Data collection & privacy policy
May 28, 2024
Collection of personal data, purposes of the processing and lawful basis
We may collect the following categories of personal data relating to you for the purposes of processing your personal data:
First name, last name, e-mail, telephone number.
Newsletters
The following processing of personal data is based on the legal ground of consent:
When you subscribe to our newsletter, we process your personal data in order for you to take part of information about our activities, news and other events happening at Ideon;
This means that we will actively seek your consent before we process your personal data. You can at any time choose to withdraw your consent, in which case we will stop processing your personal data, unless we have a statutory obligation to continue. A withdrawn consent does not affect already processed personal data.
Third-party software:
We use CRM systems, customer administration tools and event planning software in order to provide you with our services and maintain contact with you regarding our services;
Court of law, supervisory authority, government agency or other public body:
Upon request and only if necessary, we might disclose your personal information in order to comply with a court of law, government decision or to otherwise fulfill our statutory obligation;
Other actors:
Other than the actors above, we are only sharing your personal information with other actors if there is a previous special agreement with you.
If any of the above actors, as a result of the sharing of personal information, becomes a processor to us we will draft a data processor agreement with said actor which meets the requisites in the GDPR and other applicable regulations.
We never sell your personal information to any party.
We2u, ideon filia ab and wihlborg center (joint controllers)
In order to provide you with our best customer service and customer care; Ideon Science Park together with the companies WE2U and Wihlborg Center share personal data stored in a customer care database. The processing includes the storage, service and administration of your personal data. Regarding personal data for which the companies share the personal data processing tasks, there is a joint responsibility of said personal data processing. This means that WE2U, Ideon Science Park and Wihlborg Center has the same responsibility towards you regarding the statutory obligations of the GDPR. In light of Ideon Science Park, We2U and Wihlborg Center joint responsibility, a joint controller agreement has been drafted to ensure each party’s responsibility under the GDPR.
Your rights under the GDPR and this Privacy Policy remain unchanged and you may exercise your rights under the GDPR in respect of and against each of said controllers for the personal data processing in our customer care database. If you have any further questions regarding how your personal data is being shared and processed between the above-mentioned actors. Please contact us using the contact details below.
For more information about WE2U and their privacy policy, please visit this website: http://www.we2u.se/.
For more information about Wihlborg Center and their privacy policy, please visit this website: https://www.wihlborgs.se.
Transfer of personal data to countries outside eu/eea
Ideon Science Park does not transfer, nor intend to transfer, your personal data outside of the EU/EEA. However, we might from time to time utilize the services of processors in the form of software- or third-party providers and where your personal data may be transferred outside of the EU/EEA. In such cases, we ensure you that the transfer of personal data is preceded by an adequacy decision or appropriate and suitable safeguards.
If you have any questions regarding the above, please contact us using the contact details below.
Your rights
You, whose personal data we process, have the right to request the following from us free of charge by contacting us. If we receive such a request, we will need to secure your identity with appropriate security measures in order to prevent unauthorized persons from gaining access to your personal data. We will respond to your request without delay, but no later than one (1) month after your request was received. You are entitled to the following (1-6):
- Right of access (transcript): You have the right to receive information about which categories of personal data we process about you in the form of a written transcript. In the excerpt we describe what personal data we have about you and why we need them.
- Right to rectification: You have the right to request correction of your personal data if these are incorrect or incomplete.
- Right to erasure (right to be forgotten): You have the right to request that we delete your personal data if processing is no longer necessary, if it is based on the legal basis of consent or if the processing of personal data is performed illegally. However, deletion of your personal data does not apply to the information that we are obliged to preserve according to a legal obligation.
- Right to restriction of processing: You have the right to request that we temporarily limit the processing of your personal data. The restriction of processing of personal data could be applicable:
• during the time it takes us to check that your information is accurate;
• during the time it takes us to check whether our legitimate interest in the processing of personal data outweighs your interests and fundamental rights; to enable you to establish, enforce or defend legal claims;
•if the processing of personal data is illegal, but you want the processing to be limited instead of being deleted. - Right to object: You have the right to object to the processing of your personal data that is based on our legitimate interests. If you object to such processing of personal data, we may only continue to process your personal data if our legitimate interest outweighs your rights and freedoms, or if there is an existing statutory legal obligation according to applicable data protection legislation.
