Cookie Policy (Informasjonskapsler)

Platform: Viby
Effective Date: 28.07.2025
Last Updated: 28.07.2025
Scope: All users of Viby
Compliance: GDPR, ePrivacy Directive, Norwegian Electronic Communications Act

1. INTRODUCTION

This Cookie Policy explains how Viby ("we," "us," "our") uses cookies and similar technologies on our social networking platform for Norwegian "russ" students. This policy should be read together with our Privacy Policy and Terms of Service.

1.1 What Are Cookies?

Cookies are small text files that are stored on your device (computer, tablet, smartphone) when you visit websites. They are widely used to make websites work more efficiently and to provide information to website owners.

1.2 Why We Use Cookies

We use cookies to:

  • Keep you logged into your account
  • Remember your preferences and settings
  • Improve your user experience
  • Understand how you use our platform
  • Ensure the security of your account
  • Provide relevant content and features

2. TYPES OF COOKIES WE USE

2.1 Essential Cookies (Strictly Necessary)

These cookies are essential for the platform to function properly. You cannot opt out of these cookies without affecting the functionality of our service.

Authentication Cookies

  • Purpose: Keep you logged into your account during your session
  • Duration: Session-based (deleted when you close your browser) or persistent (up to 30 days)
  • Data Stored: Encrypted session identifiers
  • Legal Basis: Legitimate interest (essential for service provision)

Cookie Names:

  • next-auth.session-token or __Secure-next-auth.session-token
  • next-auth.csrf-token
  • next-auth.callback-url

Security Cookies

  • Purpose: Protect against security threats and unauthorized access
  • Duration: Session-based or up to 24 hours
  • Data Stored: Security tokens and identifiers
  • Legal Basis: Legitimate interest (security protection)

Cookie Names:

  • csrf-token
  • security-session
  • device-fingerprint

Functionality Cookies

  • Purpose: Remember your preferences and settings
  • Duration: Up to 12 months
  • Data Stored: Language preferences, theme settings, privacy preferences
  • Legal Basis: Legitimate interest (improving user experience)

Cookie Names:

  • user-preferences
  • language-setting
  • theme-mode
  • cookie-consent

2.2 Performance and Analytics Cookies (Optional)

These cookies help us understand how users interact with our platform. They are only set with your consent.

Usage Analytics

  • Purpose: Understand how users navigate and use our platform
  • Duration: Up to 26 months
  • Data Stored: Page views, click patterns, session duration (anonymized)
  • Legal Basis: Consent
  • Opt-out: You can disable these cookies in your privacy settings

Cookie Names:

  • _ga (Google Analytics)
  • _ga_* (Google Analytics)
  • _gid (Google Analytics)
  • platform-analytics

Performance Monitoring

  • Purpose: Identify and fix technical issues
  • Duration: Up to 90 days
  • Data Stored: Error logs, performance metrics
  • Legal Basis: Consent
  • Opt-out: Available in privacy settings

Cookie Names:

  • performance-monitor
  • error-tracking
  • load-time-metrics

2.3 Social and Interaction Cookies (Optional)

These cookies enhance social features and content sharing.

Content Preferences

  • Purpose: Remember your content preferences and interactions
  • Duration: Up to 6 months
  • Data Stored: Content categories you prefer, interaction history
  • Legal Basis: Consent
  • Opt-out: Available in privacy settings

Cookie Names:

  • content-preferences
  • interaction-history
  • recommended-content

3. THIRD-PARTY COOKIES

3.1 Authentication Services

Google OAuth

When you sign in with Google:

  • Purpose: Authenticate your Google account
  • Duration: Varies (controlled by Google)
  • Data: Basic profile information
  • Privacy Policy: https://policies.google.com/privacy
  • Control: Managed through your Google account settings

GitHub OAuth

When you sign in with GitHub:

  • Purpose: Authenticate your GitHub account
  • Duration: Varies (controlled by GitHub)
  • Data: Basic profile information
  • Privacy Policy: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement
  • Control: Managed through your GitHub account settings

3.2 Analytics Services (Optional)

Google Analytics

If you consent to analytics cookies:

  • Purpose: Website analytics and user behavior analysis
  • Duration: Up to 26 months
  • Data: Anonymized usage statistics
  • Privacy Policy: https://policies.google.com/privacy
  • Opt-out: Available at https://tools.google.com/dlpage/gaoptout

3.3 Content Delivery and Security

Amazon Web Services (AWS)

  • Purpose: Content delivery and security services
  • Duration: Session-based
  • Data: Technical data for content delivery
  • Privacy Policy: https://aws.amazon.com/privacy/
  • Purpose: Essential for platform functionality

4. HOW WE USE COOKIE INFORMATION

4.1 Platform Functionality

  • Session Management: Keeping you logged in securely
  • Preference Storage: Remembering your settings and choices
  • Security Protection: Detecting and preventing unauthorized access
  • Error Prevention: Identifying and fixing technical issues

