Data Processing Agreement

    1.About the Data Processing Agreement
    2.Keystone’s collection and use of information about users
    3.Transfer and co-ownership of information to Customer
    4.What information do we collect?
    5.What do we use the user information for?
    6. Delete or withdraw user data
    7.User requests to access their data
    8.How do we protect user information?
    9.How long do we keep user information?
    10.Do we use cookies?
    11.Do we disclose any information to outside parties?
    12.Will we transfer user information outside of Europe?
    13.What are the users’ rights?
    15. Third Party Links
    16.Online Data Processing Agreement Only
    17.Changes to our Data Processing Agreement
    18.Contacting Us

    1.About the Data Processing Agreement

    This Data Processing Agreement explains when and why we collect information about users, how we use it, the conditions under which we may disclose it to others and how we keep it secure.

    We, Masterstudies AS, act as a ‘’Controller’’ of the personal data provided through our websites,,,,,,,,, and similar websites. This also includes all local and international domains.

    Masterstudies AS also acts as a “Processor’’ on behalf of schools using our platform. Schools are using the software platform to follow up on user requests for information.

    2.Keystone’s collection and use of information about users

    Personal information is data that can be used to identify or contact a single person. Keystone takes the security of personal information seriously and uses security certified computer systems with limited access housed in facilities using physical security measures. We communicate our privacy and security guidelines to Keystone employees and strictly enforce privacy safeguards within the company. While no data transmission over the Internet is 100% secure from intrusion, we have used and will continue to use commercially reasonable efforts to ensure the protection of personal information.

    In order to provide some of the Services (including, but not limited to SmartHub and all existing and future SmartHub products), Keystone will collect, use and store personal information from users who fill out the enquiry form (“Users”), as well as other information submitted to or acquired by Keystone regarding the Users and their use of the Services.

    Keystone may use this information to provide and improve our Services and content, for loss prevention and anti-fraud purposes, and for selected marketing purposes. Keystone may transfer and make certain personal information available to partners that work with Keystone to provide relevant products, services or for selected marketing purposes. Keystone will retain the personal information of the Users for the period necessary to fulfil the purposes of the Services unless a longer retention period is required or permitted by law. Keystone may also collect data that does not, on its own, permit direct association with any specific individual (non-personal information), such as user activities and behavior on our websites. Keystone may collect, use, transfer and disclose non-personal information for any purpose. Keystone may disclose personal information or non-personal information if it is necessary by law, legal process, litigation, and/or requests from public and governmental authorities, or if we determine that for purposes of national security, law enforcement, or other issues of public importance, disclosure is necessary or appropriate. Keystone may also disclose such information if we determine that disclosure is reasonably necessary to enforce these Terms and Conditions.

    3. Transfer and co-ownership of information to Customer

    If the Customer has purchased Services that provide personal information of Users and other information to be transferred to the Customer, then upon such transfer, the Customer assumes co-ownership of and full responsibility for the Customer’s further use and handling of any such information. It is the Customer’s responsibility to evaluate the accuracy, completeness or usefulness of any information, opinion or other content transferred from or available through the Services. Keystone does not determine whether the information transferred to the Customer is subject to any specific law or regulation. The Customer should take all precautions the Customer believes are necessary or advisable to use and handle such information correctly and in compliance with all laws and regulations applicable to its use of the information, and the Customer bears the risk of any liability relating to the Customer’s use of such information.

    4. What information do we collect?

    Users may navigate on our webpage without providing their personal data except for IP-address and user agent string. IP-address and user agent string are stored for 24 months. 

    However, if users wish to receive information pertaining to us, or to receive information from the universities registered on our webpage, we will need their personal information.

    We collect information from users when they register on our site, subscribe to our newsletter, respond to a survey or fill out a form. Users must be at least 16 years of age to use our services. Users may be asked to enter their: Name, e-mail address, mailing address, phone number or educational information.

    The legal basis for the processing of web form data is contract.
    The legal basis for the processing of optional services is consent (for example newsletters).

    Like most websites, we use cookies to enhance the user experience, gather general visitor information, and track visits to our website. Please refer to the 'do we use cookies?' section below for information about cookies and how we use them.

    5. What do we use the user information for?

    Any of the information we collect from users may be used in one of the following ways:

    • To answer user requests to a school: A user’s personal information will be processed in order to send them information about our schools’ educational offers from which they have requested such information.
    • To personalize the user experience: A user’s information helps us to better respond to their individual needs.
    • To improve our website: We process information about users when they send us e-mails directly. We continually strive to improve our website offerings based on the information and feedback we receive from our users.
    • To improve customer service: User information helps us to more effectively respond to their customer service requests and support needs.
    • If a user agrees to receive such information, to send periodic emails.
    • If a user agrees to receive such information, to administer a contest, promotion, survey or other site feature.
    • If a user agrees to receive such information, information and updates pertaining to their request, in addition to occasional company news, updates, promotions, related product or service information etc.

