Privacy Policy

PRIO will, in given situations, collect and process your personal data. This privacy notice explains the situations this applies to, what information we gather, for what and how we use that information, and who we share that information with. It also sets out your rights in relation to your information and who you can contact if you have questions or want to exercise your rights.

We process personal data in accordance with the principles outlined in the EU’s General Data Protection Regulation (GDPR) and the Norwegian Personal Data Act, and will only process personal data which is necessary for the institute’s operations and services. The personal data that PRIO processes shall be adequate, relevant, and limited to what is necessary to fulfil the purpose of the processing. This implies that PRIO shall process as little personal data as possible. Access to personal data processed by PRIO is limited to those with a need and function in and for the processing.

Many of our research projects collect and process research data involving personal information. The details of these processing activities are specific to each project and our processing of personal data for research purposes are therefore not included in this privacy notice. Detailed information about the processing is provided to each research participant directly, including details of the types of data processed, the nature of the processing and their rights as data subjects. The legal basis for processing personal data in research is consent or public interest. As a research participant, if you have any questions regarding the protection of your personal data or if you wish to exercise your legal rights, you should use the contact details in the information sheet provided to you. If you are unsure who to contact, contact us using the details below, and we will ensure that your request is handled in collaboration with the researcher or project leader responsible.

The institute has an agreement with the Norwegian Agency for Shared Services in Education and Research (Sikt) for data protection services, which entails that PRIO researchers' processing of personal data for research purposes is notified to and assessed by Sikt before processing starts.

1. What data do we collect about you?

Visitors to our websites

We collect and process the following personal data when you visit one of our public websites on the prio.org and peaceconflictresearch.org domains:

  • Standard internet browsing information, including your IP address, your browser and device type, when you visited us, and where you navigated to our website from.
  • Additional technical details about your device, including screen size, your language settings, whether you downloaded any publications, how well the site performed for you, and how you navigated through our website.

This data is collected and processed for the following purposes:

  • To measure the success of our dissemination activities.
  • To measure how well our websites perform.
  • To ensure an adequate level of information security for our websites.

Our websites rely on essential browser cookies in order to function properly. These cookies are anonymous and are not linked with the information we collect about you. They are deleted as soon as you close your browser.

We are moving all our websites over to a new platform but until migrated, some of our websites will place persistent cookies in your browser from our use of Google Analytics for statistics. These cookies may be kept for up to two years, but tracking is done anonymously by removing the last set of digits from your IP address. By way of these cookies Google Analytics tells us how you navigated to our website, whether you are a returning visitor, how much time you spent on each page before navigating to the next, and whether you downloaded any publications.

Certain pages on our websites make use of integrations with external service providers for displaying multimedia content or data visualizations. When you visit pages that make use of these integrations, you connect directly to these services and the connections will be subject to the privacy policies of the relevant service provider(s). This also means that the service provider is controller in its own right vis-a-vis you as a data subject.

YouTube embedded videos (cookies)

We embed videos from our official YouTube channel on our websites. For the most part this concerns recordings of seminars. Until you click to start the video, you do not connect with YouTube. Once you do click to start the video, YouTube will set cookies in your browser for several purposes, similar to as if you were on youtube.com. Read more about these from Google.

Vimeo embedded videos (cookies)

Up until late 2023, Vimeo was our chosen provider of videos for website embedding and may still be in use for older videos. The Vimeo player sets a first-party essential cookie in your browser, necessary for the player to function the way it should. This cookie is anonymous unless you are logged in with a Vimeo account. Read more about this in Vimeo's cookie policy.

SoundCloud audio recordings (cookies)

We embed audio from our official Soundcloud subscription on our webpage. As the user name indicates, this mostly concerns recordings of seminars. Read more about this in Soundcloud's cookie policy.

Event participants

We collect and process the following personal data when you register to attend seminars organized by PRIO:

  • Your name.
  • Your email address.
  • Optionally, your institutional affiliation.
  • Optionally, your phone number.
  • Your image if the event is filmed or photographed and these include audience shots or if you get in front of an active camera.
  • Your voice if the event is recorded and you make yourself heard by a microphone (notably when posing a question or comment).

