Data Privacy Policy of the Foundation for Baltic and East European Studies

Adopted by the Board of the Foundation for Baltic and East European Studies on 11 June 2018 and updated on 8 June 2022.

1.  The Foundation

The Foundation for Baltic and East European Studies (‘the Foundation’) was established by the Swedish Government in 1994. The purpose of the Foundation’s work is to support research, doctoral studies and academic infrastructure related to the Baltic Sea Region and Eastern Europe at Södertörn University.

The Foundation is led by a governing board, comprising two government appointees and seven other members appointed by the Board itself. This board has set up an investment committee to manage the Foundation’s assets and a research committee to prepare research issues.


2.  The foundation’s Data Privacy Policy

The Foundation safeguards your data privacy. Within the scope of its activities, the Foundation may process personal data as a data controller. This happens, for example, in connection with applications for project grants to fund research, doctoral studies and academic infrastructure, for other types of support and in subsequent scrutiny of such applications. Processing also takes place in the course of application assessments by experts, evaluations and follow-ups of the Foundation’s projects and support, and arrangement of seminars, conferences and workshops.

This document (Data Privacy Policy of the Foundation for Baltic and East European Studies) gives an account of the Foundation’s processing of personal data, including the purposes for which such data are processed, the personal particulars that may be collected and the measures taken by the Foundation to protect personal data.

This is a general data privacy policy. For particular operations and processing, this Policy may be supplemented with additional policies or data privacy notifications regarding such matters as photography at seminars. In such cases, this general Policy should be read in conjunction with any special policy or data privacy statement provided when the activity concerned takes place.


3.  Processing of personal data and its purposes

The Foundation processes and manages personal particulars in accordance with the General Data Protection Regulation (EU) 2016/679 and other applicable legislation to protect personal data privacy. Personal particulars are those that can be used to identify a natural person.

In contacts with the Foundation, you may be asked to provide personal particulars or other information about yourself. This applies mainly where the data need to be submitted to, or are collected by, the Foundation in conjunction with processing of applications; at various events organised by the Foundation; and when you yourself contact the Foundation concerning other matters. The information submitted or collected in these contexts may be your name, title, postal address, email address, telephone number, personal ID number, sex/gender, academic affiliation, degree(s), graduation year(s), occupation, appointments and research stays, scholarly works published, budget figures and other information you choose to submit. The Foundation is a personal data controller for processing of personal data collected and obtained from you.

The foundation processes personal particulars for the following purposes:

  1. To enable our administration and processing of applications for project funding and similar support, and to provide services for which the Foundation has a remit, within the framework of its own purposes. This processing may include measures undertaken initially during the application process and thereafter in implementation and completion.
  2. To be able to serve you, answer queries and provide information about the Foundation’s work.
  3. To carry out evaluations and follow-ups of the Foundation’s projects and support.
  4. For internal administrative purposes, to compile internal statistics and to develop and improve the Foundation’s activities.
    To enable the Foundation to fulfil its obligations under applicable laws, ordinances and official decisions. In this connection, it may be noted that the provisions in the Freedom of the Press Act (Swedish Code of Statutes 1949:105) concerning the right of access to public documents apply to documents forming part of the Foundation’s work (see Chapter 2, Section 4 of the Public Access to Information and Secrecy Act (2009:400) and the Appendix to this Act). When the Foundation releases public documents, personal data may be passed on to third parties. This may apply, for example, when an application document, in full or in part, is released.

The Foundation processes personal data only if there are legal grounds for this processing. When you submit personal particulars to enable the Foundation to administer and process a grant application in accordance with point 1 above, the Foundation’s processing of your personal data is necessary to meet its own and your legitimate interest in the application being scrutinised, administered and, if approved, published, implemented and followed up.

The same applies if the data are provided and the application is sent by a university, other higher education institution or academy, another member of the research group or any other person involved. If the data are not submitted, the Foundation cannot review the application.

Moreover, processing of personal data takes place on grounds of legitimate interest in cases where the Foundation processes personal data to provide services and answer your queries; to provide information about the Foundation’s work in accordance with point 2 above; for purposes connected with internal administrative purposes, internal statistics, evaluations and investigations; and to develop and improve the Foundation’s operations in accordance with points 3 and 4 above.

The Foundation may also process personal data on the basis of its performance of functions in the public interest. Further legal grounds may be that an agreement has been concluded between the registered person and the Foundation.

