How UNE processes your personal data

UNE processes personal data that we need to be able to decide immigration and citizenship cases. 

This applies to:

• visas
• residence permits
• protection (asylum)
• travel documents
• citizenship
• rejection
• expulsion
• revocation of permits
• support with returns

Moreover, we process personal data when we decide related cases, such as claims for compensation, and in connection with supervisory reports and complaints, for example, for the Parliamentary Ombud (external link). We also process personal data if you choose to bring the case before the courts.

In addition, we process personal data to the extent that this is necessary to maintain an overview of cases, to ensure the quality of case processing and for the purpose of maintaining and developing technical systems.

UNE has various reasons for processing personal data about you. A legal basis is necessary under the General Data Protection Regulation, which has the force of Norwegian law. The most important provision is Article 6 (1) (e), whereby the processing of your personal data must be necessary for the exercise of the official authority vested in UNE. This primarily concerns immigration and citizenship cases, but also claims for compensation and applications for access to documents. See in particular the Immigration Act Section 83a and the Norwegian Nationality Act Section 29 a with regulations, but also the Public Administration Act Section 36 and the Freedom of Information Act Section 3.

The grounds for processing sensitive personal data such as medical information – defined as ‘special categories of personal data’ in GDPR – are Article 9 (2) (e), (f) or (g).

For camera surveillance and access control, the basis is Article 6 (1) (f) of the General Data Protection Regulation – our legitimate interest in monitoring and security.

UNE processes personal data that are necessary to carry out the tasks mentioned above. Which data we process about you depends on the task we need to solve. 

UNE will typically process the following data:

• identity (e.g. name, date of birth, place of birth, gender, nationality, passport number)
• biometry (facial photograph and finger prints)
• place of residence and contact information (e.g. postal address, registered address, email address and phone number)
• relationship to others (e.g. family, host family, employer, place of study)
• financial situation (e.g. income, financial support from the public services, assets)
• other information relating to the immigration case (the status of the case, information about what has happened in the case and the grounds for granting you a residence permit)

UNE primarily uses information already available in the database of foreign nationals (UDB), which has been registered by other authorities. We also receive information from you or from persons linked to you, such as your employer, authorised representative or family members. Information from conversations and board hearings is also stored. There are occasions when we receive information from external sources, such as letters of support or tips about suspected illegal activities.

UNE may also obtain information from other public bodies, such as the police, the tax administration, the national registry, the Labour and Welfare Administration (NAV), the child welfare service and the State Educational Loan Fund (Lånekassen) when we need it to shed light on your case. We can also ask Norwegian foreign service missions for assistance, for example to check whether a document we have received from you is genuine (document control). Sometimes we also collect personal information from European information systems such as Eurodac (fingerprints), VIS (Visa Information System), and SIS (Schengen Information System).

We also collect personal data from publicly available sources, such as websites and social media, if we believe it is necessary to decide a case. We never violate security barriers or gain access to information through requests or similar. 

We collect information about you, register it in our computer systems and store and compare it with other information where necessary. We can also disclose the information to other parties where lawful and necessary. We can use information from your previous immigration cases when considering a new case. We can also use information from another person’s case if it is necessary to consider your case. In the same way, we can use your information in the consideration of other cases. Regardless, we must always uphold confidentiality.

UNE registers your personal data in the database of foreign nationals (UDB), the immigration authorities’ main personal data registry. All information in immigration and citizenship cases is registered and stored in this database, which is managed by the Directorate of Immigration (UDI). Foreign nationals who are registered are given a unique identification number (DUF number). There are also Norwegian nationals registered in the database, such as family members, host families and employers.

We also register certain information in the European information system VIS (Visa Information System). It contains personal data, such as facial photos and fingerprints, of individuals from countries outside the EU and EEA who apply for a visitor visa.

Immigration authorities also register personal information in SIS (Schengen Information System). It is an information system containing details about individuals who do not have the right to enter and stay in the EU and EEA area, or who are wanted in connection with criminal activities. The National Criminal Investigation Service in Norway (Kripos) is responsible for the Norwegian part of SIS, to which UNE also contributes.

Some cases are registered in a separate archive system and in other databases or systems, among other things for the purpose of court cases or board hearings. We also have statistical systems that contain a limited amount of personal data. Moreover, we have some personal information in our communication systems and certain storage systems.

Through our case processing systems, employees of the immigration authorities gain access to information registered about you in the UDB database. The Norwegian immigration authorities consist of several agencies that carry out different tasks. The foreign service missions and immigration sections of the various police districts accept and prepare e.g. applications for residence permits, while the National Police Immigration Service (NPIS) accepts and registers applications for protection. The Directorate of Immigration (UDI) makes the initial decision, while UNE considers complaints against the UDI’s decisions. The immigration authorities have access to different information in the database, based on their needs.