This data is collected and processed for the following purposes:

  • To allow us to prepare for the seminar.
  • To be able to contact you if the time or place of the seminar changes, or if the seminar is cancelled.
  • To ensure there is space available for you if the seminar is fully booked.
  • To facilitate registration of attendance on arrival if deemed necessary.
  • If relevant, to follow up with you after the seminar (for further information, circulation of materials, feedback, etc).
  • Recording and/or streaming of audio and video is done to promote and communicate the event and its content publicly via our websites, social media channels and other external services.

Subscribers to event invitations, newsletters or blog post notifications

We collect and process the following personal data when you subscribe to content from PRIO:

  • Your name.
  • Your email address.
  • Your institutional affiliation.

This data is collected and processed for the following purposes:

  • To send you the content you have subscribed to.
  • To keep track of your subscription preferences.

For the purpose of tracking engagement with our newsletters, we or our service providers may use tracking images and tracking links to collect aggregate data on your engagement with our content. For the purpose of improving our events and content and thus our services to subscribers, we may on occasion contact you for feedback.

Applicants to positions, student placements and freelance pools advertised by PRIO

We collect and process the following personal data when you apply or ask to be considered for a function at PRIO:

  • Your name.
  • Your contact details.
  • General details about you, such as your location, employment, and citizenship.
  • Your CV.
  • Data specifically relevant to the function for which you ask to be considered, such as project outline, diplomas and writing samples.

This data is collected and processed for the following purposes:

  • To evaluate your application.
  • To track your application through the hiring/selection process.

Collaborators and contributors on PRIO projects, PRIO publications, and publications published together with a PRIO researcher

We collect and process the following personal data when you participate in PRIO projects, when you contribute to PRIO publications or co-author with one or more PRIO researchers:

  • Your name.
  • Your institutional affiliation.
  • A photo of you.

This data is collected and processed for the following purposes:

  • To promote the project or publication that you are a contributor to.
  • To fulfil legal obligations to funders.

Speakers at events held by PRIO

We collect and process the following personal data when you feature as speaker at PRIO events:

  • Your name.
  • Your institutional affiliation.
  • Your bio.
  • A photo of you.
  • Your image and voice if the event is filmed or streamed.
  • Your voice if the event is recorded.

This data is collected and processed for the following purposes:

  • To publicly promote and communicate the event you speak at prior to, during and after it takes place via our website, social media and other external services.

We collect and process your data based on the following legal bases:

  • Consent (see GDPR article 6 paragraph 1 (a)).
  • Performance of a contract (see GDPR article 6 paragraph 1 (b)).
  • Legal obligation to which PRIO is subject (see GDPR article 6 paragraph 1 (c)).
  • The legitimate interests of PRIO (see GDPR article 6 paragraph 1 (f)).

The legitimate interests pursued by PRIO include the following purposes:

  • To support PRIO’s aim and purpose as defined in our Statutes.
  • To ensure an appropriate level of information security.
  • To ensure our hiring processes are fair and transparent.

3. From whom do we collect your personal data?

We primarily collect your personal data directly from you. We may also collect your personal data from public sources, or from an institution you are affiliated with.

4. Who do we share your personal data with and why?

In connection with one or more of the purposes outlined above, your personal data may be disclosed to and shared with i.a. authorities, vendors, collaborators, and professional advisers such as auditors.

Sharing with data processors

We may share your personal data with vendors and service providers who process your personal data on our behalf, such as our IT providers, cloud service providers, or vendors of other external services. In such cases, PRIO has entered into data processing agreements to determine the nature and limits of the processing and ensure information security at all stages of this processing.

Sharing with other data controllers

We may share your personal data with other data controllers, for example if PRIO has a legal obligation to transfer the data to public authorities, if the purpose of processing is shared with a collaborating institution, or if another controller processes your data for its own purposes.

