How we are processing personal data in relation to our program AI Sweden’s Data Factory

Privacy Policy for AI Sweden’s Data Factory

INTRODUCTION
AI Sweden is one of Lindholmen Science Park’s Programs. AI Sweden is a national and neutral initiative working together with other host organizations in Sweden, but the initiative is hosted by us. You can read more about the organizational structure of the program AI Sweden here.

In order to provide you with a better understanding of our processing of your personal data in relation to AI Sweden’s Data Factory (the “Data Factory”) this subsection will specifically cover the processing of such personal data. If you have questions, please don’t hesitate to contact us through the contact information found on the main page.

The Data Factory has been established as a resource for AI Sweden’s partners and project parties for the purpose of conducting research and testing.

This part of the Privacy Policy includes the following information:

How we process personal data in a dataset.
How we process personal data when you, as a user, access the DataFactory.

1. Processing of personal data in a dataset

We process your personal data about you when your personal data is included in a dataset that has been donated or licensed to the Data Factory.

Specific information about our processing of each dataset will be provided on AI Sweden’s website where the datasets are also described in more detail.

What personal data may be processed in a dataset in the Data Factory?

The personal data processed may be in the form of images, names, email addresses, physical locations, license plates, telephone numbers and other information attributable to individuals. These datasets are always donated or licensed to Lindholmen Science Park under agreements that also regulate data protection. All our datasets are listed on our website. If a dataset contains personal data, you can find specific information on how we process personal data included in such a dataset on AI Sweden’s website, in connection to the respective dataset.

What are the purposes of our processing of your personal data and what legal basis do we base such processing on?

With the Data Factory services we intend to enable partners and project parties of AI Sweden to test and train algorithms in order to increase the use of applied AI in Sweden for the benefit of the Swedish society, Sweden’s competitiveness in the field of AI and for everyone living in Sweden. A major part of the Data Factory is to enable partners and project parties to access datasets for scientific research, development and testing purposes related to AI. Such research, development and testing will be performed by us, by partners and/or project parties to AI Sweden or by us in collaboration with partners and/or project parties to AI Sweden.

To provide the services of the Data Factory we might therefore need to process (e.g., receive, use, store and/or share) personal data for specific purposes. Lindholmen Science Park may also process personal data to enable anonymization.
The legal basis for the processing concerning datasets will in most cases be that the processing is necessary for purposes of our legitimate interest to offer the Data Factory services and to facilitate for AI testing and research purposes as described above and specifically described for each dataset.

To clarify, we will not collect nor receive datasets for the specific purpose of collecting personal data and do not in any way attempt to identify the individuals that may be identifiable in a dataset.

From where do we collect your personal data?

The datasets will be collected from partners of AI Sweden, project parties and other organizations that want to donate or license a dataset to Lindholmen Science Park. Information about each dataset will be provided on AI Sweden’s website. If a dataset contains personal data, you can find specific information on how we process personal data included in such a dataset.

Each donor or licensor is responsible for their own processing of personal data and that they have the right to donate or license the dataset to Lindholmen Science Park. The donor or licensor and Lindholmen Science Park will be independent controllers and hence responsible for their own processing of your personal data. This will be clearly regulated in agreements between Lindholmen Science Park and each dataset donor or licensor.

Who do we share your personal data with?

We will transfer personal data in a dataset to partners and/or project parties to AI Sweden that apply to use a specific dataset by giving them a sub-license in accordance with the terms stated in an agreement between us and the applying partner and/or project party. Access to and transfer of datasets, containing personal data, to a partner and/or a project party will only be made for purposes that are in line with our purposes for its processing of the personal data, as described above.

Third parties processing such datasets will process the personal data included therein as independent controllers or, if applicable, as joint controllers with us. Such controllers are requested to apply the same level of security for processing of personal data, as we do.

We will also transfer personal data to third parties acting as our processors, e.g., supplier of the supply-, support and maintenance of IT- and cloud services, etc.

For how long period of time is your personal data stored?

Information about how long a dataset is stored will be provided specifically for each dataset on AI Sweden’s website, where all datasets are listed.

Please be informed that we only store your personal data as long as it is needed for the purpose for which it was collected.

The period of time that a dataset will be stored in the Data Factory can also depend on (i) the period of time that the dataset has been licensed to the Data Factory and (ii) the period of time that the dataset is considered as useful for the purpose of storing it and keeping it available for Data Factory users.

Transfer of personal data to countries outside the EU/EEA

We strive to only process personal data within the EU/EEA. When we transfer your personal data to third parties acting as our processors, e.g., supplier of the supply-, support and maintenance of IT- and cloud services, these processors may transfer data outside the EU/EEA on our behalf. In cases where our processors are transferring or processing personal data outside the EU/EEA, such processing is based either on a decision from the European Commission establishing that the country in question ensures an adequate level of protection or appropriate safeguards that ensure that your rights are protected such as standard contractual clauses adopted by the European Commission and supplementary security measures to such standard contractual clauses when necessary.

2. Processing of personal data when you, as a user, access the Data Factory

As a result of that you request to be, and/or your employer or principal requests you to be, registered as a user (the “User”) of the Data Factory we will process your personal data to be able to complete your registration and to provide the services (the “Data Factory Services”) in accordance with our terms of use for the Data Factory.

What personal data do we process?

We process your first and last name, email address, telephone number, address, title/professional position and company affiliation if applicable, your sign-on credentials (email and password), username (user ID), any profile or biographical information you choose to provide and other required contact details (“Contact Details”).

