Karolinska Institutet Innovation – Privacy Policy
About Us
Karolinska Institutet Innovation brings together early innovation support, incubation, community and access to capital within one integrated life science ecosystem connected to Karolinska Institutet.
SECURE HANDLING OF YOUR PERSONAL DATA
The EU General Data Protection Regulation (GDPR) places higher demands on how organisations process personal data and gives individuals stronger rights and greater control over how their information is handled.
What does this mean for you?
In short, GDPR means that you:
- Have the right to receive clear and detailed information about how we process your personal data. You can find this information in the Privacy Policy below.
- May, under certain circumstances, request that your personal data be transferred or that the processing of your data be restricted.
- Have stronger rights to access your personal data and, in certain cases, request that it be corrected or deleted.
- Can consent to or object to certain types of processing carried out by us, such as receiving newsletters and other communications.
Privacy Policy
At Karolinska Institutet Innovation, we are committed to ensuring that you always feel safe and confident in how we handle your personal data. You should be able to trust that we process your personal information in a lawful, secure and transparent manner, and never in ways that are inconsistent with applicable data protection legislation.
Under applicable privacy and data protection laws, personal data may only be processed for specified purposes and where there is a lawful basis for the processing.
This Privacy Policy explains:
- why we process your personal data,
- what types of personal data we process,
- the legal basis for our processing,
- how long your data is stored,
- your rights regarding your personal data, and
- who to contact if you have questions or concerns regarding our processing activities.
What is personal data?
Personal data means any information through which you can be directly or indirectly identified, such as your name, email address, phone number, organisation, or project-related information.
What is meant by processing of personal data?
Under applicable legislation, any action performed in relation to personal data is considered processing, regardless of whether automated systems are used. Examples include collection, registration, organisation, storage, use, analysis, sharing, and deletion. Even simply viewing personal data constitutes processing.
Why do we process personal data?
In order to process your personal data, we must have a clear and legitimate purpose as well as a lawful basis for the processing. Personal data may not subsequently be processed in a manner incompatible with the original purpose.
Karolinska Institutet Innovation processes personal data based on the following legal grounds:
- Performance of a contract – when processing is necessary to communicate with you, enter into agreements, provide services, or connect you with consultants, investors, partners or other stakeholders. This may include processing contact details, project information and organisational data.
- Legal obligation – when we are required by law to process and retain certain information, for example for accounting, auditing or regulatory purposes.
- Legitimate interest – when we determine that our legitimate interests outweigh your interest in protecting your privacy. This may include processing related to our projects, companies, programmes, reporting, ecosystem activities and operational development.
- Consent – when you have explicitly consented to specific processing activities, for example by subscribing to newsletters, filling in forms, registering for events or otherwise agreeing to ongoing communication. You may withdraw your consent at any time. Please note that withdrawing consent may affect our ability to provide certain services or communications.
Examples of how we use personal data
Providing services and support
We process personal data to identify you as a current or potential participant in our activities, programmes, networks or services, and to provide the support, communication and follow-up necessary within our innovation ecosystem.
This may also include documentation and reporting related to our activities for operational, ownership or funding purposes.
Legal basis: Performance of a contract and Legitimate interest.
Communication and newsletters
We process personal data to communicate with you regarding our activities, programmes, events, services, news and ecosystem initiatives, including newsletters, invitations and surveys.
We may also process personal data provided in connection with customer satisfaction surveys, questionnaires and feedback forms.
Legal basis: Performance of a contract, Consent and Legitimate interest.
Our legitimate interest is to improve our services, strengthen communication and keep our stakeholders informed about activities and opportunities relevant to them.
Service and organisational development
We process personal data in order to improve and develop our services, programmes, events, digital platforms, internal processes and systems. In some cases, aggregated statistics may be used for analysis and reporting purposes.
Legal basis: Legitimate interest.
Financial administration
We process personal data for invoicing, accounting, auditing and other financial administration purposes.
Legal basis: Legal obligation and Legitimate interest.
How do we collect personal data?
We collect personal data in several ways, including when:
- You provide information to us through forms, registrations, digital interfaces or meetings.
- You communicate with us via email, phone calls, text messages or other channels.