    Users may opt-out at any time by clicking the unsubscribe button at the bottom of our emails or by logging in to their page at Users may also unsubscribe via phone or e-mail. Users will find our contact details under ‘’Contacting Us’’.

    6. Delete or withdraw user data

    Users may at any time delete their data or withdraw their consents by contacting us via phone, or e-mail or logging in to their page at Users will find their contact details under ‘’Contacting Us’’. Withdrawal will not affect the lawfulness of processing based on the contract or consent before its withdrawal. Our contact info is stated under ‘’Contacting Us’’.

    7. User requests to access their data

    Users may at any time request access to the information we process about them by contacting us via phone, or by e-mail or by logging in to their page at Users may also request to have the information corrected. Users may also have their personal data transferred upon request. Furthermore, users may request restriction of processing personal data or object to the processing in accordance with relevant legislation. Our contact info is stated under ‘’Contacting Us’’.

    8. How do we protect user information?

    We implement a variety of security measures to maintain the safety of users’ personal information when they submit a request or enter, submit, or access their personal information. 

    These security measures include: Hashed/salted password protection, regular software updates, backups, firewalls, best-practice database communication, role-based system access and more. We also use SSL (Secure Sockets Layer) technology to ensure that user information is fully encrypted and sent across the internet securely. 

    9. How long do we keep user information?

    Personal data will not be stored longer than necessary for the purposes for which the personal data is processed, with a maximum of 24 months. Please note that personal data may be stored for longer periods if required by applicable law or necessary to resolve disputes or to enforce our agreements.

    Information that we use for marketing purposes will be kept with us until users notify us that they no longer wish to receive this information. 

    10. Do we use cookies?

    Yes. Cookies are small files that a site or its service provider transfers to a user’s computer’s hard drive through their Web browser (if they allow) that enables our system to recognize their browser and capture and remember certain information.

    We use cookies to compile aggregate data about site traffic and to personalize the user experience. Users will be asked to consent to the use of cookies when they enter our website by clicking the ‘’I agree’’ button. Users may withdraw their consent at any time by altering their browser settings or logging in to their page at, or by phone or e-mail.

    Users may continue to use our service without accepting cookies, but should note that this may affect the functionality of our website negatively.

    Cookies might also be set by trusted sub-processors. Please refer to the “Sub-processors” section below for information about which sub-processors that are used.

    11. Do we disclose any information to outside parties?

    We work closely with our trusted third parties, i.e. the universities listed at our webpages, to provide users with correct and updated information about educational offers. When users request information from one of our trusted third parties, the relevant university will receive their name and e-mail address and use their details to provide them with information about the curriculum and admission process, and any other information that they have requested.

    The information may also be used to send users additional newsletters and e-mails, provided they have opted in to receive such information.

    We do not sell, trade, or otherwise transfer to other third parties users’ personally identifiable information. However, we may release users’ information when we believe release is necessary to comply with the law, enforce our site policies, or protect ours or others' rights, property, or safety. Furthermore, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses. 

    12. Will we transfer user information outside of Europe?

    As a part of the services offered to users through our websites, the information they provide to us may be transferred outside the European Union (‘’EU’’) or the European Economic Area (EEA), provided users agree to receive information from a university outside the EU/EEA. Please note that such third countries may have different levels of protection of users’ personal data.

    If we transfer users’ information outside of the EU/EEA, we will take steps to ensure that appropriate security measures are taken to ensure that their privacy rights continue to be protected as outlined in this policy.

    13.What are the users’ rights?

    If users are not satisfied with our response or believe we are not processing their personal data in accordance with the relevant legislation, they may file a complaint to the supervisory authority.


    Masterstudies AS relies on a handful of third-party suppliers who assist in the service we offer to users. Some of these suppliers process users’ personal data to be able to execute the service they offer. Sends emails on our behalf. Sends emails on our behalf.
    Google Analytics: Analyzes web traffic and usage of websites.
    Google Ad Manager: Advertising service for showing banner ads.
    Google Tag Manager: Helps us adding Google Ad Manager tags. Search engine for e-mail addresses to find basic info about a person. Transfers user requests to schools’ CRM systems. Only when requested by school. and Registers how forms are filled in order to improve user experience.

    Sub-processors are confirmed GDPR compliant or of equivalent standard. For more information, please see each sub-processor’s privacy policy.

    15.Third Party Links

    Occasionally, at our discretion, we may include or offer third-party products or services on our website. These third-party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.

    16.Online Data Processing Agreement Only

    This online Data Processing Agreement applies only to information collected through our website and not to information collected offline.

    17.Changes to our Data Processing Agreement

    If we decide to change our Data Processing Agreement, we will post those changes on this page, and/or update the Data Processing Agreement modification date below. Agreement changes will apply only to information collected after the date of the change. 

    This Agreement was last modified on February 18, 2019.

    18.Contacting Us

    If there are any questions regarding this Data Processing Agreement or the processing of personal data, you may contact us using the information below.
    Rolfsbuktveien 4D
    Fornebu, Oslo 1364
    +47 23227250