About personal data

On 25 May 2018, the new European General Data Protection Regulation (GDPR) goes into effect throughout the European Union, replacing the Personal Information Act (PUL).

The purpose of PUL has been to protect people's personal integrity in connection with the processing of their personal data. With GDPR, the privacy rights of the individual are further strengthened by more stringent requirements, including how research foundations such as Riksbankens Jubileumsfond (RJ) process personal data. RJ welcomes this strengthening of the rights of individuals.

Below we provide information about how RJ processes various kinds of personal data and your rights in this context. It's important to RJ that you feel secure and that you have confidence in how we handle your data.

When you apply for funding from RJ, you provide us with certain personal data. If you are granted funding following assessment of the academic quality of the application, further information will be submitted to RJ and collected by RJ. For RJ to accept your application, we must have your consent to the processing of your personal data by RJ.

RJ takes appropriate technical and organisational security measures, consistent with industry standards, to ensure that unauthorised parties are not allowed access to your information. Only a limited portion of our employees and consultants have access to information about you, and their processing of the information is strictly regulated.

RJ strives to ensure that no unnecessary personal data is collected, stored or processed. Examples of the personal data that we collect about you, as an applicant, are: name, higher education institution (or the equivalent), address, email address, phone number, personal identity number, your employment, wage costs and the like. In addition, we also process other information that you submit during subsequent contacts with us.

According to the data protection regulations, personal data may be collected only for "specific, explicitly stated and justified purposes". Such support is called a "legal basis". Personal data may not then be processed in a way that is incompatible with those purposes.

The legal bases in question are usually one or more of the following:

  1. That you give your consent to the processing in connection with the application.
  2. That the processing is necessary to satisfy the legitimate interests of RJ, as the research foundation, and that your interests in the protection of your personal data do not carry more weight (balancing of interests) than RJ's interests and the public interest that data on funding for research be made available.
  3. That the processing is necessary to comply with our statutory obligations.

Some processing – such as subscription to RJ's newsletter – may instead rest on the legal basis of "consent". In those cases RJ obtains your consent in advance for that particular use, and of course you have the possibility of withdrawing consent at any time.

RJ has a legitimate interest in being able to process data to develop our activities and operations. For this purpose, we may also compile statistics for analytical requirements, such as the distribution of applicants by sex, age, higher education institution and scientific specialisation. Under certain circumstances, we may share information about you with other research funding bodies and with public authorities that compile statistics on Swedish research.

The data that we collect and the data that is generated when you apply for a grant are processed for different purposes. Accordingly, they are also saved for different periods of time, depending on what they are used for and our obligations under the law. Unless we specify otherwise below, we save most of your data for the foreseeable future. This applies, for example, to applications for research funding. The data we collect to meet legal obligations is saved as long as the current law requires. Otherwise we never save personal data longer than we need to.

We are responsible for ensuring that the personal data we process is accurate and up to date. If you notice that we have incorrect data about you, you have the right to request that we correct such data. You also have the right to add personal data that you believe is missing and that is relevant with regard to the purpose for which we are processing your personal data.

Complaints

If you believe that we are processing your personal data contrary to applicable data protection regulations, you should report it to us as soon as possible. You can also contact the Swedish Data Inspection Board directly and submit your complaint.

Controller of personal data

RJ is a controller of personal data and is responsible for the personal data processed by RJ. We determine the purpose of the processing and how it is managed.