Data Privacy Policy of the Foundation for Baltic and East European Studies

Adopted by the Board of the Foundation for Baltic and East European Studies on 2018-06-11, updated 2018-10-22.

1. About the Foundation

The Foundation for Baltic and East European Studies was established by the Swedish Government in 1994. The Foundation’s mission is to support research, doctoral studies and academic infrastructure related to the Baltic Sea Region and Eastern Europe at Södertörn University.

The Foundation’s activities are led by a Board appointed by the Government (two members) and by the Board itself (seven members). The Board has set up an investment committee to manage the Foundation’s assets and a research committee to prepare research issues.

2. About this Policy

The Foundation safeguards your privacy. Within the framework of its work, the Foundation may have occasion to process personal data. This applies, for example, to applications for project funding for research, doctoral studies and academic infrastructure, and for other types of support, and also in subsequent scrutiny of such applications. It also applies to assessments by experts, evaluations and follow-ups of the Foundation’s projects and support, and to the holding of seminars, conferences and workshops. This document (“Data Privacy Policy of the Foundation for Baltic and East European Studies”) describes the Foundation’s processing of personal data, including the purposes for which personal data are processed, what personal data that may be collected and the measures taken by the Foundation to protect personal data.

This is a general data privacy policy. For specific activities and processing, the Policy may be supplemented with additional policies or data privacy statements on, for example, photography at seminars. In such cases, this general Policy must be read in conjunction with the particular policy or data privacy statement provided for the activity concerned.

3. Processing of personal data and its purposes

The Foundation handles and processes personal data in accordance with the General Data Protection Regulation (EU) 2016/679 and other applicable legislation that protects personal data privacy. Personal data are particulars that can be used to identify a natural person.

On occasion, in your dealings with the Foundation, you may be asked for personal particulars or to provide information about yourself. This happens mainly when data need to be submitted to, or collected by, the Foundation in its processing of applications, at events of various types organised by the Foundation and when you contact the Foundation regarding other matters. The information submitted or collected in these situations may be your name, title, postal address, email address, telephone number, personal ID number, sex, academic affiliation, degree(s), graduation year, occupation, employment and research stays, scholarly publications, budget data and other information you choose to submit. The Foundation is a personal data controller for the processing of personal data collected and obtained from you.

The Foundation processes personal data for the following purposes:

  1. To be able to administer and process applications for project funding and similar support, and provide services for which the Foundation has a remit, within the framework of its own purposes. This processing may include measures undertaken initially during the application process and thereafter in implementation and completion.
  2. To serve you, answer queries and provide information about the Foundation’s activities.
  3. To carry out evaluations and follow-ups of the Foundation’s projects and support.
  4. For internal administrative purposes, to compile internal statistics and to develop and improve the Foundation’s activities.
  5. To enable the Foundation to fulfil its obligations under applicable laws, ordinances, and official decisions. Here, it may be noted that the provisions of the Freedom of the Press Act (1949:105) concerning the public’s right to access official documents apply to documents forming part of the Foundation’s work (see Chapter 2, Section 4 of the Public Access to Information and Secrecy Act [Swedish Code of Statutes 2009:400] and the Appendix to this Act). In connection with the Foundation’s statutory release of official documents, personal data may be disclosed to third parties. This may apply, for example, to release of an application document or parts of the same.

The Foundation processes personal data only if there is a legal basis for this processing. When you submit personal data to enable the Foundation to administer and process a grant application, its processing of your personal data is legal because it is necessary to meet the Foundation’s and your own legitimate interest in the application being scrutinised, administered and, if approved, for published, implemented and followed up. The same applies if the information is provided and the application expedited by a university, university college, academy, another member of the research group or anyone else. If the required particulars are not submitted, the Foundation cannot review the application.

Moreover, personal data are processed pursuant to a legitimate interest in cases where the Foundation processes such particulars to perform a service and answer your queries; to provide information about the Foundation’s activities; for reasons linked to internal administrative purposes, internal statistics, evaluations and investigations; and/or to develop and improve the Foundation’s activities.