4.2 User Experience Improvement

  • Content Personalization: Showing relevant content based on your interests
  • Performance Optimization: Improving page load times and responsiveness
  • Feature Enhancement: Developing new features based on usage patterns
  • Bug Detection: Identifying and resolving user experience issues

4.3 Analytics and Insights (With Consent)

  • Usage Analysis: Understanding how users interact with our platform
  • Feature Adoption: Measuring the success of new features
  • Community Health: Monitoring overall platform engagement
  • Technical Performance: Analyzing system performance and reliability

5. YOUR COOKIE CHOICES

5.1 Cookie Consent Management

Initial Consent

When you first visit our platform:

  • Consent Banner: You'll see a clear cookie consent notice
  • Granular Choices: You can accept all cookies or choose specific categories
  • Essential Notice: Essential cookies are clearly identified
  • Easy Withdrawal: Clear instructions on how to change your mind later

Managing Consent

You can always change your cookie preferences:

  • Privacy Settings: Access cookie controls in your account settings
  • Granular Control: Enable or disable specific cookie categories
  • Real-time Application: Changes take effect immediately
  • Clear Information: Detailed explanations of what each choice means

5.2 Browser Controls

Browser Settings

Most browsers allow you to control cookies:

  • Chrome: Settings → Privacy and Security → Cookies and other site data
  • Firefox: Settings → Privacy & Security → Cookies and Site Data
  • Safari: Preferences → Privacy → Cookies and website data
  • Edge: Settings → Privacy, search, and services → Cookies and site permissions

Third-Party Opt-outs

  • Google Analytics: https://tools.google.com/dlpage/gaoptout
  • Google Ads: https://adssettings.google.com/
  • Your Online Choices: http://www.youronlinechoices.eu/

5.3 Impact of Disabling Cookies

Essential Cookies

If you disable essential cookies:

  • ❌ You cannot stay logged into your account
  • ❌ Your preferences won't be remembered
  • ❌ Security features may not work properly
  • ❌ Some platform features may be unavailable

Analytics Cookies

If you disable analytics cookies:

  • ✅ Platform functionality remains intact
  • ❌ We cannot improve the platform based on usage data
  • ❌ Personalized features may be less effective

Performance Cookies

If you disable performance cookies:

  • ✅ Core features continue to work
  • ❌ We cannot identify and fix technical issues as quickly
  • ❌ Platform performance may not be optimized for your device

6. COOKIE SECURITY AND PRIVACY

6.1 Security Measures

Data Protection

  • Encryption: Sensitive cookie data is encrypted
  • Secure Transmission: Cookies are transmitted over secure HTTPS connections
  • Access Controls: Limited access to cookie data within our organization
  • Regular Audits: Regular security reviews of cookie usage

Cookie Attributes

  • Secure Flag: Cookies are only transmitted over secure connections
  • HttpOnly Flag: Prevents access to cookies via JavaScript (where appropriate)
  • SameSite Attribute: Protects against cross-site request forgery attacks
  • Path Restrictions: Cookies are limited to appropriate website sections

6.2 Privacy Protection

Data Minimization

  • Necessary Data Only: We only store data necessary for the specified purpose
  • Regular Cleanup: Expired cookies are automatically deleted
  • Anonymization: Analytics data is anonymized where possible
  • Limited Retention: Cookies have appropriate expiration dates

User Control

  • Transparency: Clear information about what each cookie does
  • Choice: Genuine choice about which cookies to accept
  • Easy Changes: Simple process to modify cookie preferences
  • Withdrawal: Easy withdrawal of consent at any time

7. MOBILE APP CONSIDERATIONS

7.1 Mobile App Technologies

Similar Technologies

Our mobile app (when available) may use technologies similar to cookies:

  • Device Identifiers: Unique identifiers for your device
  • Local Storage: Data stored locally on your device
  • App Preferences: Settings stored within the app
  • Analytics SDKs: Third-party analytics tools

Mobile Controls

  • App Settings: Control data collection within the app settings
  • Device Settings: Use your device's privacy settings
  • Operating System Controls: iOS and Android privacy controls
  • Opt-out Options: Where available, opt-out of specific data collection

7.2 Cross-Platform Consistency

Unified Experience

  • Consistent Preferences: Your cookie preferences apply across web and mobile
  • Synchronized Settings: Settings are synchronized across devices where possible
  • Clear Information: Same level of transparency across all platforms
  • Easy Management: Unified control panel for all privacy settings

8. UPDATES TO THIS COOKIE POLICY

8.1 Policy Changes

Notification of Changes

We may update this Cookie Policy to reflect:

  • New Technologies: Implementation of new cookie technologies
  • Legal Requirements: Changes in applicable laws and regulations
  • Feature Updates: New platform features that use cookies
  • User Feedback: Improvements based on user feedback

How We Notify You

  • Email Notification: Direct email to all users for material changes
  • Platform Notice: Prominent notice on the platform
  • Updated Date: Clear indication of when the policy was last updated
  • Archive Access: Previous versions available upon request

