Integrity Policy
Processing of personal data at The Nordic Africa Institute.
1. Introduction
The General Data Protection Regulation (GDPR) is a regulation that aims for greater transparency when it comes to individual citizens rights to knowledge about which information companies, public agencies and other organizations are keeping about them.
As a government agency, The Nordic Africa Institute is responsible for handling personal data in accordance with current data protection legislation.
If you have questions about how we treat your personal information, please contact the Data Protection Officer. Contact details can be found at the end of this document.
2. What is personal data and what is meant by processing personal data?
Personal data is any information that directly or indirectly identifies a physical living person. Personal information may include: name, email address, phone number, photo, audio recording and IP number. Processing of personal data is a collective term for collecting, recording, storing, processing and disseminating various types of personal data.
3. Why do NAI process personal data?
NAI processes personal data to fulfil the mission and tasks as a government agency. NAIs mission is to 1) conduct and promote research on modern Africa, 2) produce and disseminate relevant research-based knowledge to decision-makers, scholars, students, the media and the public, and 3) document and make available literature and other documents relevant to research about Africa. All processing of personal data within the agency is done in order to promote this work.
The most common reasons NAI treats personal data is when someone
- signs up for conferences and other events that we organize
- subscribes to our newsletter, our policy notes or our email service for journalists
- orders books and printed materials
- asks questions via email or web form
- is documented in any of our photographic, filmed or recorded materials
- applies for scholarships
- applies for an open position
- is employed by us
- is a user of our library
- is a user of our website
- for any other reason, contacts or cooperates with us.
4. By what right do NAI treat personal data?
All personal data processing shall have a legal basis in the General Data Protection Regulation.
As a public agency, the legal grounds consist primarily of one of the following options:
- The processing is necessary in order to carry out a task in the public interest.
- The processing is necessary for compliance with a legal obligation.
- The processing is part of the exercise of official authority.
5. What personal data do NAI treat?
NAI only stores information that is needed to fulfil the mission and tasks.
For example, it may be:
- Name, address, telephone number and e-mail address for the purpose of getting in contact with someone.
- Bank and account information to pay or send an invoice
- Personal information required when applying for an open position
6. How are personal data protected and who can share them?
NAI saves your personal information as long as is needed to fulfil the purpose, or as long as required by law. For example, if you subscribe to our newsletter, our event notifications, our policy notes or our email service for journalists, we will keep a record of your email address for as long as you are a subscriber. If you no longer want any of these messages, your personal information will be deleted.
Personal data in public documents are dealt with in accordance with the rules of the Freedom of The Press Act (1949: 105), the Archives Act (1990: 782) and the National Archives Act. In many cases, this means that your personal data may be saved for between two years and all future in our archives.
NAI is a public organisation, which means that personal data may be subject to disclosure to third parties, for example when a request for public documents is made under Chapter 2 of the Freedom of the Press Act (Tryckfrihetsförordningen). A secrecy assessment is always made before disclosure according to the regulations of the swedish law “Public access to information and secrecy act” (Offentlighets- och sekretesslagen).
7. What do the rights look like?
The General Data Protection Regulation stipulates the following rights:
- Right of access: The right to know what personal data NAI processes about someone.
- Right to rectification: The right to request that your personal data be corrected if they are incorrect.
- Right to erasure: The right to have your personal data deleted if the information is no longer required to fulfill the purpose for which they were collected.
- Right to limit someone`s personal data: The right to request that the storing of personal data be limited.
- Right to object to processing: The right to object to the storing of your personal data.
- You are also entitled to complain to the Swedish Authority for Privacy Protection, which is the supervisory authority for processing personal data.
There may be provisions in other legislation that apply to data protection legislation, which means that certain rights regarding the processing of personal data are not fully applied. For example, when the rules on archiving of public documents apply to a document, record or register, be it digital or non-digital, it might mean that we cannot delete personal data, even upon a direct request.
To exercise your individual rights, for example to request an extract of your personal data from our registers, please contact the Data Protection Officer at The Nordic Africa Institute (please read below for contact information).
Revised and updated 13 March 2024.
Contact information
Data controller
Nordiska Afrikainstitutet
Box 1703
SE-751 47 UPPSALA
E-mail: nai@nai.uu.se
Org.nr: 202100-2726
Data protection officer
Mikaela Östh
E-mail: dso@nai.uu.se