Privacy Policy for Member Register

Association of Communicologists

Data Controller

Association of Communicologists

• Organization number: 936 989 535
• Business address: Grevlingvn. 20, 1914 YTRE ENEBAKK, Norway
• Email: contact@communicology.network
• Registered in: Brønnøysundregistrene (Norway)

What personal data do we collect?

We register the following information about our members:

• Contact information: Full name, email address, phone number, postal address, country
• Membership information: Date of birth, membership category (communicologist/student), enrollment date
• Language and communication: Preferred language for communication
• Financial: Membership fee payments (date, amount, year, currency)
• Consents: Communication preferences (newsletter, events)

Purpose of processing

We process personal data to:

• Administer membership in accordance with the bylaws (§ 8-11)
• Collect and register membership fees
• Inform members about events and association matters (§ 9)
• Communicate with members in English
• Fulfill legal obligations (accounting, reporting to Norwegian authorities)

Legal basis

The processing is necessary for:

• Contract performance: Implementation of the membership agreement (GDPR art. 6(1)b)
• Consent: Communication beyond what is necessary (GDPR art. 6(1)a)
• Legal obligation: Accounting under Norwegian law (GDPR art. 6(1)c)

International members

The association has members from around the world:

• Personal data is stored and processed within the EEA (currently Finland, future infrastructure may be in Norway)
• For members outside the EEA: Transfer only occurs with your explicit consent
• All members have the same rights under GDPR, regardless of country of residence

Technical Infrastructure

Current hosting:

The member registration system is hosted on a dedicated server in Helsinki, Finland (Hetzner Online GmbH).

Details:

• Location: Helsinki, Finland (within EEA)
• Provider: Hetzner Online GmbH (German company, GDPR-compliant)
• Security: Encrypted connection (HTTPS/TLS), access restricted to board members only
• Data processing agreement: In place with hosting provider

Future infrastructure:

The association is in the process of establishing permanent technical infrastructure. This may involve:

• Migration to association-owned infrastructure in Norway, or
• Continuation of hosting with current provider (Hetzner), or
• Migration to alternative EEA-based hosting

Any changes to data location or hosting provider will be evaluated by the board and communicated to members in advance. All hosting solutions will remain within the EEA and maintain the same GDPR compliance standards.

Members will be notified of any infrastructure changes at least 30 days in advance.

How long do we store the information?

• Active members: As long as the membership lasts
• Former members: Deleted immediately, except:
  • Accounting information: 5 years (Norwegian Bookkeeping Act)
  • Historical member lists (name/year/country only): May be retained anonymized

Your rights (applies to all members, regardless of country of residence)

You have the right to:

• Access: Request a copy of your registered information
• Rectification: Have errors in the information corrected
• Erasure: Have the information deleted upon resignation (§ 10)
• Restriction: Request temporary suspension of processing
• Data portability: Receive the information in machine-readable format
• Withdrawal of consent: Withdraw consent to newsletter/communication
• Complaint: Complain to the Norwegian Data Protection Authority (Datatilsynet) or supervisory authority in your country

Contact the board at [email] to exercise your rights.

Security

The member register is stored in a secure solution with appropriate technical and organizational measures to protect personal data, in accordance with GDPR and Norwegian data protection standards. Security measures include:

• Encrypted data transmission (HTTPS/TLS)
• Access control (only authorized board members)
• Regular security updates
• Secure backup procedures
• Data processing agreement with hosting provider

Sharing with third parties

We do not share personal data with external parties, except:

• Hosting provider: Hetzner Online GmbH (technical infrastructure provider, covered by data processing agreement)
• Institute of Communicology: Only aggregated statistics (number of members per country, not personal data)
• Accountant/auditor: For mandatory audit (Norwegian legal requirement)
• Payment provider: For processing membership fee payments (only necessary information)

We never transfer personal data to countries outside the EEA without explicit consent.

Language

This privacy policy is available in:

• English (primary language)
• Norwegian (for Norwegian authorities)
• Swedish

Changes to the privacy policy

Any changes will be notified to members by email at least 30 days before taking effect.

---

Last updated: 1/24/2026 Version: 1.0