- You participate in surveys, events, programmes or subscribe to newsletters.
- You interact with our websites, which may use cookies and similar technologies to collect information from your browser or device.
How long do we store personal data?
We never store personal data longer than necessary for the purposes for which it was collected, unless we are legally required to retain it for a longer period.
Because personal data is processed for different purposes, retention periods may vary between systems and contexts.
As a general principle:
- Information related to long-term collaborations, projects, innovation support or ecosystem activities may be retained for an extended period due to the nature of our operations.
- Data required under accounting or legal obligations is retained for as long as required by applicable legislation.
- Personal data that is no longer needed is securely deleted or anonymised.
Sharing of personal data
In certain situations, we may share personal data with trusted third parties where necessary to provide our services and carry out our activities.
We never sell personal data to third parties.
Consultants and partners
Karolinska Institutet Innovation collaborates with consultants, service providers and strategic partners to deliver relevant services, programmes and support activities.
Whenever third parties process personal data on our behalf, we ensure that appropriate data processing agreements are in place. These agreements regulate how personal data may be processed and require that all handling is carried out securely and in accordance with applicable legislation.
Our partners and consultants may only process personal data according to our documented instructions and may not use the information for their own purposes.
Your rights
You have the right to know how we process your personal data. This Privacy Policy is intended to provide such information.
Under GDPR, you also have the right to:
- request access to your personal data,
- request correction of inaccurate data,
- request deletion of personal data under certain conditions,
- request restriction of processing,
- object to certain types of processing,
- withdraw previously given consent,
- request transfer of your personal data (data portability).
If you would like to exercise any of your rights or have questions regarding our processing of personal data, please contact us at:
contact@kiinnovation.se or via the contact details below.
Complaints
If you believe that Karolinska Institutet Innovation processes your personal data in violation of applicable data protection laws, we encourage you to contact us first so that we can address your concerns.
You also have the right to lodge a complaint with the Swedish Authority for Privacy Protection:
Integritetsskyddsmyndigheten (IMY)
Contact Information
Karolinska Institutet Innovation
Nanna Svartz väg 6A
171 77 Solna
Sweden
Our website address is: www.kiinnovation.se
Cookies
If you leave a comment on our website, you may choose to save your name, email address and website in cookies. These are provided for your convenience so that you do not have to fill in your details again when leaving another comment. These cookies remain valid for one year.
If you visit our login page, a temporary cookie will be set to determine whether your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, several cookies will also be set to save your login information and screen display preferences. Login cookies remain valid for two days, while screen option cookies remain valid for one year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be stored in your browser. This cookie contains no personal data and only indicates the post ID of the article you just edited. It expires after one day.
Embedded Content from Other Websites
Articles and pages on this website may include embedded content (for example videos, images, articles or other media). Embedded content from other websites behaves in the same way as if the visitor had visited the external website directly.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with the embedded content — including tracking your interaction if you have an account and are logged in to that website.
Who We Share Your Data With
If you request a password reset, your IP address will be included in the reset email.
We do not sell personal data to third parties. Personal information may, however, be processed by trusted service providers supporting the operation, security and functionality of our website and digital services.
How Long We Retain Your Data
If you leave a comment, the comment and its metadata are retained indefinitely. This allows us to recognize and approve follow-up comments automatically instead of holding them in a moderation queue.
For users who register on our website (if applicable), we also store the personal information provided in their user profile. All users can see, edit or delete their personal information at any time, except for their username. Website administrators can also access and edit this information.
Your Rights Regarding Your Data
If you have an account on this website or have left comments, you may request an exported file containing the personal data we hold about you, including any data you have provided to us.
You may also request that we erase any personal data we hold about you. This does not include any data we are required to retain for administrative, legal or security purposes.
Depending on your location and applicable legislation, including GDPR, you may also have the right to object to certain processing activities or request restrictions on how your personal data is processed.
Where Your Data Is Sent
Visitor comments may be checked through an automated spam detection service.
Data may also be processed by trusted third-party providers located within or outside the European Union, in accordance with applicable data protection legislation and appropriate safeguards.
Contact
If you have any questions regarding this privacy policy or how personal data is processed, please contact us through the contact information available on our website: