HTTPS and secure transfer
Our website uses HTTPS to transfer data securely through encryption. If you want to make sure that a page is encrypted, the URL in the browser’s address bar will start with “https” instead of just “http,” and most browsers will also show a padlock next to the URL to indicate this.
The purpose of using encryption is to ensure secure data communication between our website and your computer. HTTPS also makes use of a digital certificate to ensure that the website is genuine.
Cookies on this website
When you visit our website, your browser will download HTTP cookies. These are small text files that are exchanged between your web browser and our website. The cookies are used to preserve preferred settings and keep track of how you navigate our website. They do not contain personal information, but they last from session to session.
Ramsalt provides Drupal, the content management system (CMS) used on our website, and is responsible for its technical development, operation, and maintenance. These are the cookies used by CorePublish:
- CorePublishSession: required for the CMS to work properly. This cookie contains a reference to a session file on the web server. The session file will not contain personal data for anonymous users, but may be used for intermediate storage, such as form data and search texts between page views. The session file will be deleted automatically within 15 minutes after the user has closed the browser or been idle and is thus not permanently stored. Only system administrators have access to these session files.
- Ctdevicecachekey: required to identify what type of unit and browser you are using. This cookie has a duration of one week, and enables our website to adjust its content presentation to the correct type of unit (PC, mobile, tablet, etc.). This cookie does not store personal data.
CAS also uses Google Analytics to analyse traffic and user sessions on our websites. The cookies register general information about your device settings, and how you navigate our websites.
Information about search terms and selected options will be stored and used to develop and improve the website and its functions.
We offer options to forward articles by email and share articles via social media. Email addresses used to forward articles are not recorded. Any further processing of data shared via social media is regulated by your agreement with the relevant online service provider.
Statistics and logs
When you browse our website, information is stored in a statistics database. The information stored is related to which pages you have viewed and contains no personal data.
This information is then used to generate statistics on the number of page views per site (front page, information, project descriptions, new articles, events, and so on), per host, and per search item. All data in the raw data table are deleted after two days, and the remaining statistics contain only summary data, which cannot be traced back to you.
We also store the user agent, IP address, and what page a visitor has viewed in the web server’s log files. These log files are used exclusively for troubleshooting and security purposes, and no data are taken from these files or otherwise used. The log files are deleted at regular intervals (normally every four weeks). Only the administrators of the web server (operations) have access to them.
All login attempts are logged in a separate database table. The purpose is to detect failed login attempts, detect and stop hacking or brute force login attempts, and to see when a user logged in.
The login table stores the following data:
- The username.
- The date and time of the login attempt.
- The URL of the login attempt.
- If enabled: The IP address (default disabled).
- If enabled: The user agent (browser)(default disabled).
Expense reimbursement forms
For our expense reimbursements form, we request your full name, email address, postal address, and bank details in order to reimburse you. When you submit the form, a PDF containing the information you entered, along with the receipts, will be generated and sent to our external accountant, EconPartner AS, with copies to you and CAS. The accounting firm will receive the reimbursement claim through their online invoice management system, Visma. The information will not be stored on CAS' websites, but the accounting firm will store your payment information in accordance with Norwegian law (regnskapsloven).
Registering for event (Deltager AS)
CAS partners with Deltager AS, a registration and payment service for event organisers, for event registrations.
Mandatory for all participants to register is their name. We will also ask you to register your email address to be able to contact, academic institution for conference name tags, arrival and departure dates for hotel reservations if you are an invited speaker, and information about dietary restrictions and/or allergies for catering.
For registrations requiring payments, Deltager AS will store your registration and payment information for 5 years in accordance with Norwegian law (regnskapsloven).
Deltager AS is responsible for processing and storing the information collected through their services. You can see their terms and conditions here: Vilkår og betingelser for bruk av deltager.no for deltager (in Norwegian only).
Registering for newsletter (MailChimp)
CAS uses MailChimp to design and distribute our newsletter. When you sign up, you add your email address to our list of recipients, which is stored by MailChimp. Unless you provide any further information, MailChimp will only store your email address.
Information on the Intranet
As a registered user on our website (CAS employee, applicant, referee, project leader, or fellow), you will have access to our intranet, which we use to organise and plan the project and stays at CAS.