8.2 Your Rights After Updates

Review Rights

  • Policy Review: Time to review changes before they take effect
  • Continued Consent: Your consent is sought for new cookie types
  • Withdrawal Option: Ability to withdraw consent if you disagree with changes
  • Account Deletion: Option to delete your account if you cannot accept changes

9. INTERNATIONAL TRANSFERS

9.1 Data Location

Primary Storage

  • EU/EEA: Cookies are primarily processed within the EU/EEA
  • Norway: Some cookies are processed on servers in Norway
  • Adequate Countries: Data may be processed in countries with EU adequacy decisions

Third-Party Services

  • Google Analytics: May involve data transfer to the US with appropriate safeguards
  • AWS Services: Data processed in EU regions where possible
  • OAuth Providers: Subject to the providers' international transfer policies

9.2 Transfer Safeguards

Legal Protections

  • Standard Contractual Clauses: For transfers outside the EU/EEA
  • Adequacy Decisions: Reliance on EU adequacy decisions where available
  • Additional Safeguards: Extra protections for sensitive data transfers
  • User Notification: Clear information about international transfers

10. CHILDREN'S PRIVACY

10.1 Age Restrictions

Minimum Age

  • 16 Years: Platform is restricted to users 16 years and older
  • Age Verification: Age verification processes before account creation
  • Enhanced Protection: Additional protections for users under 18
  • Parental Awareness: Information available for parents of teenage users

Special Protections

  • Limited Tracking: Reduced tracking for younger users
  • Enhanced Security: Additional security measures for teenage accounts
  • Privacy Education: Educational resources about online privacy
  • Easy Controls: Simplified privacy controls for younger users

11. CONTACT INFORMATION

11.1 Cookie Questions

General Cookie Questions:

  • Email: kontakt@viby.no
  • Subject Line: "Cookie Policy Question"
  • Response Time: 5-7 business days
  • Languages: Norwegian and English

Technical Cookie Issues:

  • Email: kontakt@viby.no
  • Subject Line: "Cookie Technical Issue"
  • Response Time: 1-2 business days
  • Include: Browser type, device information, specific issue

11.2 Privacy Rights

Data Protection Requests:

  • Email: kontakt@viby.no
  • Subject Line: "Privacy Rights Request - Cookies"
  • Information: Include account email and specific request
  • Verification: Identity verification may be required

Complaints:

  • Internal: kontakt@viby.no
  • External: Datatilsynet (Norwegian Data Protection Authority)
    • Email: postkasse@datatilsynet.no
    • Phone: +47 22 39 69 00

12. NORWEGIAN SPECIFIC INFORMATION

12.1 Norwegian Law Compliance

Electronic Communications Act

  • Consent Requirements: Compliance with Norwegian consent requirements
  • Information Obligations: Clear information about cookie purposes
  • User Rights: Respect for Norwegian user rights
  • Language: Available in Norwegian upon request

Consumer Rights

  • Clear Information: Information provided in plain Norwegian
  • Consumer Protection: Additional protections under Norwegian consumer law
  • Complaint Procedures: Clear procedures for cookie-related complaints
  • Resolution: Fair and timely resolution of issues

12.2 Language Support

Norwegian Translation

  • Full Translation: This policy is available in Norwegian
  • Legal Equivalence: Norwegian version has equal legal standing
  • Cultural Adaptation: Adapted for Norwegian legal and cultural context
  • Regular Updates: Norwegian version updated simultaneously with English

13. COOKIE REFERENCE TABLE

13.1 Essential Cookies

Cookie Name Purpose Duration Type Can Disable?
next-auth.session-token User authentication 30 days Essential No
next-auth.csrf-token Security protection Session Essential No
cookie-consent Remember consent choices 12 months Essential No
user-preferences Store user settings 12 months Essential No
security-session Account security 24 hours Essential No

13.2 Optional Cookies

Cookie Name Purpose Duration Type Can Disable?
_ga Google Analytics 26 months Analytics Yes
_gid Google Analytics 24 hours Analytics Yes
platform-analytics Platform usage stats 90 days Analytics Yes
performance-monitor Performance tracking 30 days Performance Yes
content-preferences Content personalization 6 months Functional Yes

Document Version: 1.0
Effective Date: 28.07.2025
Next Review: 28.07.2026
Compliance: GDPR, ePrivacy Directive, Norwegian Electronic Communications Act

Quick Summary: We use essential cookies to make our platform work and optional cookies (with your consent) to improve your experience and understand how our platform is used. You can control optional cookies in your privacy settings at any time.

Need Help?: If you have questions about cookies, contact us at kontakt@viby.no or visit your privacy settings to manage your cookie preferences.

We use cookies

We use cookies to ensure you get the best experience on our website. For more information on how we use cookies, please see our cookie policy.

By clicking "Accept", you agree to our use of cookies.

Learn more