed, it will be securely deleted, anonymized, or archived in accordance with applicable requirements.

8. User Rights

Subject to applicable law, you have the following rights regarding your personal data:

  • Right of access: to obtain confirmation as to whether we process your personal data and to receive a copy of that data.
  • Right to rectification: to request correction of inaccurate or incomplete personal data.
  • Right to erasure: to request deletion of personal data where legal conditions are met.
  • Right to restriction: to request that we limit the processing of your personal data in certain circumstances.
  • Right to data portability: to receive personal data you have provided to us in a structured, commonly used, machine-readable format, where applicable.
  • Right to object: to object to processing based on legitimate interests or to direct marketing, where applicable.

To exercise your rights, please contact us using the details provided below. We may need to verify your identity before responding to your request.

9. Withdrawal of Consent

Where we rely on your consent to process personal data, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of processing carried out before the withdrawal.

If consent is withdrawn, we will stop the relevant processing unless we have another lawful basis for continuing it.

10. Right to Complain

If you believe that our processing of personal data violates applicable privacy laws, you have the right to lodge a complaint with the competent supervisory authority.

In Norway, this is the Norwegian Data Protection Authority (Datatilsynet).

We encourage you to contact us first so that we may try to resolve your concern directly and promptly.

11. Data Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure. These measures may include:

  • access controls and role-based permissions;
  • encryption and secure transmission methods where appropriate;
  • regular backups and recovery procedures;
  • staff training on confidentiality and data protection;
  • monitoring and logging of system access;
  • physical security measures for premises and records.

While we strive to protect personal data, no system can be guaranteed to be completely secure.

12. Contact Information

If you have questions about this privacy policy or wish to exercise your rights, please contact us:

Nordlys Læringsakademi AS
Karl Johans gate 25, 0159 Oslo, Norway
Email: [email protected]
Phone: +47 22 86 41 73

13. Changes to Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices, services, or legal obligations. The updated version will be published on our website or otherwise made available to you.

We encourage you to review this policy periodically to stay informed about how we protect your personal data.

4/13/2026 Hjem