Data Privacy Policy of the Foundation for Baltic and East European Studies

Adopted by the Board of the Foundation for Baltic and East European Studies on 2018-06-11, updated 2020-11-05.

1. About the Foundation

The Foundation for Baltic and East European Studies (the “Foundation”) was established by the Swedish Government in 1994. The purpose of the Foundation’s work is to support research, doctoral studies and academic infrastructure related to the Baltic Sea Region and Eastern Europe at the Södertörn University.

The Foundation is led by a governing board, which is appointed by the Government (two members) as well as by the governing board itself (seven members). The governing board has established an investment committee for the purpose of managing the Foundation’s assets and a research committee in order to prepare research issues.


2. About this Policy

The Foundation values your privacy. Within the scope of its activities, the Foundation may process personal data as a data controller. Such processing is for example carried out in relation to managing of applications for research project funding, doctoral studies and academic infrastructure, and for other types of support, as well as in subsequent scrutiny of such applications. Processing also takes place in relation to application assessments by experts, evaluations and follow-ups of the Foundation’s projects and support, and to the holding of seminars, conferences and workshops. This document (“Data Privacy Policy of the Foundation for Baltic and East European Studies”) describes the Foundation’s processing of personal data, including the purposes for which personal data are processed, what personal data that may be collected and the measures taken by the Foundation to protect personal data.

This is a general data privacy policy. For specific activities and processing, this Policy may be supplemented with additional policies or data privacy statements on, for example, photos taken at seminars. In such cases, this general Policy shall be read in conjunction with any specific policy or data privacy statement provided for the activity concerned.


3. Processing of personal data and its purposes

The Foundation handles and processes personal data in accordance with the General Data Protection Regulation (EU) 2016/679 and other applicable legislation for the protection of personal data. Personal data are particulars that can be used to identify a natural person.

When in contact with the Foundation, you may be asked to provide for personal data or other information about yourself. This is mainly the case where data is submitted to, or collected by, the Foundation in its processing of applications, at various events organised by the Foundation and when you yourself contact the Foundation in relation to other matters. The information submitted or collected in these situations could for example be your name, title, postal address, email address, telephone number, personal ID number, sex, academic affiliation, degree(s), graduation year, occupation, employment and research stays, scholarly publications, budget data and other information you choose to submit. The Foundation is a personal data controller for the processing of personal data collected and obtained from you.

The Foundation processes personal data for the following purposes:

  1. In order to be able to administer and process applications for project funding and similar support, and provide services for which the Foundation has a remit, within the framework of its own purposes. This processing may include measures undertaken initially during the application process and thereafter in implementation and completion.
  2. In order to service you, answer queries and provide information about the Foundation’s activities.
  3. In order to carry out evaluations and follow-ups of the Foundation’s projects and support.
  4. For internal administrative purposes, to compile internal statistics and to develop and improve the Foundation’s activities.
  5. In order to enable the Foundation to fulfil its obligations under applicable laws, ordinances, and official decisions. It shall hereby be noted that the provisions under the Freedom of the Press Act (1949:105) concerning the public’s right to access official documents, apply to documents forming part of the Foundation’s activities (see Chapter 2, Section 4 of the Public Access to Information and Secrecy Act [Swedish Code of Statutes 2009:400] and the Appendix to this Act). In connection with the Foundation’s statutory release of official documents, personal data may need to be disclosed to third parties. This may apply, for example, in order to release a particular application document or parts of the same.

The Foundation processes personal data only where there is a legal basis for this processing. When you submit personal data for the purpose of enabling the Foundation to administer and process a support application, processing of your personal data, the legal basis for such processing is that it is necessary in order to meet the Foundation’s and your own legitimate interest of that the application is scrutinised, administered and, if approved, published, implemented and subsequently monitored. The same applies if the information is provided and the application expedited by a university, university college, academy, another member of the research group or anyone else. If the required particulars are not submitted, the Foundation cannot review the application.

Moreover, the Foundation relies on its legitimate interest to process personal data personal data where the Foundation processes such data for the purposes of servicing you and answering your queries; to provide information about the Foundation’s activities; for reasons linked to internal administrative purposes, internal statistics, evaluations and investigations; and/or to develop and improve the Foundation’s activities. The foundation may also process personal data on the basis that the Foundation carries out tasks of general interest.

