Personal data policy
Personal data protection in the node’s work- 2020-12-04
RISE coordinates the work in the innovation node. Therefore, processing of personal information in the node’s work is regulated by RISE’s policy “Processing of Personal Data – Network member”, see the text below. If this policy may need to be updated based on the node’s work, the members will be informed.
Processing of Personal Data – Network member
RISE Research Institutes of Sweden AB (RISE), as data controller, processes personal data regarding members of RISEnetworks(hereinafter referred to as the “Member”), due to the circumstance thatthe Memberor its employer or principal has or has had a business relation with RISEregarding the Member being a member ofa RISE network, and/or has or has had discussions or negotiations regarding such business relation.This documentcontainsinformationabout the collecting, processing, storage and transfer of personal data of individually identifiable current, past and future Members.
Personal data processed by RISE
The basic personal data of the Member that RISE processes may include name, phone number,e-mail address and in some cases personal security number (swe: personnummer), and other personal data transferred to RISE from the Memberor itsemployer or principal.
From which sources the personal data is collected
In addition to the information transferred to RISE from the Member or its employer or principal, RISE may collect personal data from public records or from third parties cooperating with RISE within the framework of the overall mission of RISE.
Purpose and lawful basis
Based on Contract or RISE legitimate interest, RISE processes personal data for the following purposes:
- Implementation, management, administration, follow-up, etc. of the current business relation regarding the Members membership of the networks, and associated communication.
- Invoicing and paymentprocedures regarding the membership.
This processing is needed for RISE to be able to fulfill its contractual rights and obligations according to the contract entered or negotiated with RISE. If the contract is entered into or negotiated between RISE and the employer or principal of the Member, and the Member could reasonably expect the processing which is not deemed to cause unjustified harm, the personal data is processed based on the legitimate interest of RISE, which is to fulfill its contractual rights and obligations towards the contracting employer or principal.
Based on RISE legitimate interest,RISE processes personal data for the following purposes:
- Marketing of RISE business,projectsand various events.
- Safeguard and exercise legal rights of RISE.
- Comply with applicable laws, e.g. Bokföringslagen (1999:1078).
- Management, follow-up, evaluations and administration of market surveys and customer satisfaction surveys.
If the Member could reasonably expect the processing which is not deemed to cause unjustified harm, the personal data is processed based on the legitimate interest of RISE.
To whom the personal data is disclosed
RISE applies appropriate technical and organizational security measures to protect personal data against e.g. loss, misuse and unauthorized access. Only persons within RISE who need to process the personal data in accordance with the above stated purposes will have access to the data.
RISE may transfer personal data to third parties within the RISE company group, for the purpose of RISE being able to use the same IT system (e.g. financial system, customer register etc.) in order to be able to coordinate its assignment in an efficient manner.
RISE may transfer personal data to third parties acting as personal data processors, e.g. supplier of the supply-, support and maintenance of IT-and cloud services, suppliers of market surveys and customer satisfaction surveys, etc.
RISE may transfer personal data to third parties acting as independent data controllers, if such transfer is required by applicable law, or if RISE has a legitimate interest for such transfer, e.g. third parties cooperating with RISE within the framework of the overall mission of RISE, other network members, insurance companies in the event of insurance matters, etc.
Storage and disposal
RISE processes the personal data as long as it is necessary for the purposes for which the personal data was collected.
Personal data processed for contractual and business relation purposes will be processed as long as RISE may have any contractual rights and obligations towards the Member or its employer or principal, and as long as necessary in order to comply with any legal obligations.
Personal data processed for marketingpurposes will be processed for 18 months.
Transfer to third countries
RISE strives to process personal data within the EEA. In cases where RISE is transferring or processing personal data outside the EEA, RISE will ensure an adequate level of protection in accordance with applicable legislation.
Legal rights
The Member has the right to receive information regarding its personal data processed by RISE, and to request for rectification, limitation or deletion of these, by contacting the Data Protection Officer at RISE, at dpo@ri.se. The Member also has the right to file a complaint to the Swedish Data Protection Authority.
The personal data processor for the processing is RISE Research Institutes of Sweden AB (company registration number 556464-6874), with mailing address:
Box 857
501 15 Borås
Sweden