Our mission is to be an internationally competitive industry research institute that works to facilitate sustainable growth in Sweden by strengthening competitiveness and innovation in the business community. This mission carries with it an obligation to process all types of data in an appropriate and cost-effective manner throughout the life cycle of the data in question.
We shall process all data correctly without hinderance or complication for learning and collaboration in our day-to-day work. To ensure the correct processing of data, all personnel shall have knowledge of applicable data protection regulation.
We shall process all data, irrespective of its form, in a manner that fulfils the demands made by our operations. Likewise, we shall ensure that requirements for data processing stated in applicable legislation, as well as requirements from the State, public authorities, customers, stakeholders and employees are met with regard to confidentiality, availability, accuracy and traceability. Furthermore, we shall always strive to process data within the EU/EEA.
We shall process all data in an appropriate and cost-effective manner throughout the life cycle of the data in question; creation, publication, use, archiving, deletion. Everyone affected must be confident that we process data in a proper manner throughout its life cycle with regard to processing, storage, archiving, dissemination and destruction.
The document Guidelines for Data Classification within RISE defines the classes of confidentiality, availability, accuracy and traceability.
The document Guidelines for Data Protection within RISE defines the direction and objectives of the data protection work conducted at RISE.
We shall only collect personal data that is necessary and relevant for the purposes for which it is collected. Data shall be correct and up to date and shall not be more comprehensive than required for the purposes of its processing.
We shall ensure that all processing of personal data takes place with the use of appropriate technical and organisational measures to safeguard the personal data from unauthorised or unlawful loss, destruction or damage. We shall store data only for as long as necessary to fulfil the purposes for which it was collected, or for as long as required to do so by applicable legislation, e.g. the Swedish Bookkeeping Act (SFS 1999:1078).
We shall have goals and guidelines for all processing of data including personal data. We shall comply with established procedures and processes regarding the processing of personal data.
The document Guidelines for Processing Personal Data within RISE defines specific requirements regarding the collection, processing, storage and deletion of personal data, as well as for dealing with registry extracts and requests for rectification, restrictions on processing or erasure.