Data protection policy (for GDPR)
Our data protection policy contains the terms and conditions that apply when we process your personal data, and your rights when using our website.
Thank you for visiting our website. It is important to us that we protect and respect the privacy of all those who choose to use our services. We aim to process personal data in a secure and appropriate manner and to make you feel safe and secure when using our services. Our data protection policy below contains the terms and conditions that apply when we process your data, and your rights when using our website.
Please do not hesitate to contact us if you have any questions or comments about our data protection policy, or if you would like to get in touch about anything else.
Who are we?
Nordregio is an international research centre for regional development and planning, established by the Nordic Council of Ministers.
As part of this work, we collect a range of data about you if you contact us.
In the other menus, we have gone into more detail about what we collect, why we collect it, what we do to protect your data, why we collect personal data and what rights you have with regard to data protection.
What is personal data?
It may be a name, address and telephone number. Or it may be an image file or an IP address.
Personal data means all forms of information that can be used to identify an individual.
We collect personal data in several ways
We collect personal data about you in the following ways:
- When you use our website
- When you download our publications online
- When you subscribe to our newsletters
- When you provide us with it yourself
- If you enter into a contract with us
- If you get in touch with us directly by e-mail etc.
- When you take part in online meetings, webinars run by Nordregio. You can find out in the menu below why, and on what basis, we do this.
We process your data in several ways
Read about how:
We collect and use your data for specific purposes.
Nordregio collects your data so that it can follow up on your enquiry or deliver a specific service to you, register you for requested facilities, and so that it can forward newsletters and other information about what we do and the services we offer if you requested these.
Nordregio also collects your data for use in internal statistics. Only those who request it will receive e-mails or other notifications from us, including newsletters etc. You have the opportunity to decide at any time that you no longer wish for us to contact you.
1) The first category consists of data that we need in order to provide you with a service. This includes e.g. your name, address, telephone number and e-mail address, i.e. the necessary identification and contact details.
Without this data, we cannot deliver our services. For instance, if you wish to subscribe to Nordregio newsletters, you will need to consent to the processing of your data for this purpose, e.g. in the form of your e-mail address. We may also need to process data for other reasons, e.g. to fulfil the terms of a contract; or we may need to record and save certain personal data for legal reasons, e.g. to ensure that we comply with tax legislation and the Swedish Bookkeeping Act.
2) The second category consists of data we would like to use to improve our services, to tailor our communications to your needs and to offer you precisely the services that you require. This includes data about your activities on our website, including IP addresses and uploading cookies onto your computer. This may be necessary to ensure that our website functions correctly.
iWe delete all personal data when it is no longer needed
We perform a discretionary assessment of when we no longer require your data. Once your data is no longer required for the purpose for which we collected it, we will delete it.
We are required by law (e.g. the Swedish Bookkeeping Act) to retain some personal data for a minimum of five years, e.g. data used to issue invoices, calculate and pay tax and VAT, submit tax returns, and data used for contracts.
As per the general principles of public law, other personal data collected as part of Nordic activities is filed along with the specific case in question. This will only be relevant and necessary data and it cannot be deleted once the case has been completed.
We will share your data in these cases
We will not share your data with others unless:
- it is necessary in order for us to comply with the law; or
- you have given us your consent to do so; or
- because we use data processors within the EU, EEA or a secure third country.
To the extent permitted by law, we are entitled to share personal data for the purposes of protecting or enforcing our rights, e.g., where relevant to prevent fraud or other criminal offences.
This section contains details of your rights regarding our processing of your data, including:
Right of access to your data and to be issued with a copy
You have the right to know whether we process your data; this includes the categories of personal data and information about the origins of the data, as well as the purposes of the processing and – if possible – the period for which your data will be saved. We issue a copy of the personal data processed on request. Please be aware that your right of access may be limited due to the need to protect other people’s data.
Right to correction or deletion of your data
You are entitled to have any incorrect data that we hold about you corrected.
You may at any time demand the deletion of the data that we hold about you. If there is no longer any reason for us to hold the data, we will delete it as soon as possible following a request from you.
Right to demand information about transferring of data to countries and organizations outside the EU and EEA
You have a right to know if we share your data with a country outside the EU and EEA. For your information, we do not share personal data with countries outside the EU and EEA, with the exception of a number of data processors in the USA who are bound by the EU-USA Privacy Shield.
Right to avoid profiling and automated decision-making
If you would like more information or would like to exercise any of the above rights, please get in touch using the contact details below.
We do everything in our power to ensure that your data is processed in a secure manner and that your rights are protected as far as possible. We also conduct regular reviews of our procedures and of how we process personal data.
How do we store your data?
We are committed to protecting your data, not only because it is required by law, but also because our own internal ethics rules demand that we take good care of all personal data.
We take the appropriate and proper technical and organizational security measures to ensure that there is no unauthorized access to the personal data that we hold and that it is not used, destroyed, modified, made public or misused in any other way.
This section contains details about:
Our internal rules guidelines and procedures for data security
This includes the fact that personal information is available only to the employee(s) who require(s) it. Ongoing staff training in the correct procedures for processing personal data and checks that they are complying with the rules are also part of our data security rules.
We have implemented technical (IT) measures
Our systems are protected by up-to-date technical (IT) measures.
We inform the people affected in the event of a risk of or actual breach of data security
As mentioned, we have taken a wide range of measures to keep your data secure. Should our IT systems and other security arrangements be compromised despite these measures, we will notify you without undue delay if there is any serious risk to your rights and freedoms.
Nordregio’s Address: Holmamiralens Väg 10, Skeppsholmen, Stockholm, Tel.: + 46 8 463 54 00, E-mail: info(at)nordergio.org: www.nordregio.org