How we process personal data
The General Data Protection Regulation, (GDPR) becomes effective in the European Union on 25 May 2018. The GDPR replaces the Swedish Personal Data Act (1998:204). The GDPR imposes stricter requirements on how we collect, process and retain your personal data. Your rights are strengthened with requirements concerning matters as the provision of information, transparency and the correction of inaccuracies.
What is an item of personal data?
Personal data is all information that can be directly or indirectly attributed to a living person. This concerns your name, civil registration number, telephone number, email address, and similar information. There is also other information that can be linked to you, such as a coordination number, cadastral designation/land registry reference, membership or employment in an organisation. If you are identifiable in a picture, this is also regarded as an item of personal data (Article 4, item 1).
How does Includegender.org obtain personal data?
Most commonly, it is due to that you provided your personal data to us. This occurs for instance when you visit our website, send us an email, or subscribe to our newsletter. In such case, you yourself provide your personal data about you. The same occurs if you send us post or give us documents when you come to visit us.
All documents – with or without personal data – that come in to Includegender.org are ordinarily regarded as public documents, and therefore copies of them may be requested by anyone. It is governed by the public principle that is fundamental in public administration. This applies irrespective of whether it is digital or physical documents. Public documents must be retained and selectively deleted (removed) in accordance with the rules contained in the Swedish legislation concerning archiving.
Do you want to be anonymous?
If you want to contact us and remain anonymous, we recommend that you contact us via telephone. The reason for this is that all email, documents and other correspondence that you send in/submit or otherwise provide to Includegender.org generally become public documents.
When Includegender.org processes your personal data, the Swedish Gender Equality Agency is the data controller. This means that the Agency determines the purpose of the processing and is responsible for ensuring that the processing of your personal data occurs in a proper manner according to the law. The Swedish Gender Equality Agency must be able to provide evidence to the Swedish Data Protection Authority that the GDPR is being complied with (Article 4, item 7).
To process personal data. What is it?
Processing an element of personal data involves doing something with the data. It is a broad concept that may apply to an action or combination of actions, such as collecting and registering, storing, adapting or reorganising, deleting, or archiving. (Article 4, paragraph 2).
Includegender.org may not collect and process your personal data without there being a rule, in the GDPR or some other legislation or regulation, describing the purpose which makes this permissible.
For what purpose?
Includegender.org may only process your personal data if there is a purpose as specified in the GDPR or other legislation. This means that we must have a legal basis for the processing. Ordinarily, the situation is that you provide your personal data voluntarily. Some examples include when you want to subscribe to our newsletter or sign up to attend a conference. In such case, the legal basis is consent.
Another purpose is if you are a party to an agreement/contract and in connection with this provide your personal data. An application for a government grant entails a processing procedure that concludes with a decision. In these cases, we have a task as an exercise of public authority which is the purpose of the processing. The GDPR also lists purposes (Article 6).
How long is your personal data retained?
Includegender.org retains and processes your personal data as long as necessary taking the purposes into regard. After this, the personal data will be deleted or preserved in accordance with the rules in the Swedish legislation concerning archiving.
One important objective of the GDPR is to provide you with the possibility to know what personal data concerning you has been collected and/or processed, and if they are accurate. If there are any inaccuracies, you have the right to either have the information corrected or deleted. There are also other rights that you have.
Articles 15-19 of the GDPR entitle you to
- request access to your personal data
- request a correction, deletion or restriction concerning the processing of your personal data
- object to the processing of your personal data
- request data portability (to obtain copies and transfer it to another data controller)
- revoke (withdraw) your consent, at any time
- file a complaint with the Swedish Data Protection Authority about our processing of your personal data.
If you have any questions you are welcome to contact us at firstname.lastname@example.org