As of May 25, 2018, the new legislation in the EU on the processing of personal data is in force; the General Data Protection Regulation (“GDPR”). SISP Swedish Incubators & Science Parks (“SISP”) will at all times comply with applicable privacy laws and will not disclose any personal data to third parties without prior consent, unless specifically stated herein.
When SISP and its member companies enters into an agreement regarding membership, certain information is collected of individuals representing such member company. The following personal information is collected and/or processed by us:
If you contact SISP by telephone, letter or email, we may also store correspondence, which may contain personal information, that may be used to fulfil an agreement with you and/or the organisation or corporate body that you represent, or for information and marketing purposes.
Purpose and legal basis for processing
SISP may collect and process personal information in order to fulfil an agreement entered into between you and SISP, or for the purpose of entering into such contract (GDPR, Article 6.1 b).
SISP will further collect and process personal data in order to fulfil the agreement entered into between SISP and the organisation or corporate body that you represent, or to take action at the future member prior to entering into such a contract.
To enter into an agreement with SISP, it is a prerequisite that certain information is provided regarding the member companies’ authorised representatives. SISP cannot enter into a membership agreement without such information.
SISP also has a legitimate interest in processing your personal data in order to provide information or marketing regarding SISP and the activities carried out by SISP. You are always entitled to unsubscribe from our promotions by contacting us as stated below, or by using the “un-subscribe button” provided in newsletters and other marketing occasions.
If you submit information to SISP for any other reason than the above, such as application for scholarships, other funds or any other requests, SISP will process such data as is necessary to comply with the reason for your submission.
The processing described above is necessary for the purpose of the legitimate interests pursued by SISP, and those interest are not overridden by your interests in the capacity of representative of a membership company (GDPR, Article 6.1 f).
SISP will also process your personal data to the extent that SISP is obliged to do so by law or in accordance with decisions made by public authorities (GDPR, Article 6.1c).
Recipients of personal data
SISP allows data processors to process all personal data by storing certain data, and by operating the computer systems. The data processor may also read, structure and distribute personal data as instructed by SISP.
The data processor will only store your personal data on servers that are within the EU/EEA border.
Storage and processing
SISP will process your personal data until SISP is made aware that you no longer represent the membership company, and for a period thereafter if necessary to fulfil all obligations under the agreement between you and SISP, or the member company and SISP.
SISP will also store data if required by law to do so, during the time stipulated by law, such as the Book-keeping Act.
SISP will store contact information for information- and marketing purposes for a period of 2 years after the last contact, unless you inform you SISP that you no longer want to receive such information or marketing, whereby SISP will immediately delete the personal data processed for this purpose.
You have the right to request information on whether SISP processes your personal data, as well as access to the personal data as laid out in the GDPR.
You also have the right to request rectification of your personal data, as well as the deletion of personal data or the limitation of processing (to the extent stipulated in the GDPR). Further, you have a right to receive the personal data that you have provided in a structured, widely used and machine-readable format (portability).
You also have the right to lodge complaints regarding our processing of your personal data to the supervisory authority, www.datainspektionen.se.
Please note that we will carry out an identity check upon request as above to ensure that any requested measures are correct and in accordance with law.
SISP processes your personal data in a way that complies with the principles set out in the GDPR (Article 5). SISP processes your personal information in such a way as to ensure that appropriate technical and organizational measures are taken to protect your personal data from unauthorized access or unauthorized processing and against loss, destruction or accidental damage.
SISP limits access to personal data within the organization. Authorization to access personal data is only given to individuals within the organization, as well as to the data processors and any subcontractors, for the sole purpose of carrying out their duties.
SISP, or, if relevant, the data processor, will only transfer personal data to third countries if the recipient of the personal data has signed the EU Commission's standard contractual clauses, or other appropriate safeguards in accordance with applicable law are ensured.
Kajsa Hedström, CEO
Phone: +46 (0)72 211 82 56