How we are processing personal data in relation to our program AI Sweden’s CRM-system
Within the program AI Sweden, Lindholmen Science Park collaborates with other organizations that are hosting the other local nodes within Sweden.
AI Sweden has a CRM-system that is hosted together with the following host-organizations: Kista Science City AB, Mobile Heights AB, Örebro University and Linköping Science Park AB. The above-mentioned organizations are joint controllers for the storing (management and security) of your personal data in the CRM-system. The respective organizations are hence solely responsible for all other types of processing of your personal data that they conduct, such as for example collecting personal data, for inserting the information in the system and their own usage of the information that is the CRM-system.
The organizations have entered into an agreement that regulates the joint responsibility. In accordance with this agreement the organization that collects your personal data is responsible for providing you with the required information in accordance with the GDPR at the right time.
The organizations have agreed that you as a data subject can contact either of the organizations to ask questions or to make a request. The organizations have also agreed that the organization that receives a request in accordance with the GDPR from you as a data subject shall handle such a request. You can contact Lindholmen Science Park through the contact information listed on the main page.
Below you can read about how Lindholmen Science Park processes your personal data in relation to the CRM-system.
Lindholmen Science Park process personal data about you as a business contact (partners, project parties and other relevant contacts).
What personal data do we process?
We process your first and last name, email address, telephone number, address, title/professional position and company affiliation (“Contact Information”).
We also process information about, and in relation to, meetings that representatives from us have had with you as a representative from your organization, including what type of information your organization has an interest for in relation to AI Sweden, information about which networks you participate in and the status of projects and initiatives that you are involved in.
What are the purposes of our processing of your personal data and what legal basis do we base such processing on?
We process your personal data for the purpose of maintaining a business relationship with you and/or your employer and your organization. This purpose includes:
- administration, management, implementation and follow-up, etc. of the current business relationship and its deliveries and associated communication by telephone, email, text message or other communication channels;
- management, follow-up, evaluations and administration;
- effective marketing of Lindholmen Science Park’s business, projects and events;
- planning, management, implementation and administration of focus groups and networks and associated communication by telephone, email, text message or other communication channels;
- fulfilling contractual rights and obligations and other responsibilities towards your employer or principal when we have, have had or discuss to have a business relation with your organization, as well as to develop, follow-up and assess our program, AI Sweden;
- fulfill legal requirements in relation to e.g. marketing legislation (keeping record of if you have unsubscribed to receiving our newsletters/marketing material).
This processing is based upon that the processing is necessary for the purposes of our legitimate interest to maintaining a business relationship with you and/or your employer. In addition, the legal basis for the processing related to keeping record of if you have unsubscribed to receiving our newsletters/marketing material, is that the processing is necessary for compliance with the Swedish Marketing Act.
From where do we collect your personal data?
We collect your personal data directly from you or your employer or principal.
Who do we share your personal data with?
We share your personal data with third parties that process personal data on our behalf, so called processors. These processors are, e.g., supplier of the supply-, support and maintenance of IT- and cloud services, suppliers of market and customer satisfaction surveys.
We may also transfer personal data to third parties acting as independent controllers or joint controllers with Lindholmen Science Park, if such transfer is required by applicable law, or if we have another legal ground for such transfers, e.g., third parties that are acting as host organizations to one of our programs, for example as with the program AI Sweden, and therefore need to access some personal data to be able to fulfill their contractual obligations and undertakings followed by the collaboration agreement between the respective host organization and Lindholmen Science Park AB regulating their work within AI Sweden. We have provided specific information about how AI Sweden collaborates with such host-organizations and how this affects the processing of your personal data on AI Sweden’s website, here.
For how long period of time is your personal data stored?
We will process your personal data as long as we have a business relationship with you, your organization and/or your employer or principal and for 12 months after such business relationship has ended.
Personal data processed for marketing purposes will be processed for 12 months from when the last time you read our newsletter or other marketing material. If you unsubscribe from receiving our newsletters or other marketing material we will store your personal data for a period of ten (10) years after our receipt of such request in order to make sure that no marketing material is sent to you.
Transfer of personal data to countries outside the EU/EEA
We strive to only process personal data within the EU/EEA. When we transfer your personal data to third parties acting as our processors, e.g., supplier of the supply-, support and maintenance of IT- and cloud services, these processors may transfer data outside the EU/EEA on our behalf. In cases where our processors are transferring or processing personal data outside the EU/EEA, such processing is based either on a decision from the European Commission establishing that the country in question ensures an adequate level of protection or appropriate safeguards that ensure that your rights are protected such as standard contractual clauses adopted by the European Commission and supplementary security measures to such standard contractual clauses when necessary.