Nordplus Data Policy
Nordplus is committed to respecting your privacy and protecting your personal information. Nordplus emphasizes that the handling of your personal information is done in a safe and secure manner. We will be transparent about the information we collect and what we will do with it. In summary, here is how Nordplus processes your personal information:
- Nordplus will provide you with details about the information we collect and what we will do with it.
- Nordplus will put in place measures and use methods to keep your information secure and protected.
- Nordplus will make sure your data protection rights are respected and to will provide you with more control over your own information.
- Nordplus will use the information you provide for the purposes described in our Privacy Policy. These purposes include evaluating your application for a grant and issuing your grant if accepted.
- Nordplus will not send you any marketing material. However, we may send you important updates and information relevant to your grant application or your previous correspondence with us.
Below, you can read our Privacy Policy in more detail. Reading the Privacy Policy will give you a better understanding of how your personal information is used, what types of information we collect, how it is collected, what purposes it will be used for and who it may be shared with.
Please keep in mind that the summary above, and the Privacy Policy below, are not contractual and do therefore not a formal part of your contract with us, without prejudice to your rights under applicable laws.
Details about the data controller of your personal information
Where Nordplus processes your personal information under this Privacy Policy, it is considered to be the “data controller” of your personal information under European Union Regulation (EC) N° 45/2001 of the European Parliament and of the Council of 18 December 2000. And Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) and Icelandic data protection law Act no. 90/2018 on Data Protection and the Processing of Personal Data.
Our address is as follows:
Nordplus Main coordinating Office Rannís – The Icelandic Centre for Research Borgartúni 30 105 Reykjavík Iceland
Nordplus has appointed a Data Protection Officer, whom you can reach by e-mail [andres.petursson@rannis.is] or write to the above address.
Whenever you apply for a grant through Nordplus and its sub-programmes, some parts of the application process involve separate Universities, research centres, schools, NGO‘s or partners directly involved in the process, then those additional partners will be considered separate “data controllers” under European Union data protection law. In that case, Nordplus and any other partners will be joint controllers of your personal information.
The Privacy Policy of Nordplus applies when we collect, use or otherwise process your personal information when you apply for grant related to any of our various funding schemes. Additionally, the Privacy Policy applies when you contact us directly or through a third party, in relation to any of our services.
Where we reference that others are data controllers in the sections 'Controller of Personal Information' and 'Who do we share your personal information with?' you should consult their privacy policies for further information.
For further information on the applicability of privacy policies, such as when there are additional “data controllers” as described in the section “Details about the data controller of your personal information” or when we share your personal information, as described in the section “In which cases and with whom do we share your personal information?” we advise that you refer to their privacy policies for additional details.
Additional Terms and Conditions or policies may apply if your application is accepted. Please refer to the relevant funding scheme to see whether any such Terms and Conditions or policies apply.
Whenever information provides details which identify your person or could be used for the same purpose, it is considered as personal information. An example might be your name, your contact details, your national ID, or your work or study details. Details on how you use our websites may also be personal information.
In which cases do we process and from whom might we receive your personal information?
Whenever you apply for any of our grants, contact us via e-mail or give us a call, we collect your personal information. The same applies when these services are provided by third parties or agents acting on behalf of Nordplus. Please be aware that if you do not wish to provide us with personal data which is necessary for the evaluation of your grant application or which we have a legal obligation to process, we may not be able to evaluate your application or provide you with the grant you have applied for.
Furthermore, we may receive your personal information from third parties, such as:
- When a separate school transfers your information to us.
- When our staff is contacted by the original recipient of your grant application to participate in the evaluation of your application.
To see which types of personal information Nordplus processes about you, please see the section “What types of personal information do we process?”
What types of personal information do we process?
To evaluate your grant applications and, if accepted, to pay your grant, we will need to process your personal information. Further processing may take place for statistical analysis of applicants and to comply with legal obligations placed upon Nordplus.
Nordplus processes the following types of personal information:
- Information that you provide which is used to evaluate if your application for an educational mobility or project grant will be accepted.
- For example, your name, address, email, contact details, date of birth or gender.
- Your current job, previous research, works, references, education and other achievements.
- Information about other members of your team, if applicable.
- Details of your educational project.
- Other information relevant to your application.
- Information needed to pay your grant.
- Your bank details, such as your account details and payment information
- Information about grants that you have previously received.
- Information about our previous interactions.
- We will retain information if you have contacted us regarding grant applications, inquiries about grants or funding schemes or other services of Nordplus.
When and why do we collect ‘sensitive personal data'?
In some cases, Nordplus may process your personal information which is considered as sensitive. Specific categories of personal information, such as on religion, health or ethnicity require additional safeguards under European Union, Nordic and Baltic data protection law. These categories are referred to as “sensitive personal data”. Nordplus will only process these categories of data in specific circumstances.
Following are examples where we may process “sensitive personal data”:
- Applicants who have disabilities may, in certain cases, be eligible for special or additional grants. In order for Nordplus to evaluate applications for such additional grants, applicants will need to provide information about their disabilities.
- Some grant applications involve artistic or cultural programmes, where the application progress may involve writing essays or descriptions about works of art or literature. In some cases, applications may be suggestive or explicit about an applicant's religious or political beliefs. If an applicant provides Nordplus with such details, they will need to be processed as part of the grant application process.
For which purposes do we process your personal information?
- To evaluate whether your application for a grant will be accepted or not.
- All applications for a grant will be subjected to certain criteria or requirements relevant to the fund in question. In order to evaluate which applications best serve the purpose of each fund, your personal information needs to be processed.
