Privacy Policy
Processing of personal data and cookies
Protection of personal data
Science & Public values the protection of personal data, and of course wants to protect your privacy. Below we explain as data controllers how we process our visitors’ personal data in accordance with (EU) 2016/679, the General Data Protection Regulation (GDPR).
By using our website, you agree that your personal information is processed in accordance with this privacy policy.
What is personal data and what is the processing of personal data?
All data that can be directly or indirectly traced to a natural person who is alive is covered by the concept of personal data. This does not only concern names and personal identity numbers, but also things like images, IP addresses and email addresses.
Processing of personal data is everything that happens with personal data, especially with the help of IT. It involves, for example, collection, registration, structuring, storage, processing and transmission.
Data controller
For the processing that takes place within Science & Public, the association is the data controller. For certain processing, e.g. accounting, we use systems that are managed by external consultants. The responsibilities between us and the consultants are regulated in agreements.
Personal data we process
We mainly process names, email addresses, telephone numbers, titles and organizational affiliation. Sometimes additional information may be processed, for example about social media accounts, but only if the person in question can be considered to have made the information public.
We process personal data in order to be able to manage member registers, administer and implement events, make reports, write news articles, send out invitations and newsletters, fulfill agreements, manage and report financial transactions.
We process personal data in accordance with applicable legislation and obtain consent in advance when necessary.
From which sources do we obtain personal data?
Personal data is collected in connection with subscribing to newsletters, registering for seminars and events, photographing or filming events, ordering services or when contacting Science & the Public. Personal data can also be obtained from public information, such as websites, directories, etc.
Who may we share your personal data with?
Data processors
Sometimes we use other parties to carry out our work, such as IT suppliers, accountants and communications consultants. They are data processors for Science & Public Affairs.
Science & Public Affairs signs agreements with data processors on how they may process the personal data and this is only the case if the purposes are consistent with the purposes of Science & Public Affairs for the processing.
Actors who are independent data controllers
We share personal data with certain actors who have their own data controllers, such as the Swedish Tax Agency and the Swedish Social Insurance Agency. These organizations’ own policies for privacy and personal data management apply in such cases.
Where is the personal data processed?
We primarily handle administrative work at the Office of Science & Public Affairs. In some cases, it may be possible for the data to be processed by external parties, such as software suppliers. For certain IT support, the data may be transferred to a country outside the EU/EEA. As data controllers, we are responsible for taking all reasonable legal, technical and organisational measures to ensure that this processing takes place in accordance with the GDPR provisions within the EU/EEA.
When personal data is processed outside the EU/EEA, the level of protection is guaranteed either by a decision from the EU Commission that the country in question ensures an adequate level of protection or by the use of so-called appropriate safeguards.
How long do we store your personal data?
We never store your personal data for longer than is necessary for the respective purpose. We have developed cleaning routines to ensure that personal data is not stored for longer than is needed for the specific purpose. How long this is varies depending on the reason for the processing. Certain accounting data must, for example, be stored for at least seven years due to legislation, while information about special diets is deleted within a month or so after an event has taken place.
What are your rights as a data subject?
As a data subject, you have a number of rights under legislation. How to proceed to manage your rights, see the paragraph “Manage your rights” further down. Below we list the rights of the data subject.
Right to register extract (right of access)
If you want to know what personal data we process about you, you can request access to the data. When you submit such a request, we may ask some questions to ensure that your request is handled efficiently. We will also take steps to ensure that the data is requested by and provided to the right person.
Right to rectification
If you discover that something is wrong, you have the right to request that your personal data be corrected. You can also complete incomplete personal data.
Right to erasure
You may request that we erase the personal data we process about you, for example if:
- The data is no longer necessary for the purposes for which it is processed.
- You object to a balancing of interests we have made based on our legitimate interest, where your reason for objection outweighs our legitimate interest.
- The personal data is being processed unlawfully.
- The personal data has been collected about a child (under 13 years of age) for whom you have parental responsibility.
- If the data was collected based on your consent and you wish to withdraw your consent.
- However, we may have the right to refuse your request if there are legal obligations that prevent us from erasing certain personal data. It may also be the case that the processing is necessary for us to be able to establish, exercise or defend legal claims.
If we are prevented from erasing your personal data, we will block the personal data from being used for purposes other than the purpose for which it cannot be erased.
Right to restriction
You have the right to request that our processing of your personal data be restricted. If you object to the accuracy of the personal data we process, you may request that processing be restricted for the period necessary for us to verify whether the personal data is accurate.
If, and when, we no longer need your personal data for the stated purposes, our routine is to delete the data.
If you have objected to a balancing of legitimate interests that we have made as a legal basis for a purpose, you may request that processing be restricted for the period necessary for us to verify whether our legitimate interests outweigh your interests in having the data erased.
If processing has been restricted in accordance with one of the situations above, we may only, in addition to the storage itself, process the data for the establishment, exercise or defence of legal claims, to protect the rights of another or if you have given your consent.
Right to object to certain types of processing
You always have the right to object to any processing of personal data based on a balancing of interests. You also always have the right to opt out of direct marketing.
Right to data portability
You have the right to data portability if our right to process your personal data is based either on your consent or the performance of a contract with you. A prerequisite for data portability is that the transfer is technically possible and can be carried out automatically.
Managing your rights
The application for a register extract or if you wish to invoke any of your other rights must be in writing and signed by the person to whom the extract relates. We will respond to your requests within 30 days at the latest.
How do we handle personal identification numbers?
As far as possible, we avoid processing personal identification numbers. In some cases, however, it is justified, mainly in view of the need for secure identification.
How is your personal data protected?
We work actively to ensure that personal data is handled securely. This applies to both technical and organizational protection measures.
Supervisory authority
The Swedish Data Protection Authority (which will soon change its name to the Swedish Data Protection Authority) is the authority responsible for monitoring the application of data protection legislation. If you believe that we are acting incorrectly, you can contact the Swedish Data Protection Authority, see datainspektionen.se
What is a cookie?
A cookie is a small text file that is stored on the visitor’s computer and contains information. Cookies are normally used to improve the website for the visitor. There are two types: Permanent cookies and temporary cookies. Permanent cookies are a file that is saved on the visitor’s computer or mobile phone and remains until a specified date expires. However, permanent cookies may be stored for a maximum of 24 months. The file is used, for example, to make it easier for the visitor to use the website based on their wishes and interests. However, these cookies disappear earlier if the visitor chooses to clear cookies from the browser. Temporary cookies are temporarily stored in the visitor’s computer or mobile phone’s memory while the visitor is on the website. These cookies disappear when the visitor closes their browser.
Why cookies?
Science & Public websites use cookies to create an improved user experience.
Turn off cookies
If you do not want cookies to be stored on your computer or mobile phone, you can choose to block cookies in your browser’s security settings. You can also go into your browser settings and choose to clear all cookies that have been stored so far.
Contact us
If you have any questions about how we process personal data or have a request in accordance with the rights above, you are always welcome to contact us. We may make changes to our privacy policy. The latest version of the privacy policy is always available here on the website.