Metadata
Title
Privacy policy
Category
general
UUID
5f1b9e2ae029496ebe912f4651a3433c
Source URL
https://sio.no/en/about-sio/privacy-policy-and-cookies/Privacy%20policy
Parent URL
https://sio.no/en/about-sio/privacy-policy-and-cookies
Crawl Time
2026-03-16T01:36:06+00:00
Rendered Raw Markdown

Privacy policy

Source: https://sio.no/en/about-sio/privacy-policy-and-cookies/Privacy%20policy Parent: https://sio.no/en/about-sio/privacy-policy-and-cookies

The privacy policy was last updated 08.09.2025, version 16.

Content on the page

1. Roles and regulatory conditions

Studentsamskipnaden SiO is a company established by special statue and governed by the Student Welfare Organisation Act (“Lov om Studentsamskipnader LOV-2007-12-14-116” including later amendments).According to this act, SiO aims to address students’ welfare needs at each individual school. A student welfare organisation provides services to students. To a limited extent, a student welfare organisation may also offer services to non-students. Under the Student Welfare Organisation Act, SiO may establish or participate in a company in order to conduct business. Companies in which SiO is a majority shareholder are regarded as subsidiaries. This Privacy Statement applies to SiO and SiO's subsidiaries.This Privacy Statement addresses how personal data collected by SiO is processed, shared and stored in connection with how SiO offers services and communicates with you. This also applies to the use of the SiO handheld device application (the "Mitt SiO" app) and the website www.sio.no.

2. Purpose of collecting personal data

In order to offer all our customers good quality services, ensure transparent information and availability of our service offering, as well as to reduce complexity for customers managing their entire customer relationship with SiO, we collect, process and store personal data about our customers. The purpose of the collection is to provide you with an overview of all SiO services and information regarding your student offerings, memberships, applications, agreements and leases through SiO. The SiO services provide you with tools to organize your student life on a digital platform, including services related to student housing, day care, training, health and other student activities. This Privacy Statement describes how we process your personal data to fulfill the stated purpose. It is important that you familiarize yourself with this as you use SiO services, as it requires SiO to process personal data about you.Personal data are processed in accordance with the Personal Data Act, EU’s General Data Protection Regulation, the Accounting Act and any other relevant laws. Where collection, processing and storage is not permitted by law / regulation or specified in the agreement and contract you enter as a customer, we are required to obtain your explicit consent.

3. Your rights

SiO is obligated to comply with the current privacy laws and regulations. Current regulations give you the right to:

You can edit your personal data and change your consent on My Page (Min Side).

4. What data is collected and processed?

SiO receives data from associated educational institutions, which include all students who pay a semester fee to SiO. These data are stored in our membership register, and include first and surname, date of birth, national identity number/D-number, mobile phone number, e-mail address, educational institution and semester fee. The purpose of collecting the data is to ensure that the allocation of student housing, purchase of training memberships, access to health services etc. is done on fair terms and to validate that customers who pay a semester fee have the right to apply for or use services from SiO. Our legal basis for the processing of these data is the General Data Protection Regulation (GDPR) article 6 no 1 c (legal obligation) and Student Welfare Organisation Act §§ 3, 4 and 5. When you register at sio.no/My Page or download SiO applications, you will be asked to create a user account and provide information such as name, national identity number, address, phone number and e-mail address. Personal data that SiO receives from educational institutions are linked with the information that you have registered. If you are not a student and create a user account, SiO assumes that you intend to establish a customer relationship with SiO. For this reason, we are asking you to provide these personal data when you first register. SiO need this information in order to handle your customer relationship in a correct manner – from the contract start to invoicing and payment follow-up. We process said personal data on the basis of GDPR article 6 no. 1 b (necessary to facilitate or perform a contract with you). Data from the SiO member register is imported into our customer systems based on the services you use. If you do not have a customer relationship with SiO, data will be deleted when you no longer pay a semester fee to SiO. For persons who have a customer relationship with SiO, specifics of the personal data we collect, process and store are described below.

