How we are processing personal data in relation to our program AI Sweden’s Data Factory
3. Privacy Policy for AI Sweden’s Data Factory
INTRODUCTION
AI Sweden is one of Lindholmen Science Park’s Programs. AI Sweden is a national and neutral initiative working together with other host organizations in Sweden, but the initiative is hosted by us. You can read more about the organizational structure of the program AI Sweden here.
In order to provide you with a better understanding of our processing of your personal data in relation to AI Sweden’s Data Factory (the “Data Factory”) this subsection will specifically cover the processing of such personal data. If you have questions, please don’t hesitate to contact us through the contact information found on the main page.
The Data Factory has been established as a resource for AI Sweden’s partners and project parties for the purpose of conducting research and testing.
This part of the Privacy Policy includes the following information:
- How we process personal data in a dataset.
- How we process personal data when you, as a user, access the DataFactory.
3.1 Processing of personal data in a dataset
We process your personal data if your personal data is included in a dataset that has been donated or licensed to the Data Factory.
Specific information about our processing of each dataset will be provided on AI Sweden’s website where the datasets are also described in more detail.
What personal data may be processed in a dataset in the Data Factory?
The personal data processed may be in the form of images, names, email addresses, physical locations, license plates, telephone numbers and other information attributable to individuals. These datasets are always donated or licensed to Lindholmen Science Park under agreements that also regulate data protection. All our datasets are listed on our website. If a dataset contains personal data, you can find specific information on how we process personal data included in such a dataset on AI Sweden’s website, in connection to the respective dataset.
What are the purposes of our processing of your personal data and what legal basis do we base such processing on?
With the Data Factory services we intend to enable partners and project parties of AI Sweden to test and train algorithms in order to increase the use of applied AI in Sweden for the benefit of the Swedish society, Sweden’s competitiveness in the field of AI and for everyone living in Sweden. A major part of the Data Factory is to enable partners and project parties to access datasets for scientific research, development and testing purposes related to AI. Such research, development and testing will be performed by us, by partners and/or project parties to AI Sweden or by us in collaboration with partners and/or project parties to AI Sweden.
To provide the services of the Data Factory we might therefore need to process (e.g., receive, use, store and/or share) personal data for specific purposes. Lindholmen Science Park may also process personal data to enable anonymization. The legal basis for the processing concerning datasets will in most cases be that the processing is necessary for purposes of our legitimate interest to offer the Data Factory services and to facilitate for AI testing and research purposes as described above and specifically described for each dataset.
To clarify, we will not collect nor receive datasets for the specific purpose of collecting personal data and do not in any way attempt to identify the individuals that may be identifiable in a dataset.
From where do we collect your personal data?
The datasets will be collected from partners of AI Sweden, project parties and other organizations that want to donate or license a dataset to Lindholmen Science Park. Information about each dataset will be provided on AI Sweden’s website. If a dataset contains personal data, you can find specific information on how we process personal data included in such a dataset.
Each donor or licensor is responsible for their own processing of personal data and that they have the right to donate or license the dataset to Lindholmen Science Park. The donor or licensor and Lindholmen Science Park will be independent controllers and hence responsible for their own processing of your personal data. This will be clearly regulated in agreements between Lindholmen Science Park and each dataset donor or licensor.
Who do we share your personal data with?
We will transfer personal data in a dataset to partners and/or project parties to AI Sweden that apply to use a specific dataset by giving them a sub-license in accordance with the terms stated in an agreement between us and the applying partner and/or project party. Access to and transfer of datasets, containing personal data, to a partner and/or a project party will only be made for purposes that are in line with our purposes for its processing of the personal data, as described above.
Third parties processing such datasets will process the personal data included therein as independent controllers or, if applicable, as joint controllers with us. Such controllers are requested to apply the same level of security for processing of personal data, as we do.
We will also transfer personal data to third parties acting as our processors, e.g., suppliers of support and maintenance of IT- and cloud services, etc.
For how long do we process your personal data?
Information about how long a dataset is stored will be provided specifically for each dataset on AI Sweden’s website, where all datasets are listed.
Please be informed that we only store your personal data as long as it is needed for the purpose for which it was collected.
The period of time that a dataset will be stored in the Data Factory can also depend on (i) the period of time that the dataset has been licensed to the Data Factory and (ii) the period of time that the dataset is considered as useful for the purpose of storing it and keeping it available for Data Factory users.
Transfer of personal data to countries outside the EU/EEA
We strive to only process personal data within the EU/EEA. When we transfer your personal data to third parties acting as our processors, e.g., supplier of the supply-, support and maintenance of IT- and cloud services, these processors may transfer data outside the EU/EEA on our behalf. In cases where our processors are transferring or processing personal data outside the EU/EEA, such processing is based either on a decision from the European Commission establishing that the country in question ensures an adequate level of protection or appropriate safeguards that ensure that your rights are protected such as standard contractual clauses adopted by the European Commission and supplementary security measures to such standard contractual clauses when necessary.
3.2 Processing of personal data when you, as a user, access the Data Factory
As a result of that you request to be, and/or your employer or principal requests you to be, registered as a user (the “User”) of the Data Factory we will process your personal data to be able to complete your registration and to provide the services (the “Data Factory Services”) in accordance with our terms of use for the Data Factory.
