Data Protection Policy
Our mission is to be an internationally competitive industry research institute that works to facilitate sustainable growth in Sweden by strengthening competitiveness and innovation in the business community. This mission carries with it an obligation to process all types of data in an appropriate and cost-effective manner throughout the life cycle of the data in question.
We shall process all data correctly without hinderance or complication for learning and collaboration in our day-to-day work. In order to ensure the correct processing of data, all personnel shall have knowledge of applicable data protection regulation.
We shall process all data, irrespective of its form, in a manner that lives up to the demands made by our operations. Likewise, we shall ensure that requirements for data processing stated in applicable legislation, as well as requirements from the State, public authorities, customers, stakeholders and employees are met with regard to confidentiality, accessibility, accuracy and traceability. Furthermore, we shall always strive to process data within the EU/EEA.
We shall process all data in an appropriate and cost-effective manner throughout the life cycle of the data in question; creation, publication, use, archiving, erasure. Everyone affected must be able to trust that we process data in a proper manner throughout its life cycle with regard to processing, storage, archiving, dissemination and destruction.
The document Guidelines for Data Classification within RISE defines the classes of confidentiality, accessibility, accuracy and traceability.
The document Guidelines for Data Security within RISE defines requirements related to the expected uses and nature of RISE IT resources.
Processing personal data
We shall only collect personal data that is necessary and relevant for the purposes for which it is collected. Data shall be correct and up to date and shall not be more comprehensive than required for the purposes of its processing.
We shall ensure that all processing of personal data takes place with the use of appropriate technical and organisational measures to safeguard the personal data from unauthorised or unlawful loss, destruction or damage. We shall store data only for as long as necessary to fulfil the purposes for which it was collected, or for as long as required to do so by applicable legislation, e.g. the Swedish Bookkeeping Act (SFS 1999:1078).
We shall have goals and guidelines for all processing of data including personal data. We shall comply with established routines and processes regarding the processing of personal data.
The document Guidelines for Processing Personal Data within RISE defines specific requirements regarding the collection, processing, storage and erasure of personal data, as well as dealing with registry extracts and requests for rectification, restrictions on processing or erasure.