Processing of personal data at Scandinavian Green Roof Institute
On this page you will find information on how SGRI, processes personal data, for example data collected through our websites. The institute complies with the General Data Protection Regulation (GDPR).
SGRI is responsible for all processing of personal data within its operations. This web page describes how your personal data is processed at SGRI. Use the bookmarks to view the different page sections.
- How do we use your personal data?
- What personal data do we collect?
- How is your personal data protected?
- Who can access your personal data?
- For how long do we store your personal data?
- Rights according to the General Data Protection Regulation (GDPR)
SGRI processes personal data in accordance with regulation (EU) 2016/679 of the European Parliament and of the Council, see link below. These provisions are often referred to as the General Data Protection Regulation (GDPR).
How do we use your personal data?
SGRI processes personal data to fulfill our mission to receive study visits to the roof garden and eco-friendly, participate in research and education projects, conduct course activities, give guest lectures, consult and promote market development. We also do this to review and develop our business and to comply with Swedish law. All processing of personal data at SLU occurs in order to promote these purposes in some form. Processing must also have a legal basis. Only the personal data needed for a particular purpose is processed. More detailed information about how your personal data is processed is obtained by contacting us at firstname.lastname@example.org.
What personal data do we collect?
At SGRI, there are several reasons why we process your personal information. The most common reason is that you send email to us, participant in a course, are employed, conference participant , looking for a service or if you have visited our guided tours.
Most of this information will be collected directly from you. In certain cases, we also collect data from other sources such as the Swedish Tax Agency.
What personal data we process depends on the information we need. The following information is often necessary:
- Contact information such as your name, address, phone number and email.
- Personal identity numbers are processed when we need to ensure your identity or to coordinate your information between systems to ensure uniform information.
- Bank or other financial information in order to disburse a payment or send an invoice.
- Personal data that has been collected within the framework of participation in a research study.
- Information on how to use our websites, for example cookies, which are used to improve user-friendliness.
- Information for conference or course participants.
- Personal data which is necessary for an employment or if you have applied for a job.
How is your personal data protected?
SGRI must ensure that all processing of personal data is protected through technological and organisational measures. The measures must ensure a security level appropriate to the risk. The security aspects must include confidentiality, integrity and availability as well as adequate technological protection. This may involve only giving those authorised access to the information, encrypting the information, storing it in specially protected locations and making a processing copy.
Who can access your personal data?
We only provide contact details for companies, not direct personal information. When transferring personal data to another party, SGRI takes all legal, organisational and technological precautions necessary in order to protect your data. You will be informed if we plan to disclose information about you to other organisations. SGRI will only transfer personal data to other parties if there is a legal basis for this.
For how long do we store your personal data?
We only store your personal data for as long as is necessary for the purpose of the processing, or as long as is required by law.
- If, for example, you are an employee, we process your personal data for as long as we need to manage your employment conditions.
- If you have received an invoice from us, we process your personal information as long as required by the Swedish accounting law.
In regard to official documents, personal data is managed in accordance with the Freedom of the Press Act (1949:105), the Archives Act (1990:782) and the Swedish National Archive’s regulations.
Rights under the General Data Protection Regulation
The GDPR gives you the following individual rights at SGRI:
Right to access
You have the right to be informed if SGRI is processing your personal data. You also have the right to a free copy of the personal data that is being processed. If you request such personal data excerpts several times, SGRI will charge a fee to cover the administrative costs. In connection with such a request, SGRI also provides further information on the processing, its purpose, categories of processed personal data, expected storage time, etc.
Right to rectification
You have the right to request that your personal data be rectified if it is incorrect. SGRI is obligated to correct your personal data without undue delay. SGRI is not obligated to correct your data if it is only processed to document completed research.
Right to erasure
You have the right to request that your personal data be erased from SGRI’s systems if the personal data is no longer needed to meet the purpose for which it was collected. This may for example be the case if you decide to stop studying and wish to have your personal data erased.
There may be provisions that state that SGRI cannot not delete your data, for example the provisions on official documents, research and study documentation.
If SGRI cannot delete your data for legal reasons, we will limit the processing of your data to only include what is necessary to fulfill our obligations.
Right to restrict processing
You have the right to request that the processing of your personal data be restricted – this means that we will only process your personal data for certain specific purposes. SGRI can restrict processing in the following cases:
- You claim that your personal data is incorrect and SGRI requires time to verify the accuracy of the data.
- SGRI no longer requires the data, but you have requested that we continue to store it because you require it to exercise a legal claim.
- You object to processing carried out by SGRI. In that case, processing is limited until it has been established whether your reasons for objecting override SLU’s legitimate reasons for processing the data.
- You want us to erase your personal data, but we cannot comply for some reason.
Right to object to processing
In certain cases, you have the right to object to SGRI’s processing of your personal data, for example in regard to research or teaching. SGRI will then cease processing unless we have imperative grounds to continue with it, or if processing is necessary to exercise a legal claim.