Here, we will ask you to register some personal information. The following section explains what kind of information we collect, how it is used, and for how long we intend to store your data:
What kind of information we collect and why
When applying to become a project leader, we will ask for your full name, email address, academic institution, academic title, and a short resume in order validate if you are eligible for a stay at the Centre.
If you are a principal investigator or fellow, we will need your full name, email address, academic institution, and academic title to draft a research agreement between you and CAS, as well as a replacement cost agreement between CAS and your home institution, if applicable.
As a principal investigator or fellow, you are also encouraged to fill out more information about yourself, including your:
- Nationality, date of birth, and gender. This information will be used for our statistics and will not be further processed or shared. The statistics are used for internal overview and evaluation.
- Academic discipline(s). This information is used to highlight your role in the project on your profile page and for our statistics.
- Next of kin and their contact information, in case of an emergency at the Centre.
- Special accommodation needs, which helps us plan your stay and book an apartment best suited to your needs. We ask that you do not share any sensitive information.
Who we share you information with
CAS have some partners that provide a range of services to the Centre, here is a list of what information we share with our partners:
- You application to CAS, and all accompanying personal information, will be shared with an international referee as part of the evaluation process.
- We share your name, email address, arrival and departure dates, and any special accommodation needs with Frogner House Apartments (FHA) from which we rent apartments for our project leaders and invited fellows.
- We share your name and email address with the University Center for Information Technology (USIT) to create a UiO/CAS user for use on desktop computers and printer services.
- We share all the information you register when filling out the expense reimbursement form with our external accountant, EconPartner AS. They will make all the necessary arrangements for payments.
- We share you name with the Norwegian Academy of Science and Letters (DNVA) to arrange for your own key for the elevator.
How long we store your information
Information about you user will be stored as long as you have a user account for our intranet. How long your account is active depends on you affiliation with CAS.
- User accounts of applicants will be deleted after the application process is completed.
- User accounts of referees will be deleted as soon as the deadline for applications and appeals has passed.
- User accounts of principal investigator and fellows will be taken off the website after the CAS project’s completion. Your affiliation with the CAS project will still be visible on our website as part of our historical archive, but personal information or details about your stay in Oslo will not be publicly available. Your account will be deleted after the upcoming revision, about six month after the CAS project’s completion.
- User accounts of employees will be deleted when their employment has ended. Author profiles will be kept for as long as the article is published.
Your rights as a user of our intranet
You can at any time ask to see what information we have about you, get your information corrected or deleted, and/or ask us to limit processing of the personal data you provide to CAS through our intranet.
- As a user of our intranet, all personal data CAS have about you are available to you on your 'My info' profile. If you have trouble accessing to 'My info', please contact the CAS administration.
- If any of the information about you is incorrect or incomplete, you have a right to have them corrected by CAS if you cannot do it yourself through your 'My info' profile.
- If your information is not deleted within the specified time stated above, or if you believe CAS has collected or processed information about you illegally or incorrectly, you have the right to ask CAS to delete the information. This also applies to photos of you on our website.
- You have the right to request that processing of your personal information be limited. This applies, for example, if you believe that the information is not required for the specific purpose it was collected for. This also applies if you believe that the processing of the information is illegal.
If you request access, rectification, deletion, or limitation of your personal data, CAS is obligated to convey your request to its service providers.
The Centre for Advanced Study (CAS) is the organisation responsible for the personal data on the intranet. You can reach CAS by phone +47 22 12 25 00, or by email firstname.lastname@example.org.
Ramsalt Lab manages CAS’ website. They store personal data on behalf of CAS. You can reach Ramsalt by phone +47 90 66 96 31, or by email@example.com.
EconPartner AS is CAS' accounting firm. You can reach EconPartner AS by phone +47 23 11 43 70, or by email firstname.lastname@example.org.
Deltager AS provides registration and payment service for event organisation. You can reach Deltager AS by phone +47 23 27 35 01, or by email email@example.com.
Frogner House Apartments (FHA) provides housing for our project leaders and invited fellows. You can reach FHA by phone +47 93 01 00 09, or by email firstname.lastname@example.org.
University Center for Information Technology (USIT) provides IT services and internal storage operations for CAS. You can reach USIT by phone + 47 22 58 24 70, or by email email@example.com.
The Norwegian Academy of Science and Letters (DNVA) owns the building CAS is housed in. You can reach DNVA by phone + 47 22 84 15 00, or by email firstname.lastname@example.org.