Personal data policy

Personal data protection in the node’s work- 2020-12-04

RISE coordinates the work in the innovation node. Therefore, processing of personal information in the node’s work is regulated by RISE’s policy “Processing of Personal Data – Network member”, see the text below. If this policy may need to be updated based on the node’s work, the members will be informed.

Processing of Personal Data – Network member

RISE Research Institutes of Sweden AB (RISE), as data controller, processes personal data regarding members of RISEnetworks(hereinafter referred to as the “Member”), due to the circumstance thatthe Memberor its employer or principal has or has had a business relation with RISEregarding the Member being a member ofa RISE network, and/or has or has had discussions or negotiations regarding such business relation.This documentcontainsinformationabout the collecting, processing, storage and transfer of personal data of individually identifiable current, past and future Members.

Personal data processed by RISE

Thebasicpersonal data of theMemberthat RISE processes may include name, phone number,e-mail addressandin somecasespersonal security number (swe: personnummer), and other personal data transferred to RISE from the Memberor itsemployer or principal.

From which sources the personal data is collected

In addition to the information transferred to RISE from the Memberorits employer or principal, RISE may collect personal data from public records or from third parties cooperating with RISE within the framework of the overall mission of RISE.

Purpose and lawful basis

Based on Contract or RISE legitimate interest,RISE processes personal data for the following purposes:

  • Implementation, management, administration, follow-up, etc. of the current business relation regarding the Members membership of the networks, and associated communication.
  • Invoicing and paymentprocedures regarding the membership.

This processing is needed for RISE to be able to fulfill its contractual rights and obligationsaccording to the contract entered or negotiated with RISE. If the contract is enteredintoor negotiated between RISE and the employer or principal of the Member, and the Membercouldreasonably expect the processingwhichis not deemed to cause unjustified harm, the personal data is processed based on the legitimate interest of RISE, which is to fulfill its contractual rights and obligations towards the contracting employer or principal.

Based on RISE legitimate interest,RISE processes personal data for the following purposes:

  • Marketing of RISE business,projectsand various events.
  • Safeguard and exercise legal rights of RISE.
  • Comply with applicable laws, e.g. Bokföringslagen (1999:1078).
  • Management, follow-up, evaluations and administration of marketsurveysand customer satisfaction surveys.

If the Membercould reasonably expect the processing which is not deemed to cause unjustified harm, the personal data is processed based on the legitimate interest of RISE.

To whom the personal data is disclosed

RISE appliesappropriate technical and organizational security measures to protect personal data against e.g. loss, misuse and unauthorized access. Only persons within RISE who need to process the personal data in accordance with the above stated purposes will have access to the data.

RISE may transfer personal data to third parties within the RISE company group, for the purpose of RISE being able to use the same IT system (e.g. financial system, customer register etc.) in order to be able to coordinate its assignment in an efficient manner.

RISE may transfer personal data to third parties acting as personal data processors, e.g. supplier of the supply-, support and maintenance of IT-and cloud services, suppliers of marketsurveys and customer satisfaction surveys, etc.

RISE may transfer personal data to third parties acting as independent data controllers, if such transfer is required by applicable law, or if RISE has a legitimate interest for such transfer, e.g. third parties cooperating with RISE within the framework of the overall missionof RISE,other network members,insurance companiesin the event ofinsurance matters, etc.

Storage and disposal

RISE processes the personal data as long asit is necessary for the purposes for which the personal data was collected.

Personal data processed forcontractual and business relation purposeswill be processed as long as RISE may have any contractual rights and obligations towards the Memberor its employer or principal, and as long asnecessary in order to comply with any legal obligations.

Personal data processed for marketingpurposes will beprocessedfor 18 months.

Transfer to third countries

RISE strives to process personal data within the EEA. In cases where RISE is transferring or processing personal data outside the EEA, RISE will ensure an adequate level of protection in accordance with applicable legislation.

Legal rights

The Memberhas the right to receive information regarding its personal data processed by RISE, and to request for rectification, limitation or deletion of these, by contacting the Data Protection Officer at RISE, at dpo@ri.se. The Member also has the right to file a complaint to the Swedish Data Protection Authority.

The personal data processor fortheprocessing is RISE Research Institutes of Sweden AB (company registration number 556464-6874), with mailing address:

Box 857
501 15 Borås
Sweden