EISCAT logotype

Privacy Policy

This Privacy Policy explains how EISCAT processes personal data in accordance with the General Data Protection Regulation (GDPR).

On 25 May 2018, the General Data Protection Regulation (GDPR) (EU) 2016/679 entered into force within the European Union. The GDPR strengthens the protection of personal data and grants individuals greater control over how their personal data is processed.

EISCAT (organisation number 559506-6340), with Headquarter in Kiruna, Sweden, and operating facilities in Sweden, Finland and Norway, is the data controller for the processing of personal data described in this policy.

Questions regarding the processing of personal data may be directed to:
Mrs Emma Unander

Personal data

Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, personal identity number, online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.

Photographs, video and audio recordings of individuals may constitute personal data if the individual can be identified. Personal data also includes information that has been pseudonymised, encrypted or coded, provided that it can be attributed to a natural person using additional information.

Processing of personal data refers to any operation performed on personal data, such as collection, recording, organisation, storage, use, disclosure or deletion.

Categories of personal data and purpose of processing

EISCAT only processes personal data that is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed. Personal data is collected in order to:

  • provide and maintain EISCAT services and systems.
  • ensure the security and proper functioning of those services.
  • fulfil legal, administrative and contractual obligations.
  • produce mandatory statistics and analyses.

Legal basis for processing

Personal data is processed in accordance with Article 6 of the GDPR. Processing is lawful only where at least one of the following legal bases applies:

  • the processing is necessary for the performance of a contract or service,
  • the data subject has given consent,
  • the processing is necessary for compliance with a legal obligation,
  • the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority.

As an employer, EISCAT processes personal data relating to employees and contractors where such processing is necessary for the administration of employment relationships and contractual obligations.

Storage and retention of personal data

Personal data is retained only for as long as necessary for the purposes for which it is processed, unless a longer retention period is required by law or justified by legitimate operational needs, such as statistical reporting or archival obligations.

Security of personal data

EISCAT implements appropriate technical and organisational measures to ensure a level of security appropriate to the risk. These measures are designed to protect personal data against unauthorised or unlawful processing, accidental loss, destruction or damage.

All development and operation of EISCAT’s systems and services takes place with due regard to data protection, data minimisation and respect for the rights and freedoms of data subjects.

Rights of the data subject

In accordance with the GDPR, data subjects have the following rights:

Right of access
You have the right to request confirmation as to whether personal data concerning you is being processed and, where that is the case, access to the personal data and related information.

Right to rectification
You have the right to request the correction of inaccurate personal data and the completion of incomplete personal data without undue delay.

Right to erasure (“right to be forgotten”)
You may request the deletion of personal data where the conditions set out in Article 17 of the GDPR are met. This right does not apply where processing is necessary for compliance with a legal obligation or for the performance of a task carried out in the public interest.

Right to restriction of processing
In certain circumstances, you have the right to request that the processing of your personal data be restricted.

Right to data portability
Where processing is based on consent or on a contract and is carried out by automated means, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format, and to transmit those data to another data controller, where technically feasible.

Right to object
You have the right to object, on grounds relating to your particular situation, to the processing of personal data that is carried out in the public interest or based on legitimate interests, unless compelling legitimate grounds for the processing exist.

Right to lodge a complaint with a supervisory authority

If you believe that EISCAT’s processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority.

In Sweden, the competent supervisory authority is:

Integritetsskyddsmyndigheten (IMY)
Website: https://www.imy.se

You may also lodge a complaint with the supervisory authority in the EU/EEA country where you reside, work or where the alleged infringement occurred.

Contact and exercise of rights

Requests to exercise your rights under the GDPR, as well as questions regarding this privacy policy or the processing of personal data, should be directed to:

EISCAT AB
Attn: Mrs Emma Unander

EISCAT will respond to requests without undue delay and, in any event, within the time limits set out in the GDPR.

EISCAT services

To provide secure and reliable services, EISCAT processes certain categories of personal data. This may include:

  • name
  • email address
  • affiliation (where relevant)
  • IP address (in limited cases)

Data is also processed for necessary statistical and analytical purposes.

The EISCAT website

When visiting the EISCAT website (https://www.eiscat.se), information relating to the visit is collected, including browser type, device information and pages visited. This information is collected through the use of cookies.

Further details are provided in the EISCAT Cookie Policy:
https://eiscat.se/cookie-policy/

Searches performed using the internal site search function are logged for statistical purposes and may include:

  • search terms
  • number of results returned
  • user ID (for logged-in users)
  • date and time of the search

IP addresses are not stored.
Search logs are retained for 30 days and are then automatically deleted.

EISCAT Madrigal

When using the EISCAT Madrigal service (https://madrigal.eiscat.se/madrigal/), the following personal data is processed:

  • name
  • email address
  • affiliation

This data is retained indefinitely for mandatory statistical reporting and analysis, in accordance with EISCAT’s obligations as a research infrastructure.

Who we are

Suggested text: Our website address is: https://dev.eiscat.se/.

Comments

Suggested text: When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

Suggested text: If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Cookies

Suggested text: If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Suggested text: Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with

Suggested text: If you request a password reset, your IP address will be included in the reset email.

How long we retain your data

Suggested text: If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

Suggested text: If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where your data is sent

Suggested text: Visitor comments may be checked through an automated spam detection service.