We store history about whether or not  you are opening og clicking on links on digital campaigns, email, text messages and logged-in activity on My Page. You can, at any time, request that your history is deleted by contacting us by using the help and contact form on sio.no. Data is automatically deleted in accordance with section 6 on archiving and deleting personal data. SiO uses cookies. We use Google Analytics to collect information about your activities in SiO services. We use Google Analytics at sio.no. This information is used for statistics and data analysis purposes, and to improve your user experience by providing your user preferences and information when using the SiO services. The information from Google Analytics can be aggregated and anonymized and linked to you as a user. You can read more about cookies here: sio.no/snarveier/om-sio/cookies (in Norwegian).

Retention of accounting records for all services: SiO is required by law to retain accounting records regarding your purchases and transactions with us. The legal basis for such processing is the GDPR article 6 no. 1 c and accounting regulations.

5. How does SiO use your data?

SiO has a legal obligation to inform students paying a semester fee about offers and services they have the right to utilize. We may therefore contact you with information about SiO and SiO’s services. The legal basis for the processing is the General Data Protection Regulation (GDPR) article 6. no 1c (legal obligation) and the Student Welfare Organisation Act §§ 3, 4 and 5. Data collected by SiO, data disclosed by the customer and data produced in an ongoing customer relationship are used to fulfill our agreements with you and to develop and improve our services. Further, SiO uses the data to provide offers and communications in accordance with the consent you have given. You may withdraw your consent at any time, and we will delete the data that was stored in connection with the associated consent.

We may:

6. Archiving and deletion of personal data

When you no longer pay a semester fee to SiO and no longer use SiO's services, SiO keeps personal data for a limited period after a customer relationship has been terminated. Then all information about you will be deleted, excluding necessary information required to comply with the Accounting Act (“Bokføringsloven”) and any other special legislation (i.e. “Pasientjournalloven”).The deletion takes place automatically and is controlled every six months by the data controller. (The deletion will be made after the deadline for paid semester fee).

7. Data controller

In accordance with the Personal Data Act, SiO holds the role as a data controller. CEO of SiO has the authority to act as a data controller on behalf of SiO and SiO's subsidiaries. Data processing responsibilities for the various services can be delegated to the head of the relevant service area.If information is provided to you to SiO's service providers, the service provider will be the data processor for this information and SiO will handle the responsibility of the data processor's handling of personal data through data processing agreements.

8. Which entities are SiO sharing data with (disclosure)?

SiO may in certain cases, regulated by law, disclose information to the authorities. SiO does not share your personal data for commercial or marketing purposes without your prior consent.

9. Which third parties are processing your data (data processors)?

SiO may use subcontractors to deliver, develop and improve SiO services. These subcontractors are not allowed to use personal data for other purposes. Subcontractors are regarded as data processors while SiO remains as the data controller. SiO are required to enter into data processing agreements with all data processors who receive / process / store personal data from SiO.

10. Security

We utilize security software and measures to keep your information safe when transferred from you through the internet to our servers.All information and all files uploaded to SiO services will be encrypted by uploading to our cloud service. Your account and bank details are also encrypted before it is stored in our databases.

11. Social Media

SiO publishes news on LinkedIn, Facebook, Instagram, Snapchat and Tiktok. SiO will not post personal data in these locations. However, we will use customer feedback to further develop our services.Social media features are operated by either a third party or directly on our site. Your use of such third party features is subject to the privacy statement of the company that supplies these features.

12. Changes

SiO may change the terms of consent and privacy statement to comply with new legal requirements and due to changes in our own practices for collecting and processing personal data.In case of changes that require consent, you will be asked to agree to new terms when you log in to sio.no before the changes are made. Information about other changes will be provided on www.sio.no.

13. Your rights

As a SiO user, you can rest assured that SiO takes responsibility for protecting your personal data. You can trust that we collect, use and protect your personal data in a safe and secure manner.SiO guarantees:

As a registered user of SiO, you have the right to

You can control your consent and choice on My Page (Min Side) when logged in to sio.no. When you are logged in, you have access to your personal data and customer history. You can get access to any other stored information by contacting SiO Customer Service. SiO Customer Service should also be contacted if you require personal data changed, deleted or disclosed to third parties.

Questions about the processing of your personal data?

For complaints regarding SiO personal data processing, please contact: Norwegian Data Protection Authority (Datatilsynet).

Why does SiO store personal data about me?