The foundation may also process personal data on the basis that the Foundation carries out tasks of general interest.

Another legal basis may be that an agreement has been concluded between the registered person and the Foundation.

When personal data are processed to permit fulfilment of obligations under applicable laws, ordinances, and official decisions, such as under the Swedish Bookkeeping Act (Swedish Code of Statutes 1999:1078), the legal obligation is the legal basis for the processing. A single item of personal information may be processed on multiple legal grounds.

The Foundation stores your personal information only for as long as the purposes of the processing require. Personal data are erased or anonymised when they are no longer relevant for the purposes for which they were collected. It is the Foundation’s responsibility to archive and erase documents in line with the Swedish Archives Act (Swedish Code of Statutes 1990:782) and associated regulations.

4. Disclosure of personal data

Within the framework of the Foundation’s activities, to achieve the above-mentioned purposes of processing and in line with current legislation, the Foundation may share personal data with other parties that it cooperates with. An example is when applications for project funding are forwarded to experts, appointed by the Foundation’s research committee, for assessment.

Not all administrative systems and support tools used by the Foundation in its internal operations are installed locally at the Foundation and handled by its staff. In some cases, such as that of the Foundation’s application system, the administrative support tools and systems used require storage or other management of personal data by the tool or system supplier.

In view of the above, personal data in the Foundation’s activities may be transferred to and stored in countries outside the European Economic Area (EEA) in certain cases. Such transfers must take place according to applicable legislation. They require the country concerned to have a sufficient level of protection or an adequate protective measure in place to ensure the legality of the transfer.

Personal data may also be released to authorities in accordance with current legislation.

5. Security

The Foundation takes the necessary and reasonable technical and organisational security measures to protect your personal data from unauthorised access, release, alteration or destruction. Accordingly, in its activities, the Foundation applies various physical and technical limits and restrictions on access to personal data, for example through technical permissions and access control systems, use of firewalls, anti-virus protection, backup systems and other network security, and the option of security measures such as encryption when appropriate. If the Foundation engages an outside associate to support its activities, the Foundation ensures that this partner applies corresponding technical and organisational security measures, and processes personal data only in the manner approved by the Foundation.

6. Request for registry extract, rectification etc.

You are entitled to receive, free of charge, confirmation of whether personal data about you are processed by the Foundation, and if so, to request information on which personal data we process, where the particulars are retrieved from, the purposes of the processing, the recipients or recipient categories to whom the personal particulars have been, or may be, released and, if possible, the foreseen duration of storage of the personal data (“registry extracts”). On receiving such a request, the Foundation provides the information that it is obliged to release under current law.

A request for a registry extract must be made in writing and signed by you.

You are also entitled, on certain conditions, to request processing restrictions or ask us to send you, in a structured format, a copy of the personal data about you.

Anyone who finds that personal information registered at the Foundation is out of date, incorrect, incomplete, or is being processed contrary to the purposes or in violation of relevant legislation, may request that the Foundation rectify, block or erase the registered personal data concerned.

Those who have consented to specific processing of personal data may, at any time, opt to withdraw their consent by contacting the Foundation. When consent is withdrawn, the Foundation terminates the processing covered by the consent given.

Requests referred to in this section must be sent to the Foundation, using the contact details below.

7. Changes to this Policy

The Foundation’s Data Privacy Policy may be amended from time to time. If such amendments to the Policy entail changes in how we process your personal data, the Foundation will notify you of such changes appropriately, for example by email.

8. Contact details

If you have questions or comments regarding the Foundation’s Data Privacy Policy, you are welcome to contact us.

Foundation for Baltic and East European Studies
Att.: Personal Data Controller
Alfred Nobels allé 7
SE–141 52 Huddinge, Sweden

9. Supervision

The supervisory government agency in Sweden is the Swedish Data Protection Authority.

Information on processing personal data_external experts