Employees of the immigration authorities are only allowed to process your personal data when it is necessary to carry out their work. When we use advisers or external suppliers, they are also only allowed to process information necessary to their tasks. 

If you are called in for a conversation with UNE, there will usually be an interpreter present. The interpreter does not have access to information other than what is said in the meeting. The interpreter and other participants also have a duty of secrecy about everything they learn in the case. This means that they cannot disclose information about your case. 

For information about SIS (Schengen Information System) and VIS (Visa Information System), see the Norwegian Data Protection Authority's website.

The UDI manages the most important database – the database of foreign nationals (UDB).

UNE has established a dedicated management system to address information security requirements. This includes physical security, the security of IT systems in the form of access control and log-keeping, risk assessment and plans for continuity, emergency preparedness and crisis management.

Only authorised persons will gain access to your personal data in our registries, and UNE checks their processing of the personal data in the systems. Everyone is subject to a duty of secrecy. 

UNE is bound by a duty of secrecy and can only disclose your personal data if prescribed by law or if you expressly consent to it or authorise someone. For example, we disclose information to other immigration authorities to the extent they need it (the police, the UDI, embassies).

Several public agencies are entitled to collect information from UNE, such as NAV, Lånekassen, the National Registry and the police. We also have a duty to disclose information to other European countries that cooperate on control of national borders, visa regulations, police duties and processing of asylum applications (countries that participate in the Schengen Agreement and the Dublin Regulation).

UNE can also disclose information that is not subject to a duty of secrecy to other public agencies and to businesses and individuals. For example, we disclose information to the Labour Inspection Authority and employers about whether a person has a right to work in Norway.

Information in the database of foreign nationals is transferred to the National Archival Services of Norway, where the information is stored indefinitely. The same applies to documents registered in our mail records, such as claims for compensation. Information in the database of court cases has no expiry date. The same applies to information registered in the systems for managing board hearings and statistics. However, these systems contain very little personal data.

We also store some personal data in other places. It is our goal to store the data only for as long as it is necessary to carry out our tasks.

If you are summoned for a discussion or a board meeting at our premises, a camera at the entrance doors will record. This is automatically deleted after 7 days. You must also register in our digital visitor solution with your name, date, mobile phone, and email. The data is automatically deleted after a short time if you do not want it stored.

Only a few people have access to the recordings and registrations in the visitor solution.

Everyone who asks is entitled to basic information about how an enterprise processes personal data. UNE has provided the information in this privacy statement, and under About the website.

If UNE processes personal data about you, you are entitled to access to your own data. When you are registered in our systems, you have the following rights under the Personal Data Act:

Access

You have a right to receive information about:

• what specific personal data we are processing about you,
• from where these were obtained,
• for what purpose they are being used (tasks),
• whether we have disclosed the data, and in such case, to whom

In some cases, we can deny you access, for example out of consideration for the protection of others.

Correction and deletion of personal data

If you discover that UNE has registered incorrect, outdated or incomplete information about you, you have a right to have this corrected or updated, for example if we have registered your name wrong or that the address we have registered is incorrect. 

Information stored in the database of foreign nationals will normally not be erased. It is necessary to keep the information for archive purposes, among other things.

Right to complain

If you believe that UNE does not process your personal data in the way required by the law, you can appeal to the Norwegian Data Protection Authority (external link). Please feel free to contact UNE's data protection officer first.

UNE has a data protection officer who safeguards the privacy interests of those registered in our systems and our employees. The data protection officer offers advice and guidance if you have questions about UNE’s processing of your personal data. You can send an email to personvernombud@une.no. For the sake of your privacy, please do not include sensitive personal data in your email.

It is not the data protection officer’s job to answer questions about UNE’s case processing or enquiries concerning your case or decision. 

If you would like to send a request to the data protection officer, address your letter For the attention of ‘UNEs personvernombud’, and send it to: 

Utlendingsnemnda
Postboks 2108 Vika
0125 Oslo

Please note that we keep a systematic overview of all incoming and outgoing documents. The records are available at eInnsyn (external link) and concern enquiries not related to the processing of immigration cases. The records normally contain information about the sender, recipient and the title of the case document. Please specify if you do not want your name to be made known.

In addition to the Personal Data Act (external link) and the General Personal Data Regulation, the following are relevant to UNE’s processing of personal data:

The Freedom of Information Act (external link) and Regulations set out the rules for when a document is publicly available and when it can be exempt from public disclosure. UNE aims for all documents to be publicly available.

The Public Administration Act (external link) contains case processing rules that govern how your case is processed by UNE. As a party to the case, you have special rights, including right of access to the case documents.

The Archives Act (external link) sets out rules for the handling and storage of case documents, and handover to an archive institution.