Data Protection (GDPR)

How we process your personal data
The County Administrative Board, being the Managing authority for the Interreg Aurora programme, is responsible for the processing of personal data. We follow the GDPR – General Data Protection Regulation.

If you have any questions or opinions on how the County administrative board processes your personal data: dataskyddsombudet@lansstyrelsen.se or interregaurora@lansstyrelsen.se

What is personal data?
Personal data is all types of data connected to a individual living person – direct or indirect. It can be data like:

• name

• personal identification number (social security number)
• nationality
• education
• employment
• contact details.

Personal data are often public documents
As the County Administrative Board is an authority, we must follow the principle of publicity. Personal data contained in public documents may therefore be disclosed upon request if the data is not subject to confidentiality. This means that all documents, including personal data, that are not work material are public documents, and may be disclosed to whoever requests it. In some cases, however, information may be considered confidential and therefore not disclosed.

Archiving of personal data
As a government authority, the starting point according to archive legislation is that the authority must preserve public documents. The County Administrative Board follows these rules on preservation and culls public documents in accordance with current culling rules and decisions.

Personal data that is not part of a public document is only saved as long as it is necessary for the purposes for which it is processed. When a case has been finalized, an assessment is made of what, according to archive legislation, must be preserved in the case. Documents that contain personal data and that are not to be kept are deleted or purged of personal data.

Purpose and legal basis for processing of personal data
Processing of personal data must have a legal basis. The legal bases in the GDPR that are primarily relevant for the Interreg Aurora programme are those called public interest and exercise of authority. The national legal basis is found in the Swedish authority regulations or in specific government mandates. In other words: We may process personal data when it is necessary to work effectively with assignments according to our regulation or in specific government assignments, as well as when it is necessary to make decisions that affect individuals.

We only use personal data for the purpose for which we collect it and only as long as it is necessary. However, we do not have the right to delete what is to be saved in our archives according to the Archives Act.

In order to process the financial support that Interreg Aurora handles, personal data is processed. The purpose of the personal data processing is to process and prepare the applications for support and/or payments received by Interreg Aurora. Interreg Aurora also processes the personal data to carry out follow-up and evaluation of the support.

Interreg Aurora cooperates with many actors and processes personal data linked to this, often via email. If necessary, data such as name and contact details can be shared with other actors, if it is necessary for the cooperation.

The personal data may also be processed to ensure that the IT systems in which they are processed work as they should and are secure. Interreg Aurora also processes personal data if decisions have been appealed to a court.

Those who can access the personal data
Those who can access the data are employees at Interreg Aurora who need the data to perform their duties. In projects with several project partners, your data may need to be disclosed to the project owner so that he can apply for the payment of project support.

In addition to disclosures as a result of the principle of publicity, other authorities may have access to the personal data. The data may also be sent to the EU institutions.

For the grants that have been granted, information about project managers can be published on the Project Bank.

What rights do you have under the GDPR?
You have the right to know whether we have personal data about you, and if so which.

You also have the right to request correction or that we limit the processing of your personal data. If we process your data because of an agreement or because you have consented to the processing, you can request the transfer of the data.

In some cases, you may have the right to have your personal data deleted. If we receive such a request, we will examine it in accordance with current legislation. However, we may not delete what must be saved in our archives according to the Archives Act.

Personal data about employees of companies or other organizations that applied for support from Interreg Aurora
Interreg Aurora may process personal data about you as an employee of – or otherwise connected to – an organization that has applied for support, or who participates in a project that has applied for support. A prerequisite for Interreg Aurora to process your personal data is that the organization has applied for support for costs linked to you or that you perform tasks for the organization in our system through the My Application service. The personal data has been submitted to Interreg Aurora via your employer or a project partner of your employer. In some cases, Interreg Aurora also collects data from other government agencies.

The categories of information that can be processed about you as an employee of an applicant organization are name, personal identification number (social security number) or coordination number, role in the project in question, time worked, absence from work (holidays, child care, sick leave not counted against the regular salary, parental leave as not counted from the regular salary, etc.), income information and special categories of personal data in the form of sickness certificates and more (information about health). In the event of absence due to child care, there may be information about the child.