General Data Protection Regulation
The processing of personal data is carried out in accordance with the provisions of the EU General Data Protection Regulation (EU 2016/679) and the Electronic Communications Act. The data controller is the Lars Hierta Memorial Foundation ("the Foundation," registration number 802004-6077).
The foundation processes personal data for its staff, board members, external auditors, and researchers and managers applying for funding for research or social purposes. Furthermore, personal data for the foundation's tenants is also processed.
Purposes of processing and categories of data subjects
Personal data for the foundation's staff is used as a basis for salary and tax administration. Registered data include name, address, phone number, personal identification number, email address, and bank account.
Personal data for the foundation's board members is used for registration with the Swedish Companies Registration Office. Personal data for both board members and external auditors are used as a basis for the payment of fees. Registered data include name, address, phone number, personal identification number, email address, and bank account.
Personal data for researchers applying for research grants are used for the review of grant applications and for the disbursement of approved amounts. Registered data include name, address, phone number, personal identification number, postal address, university, faculty, and institutional affiliation, curriculum vitae, and, in some cases, a statement from a supervisor/senior researcher.
For individual applicants seeking funds for social purposes, the foundation collects name, address, phone number, and email address. For organizational applicants seeking funds for social purposes, the foundation collects organization number, address, phone number, email address, and recipient account.
As a landlord, the foundation processes usual personal data in accordance with the respective lease agreement.
Disclosure of personal data
Personal data for grant applicants are recorded in an electronic application system via 3D/Göran Cassel. Data processing agreements have been established with 3D. Agreements have also been signed with SEB since personal data are forwarded to SEB in connection with the disbursement of granted funds, salaries, and fees.
In individual cases, such as when a Swedish recipient of research funds is abroad, personal data may accompany correspondence between the foundation and grant recipients.
To a limited extent, certain personal data are processed in connection with the annual audit.
Retention
Personal financial information for employees and board members is deleted two years after the termination of employment or assignment.
Personal data for grant applicants are retained after the grant has been reported to enable follow-up to ensure that fund distribution complies with the foundation's statutes.
Personal data for tenants are retained in accordance with the respective lease agreement.
Security measures
Two individuals have password-protected access to the foundation's email account. Each reviewer of applications has password-protected access to read the applications for two months per year.
A password protected desktop computer is located in the foundation's office. The key to this office is held by the foundation's staff (2 individuals), as well as the chairman and vice chairman.
One paper sheet per approved application, containing personal data about the applicant, is stored in the office.