What personal data do we process?
We process your first and last name, email address, telephone number, address, title/professional position and company affiliation if applicable, your sign-on credentials (email and password), username (user ID), any profile or biographical information you choose to provide and other required contact details (“Contact Details”).
When we enter into a contract directly with you as a private person for you to become a User, we process your personal identity number.
We process information about your nationality.
We also process personal data about you in relation to your use of the Data Factory Services. This includes your activities in the Data Factory e.g., when you log in, how you access our services, device information, your IP-address, the content you upload to the environment and statistical information of your activities.
What are the purposes of our processing of your personal data and what legal basis do we base such processing on?
We process your personal data for the following purposes:
- Providing the Data Factory Services;
- Maintenance and improving our services;
- Associated communication by telephone, email, text message or other communication channels;
- Providing support to the User;
- Invoicing and payment procedure, if applicable;
- Resolve disputes, collect fees and enforce our terms and policies.
When we enter into an agreement directly with you as a User for the Data Factory Services, we base our processing above on that the processing is necessary for the performance of the agreement. When we enter into a contract with your employer or principle that wants to use the Data Factory Services, we process your personal data based upon that the processing is necessary for the purposes of our legitimate interest to be able to provide the Data Factory Services and to fulfill our contractual rights and obligations towards the contracting employer or principal.
When we enter into a contract directly with you as a private person for you to become a User,we process your personal identity number for the purpose of securing your identity. The personal identity number is processed based on the legal basis that the processing is necessary for the purposes of our legitimate interest to be able to secure your identity in relation to the agreement that is entered into with us.
We process information about your nationality for the purpose of complying with export control regulations to which we are subject.
We process your personal data in the form of your activities when you use our services based on our legitimate interest for the following purposes:
- Provide our services;
- Evaluate and assess requests to use the Data Factory;
- Maintain & improve our services;
- Develop new services;
- Measure performance;
- Internal and external communication about the Data Factory, e.g., at our internal networks, website and the different websites of our Programs, social media channels and other communication channels;
- Marketing of our business, projects and various events;
- Fulfill legal requirements in relation to e.g. marketing legislation (keeping record of if you have unsubscribed to receiving our newsletters/marketing material);
- Management, follow-up, evaluations and administration related to the Data Factory Services;
- Protect us, our users and the public.
The personal data is processed based upon that the processing is necessary for the purposes of our legitimate interest to administer, manage and provide the Data Factory Services. In addition, the legal basis for the processing related to keeping record of if you have unsubscribed to receiving our newsletters/marketing material, is that the processing is necessary for compliance with the Swedish Marketing Act.
We process your personal data found in verifications (in relation to invoices and payments) and the like for the purpose of fulfilling the requirements in the Swedish Accounting Act (1999:1078). The legal basis for this processing is that the processing is necessary for the compliance with a legal obligation which we are subject to.
From where do we collect your personal data from?
We receive personal data directly from you in connection with your request to become a User of the Data Factory Services and when you use the services. We may also collect personal data from your employeror from our processors for the Data Factory Services.
Who do we share your personal data with?
We share your personal data with third parties that process personal data on our behalf, so called processors. These processors are, e.g., suppliers of support and maintenance of IT- and cloud services, suppliers of market and customer satisfaction surveys.
We may also transfer personal data to third parties acting as independent controllers when applicable.
Other Data Factory Users may access your personal data in the form of your Contact Details when they use the Data Factory Service and hence, we may therefore transfer your personal data to the other Data Factory Users.
For how long do we process your personal data?
Personal data processed for the purpose of providing the Data Factory Services will be processed as long as we have any contractual rights and obligations towards you or your employer or principal. When you are no longer a User of the Data Factory Services, we will save your information for six (6) months. After that we will delete your personal data.
Our processing of your personal identity number based on our legitimate interest for the purpose of entering into a contract directly with you as a private person will be processed as long as the agreement is effective and as long as there are claims as a result of the agreement.
Our processing of your nationality based on our legitimate interest for the purpose of complying with export control regulations, to which we are subject, will be processed during the time you use the Data Factory Services.
Personal data processed for marketing purposes will be processed for 12 months from the last time you read our newsletter or other marketing material. If you unsubscribe from receiving our newsletters or other marketing material we will store your personal data for a period of ten (10) years after our receipt of such request in order to make sure that no marketing material is sent to you.
When it comes to processing of your personal data related to invoicing or payment, we will store the personal data necessary for the fulfillment of requirements under the Swedish Accounting Act (1999:1078) for a period of seven (7) years.
Transfer of personal data to countries outside the EU/EEA
We strive to only process personal data within the EU/EEA. When we transfer your personal data to third parties acting as our processors, e.g., supplier of the supply-, support and maintenance of IT- and cloud services, these processors may transfer data outside the EU/EEA on our behalf. In cases where our processors are transferring or processing personal data outside the EU/EEA, such processing is based either on a decision from the European Commission establishing that the country in question ensures an adequate level of protection or appropriate safeguards that ensure that your rights are protected such as standard contractual clauses adopted by the European Commission and supplementary security measures to such standard contractual clauses when necessary.
..........