When personal data are processed to enable compliance with obligations under applicable laws, ordinances and official decisions, such as under the Swedish Bookkeeping Act (1999:1078), the legal obligation concerned is the legal basis for the processing, in accordance with point 5 above. Sometimes a single item of personal information may be processed on multiple legal grounds.


4.  Disclosure of personal data

In line with current legislation, within the scope of the Foundation’s work and to achieve the previously mentioned purposes of processing, the Foundation may share personal particulars with other parties it collaborates with. One example is when applications for project funding are forwarded to experts whose appointments have been proposed by the Foundation’s research committee, and who have been invited by the Foundation’s secretariat, to assess applications. Personal data will also be shared with Swecris, the Swedish Research Council’s database for Swedish research projects. The Research Council is a government agency under the authority of the Ministry for Education and Research.

Not all administrative systems and support tools used by the Foundation in its internal operations are installed locally on its premises and managed by its staff. In some cases, such as where the application system is concerned, administrative support tools and systems are used that make it necessary for personal data to be stored or otherwise managed by the supplier of the tool or system.

Regarding the above, personal particulars processed by the Foundation may, in certain cases, be transferred to and stored in countries outside the European Economic Area (EEA). Such transfers must take place in line with current legislation, and require the country concerned to have an adequate level of protection or the existence of another sufficient protective measure that makes the transfer is lawful. Under current legislation, personal data may also be disclosed to public authorities.


5.  Security

The Foundation takes appropriate technical and organisational security measures to protect your personal data from unauthorised access, disclosure, alteration or destruction. Accordingly, in its operations, the Foundation imposes diverse physical and technical limitations and restrictions on access to personal data through, for example, technical permissions and access control systems, use of firewalls, anti-virus protection, backup systems and other network security, and the option of security measures such as encryption where appropriate.

If an external partner is engaged to support its activities, the Foundation ensures that the partner applies corresponding technical and organisational security measures, and processes personal data only in the manner approved by the Foundation.


6.  Storage period

As a general principle, personal particulars are processed for as long as necessary in terms of the purposes for which they have been collected and screened or anonymised when they are no longer relevant for such purposes. Your data may be stored for a long period for archival purposes in the public interest, scholarly or historical research purposes or statistical purposes.

It is part of the Foundation’s remit to archive and screen documents under the Swedish Archives Act (1990:782) and appurtenant regulations.


7.  Your rights

You are entitled to receive confirmation, free of charge, of whether personal particulars concerning you are processed by the Foundation, and if so, to be told which data we process, how they were obtained, the purposes of the processing, the recipients or categories of recipients to whom the particulars have been, or may be, disclosed and, if possible, the foreseen period for which the data will be stored. On receiving such a request, the Foundation will provide the further information it is obliged to release under current law.

Subject to certain conditions, you are also entitled to request processing restrictions or request from us, in a structured format, a copy of the personal data about you (data portability).

Anyone who discovers that personal data registered with the Foundation are out of date, incorrect or incomplete, or are being processed in a manner contrary to the purposes stated above or in contravention of relevant legislation, may request that the Foundation rectifies, restricts or erases the registered personal data concerned.

A person who has consented to specific processing of personal data may, at any time, opt to withdraw consent by contacting the Foundation. When consent is withdrawn, the Foundation terminates the processing covered by the consent previously given.

Requests referred to in this section should be sent to the Foundation, using the contact details below. We may ask you one or more questions for the purpose of verifying your identity.

Should you have complaints regarding the Foundation’s processing of personal data relating to you, you may register your complaint with the Swedish Authority for Privacy Protection in its capacity as a supervisory authority. Read more at www.imy.se.

The Authority’s contact details are as follows. Phone: +46-8 657 61 00. Email: imy@imy.se. Postal address: Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten), Box 8114, SE–104 20 Stockholm, Sweden.


8.  Amendments to the Data Privacy Policy

The Foundation’s Data Privacy Policy may be amended from time to time. If such amendments to this Policy entail changes in our way of processing your personal data, the Foundation will notify you of such changes in an appropriate manner, for example by email or by updating our website.


9.  Contact information

If you have questions or comments regarding the Foundation’s Data Privacy Policy, you are welcome to contact us. Address: Foundation for Baltic and East European Studies, Personal Data Officer, Alfred Nobels allé 7, SE–141 52 Huddinge, Sweden.


Documents
Information on processing personal data for external experts