This Privacy Policy complies with the requirements stated in the Act of 14 April 2000 no. 31 relating to the processing of personal data («Personal Data Act») and provides information about how your personal data are processed when you use the search service oria.no («Oria»).

Oria is a service based on the product Primo from Ex Libris. It interacts with the library system used at the institutions. Registration and storage of data like borrower information, loans and orders in the library system is regulated through the data processing agreement between BIBSYS and each institution regarding use of the library system and related search services.

Using oria.no without logging in

You can search the available data in Oria without logging in. It will not be possible to identify the user.

See also the section about «visitor statistics and cookies«.

Logging in to use oria.no

Processing responsibility
The institution to which the student or employee in question belongs has the processing responsibility and has the main responsibility for personal data obtained and delivered to BIBSYS, which processes the data and is responsible for Oria and the library system. BIBSYS has the processing responsibility towards any third party that takes part in the processing.

Purpose of the processing
Using Oria, users can maintain loans and register/delete loan orders and document copies. These data are sent to and stored in the library system. To facilitate this, the user has to log in to the service and be identified as a borrower in the borrower index. Until December of 2015, you will need both your personal identification number and your Feide ID to log in. Following December of 2015, you will only need your Feide ID.
Oria can store data about academic degrees and relevant disciplines. These data are used to provide a more relevant match list. Users can also choose to provide an alternative phone number and e-mail address as preferred contact information for e-mails/SMS from Oria.
Oria facilitates the storage of bibliographic records and searches. These are associated with the logged-in user, in order for them to be used again later. Users may delete these whenever they want.

Which personal data are processed?
When a user logs in, Oria receives and presents non-sensitive personal data about the user from the applicable library system. These data can include:

Data type Mandatory/optional Comment
Name Mandatory  
Address Mandatory  
Phone number Mandatory  
E-mail address Mandatory  
Personal identification number Optional The institution has to get approval to use this information
Feide ID Mandatory  
Borrower ID Mandatory  
Borrowed documents Mandatory Active loans only
Requested documents (reservations/orders) Mandatory Active orders/reservations only

These data (except the borrower ID) are not stored in Oria, but are retrieved from the library system, which receives the data from the user institutions. For students, the data are transferred from theNational Student Database, whereas employee data are transferred from one of the institutions other data systems or updated in the library system by manual entry by library employees.
Personal information and loan data are not visible for others than the identified user. The information might be shared with BIBSYS (and any sub-suppliers) for the purpose of troubleshooting or user support.

Personal identification numbers will not be used after december 2015.

Visitor statistics and cookies

Oria temporarily stores bibliographic records and search history for the browser session, in order to provide improved user functionality. This information is deleted when the browser is closed.
Certain actions (searches, facet selections, search function etc.) are aggregated and recorded for statistic purposes, but these data cannot be traced back to specific borrowers.
BIBSYS uses Google Analytics to collect visitor statistics. The information sent to Google Analytics does not include the nature of performed searches, and IP anonymization is activated.
Cookies are small text files that are stored in your computer when you visit oria.no. These files are used to collect visitor statistics and – if you are searching in Oria from an unknown IP address – to store the desired institution.

Personal data storage
With the exception of the borrower ID, no personal data are stored in Oria. The borrower ID is used to associate saved searches and bibliographic records with the logged-in user. Storage of personal data in the library system borrower index is discussed in the data processing agreement between the institution and BIBSYS. The data are stored for as long as the borrower remains a user of the institution/library. The institution is responsible to maintain the borrower index.
Loan/order history, i.e. information about closed loans, is not stored unless the user has explicitly agreed to this.

Data processing agreements

All institutions that use Oria to present loans/orders and My Page functions to their primary users have signed a data processing agreement with BIBSYS regarding the use of the Oria and library system services.

Third party exchanges

BIBSYS have signed agreements with the following data processors:
• Ex Libris
• Biblioteksystemer AS for the Common Library Database

BIBSYS has signed a data processing agreement with Ex Libris related to the products Primo (Oria) and Alma (the library system).
The exchange of borrower information with the Common Library Database enables the use of the nationwide library card Lånekortet. With Lånekortet, the user can use the same library card in all Norwegian libraries. Find description of Personal data processing for Lånekortet on this page: About Lånekortet

Security measures

Login and identification
Oria uses Feide to identify its users. During login, up to four information units (personal identification number, Feide ID, organization number, borrower ID) are sent to the library system, or related functions, to identify the user. The library system returns the borrower ID to Oria.
Oria uses the borrower ID to identify the borrower. This borrower ID is stored in Oria and used to locate personal and loan data in the library system, as well as keeping track of stored searches, bibliographic records etc.

How do we secure the data?
Work is being done to increase the security of the communication between Oria and the library system. The first stage will be in place starting December 2015. Our goal is for all communication, including the Oria application, to use HTTPS encryption.

Your rights

Access
You are entitled to know which of your personal data are recorded by BIBSYS and how these data are processed, cf. the provision in the Personal Data Act § 18. All processing, including interaction with third parties, is regulated by Norwegian legislation.

Corrections, deletions
As a registered individual with BIBSYS, you are in certain instances entitled to request correction or deletion of your personal data, cf. the Personal Data Act § 27 and § 28. For instance, this can apply to data that are inaccurate and/or incomplete, or data that BIBSYS does not have the right to process.
These requests are responded to free of charge, and no later than 30 days from the date of the request.

Who can I contact?
If you want to request information about the personal data registered to your name, access to or correction/deletion of your personal data, or if you have general questions about the processing of personal data, please contact the library at your institution.

Changes to the Privacy Policy
BIBSYS reserves the right to make changes to the Privacy Policy at any time. Any such changes will apply from the time when the updated Privacy Policy is published on this website.

In the event of any differences, the Norwegian text should be counted as the authorized version.

Published: .