Another legal basis for processing may be that an agreement has been concluded between the registered person and the Foundation.

Where personal data is processed in order to comply with obligations under applicable laws, ordinances, and official decisions, such as under the Swedish Bookkeeping Act (Swedish Code of Statutes 1999:1078), the relevant legal obligation complied with constitutes the legal basis for the processing of personal data. A single item of personal information may be processed on multiple legal grounds.

The Foundation retains your personal data only for as long as required under the relevant processing purposes. Personal data are erased or anonymised when no longer relevant for the purposes for which such data were collected. The Foundation is legally required to archive and erase documents in line with the Swedish Archives Act (Swedish Code of Statutes 1990:782) and associated regulations.


4. Disclosure of personal data

Within the scope of the Foundation’s activities, and in order to achieve the above-mentioned purposes of processing and in line with current legislation, the Foundation may share personal data with other cooperation parties. One example is where applications for project funding are forwarded to experts, whose appointment is proposed by the Foundation’s research committee and who has been commissioned by the Foundation office, to carry out an assessment of the relevant application.

There are administrative systems and support tools used by the Foundation in its internal operations that are not installed locally at the Foundation and handled by its staff. In some cases, such as in relation to Foundation’s application system, the administrative support tools and systems used require storage or other management of personal data by an external tool or system supplier.

In view of the above, personal data processed by the Foundation may be transferred to and stored in countries outside the European Economic Area (EEA) in certain cases. Such transfers must only take place according to applicable legislation. They require the country concerned to have a sufficient level of protection or an adequate protective measure in place to ensure the lawfulness of the transfer.

Personal data may also be released to authorities in accordance with current legislation.


5. Security

The Foundation takes the necessary and reasonable technical and organisational security measures to protect your personal data from unauthorised access, release, alteration or destruction. Accordingly, in its activities, the Foundation applies various physical and technical barriers and restrictions on access to personal data, for example through technical permissions and access control systems, use of firewalls, anti-virus protection, backup systems and other network security, and the option of security measures such as encryption when appropriate. If the Foundation engages an outside associate to support its activities, the Foundation ensures that this partner applies corresponding technical and organisational security measures, and processes personal data only in the manner approved by the Foundation.


6. Request for registry extract, rectification etc.

You are entitled to receive, free of charge, confirmation of whether personal data about you are processed by the Foundation, and if so, to request information on which personal data we process, from whom and where the particulars are retrieved, the purposes of the processing, the recipients or recipient categories to whom the personal particulars have been, or may be, released and, if possible, the foreseen duration of storage of the personal data (“Registry Extract”). On receiving such a request, the Foundation provides the information that it is obliged to release under current law.

A request for a Registry Extract shall be made in writing and be submitted by yourself personally. Please note that we may pose control questions for the purpose of verifying your identity.

Subject to certain conditions being met, you are also entitled to request processing restrictions or request from us, in a structured format, a copy of the personal data about you (data portability).

If it is found that personal data registered with the Foundation is out of date, incorrect, incomplete, or is being processed contrary to the purposes or in violation of relevant applicable legislation, it may be requested that the Foundation rectifies, blocks or erases the registered personal data concerned.

Those who have consented to specific processing of personal data may, at any time, opt to withdraw their consent by contacting the Foundation. When consent is withdrawn, the Foundation terminates the processing covered by the consent given.

Requests referred to in this section shall be sent to the Foundation, using the contact details below. Please note that we may pose control questions for the purpose of verifying your identity.

Should you have complaints regarding the Foundation’s processing of personal data relating to you, you may lodge a complaint with the Swedish Data Protection Authority (Sw. Integritetsskyddsmyndigheten, formerly known as Datainspektionen) in its capacity as a supervisory authority. Please be referred to the following website for more information: www.datainspektionen.se.


7. Changes to this Policy

The Foundation’s Data Privacy Policy may be amended from time to time. If such amendments to the Policy entail changes in how we process your personal data, the Foundation will notify you of such changes appropriately, for example by email or by updating our website.


8. Contact details

If you have questions or comments regarding the Foundation’s Data Privacy Policy, please contact us.

Foundation for Baltic and East European Studies
Att.: Personal Data Responsible
Alfred Nobels allé 7
SE–141 52 Huddinge, Sweden