- For example, if you have
- To make grant payments to successful applicants.
- If your application has been accepted by Nordplus, you may be eligible to receive payment of your grant. For payment to take place, Nordplus may need to process your payment information.
- To carry out and maintain statistical analysis on our activities.
- We may extract information on you as an applicant or your application in order to make and maintain statistical information about our activities. For example, we may process information like your age, gender or educational background as part of our statistical analysis.
- To fulfill our other legal obligations.
- Nordplus is subject to Nordic and Baltic legislation on public archives. As part of that legal obligations, Nordplus and the different sub-programs, may be required to submit your personal information to the National Archives of the countries concerned.
- For purposes related to legal claims or disagreements.
- We may use your personal information to uphold our legal rights or the rights of our employees, e.g. in cases related to illegal activities, fraud or harassment.
- For management and administrative purposes.
- We may use and retain your personal information, including your application details, for administrative purposes, which may include for example, accounting and billing, auditing, credit or other payment card verification, anti-fraud screening (including the use of credit reference agency searches and payment card validation checks) and systems testing, maintenance and development.
What is our legal basis for processing your personal information?
Your personal information will only be processed by Nordplus where there is a legal basis for the processing. The legal basis may differ based on the purpose of the processing of your personal information. In almost all cases, the legal basis will be as follows:
- Because the processing of your information is necessary for the evaluation and payment of your grant application.
- Because Nordplus needs to process your personal information to comply with legal or regulatory requirements.
- Because you have given your consent to Nordplus for processing your information for a specific purpose.
In cases where the processing of your data is subject to other laws, then the legal basis for processing may be different than stated above. In such circumstances, the processing may be based on your consent in all cases.
We will only process your personal information when you have provided your consent for us to do so.
Whenever we process personal information based on your consent, you may withdraw your consent at any time. To do so, please contact the Main coordinator of Nordplus by sending an e-mail nordplus@rannis.is call us at +354 515 5800 or write to us at:
Nordplus-The Main Administration
Rannís – The Icelandic Centre for Research
Borgartúni 30
105 Reykjavík
For how long do we retain personal information?
Your personal information will be kept as long as it is needed for the purpose it is being processed. For example, we will need to retain information related to your application for as long as it is needed to evaluate and pay your grant after that so that we can respond to claims, inquiries, disputes or questions about the grant.
Nordplus actively reviews personal information so that it is not retained longer than there is a legal basis for it being processed. In some cases, it may be anonymized and in other cases, deleted.
In which cases and with whom do we share your personal information?
Nordplus may share your personal information with other universities, schools, research centres or other parties which participate in the grant, mobility and education schemes you apply to.
Your personal information may also be shared with the following third parties:
- Where we contract or hire third parties on the basis of their experience or expertise to evaluate applications for certain grants.
- In cases where we are legally required to share your information with government and law enforcement agencies.
- Third party providers which we use to process data in order to provide you with our services. For example, third party providers which are involved in the storage of data, software solutions or consultation.
- Third parties involved in the conduct of legal claims, such as law firms or courts.
- Third parties, such as security companies, the police and regulatory authorities, when we may need to safeguard our property and assets, provide safety to our staff and assets or have our rights enforced.
Nordplus will not sell your personal information to third parties.
How does Nordplus safeguard personal information that is transferred to third countries?
According to European Union, Nordic and Baltic data protection laws, certain requirements need to be fulfilled when your personal data is transferred to a country outside the European Economic Area. The purpose of these requirements is to make sure your personal information is adequately protected, even when being transferred outside the European Economic Area.
If Nordplus transfers your personal information to a third country, one of the following will apply:
- The transfer is made to a country deemed to provide adequate protection of personal information according to a decision by the European Commmission here. When data is transferred to the US, transfers may be based on the EU-US Privacy Shield.
- The recipient of the personal information has approved binding corporate rules here which provide an adequate level of protection for your personal information.
- Nordplus and the recipient of your personal information have made contracts regarding the transfer of data using standard contractual clauses which the European Commission has decided provide an adequate level of protection for your personal information.
- The recipient of the personal information has approved Codes of Conduct which satisfy the requirements of European Union, Nordic and Baltic data protection law.
- The recipient of the personal information has obtained certification issued by an accredited certification body according to European Union and Nordic/Baltic data protection laws.
How can I make a request for a copy of my personal information and how do I lodge a complaint?
Under European Union and Nordic/Baltic privacy law, you may request a copy of your personal information if it is processed by Nordplus. You do not need to pay a fee for this request, unless it is manifestly unfounded or excessive. Nordplus will make every effort to respond to your request within 30 days of it being received.
Your request must be in writing and must contain the following information:
- Your name and postal address.
- Details of your request.
- Any details which may help us locate the information, which is the subject of your request, for example:
- Details of an application or correspondence which may be related to the personal information.
- Your e-mail address, telephone number or other contact details.
- Additionally, we require you to provide:
- A copy of a government issued ID, such as your passport or driving licence. This is necessary so that we can verify who is making the request.
- Your signature and the date of the request.
- If you are applying on behalf of another person then signed authority from the individual is required.
Please send your request to:
Nordplus-The Main Administration
Rannís – The Icelandic Centre for Research
Borgartúni 30
105 Reykjavík
You also have a right to lodge a complaint with The Icelandic Data Protection Authority or its sister organisations in the countries where you have a domicile. A complaint can be made by writing to:
The Icelandic Data Protection Authority
Rauðarárstígur 10
105 Reykjavík
Iceland