Processing of personal data
In accordance with the General Data Protection Regulation (EU 2016/679), the GDPR, hereinafter referred to as the Data Protection Regulation, and supplementary national legislation, the following information is provided regarding the processing of your personal data in Prisma.
Data controller
The research funder organization or equivalent is the data controller for the processing of personal data in connection with the handling of applications in its own funding cases made via Prisma. For the processing of personal data in Prisma Portal (the application portal), the Swedish Research Council is the data controller.
- The Swedish Research Council, vetenskapsradet@vr.se, phone number +46 8 546 44 000.
The Swedish Research Council's Data Protection Officer can be reached at dataskyddsombudet@vr.se or phone number +46 8 546 44 031. - Formas, registrator@formas.se, +46 8 775 40 00
- Forte, forte@forte.se, +46 8 775 40 70
- Karolinska Institutet, registrator@ki.se, +46 8 524 800 00
- The Swedish Institute for Educational Research, info@skolfi.se, +46 8 523 29 800
- The Swedish National Space Agency, rymdstyrelsen@snsa.se, +46 8 40 90 77 00
- The Swedish Environmental Protection Agency, registrator@naturvardsverket.se, +46 10 698 10 00
Personal data processed and the purpose of the processing
Personal data is collected and processed in order to receive, prepare, and assess applications and to make decisions as well as to implement those decisions. Personal data is also processed to carry out analyses, evaluations, compile statistics, conduct system tests and fulfil reporting obligations, for example to the Government, and to contact you regarding matters related to ongoing or upcoming funding calls as well as evaluations thereof.
The personal data processed about you consists of the information required to create your personal account. This includes your name, personal identity number or date of birth, country of activity, citizenship, and gender. In addition, personal data consists of the information you yourself provide in your CV, publication list and your application, if any, or certain other specific data that may be associated with your role, for example payment details if you are a remunerated reviewer. Certain metadata is also processed about each user in order to monitor how the system is used.
Legal basis
The processing is carried out pursuant to Article 6(1)(e) of the Data Protection Regulation, as it is necessary for the performance of a task carried out in the public interest.
Handling and protection of personal data
The personal data provided by researchers, as applicants and/or reviewers, and by fund administrators/organisations is stored in Prisma's stakeholder register. Each stakeholder has a password-protected account in the system. Only the account holder can log in to the account.
All information in an application is available both in the personal account and in the organisation account to which the application is linked. Decisions and reporting are also stored in the organisation account. Through the organisation account, it is possible to follow the applications submitted from, and the grant payments made to, the organisation in question.
Certain information from an application is stored in local case management systems at the individual funder in order for the funder to compile statistics, for example regarding gender distribution.
The data controller takes relevant and sufficient organisational and technical measures to ensure the protection of data in accordance with the rules in force at any given time. Data is retained or disposed of in accordance with the statutory requirements applicable to the data controller.
Personal data may be disclosed to external reviewers, Prisma's developers and to national systems that depend on information for statistics regarding research and research funding. In cases where a grant application is approved, data may be disclosed to SweCRIS, a national database regarding funding from a number of Swedish research funders, and published on the SweCRIS website (www.swecris.se).
The public authorities that use the system are public entities, which means that personal data may, upon request, be subject to disclosure to third parties, including upon a request for public documents in accordance with Chapter 2 of the Freedom of the Press Act. Such disclosure is always preceded by a confidentiality assessment.
Your rights
You have the right to have inaccurate personal data rectified and the right to have incomplete personal data completed. You also have the right, under certain conditions, to have your data erased or to object to the processing of your personal data. Furthermore, you have the right to lodge a complaint with the Swedish Authority for Privacy Protection. Read more about your rights on the authority's website, https://www.imy.se/en/individuals/data-protection/your-rights-as-a-data-subject/.