In accordance with the General Data Protection Regulation (GDPR) and other legislation, the National Board for Assessment of Research Misconduct (Npof) is obliged to provide details on the processing of personal data involved in its own operations.
Data controller and data protection officer
Npof (email@example.com) is the data controller responsible for processing personal data within the scope of its activities. The Board has a data protection officer (firstname.lastname@example.org).
Purpose and legal basis
Npof is a Swedish government agency with the remit of investigating matters concerning suspected and alleged research misconduct. It is also obliged to publish an annual report compiling its own decisions and information on other breaches of good research practice reported by higher education institutions (HEIs).
Throughout its operations, Npof processes personal data ranging from particulars of its own staff and members to personal particulars of the parties involved in our investigations of suspected research misconduct. When we collect personal data, information about the purpose and legal basis, and also our handling and protection of the data and data subjects’ rights, is available
As a government agency, Npof works on a legal basis resting broadly on one of the following data-processing criteria:
- The processing of personal data is necessary to perform a task in the public interest.
- It is necessary to fulfil a legal obligation.
- It forms part of the Board’s exercise of official authority.
Personal data handling and protection
Npof takes relevant, sufficient organisational and technical measures to ensure data protection in accordance with the rules in force at any given time.
The information is preserved or screened pursuant to the statutory requirements to which Npof, a government agency, is subject.
Npof is part of the public sector, which means that it may need to disclose personal data to third parties in the event, for example, of a request for public documents under Chapter 2 of the Swedish Freedom of the Press Act. Disclosure is always preceded by a confidentiality assessment.
Data subjects’ rights
You are entitled to receive information about your personal data that we process and, if so, how we do so. You also have the right to have incorrect personal data rectified and incomplete personal data supplemented. There is also, on certain conditions, a right to have data deleted or to object to processing of your personal data. Additionally, you are entitled to lodge a complaint with a supervisory authority and, at any time, withdraw consent previously given.