Transfer of personal data to recipients in countries outside the EU/EEA

We may transfer your personal data to data processors or data controllers located in countries outside the EU/EEA for the purposes listed in section 1. The transfer may only take place when meeting the conditions and principles of Article 44 of the GDPR.

5. How long do we store your data?

We store your personal data for as long as necessary to fulfil the purposes listed above, and for no longer than covered by the legal bases listed above. Your personal data will be anonymised or deleted in accordance with specific retention policies defined for each type of personal data processing.

  • For processing done on the legal basis of your consent, unless you withdraw this consent, we will continue to process your data until the purpose of processing ends.
  • For processing done on the legal basis of the performance of a contract or a legal obligation, we will process your data until the contract term has ended, the contract is terminated, or the legal obligation has ended, unless another purpose and applicable legal basis has been identified.
  • For processing done on the legal basis of our legitimate interest of supporting PRIO’s aim and purpose, we will process your personal data indefinitely.
  • For processing done on the legal basis of our legitimate interest of ensuring information security, we will process your data for up to two years from the time of collection.
  • For processing done on the legal basis of our legitimate interest of ensuring fair and transparent hiring processes, we will process your data for up to three years after you submitted your application.

6. Your rights

Subject to the conditions set out in the applicable data protection legislation, you as data subject enjoy certain rights. In the following, you can read about your rights, and how to perform them.

You can withdraw your consent for us to process your personal data at any time. If you withdraw your consent, we will stop processing the personal data that is processed on the basis of this consent.

The right to request access to your personal data

You can send us a request for access to get information about whether we process personal information about you, and if so gain insight into what information we process about you.

The right to rectification of your personal data

If you believe the information we process about you is incorrect, you can request that we correct this at any time.

The right to erasure of your personal data

If you request erasure of your personal data, the data will be deleted. However, the right to erasure is not absolute, and this right will be balanced against PRIO’s legal requirements and legitimate interests. For example, PRIO may be obliged or otherwise seek to continue processing your personal data in the following situations:

  • When the purpose of processing your data has not yet been fulfilled and further processing is sufficiently covered by a valid legal basis other than consent.
  • When PRIO is subject to a legal obligation that requires further processing of your personal data.
  • When you object to the processing of your data, but PRIO has grounds for invoking a legitimate interest that is deemed to override this objection, and is able to ensure that appropriate safeguards are in place to protect you as the data subject.

The right to restriction of processing

If you do not wish us to delete your data but want us to stop processing it in specific ways, you may, under certain circumstances, have the right to request this.

The right to data portability

According to Article 20 of the GDPR, you have the right to data portability for personal data about yourself that you have provided to PRIO and for which consent, or a similar kind of agreement, is the basis of processing. If you wish to exercise your right to portability, the relevant data will be exported in a portable format and handed over to you.

The right to object to the processing of your personal data

You have the right to object to the processing of personal data concerning you, where the processing is based on legitimate interest of PRIO or public interest. If so, PRIO will no longer process your personal data unless there are legitimate grounds for doing so which, according to a balancing test, are deemed to override your objection.

The right to lodge a complaint

You have the right to lodge a complaint with a supervisory authority. In Norway, this is Datatilsynet (the Norwegian Data Protection Authority). Complaints can be submitted at datatilsynet.no.

7. Contact details

If you have any questions regarding the protection of your personal data or if you wish to exercise your legal rights, you can contact us by sending an e-mail to it@prio.org.

PRIO has appointed Sikt as our Data Protection Officer. If you wish, you can direct your questions to or exercise your legal rights through them. Currently responsible for PRIO at Sikt is Lisa Andersen Reppe, available at dpo@prio.org.

8. Revisions to this privacy notice

We regularly review and update this privacy notice, so the details within are subject to change. The date of the last revision of the privacy notice is 31 January 2024.

An error has occurred. This application may no longer respond until reloaded. An unhandled exception has occurred. See browser dev tools for details. Reload 🗙