Personal Data processing at the Discrimination Legal Aid and Mediation Assistance (DiMe)
Last updated June 1st 2022.
This privacy declaration describes what kind of personal data we collect about our registered clients and how we collect and use the personal data. This privacy declaration also explains your rights and how you can proceed in getting access to your own information.
Everyone has the right to know what data we have about them, how it is handled and by whom. Furthermore, everyone has the right to have this data corrected or deleted if it is inaccurate.
Consideration and purpose when collecting personal data
DiMe request the necessary information to assess the client's legal matter for the purpose of possible legal assistance. The information obtained must be correct, relevant and not exceed what is necessary to assist the client in a responsible manner and in a way that addresses DiMe's need to document responsible procedures, including compiling statistics to meet reporting requirements.
The handling of personal data shall meet the requirements of the General Data Protection Regulation and regulations related to it.
It is voluntary to give your contact information to DiMe, but in order to fulfill the agreement with you, we need to register the information.
The legal basis for obtaining personal data is GDPR art. 6 No. 1 letter b).
How we handle personal data
DiMe provides advice and assistance in cases involving racism and discrimination. For this purpose, we have an electronic archive.
We save contact information to a data program where we collect all information about our clients and their cases.
Sometimes we need more information about you (such as your social security number) to write a complaint on your behalf. We only collect such information from you when we need it. This is also saved in our data program.
DiMe's employees also use e-mail in general dialogue with internal and external contacts. The employee is responsible for deleting messages that are no longer relevant, and at least every year review and delete unnecessary content in their e-mail inbox. Upon resignation, the e-mail accounts are deleted, but some relevant e-mails will normally be transferred to colleagues.
Sensitive personal information should not be sent by e-mail.
Regular emails are unencrypted. We therefore urge everyone who contacts us to be aware of the type of information you choose to send via e-mail.
Employee access to information and security measures
Access to the registers where personal information is registered is limited to employees with special responsibility for these. Access to information is secured with access control mechanisms. All employees with access to personal information have signed a declaration of confidentiality with specific provisions on routines and duties in handling personal information.
To whom do we give personal information?
We will not disclose, share or forward information or personal information to any third party. Exceptions will be if the information given to us is to be used to follow up a case against a third party, and we have obtained your expressed consent to do so.
DiMe does not share personal information to third parties for commercial use.
Your rights - the right to access
If you are registered with DiMe, you generally have the right to know what information is registered about you.
Correcting and deleting incorrect, incomplete or unnecessary information registered with DiMe
The person handling the information has a duty either on his own initiative or upon request, to correct and delete, if the information is inaccurate, incomplete or unnecessary. The person handling the information must ensure that incomplete or inaccurate information does not affect the person registered.
If we discover that the information that DiMe has is inaccurate or incomplete, the information will be corrected. This can be done either on your own initiative or upon the request of the registered person.
Information shall not be stored longer than the purpose of the processing of personal data indicates. After this, the information must be deleted.
When a case at DiMe is closed, it is archived. We keep archived cases for ten years, in line with the recommendations from the Bar Associations. This is the standard procedure in this field.
After this, the information is deleted. Client information can also be deleted upon the request of the client.
Your request about information will be answered within 30 days
When you contact us and ask for information, the person handling the information should respond within 30 days from the day the inquiry was received. You can request for a written answer. If it is not possible for the organization to meet the deadline, a preliminary response can be send with information about the reason for the delay and the time you can expect a response.
When you demand information or other rights under the General Data Protection Regulations, this is free of charge for you.
If you believe that our processing of personal information does not correspond to what we have described here or that we in other ways have violated the privacy regulations, you can complain to the Data Protection Authority. You can find information on how to contact on the website of the Data Protection Authority www.datatilsynet.no
Changes in the declaration
DiMe reserves the right to change or update the privacy declaration. All changes are effective from the time they are published, and will include information collected from that date as well as existing information saved by DiMe. You can find out when these policies were last revised by looking at "Last Updated" at the top of this page.
Information about the processing of personal data at DiMe is provided through this document. If you want further information, contact the controller :
DiMe v / Åsa Sellevoll Hebnes
Phone: 40 22 06 13
Visiting address: Schweigaards gate 12, Galleri Oslo.
We have offices on the premises of the Norwegian Handicap Association.
DiMe - Diskrimineringshjelpen og Meglingsbenken
PO Box 9270 Grønland