EISCAT logotype

Privacy policy

This Privacy Policy explains how EISCAT processes personal data in accordance with the General Data Protection Regulation (GDPR).

Data Controller

EISCAT AB (organisation number 559506-6340), with headquarters in Kiruna, Sweden, and operating facilities in Sweden, Finland and Norway, is the data controller for the processing of personal data described in this Privacy Policy.

Postal address:
EISCAT AB
P.O. Box 812
SE-981 28 Kiruna
Sweden

E-mail: contact.us@eiscat.se

What Is Personal Data?

Personal data means any information relating to an identified or identifiable natural person (“data subject”), as defined in Article 4 of the General Data Protection Regulation (EU) 2016/679 (GDPR).

This includes, for example:

  • Name
  • E-mail address
  • Affiliation
  • IP address
  • Photographs, video or audio recordings where an individual can be identified

Pseudonymised data is considered personal data where it can be linked to an individual using additional information.

Processing includes any operation performed on personal data, such as collection, recording, storage, organisation, use, disclosure or deletion.

Categories of Personal Data and Purpose of Processing

EISCAT processes personal data that is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed.

Personal data may be processed in order to:

  • Provide, operate and maintain EISCAT’s research infrastructure, services and systems
  • Ensure IT security and system integrity
  • Administer user accounts and access to services
  • Fulfil legal, administrative and contractual obligations
  • Perform statistical analysis and mandatory reporting
  • Administer employment and contractor relationships

Legal Basis for Processing

Personal data is processed in accordance with Article 6 GDPR. Processing is lawful only where at least one of the following applies:

  • Performance of a contract
  • Compliance with a legal obligation
  • Performance of a task carried out in the public interest
  • Legitimate interests pursued by EISCAT (where applicable and not overridden by the interests or fundamental rights of the data subject)
  • Consent (where specifically obtained)

As a publicly funded research infrastructure, much of EISCAT’s processing is based on the performance of tasks carried out in the public interest.

As an employer, EISCAT processes personal data where necessary for the administration of employment and contractual relationships.

Recipients of Personal Data

Personal data may be shared, where necessary, with:

  • IT service providers and system hosting providers
  • Research collaborators and partner institutions
  • Public authorities where required by law
  • Funding bodies and supervisory authorities for mandatory reporting

All third parties processing personal data on behalf of EISCAT do so under data processing agreements in accordance with Article 28 GDPR.

Transfers Outside the EU/EEA

Personal data is primarily processed within the EU/EEA.

If personal data is transferred to a country outside the EU/EEA, EISCAT ensures that appropriate safeguards are in place in accordance with Chapter V GDPR. This may include:

  • An adequacy decision by the European Commission
  • Standard Contractual Clauses (SCCs)
  • Other lawful transfer mechanisms

Storage and Retention

Personal data is retained only for as long as necessary for the purposes for which it was collected.

Retention periods are determined based on:

  • Legal obligations
  • Research and archival requirements
  • Reporting obligations
  • Contractual commitments

Where personal data is processed as part of research infrastructure operations (including statistical reporting), it is retained for as long as required to fulfil statutory research, reporting and archival obligations.

Search logs from the website are retained for 30 days and are then automatically deleted.

Security of Personal Data

EISCAT implements appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

  • Access controls
  • Encryption where appropriate
  • System monitoring
  • Data minimisation practices

All development and operation of EISCAT’s systems takes place with due regard to data protection principles, including privacy by design and by default.

Automated Decision-Making

EISCAT does not carry out automated decision-making or profiling within the meaning of Article 22 GDPR that produces legal effects concerning individuals.

Rights of the Data Subject

Under the GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request erasure (where applicable)
  • Restrict processing
  • Object to processing based on public interest or legitimate interests
  • Data portability (where processing is based on consent or contract and carried out by automated means)
  • Withdraw consent at any time (where processing is based on consent)

You also have the right to lodge a complaint with a supervisory authority.

In Sweden, the competent supervisory authority is:

Integritetsskyddsmyndigheten (IMY)
https://www.imy.se

You may also lodge a complaint with the supervisory authority in the EU/EEA country where you reside, work or where the alleged infringement occurred.

EISCAT Website

When visiting https://www.eiscat.se, certain technical information is collected, including:

  • Browser type
  • Device information
  • Pages visited
  • Referring pages

This information is collected through cookies and similar technologies.

Non-essential cookies are used only where required consent has been obtained in accordance with applicable law. Users may manage or withdraw consent via the cookie settings available on the website.

Further details are provided in the EISCAT Cookie Policy:
https://eiscat.se/cookie-policy/

IP addresses are processed where necessary for security purposes but are not stored longer than required for those purposes.

Internal Search Function

Searches performed using the internal search function may log:

  • Search terms
  • Number of results returned
  • User ID (for logged-in users)
  • Date and time

IP addresses are not stored in search logs.
Search logs are retained for 30 days.

EISCAT Madrigal Service

When using the Madrigal service (https://madrigal.eiscat.se/madrigal/), the following personal data is processed:

  • Name
  • Email address
  • Affiliation

This data is processed for access control, research reporting and statistical purposes and is retained for as long as necessary to fulfil EISCAT’s research infrastructure obligations, reporting requirements and archival responsibilities.

Embedded Content from Other Websites

Articles on this website may include embedded content (e.g. videos or images). Embedded content behaves as if the visitor has visited the originating website.

These third-party websites may collect data about you, use cookies, and monitor your interaction with embedded content. EISCAT is not responsible for the privacy practices of such third parties.

Contact and Exercise of Rights

Requests to exercise your rights, or questions regarding this Privacy Policy, should be directed to:

contact.us@eiscat.se

or by post to:

EISCAT AB
Attn: Emma Unander
P.O. Box 812
SE-981 28 Kiruna
Sweden

EISCAT will respond without undue delay and within the time limits set out in the GDPR.