Nordregio is an international research institute established by the Nordic Council of Ministers

Data protection policy (for GDPR)

Our data protection policy contains the terms and conditions that apply when we process your personal data, and your rights when using our website.

Thank you for visiting our website. It is important to us that we protect and respect the privacy of all those who choose to use our services. We aim to process personal data in a secure and appropriate manner and to make you feel safe and secure when using our services. Our data protection policy below contains the terms and conditions that apply when we process your data, and your rights when using our website.

Please do not hesitate to contact us if you have any questions or comments about our data protection policy, or if you would like to get in touch about anything else.

Who are we?

Nordregio is an international research centre for regional development and planning, established by the Nordic Council of Ministers.

As part of this work, we collect a range of data about you if you contact us.

In the other menus, we have gone into more detail about what we collect, why we collect it, what we do to protect your data, why we collect personal data and what rights you have with regard to data protection.

What is personal data?

Personal data refers to any information that can be used to identify an individual, either directly or indirectly. This may include, for example, a name, email address, image, or IP address.

How do we collect personal data?

We collect personal data about you in the following ways:

  • When you use our website
  • When you download our publications online
  • When you subscribe to our newsletters or other communications
  • When you provide us with the data yourself
  • If you enter into a contract with us
  • If you get in touch with us directly by e-mail or other means
  • When you register for or take part in events, meetings, webinars or other activities run by Nordregio.

Why do we collect and use personal data?

We collect and use your data for specific purposes, including:

  • Provision of services and data access: to operate and maintain our websites and other services.
  • Communication and information: to respond to enquiries, provide updates, distribute newsletters and share information about our activities and the services we offer.
  • Events and meetings: to manage registrations, participation, and follow-up related to events, seminars, meetings, webinars or similar activities.
  • Administrative and legal obligations: to comply applicable laws, such as accounting and record-keeping requirements.

Nordregio also collects your data for use in internal statistics for service improvement.

Only individuals who have requested communications from us will receive emails or notifications. You may opt out at any time.

Where personal data collection and processing are based on consent, you may withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the consent was withdrawn.

Categories of personal data

We process personal data in two main categories:

1) Data necessary to provide a service

This includes identification and contact details such as name, organisation, email address, postal address, or telephone number.

Without this data, we may not be able to provide certain services. For instance, if you wish to subscribe to Nordregio newsletters, you will need to consent to the processing of your data for this purpose, e.g. in the form of your e-mail address. We may also need to process data for other reasons, e.g. to fulfil the terms of a contract; or we may need to record and save certain personal data for legal reasons, e.g. to ensure that we comply with tax legislation and the Swedish Bookkeeping Act.

2) Data used to improve our services

This includes technical and usage-related data, such as IP addresses and website interaction data, including cookies. Such data help ensure that the website functions correctly and support service improvement. It also helps us improve our services, to tailor our communications to your needs and to offer you precisely the services that you require.

How long do we store personal data?

We delete all personal data when it is no longer needed

We retain personal data only for as long as necessary for the purpose for which it was collected. We perform a discretionary assessment of when we no longer require your data. Once your data is no longer required for the purpose for which we collected it, we will delete it.

We are required by law (e.g. the Swedish Bookkeeping Act) to retain some personal data for a minimum of five years, e.g. data used to issue invoices, calculate and pay tax and VAT, submit tax returns, and data used for contracts.

As per the general principles of public law, other personal data collected as part of Nordic activities is filed along with the specific case in question. This will only be relevant and necessary data and it cannot be deleted once the case has been completed.

Sharing of personal data

We will not share your data with others unless:

  • it is necessary in order for us to comply with legal obligations; or
  • you have given us your consent to do so; or
  • because we use data processors within the EU, EEA or a secure third country.

Personal data may be shared with trusted service providers who support Nordregio’s operations, such as IT, communication, or administrative service providers. Such providers act as data processors and process personal data only on Nordregio’s instructions and under data processing agreements. Nordregio does not sell personal data to third parties.

To the extent permitted by law, we are entitled to share personal data for the purposes of protecting or enforcing our rights, e.g., where relevant to prevent fraud or other criminal offences.

Where data processors are used, they are subject to data processing agreements. Personal data are processed within the EU/EEA or in countries that ensure an adequate level of data protection in accordance with GDPR.

Your rights

You have rights regarding our processing of your data, including:

Right of access to your data and to be issued with a copy

You have the right to know whether we process your data; this includes the categories of personal data and information about the origins of the data, as well as the purposes of the processing and, if possible, the period for which your data will be saved. We issue a copy of the personal data processed on request. Please be aware that your right of access may be limited due to the need to protect other people’s data.

Right to correction or deletion of your data

You are entitled to have any incorrect data that we hold about you corrected.

You may at any time demand the deletion of the data that we hold about you. If there is no longer any reason for us to hold the data, we will delete it as soon as possible following a request from you.

Right to demand information about transferring of data to countries and organisations outside the EU and EEA

You have a right to know if we share your data with a country outside the EU and EEA. For your information, we do not share personal data with countries outside the EU and EEA, with the exception of a number of data processors in the USA who are bound by the EU-USA Privacy Shield.  

Right to avoid profiling and automated decision-making

We do not use personal data for automated decision-making or profiling.

We do everything in our power to ensure that your data is processed in a secure manner and that your rights are protected as far as possible. We also conduct regular reviews of our procedures and of how we process personal data.

If you would like more information or would like to exercise any of the above rights, please get in touch using the contact details below.

You also have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY).

How do we protect your data?

We are committed to protecting your data, not only because it is required by law, but also because our own internal ethics rules demand that we take good care of all personal data.

Nordregio applies appropriate technical and organisational security measures to safeguard personal data and ensure that there is no unauthorised access to the personal data that we hold and that it is not used, destroyed, modified, made public or misused in any other way.

Personal data are generally processed and stored within the EU/EEA. Nordregio does not intentionally transfer personal data to countries outside the EU/EEA. If such transfers occur in exceptional cases, they are carried out in accordance with GDPR requirements and with appropriate safeguards in place.

Our internal rules guidelines and procedures for data security

In line with our internal rules guidelines and procedures for data security, personal information is available only to the employee(s) who require(s) it. Ongoing staff training in the correct procedures for processing personal data and checks that they are complying with the rules are also part of our data security rules.

We have implemented technical (IT) measures

Our systems are protected by up-to-date technical (IT) measures.

We inform the people affected in the event of a risk of or actual breach of data security

As mentioned, we have taken a wide range of measures to keep your data secure. In the event of a personal data breach that poses a risk to your rights and freedoms, we will inform you without undue delay, in accordance with legal requirements.

Contact details

Nordregio’s Address: Holmamiralens Väg 10, Skeppsholmen, Stockholm, Tel.: + 46 8 463 54 00, E-mail: nordregio(at)nordergio.org: www.nordregio.org