- Right to data portability: You have the right to obtain the personal data you have provided us in a structured, generally used and machine-readable format, if the processing is based on a consent or an agreement and if it is technically possible. You also have the right to request that we transfer your personal data directly to another controller.
Lodge a complaint to the supervisory authority
We ask that you always come to us first, to give us the chance to sort out any misunderstandings or inaccuracies on our part regarding the processing of your personal data. However, you always have the right to lodge a complaint to the supervisory authority (Datainspektionen) if you think that we do not process your personal data in accordance with this Privacy Policy or if we process your personal data in violation of applicable legislation.
Amendments
Ideon reserves the right to change this Privacy Policy from time to time. You can always find the correct and applicable Privacy Policy at: https://www.ideon.se/.
Email /events
The following processing of personal data is based on the legal ground of legitimate interest:
When you attend one of our events, we process your personal data in order to register your attendance and send you information related to the event;
When you contact us through email, regarding matters related to Ideon, we process your personal in order to help you with your inquiry.
If you wish for us to delete above-mentioned information you may object to the processing of personal data. Read more about how you may do so below under “Your Rights”.
Comments on news articles or blog posts by ideon
The following processing of personal data is also based on the legal ground of legitimate interest:
when you comment on one of our news articles or blog posts, we process your personal data on our website in order to identify you as the commentator.
Note that if you decide to comment on our news articles or blog posts your comment will be available for other visitors of our news articles and/or blog posts. In order to comply with applicable legislation, we might moderate your comment if we deem that it is in violation with said legislation. If you wish for us to delete above-mentioned information you may object to the processing of personal data. Read more about how you may do so below under “Your Rights”.
Legal obligations
We may process personal information about you to comply with legal obligations. For example, to comply with the Discrimination Act (swe: Diskrimineringslagen) or the Accounting Act (swe: Bokföringslagen) or other statutory obligation which require processing of personal data. If necessary, your personal information may also be processed for the establishment, exercise or defense of legal claims.
Statistics
Your personal information can, in an aggregated form, be used for market and customer analysis, market research, statistics and business follow-up relating to the purchase of goods and services. If we use your personal data for above-mentioned activities, we will ensure that your data is anonymized using appropriate and suitable safeguards.
Personal data is collected and processed for as long as there is an existing relation with the natural person based on the newsletter subscription and/or the attendance on one of our events. Thereafter for an additional period of six (6) months. If you want to withdraw your consent for our newsletter subscription or object to the continuous processing based on the personal information of your attendance of our events you may do so by contacting us (read more about this below under “Your Rights”).
For personal data collected and processed through your application and acceptance to the MatchIT program, we process your personal data during the matchmaking period and thereafter for an additional period of six (6) months.
For personal data collected and processed through your comments on our website and/or your email correspondence with us, we process your personal data for as long as there is a legitimate interest for us to keep in contact with you and/or enable your comments on our website. If you want to object to further processing of personal data based on the above purposes, you may do so by contacting us (read more about this below under “Your Rights”).
Personal data may be stored for a longer period if it is considered necessary to comply with statutory obligations or for the establishment, exercise or defense of legal claims.
Security and confidentiality
Technical and organizational measures
We assure you that we have sufficient and necessary technical and organizational capacity to fulfill our obligations under this Privacy Policy and in accordance with applicable data protection legislation. In addition, our data- and information systems are updated and checked regularly, and our computers and servers are encrypted, and password protected.
We ensure you that only personnel who need your personal data have access to these and then only in order to fulfill their duties (authorization). Our staff has good knowledge of data protection legislation and has undergone special education in handling personal data in a correct and appropriate manner. Furthermore, our staff is up-to-date on the latest in data protection management and legislation. We also have a close cooperation with our legal representative whom is qualified in manners regarding the GDPR and data protection legislation.