Processing of personal data
The following information about the processing of your personal data in Prisma is provided as per the General Data Protection Regulation (GDPR) (EU 2016/679) and supplemental national legislation.
Personal data controller
The research funding body or equivalent is the personal data controller for the processing of personal data in connection with handling of applications for their own calls and situations handled within Prisma. The Swedish Research Council is the personal data controller for personal data processed in Prisma Portal (the application portal).
- Swedish Research Council, vetenskapsradet@vr.se, phone +46 (0)8-546 44 000. The Swedish Research Councils data protection officer can be contacted by email (dataskyddsombudet@vr.se) or phone (+46 (0)8-546 44 031.
- Formas, registrator@formas.se, +46 (0)8-775 40 00
- Forte, forte@forte.se, +46 (0)8-775 40 70
- Karolinska Institutet, registrator@ki.se, +46 (0)8-524 800 00
- Swedish Institute for Educational Research, info@skolfi.se, +46 (0)8-523 29 800
- Swedish National Space Agency, rymdstyrelsen@snsa.se, +46 0)8-40 90 77 00
- Swedish Environmental Protection Agency, registrator@naturvardsverket.se, +46 (0)10-698 10 00
Processed personal data and the purpose of the processing
The collected and processed personal data enables the receipt, preparation and assessment of applications and enables making decisions and implementing decisions. Personal data are also processed to conduct analyses and evaluations, to produce statistics, to conduct system tests, to fulfil obligations for reporting, such as to the Government, and to be able to contact you in matters related to ongoing or upcoming calls and evaluations thereof.
The personal data processed about you are the data required to create your personal account. This includes your name, personal identity number or date of birth, country of activity, citizenship and gender. Additionally, the personal data consists of what you include in your CV, your list of publications and your application, if any, or certain other specific data that may be associated with the role you have, such as payment data if you are a paid reviewer. Certain metadata are also processed about each user to monitor how the system is used.
Legal basis
The legal basis for processing personal data is that the processing is necessary to perform a task in the public interest pursuant Article 6.1.e of the General Data Protection Regulation.
Processing and protecting personal data
The personal data provided by researchers as applicants and/or reviewers and by administrating organisations or other organisations are stored in Prismas stakeholder register . Each stakeholder has a password-protected account in the system. Only the account holder can log into the account.
All data in an application are available both in the personal account and in the organisation account to which the application is linked. Decisions and reports are also stored in the organisation account. Both submitted applications and grant payments made to ones own organisation can be tracked in the organisation account.
Some application data are stored in local case management systems at the individual funding body to allow it to access statistics, such as the current gender distribution of applicants.
The personal data controller takes relevant and sufficient organisational and technical measures to ensure the protection of your data as per applicable rules and regulations. Data are preserved or deleted as per the legal requirements for the personal data controller.
Personal data may be provided to external reviewers, to Prismas developers and to national systems that depend on data for statistics on research and research funding. In cases where an application for a grant is successful, information may be submitted to SweCRIS, a national database on funding from several Swedish research funding bodies, and published on the SweCRIS website (www.swecris.se).
The authorities that use the system are public agencies, which means that the personal data may be subject to disclosure to third parties, such as requests for access to public documents as per Chapter 2 of the Freedom of the Press Act. Any such disclosure is preceded by a confidentiality assessment.
Your rights
You have the right to have incorrect personal data corrected and the right to supplement incomplete personal data. You also have the right, under certain conditions, to have your data deleted or to object to the processing of your personal data. You also have the right to submit complaints to the Swedish Authority for Privacy Protection. Read more about your rights on the Authoritys website, https://www.imy.se/en/organisations/data-protection/this-applies-accordning-to-gdpr/the-data-subjects-rights/.