When you as a User sign an agreement through our tool for digital signing with the use of Bank-id, we also process your personal identity number (Sw. personnummer). When we enter into an agreement directly with you as a User, we process your personal identity number in the agreement.

We process information about your nationality to comply with export control regulations to which we are subject.

We also process personal data about you in relation to your use of the Data Factory Services. This includes your activities in the Data Factory e.g., when you log in, how you access our services, device information, your IP-address, the content you upload to the environment and statistical information of your activities.

What are the purposes of our processing of your personal data and what legal basis do we base such processing on?

We process your personal data for the following purposes:

Providing the Data Factory Services;
Maintenance and improving our services;
Associated communication by telephone, email, text message or other communication channels;
Providing support to the User;
Invoicing and payment procedure, if applicable;
Resolve disputes, collect fees and enforce our terms and policies.

When we enter into an agreement directly with you as a User for the Data Factory Services, we base our processing above on that the processing is necessary for the performance of the agreement. When we enter into a contract with your employer or principle that wants to use the Data Factory Services, we process your personal data based upon that the processing is necessary for the purposes of our legitimate interest to be able to provide the Data Factory Services and to fulfill our contractual rights and obligations towards the contracting employer or principal.

We process your personal identity number for the purpose of securing your identity in connection with the entering into agreements with us and administration of digital signing of agreements through the use of Bank-id. The personal identity number is processed based on the legal basis that the processing is necessary for the purposes of our legitimate interest to be able to secure your identity in relation to agreements that are entered into with us and administering digital signing of agreements as well as the agreements as such.

When we enter into a contract directly with you as a User, we also process your personal identity number as part of the agreement based on our legitimate interest for the purpose of entering into a contract with you as a private person, to be able to identify you as a contract party.

We process your nationality for the purpose of complying with export control regulations that our collaboration partners from the United States require us to do.

We process your personal data in the form of your activities when you use our services based on our legitimate interest for the following purposes:

Provide our services;
Evaluate and assess requests to use the Data Factory;
Maintain & improve our services;
Develop new services;
Measure performance;
Internal and external communication about the Data Factory, e.g., at our internal networks, website and the different websites of our Programs, social media channels and other communication channels;
Marketing of our business, projects and various events;
Fulfill legal requirements in relation to e.g. marketing legislation (keeping record of if you have unsubscribed to receiving our newsletters/marketing material);
Management, follow-up, evaluations and administration related to the Data Factory Services;
Protect us, our users and the public.

The personal data is processed based upon that the processing is necessary for the purposes of our legitimate interest to administer, manage and provide the Data Factory Services. In addition, the legal basis for the processing related to keeping record of if you have unsubscribed to receiving our newsletters/marketing material, is that the processing is necessary for compliance with the Swedish Marketing Act.

We process your personal data found in verifications (in relation to invoices and payments) and the like for the purpose of fulfilling the requirements in the Swedish Accounting Act (1999:1078). The legal basis for this processing is that the processing is necessary for the compliance with a legal obligation which we are subject to.

From where do we collect your personal data from?

We receive personal data directly from you in connection with your request to become a User of the Data Factory Services and when you use the services. We may also collect personal data from your employer or principal or from our processors for the Data Factory Services.

Who do we share your personal data with?

We share your personal data with third parties that process personal data on our behalf, so called processors. These processors are, e.g., supplier of the supply-, support and maintenance of IT- and cloud services, suppliers of market and customer satisfaction surveys.

We may also transfer personal data to third parties acting as independent controllers or joint controllers with Lindholmen Science Park, if such transfer is required by applicable law, or if we have another legal ground for such transfers, e.g., third parties that are acting as host organizations to one of our programs, for example as with the program AI Sweden, and therefore need to access some personal data to be able to fulfill their contractual obligations and undertakings followed by the collaboration agreement between the respective host organization and Lindholmen Science Park AB regulating their work within AI Sweden. We have provided specific information about how AI Sweden collaborates with such host-organizations and how this affects the processing of your personal data on AI Sweden’s website, here.

Other Data Factory Users may access your personal data in the form of you Contact Details when they use the Data Factory Service and hence, we may therefore transfer your personal data to the other Data Factory Users.

For how long period of time is your personal data stored?

Personal data processed for the purpose of providing the Data Factory Services will be processed as long as we have any contractual rights and obligations towards you or your employer or principal. When you are no longer a User of the Data Factory Services, we will save your information for six (6) months. After that we will delete your personal data.

Our processing of your personal identity number based on our legitimate interest for the purpose of providing and administer digital signing of contracts with the use of Bank-id, will be processed as long as the agreement is effective and as long as there are claims as a result of the agreement.

Our processing of your personal identity number based on our legitimate interest for the purpose of entering into a contract directly with you as private person will be processed as long as the agreement is effective and as long as there are claims as a result of the agreement.

Our processing of your nationality based on our legitimate interest for the purpose of complying with export control regulations that our collaboration partners from the United States requires us to do will be processed during the time you use the Data Factory Services.

Personal data processed for marketing purposes will be processed for 12 months from when the last time you read our newsletter or other marketing material. If you unsubscribe from receiving our newsletters or other marketing material we will store your personal data for a period of ten (10) years after our receipt of such request in order to make sure that no marketing material is sent to you.

When it comes to processing of your personal data related to invoicing or payment, we will store the personal data necessary for the fulfilment of requirements under the Swedish Accounting Act (1999:1078) for a period of seven (7) years.

Transfer of personal data to countries outside the EU/EEA

..........