To provide you with accurate and high-quality services – and to give you an overview of student benefits, memberships, applications, agreements, and tenancy with SiO. We process data in order to deliver services such as housing, childcare, training, health, and other student activities, in accordance with legal requirements.

What personal data does SiO store about me?

SiO receives information from affiliated educational institutions about students who have paid the semester fee: name, date of birth, national ID/D-number, mobile number, email, place of study, and semester fee status. When registering on Min Side or in apps, we also ask for name, national ID number, address, phone number, and email. The actual data processed depends on the services you use. See section 4 of the Privacy Policy.

How does SiO secure my personal data?

We use technical and organizational measures in line with legal requirements. All uploads to our cloud service are encrypted, and account/banking details are encrypted before storage.

Who can see my personal data?

Only authorized employees with a legitimate need, through access control and passwords, and only in relevant systems.

Does SiO share my personal data with partners?

We use subcontractors (data processors) to deliver, develop, and improve services. They cannot use the data for other purposes. We have data processing agreements with all such providers.

When does SiO delete my personal data?

When you no longer pay the semester fee and no longer use SiO services, we store personal data for a limited period after the end of the customer relationship. After that, everything is deleted except what must be kept under the Bookkeeping Act or other specific laws, such as the Patient Records Act. Deletion is automatic and verified semi-annually.

Who is responsible for my personal data?

SiO is the data controller. The Managing Director is authorized to act as data controller for SiO and its subsidiaries. Responsibility can be delegated to service managers. Data processors are regulated through data processing agreements.

How can I see what data SiO has stored about me?

Request access via SiO Customer Service. When logged in on sio.no, you can see your own information and customer history. See also Chapter 13 of the Privacy Policy for your rights.

How can I change my personal data?

Update your information and manage consents on Min Side at sio.no.

Does SiO process my training history – and why?

Yes. We store, among other things, date and time of visits, which center you visited, participation in group classes, courses, PT sessions, and rental of courts and equipment. The purpose is to provide statistics and insights on Min Side, give relevant follow-ups (e.g. reminders and feedback requests), and improve services. Legal basis: legitimate interest (GDPR art. 6(1)(f)). History is stored for up to 6 months after the end of membership.

How is data processed when I use the chatbot on sio.no?

We collect date and time, your message (input), and technical info about browser, device, and operating system. This is used to generate answers via artificial intelligence (Natural Language Understanding) based on SiO’s knowledge base. Data is not used to train the core model. We may use aggregated and anonymized data to improve the service and make content more relevant. All conversations are anonymized, users are assigned a random pseudonym, and information recognized as personal ID numbers, email addresses, or credit card numbers is automatically anonymized. Legal basis: legitimate interest (GDPR art. 6(1)(f)).

How is health-related data handled?

Health data is processed separately under health legislation such as the Patient Records Act and the Health Personnel Act. Legal basis: GDPR art. 6(1)(b)/(c) and art. 9(2)(h). Helsenorge receives national ID numbers from our customer register to provide students who have paid the semester fee with access to digital health services.

How is personal data processed in SiO’s kindergartens?

Admission is handled via Oslo Municipality’s system. For administration, invoicing, and reporting, SiO receives data such as name, address, phone number, email, and national ID number. Legal basis: GDPR art. 6(1)(c) and e.g. the Kindergarten Act.

Does SiO use cookies and analytics?

Yes. We use cookies and Google Analytics on sio.no for statistics, analysis, and an improved user experience. Read more at: sio.no/snarveier/om-sio/cookies.

What is the legal basis for SiO contacting students?

SiO is obliged to inform students who pay the semester fee about services they are entitled to use (GDPR art. 6(1)(c) and the Student Welfare Act §§ 3–5). Marketing and other communication follow your consents, which can be managed on Min Side.

How long does SiO store my data?

It varies by service and legal requirements. Examples: training history up to 6 months after membership ends; financial data according to the Bookkeeping Act; health data according to health legislation. Other data is deleted once the customer relationship ends and storage obligations no longer apply.

How can I contact SiO’s Data Protection Officer?

Email: personvernombud@sio.no

How can I complain about the processing of my data?

Contact The Norwegian Data Protection Authority (Datatilsynet).

Updated 18.09.25