Privacy Policy

IFMSA-Sweden is a membership and our policy for handling personal data can be read below or in the document policy for handling personal data as well as in our member portal. Our website uses Google Analytics traffic analysis as well as on some pages even Facebook for social sharing with cookies.

Policy for handling of personal data

This applies to all involved in IFMSA-Sweden and IFMSA-Sweden's local resorts and projects. It was adopted on 2018-05-04 and for three years or until the Board updates the.

Background

GDPR is the Data Protection Regulation, which comes into force on 25 May 2018. All data can be linked to a living individual counts as personal data, t.ex. name, Social Security number and e-mail addresses. The law also mentions that special consideration should be taken when sensitive personal data is handled, which is defined as the following:

  • race or ethnicity,
  • political opinions,
  • religious or philosophical beliefs,
  • union membership,
  • health,
  • a person's sex or sexual,
  • genetic data and biometric data that uniquely identifies a person.

The regulation requires all personal data is handled in accordance with the basic principles that follow.

Legality, regularity and transparency

Data will be collected on a legal basis (t.ex. with consent) and information that is stored and how it is used should be clear to the person that data is about.

Purpose limitation

Personal data shall only be collected for specified, explicit and legitimate purposes. These aims should be clear to the person concerned and documented in writing.

Data Minimization

Data minimization means that personal data must be adequate, relevant and not excessive in relation to the purposes for which they are. It is thus not allowed to collect personal information for the indefinite future needs.

correctness

Personal data shall be accurate and updated. If anything is incorrect, he must be able to change it.

Lagringsminimering

Personal data may not be stored for longer than is considered necessary for the purpose. When the purpose is not relevant anymore, the information is deleted or depersonalised.

Privacy and confidentiality

Personal information must be protected including against unauthorized or unlawful processing and against loss, destruction or damage by accidental

Accountability

Those who handle personal data is responsible for ensuring compliance with the law and that it is clear how to act on them.

position

IFMSA-Sweden respects the individual's right to their data and understand the importance of data protection regulation. IFMSA-Sweden seeks to manage the personal data we handle in accordance with the Data Protection Regulation.

Implementation

IFMSA-Sweden do the following to our association shall operate in accordance with the Data Protection Regulation:

  • Annually appoints a data controller within the board.
  • Have a list of the personal data handled, the purpose of data, how it communicated with relevant and when it should be removed; and updating the list annually.
  • establishes, monitors and evaluates our internal practices for managing data, as listed below.
  • Strive to always inform the people that the association collects data about done, why and how long the data is stored.
  • If people want to erase or modify its data association handles it will be done as soon as possible.
  • Guidelines are established and followed for the security surrounding the login email- and drive-accounts handled.

Despite the lofty goals and good intentions, we want to add that IFMSA-Sweden is a small association run by volunteers committed. This makes it difficult to ensure that we do not fail at any point. If something happens that makes the law is not followed, we will do our best to correct it. If anyone has any comments or questions about this policy or how we handle personal information are welcome to contact us by president @ ifmsa.se.

List of personal data

Alumni

Personal data of alumni will be stored in the document on Governor Drive account indefinitely, or until alumni choose to join the group.

grant, final reports and other financial documents

grant, requisitions and final reports are collected and saved in order to keep the economy and distribute grants to member activities. They saved the IFMSA-Sweden Joint Drive accounts indefinitely and are considered official documents all within the association must read as they are the basis for economic decisions. All documents required for IFMSA-Sweden or local resorts' accounts kept for seven years, according to the law.

Engaged in compound

Lists of names of board members as well as local chairman are held in accordance with our rules in the archive.

Event

For many national and local events are recorded notified participants, allergies etc.. The data collected is used only for the actual event and later deleted after a maximum of one year. The data stored on the IFMSA-Sweden's official drive-accounts and shared only with those who need access to the.

Facebook

IFMSA-Sweden and other Facebook pages that belong to IFMSA-Sweden (including lokalortssidor) will clear messages to the side after a maximum 5 year. Other data stored on the side not treated systematically. Any communication on Facebook that occurs between individuals taking IFMSA-Sweden no responsibility for.

Website

No data on who visits the page stored by IFMSA-Sweden. Data released on the website (for example in the blog entries, etc.) stored indefinitely in order to document what IFMSA-Sweden as compound makes.

Mailchimp

Mailchimp manages email lists and makes the mail can be sent to all members. No email addresses are stored in MailChimp after a member has left the association. Only those who need to mail members or a part of all members have access to MailChimp.

Mailkonton

IFMSA-Sweden is a small club with a high turnover of engaged. To make it easier for managers within the association in its daily operations are email accounts that are linked to the responsible post. This means that those sitting in positions of responsibility can take note of what predecessors as part of handovers. It also means that there can be continuity in the long-term internal processes and to external contacts, despite sitting on the responsibility of the post is often replaced.

The mail will not be used for purposes other than IFMSA-Sweden or IFMSA-Sweden's local resorts or project continuing operations.

We understand that it is very personal information in the mail and have weighed the- and disadvantages to save them. We will take the following steps to task- and storage minimize our email accounts.

  • All the information is sensitive, as well as information that could be considered sensitive in addition to those that the law specifies (Incl. personal, account number, long lists of participants / members), will be highlighted and deleted after the end of each fiscal year. Sensitive data is saved then a maximum one year.
  • Mail that is older than 10 years will be automatically deleted, unless there is a specific reason that they will be saved.

This means that email sent to Sweden IFMSA-mail addresses can be stored for up to 10 year. Mail with sensitive personal data can be stored up to one year.

In every email sent from any email accounts within IFMSA-Sweden's National Board of Directors and LORFar, information on this is clear and accessible.

Member Directory

All members registered on the website, so that we know who is the association.
Data depersonalised after a maximum of three years, but stored depersonalised to monitor the number of members over time. The data will not be used for anything other than IFMSA-Sweden business.

exchanges

Registration for exchanges used to distribute and manage exchange sites and any spare places. It is not used for other purposes. Information about the exchanges stored max 3 year. The data stored on the IFMSA-Sweden's official drive-accounts and shared only with those who need access to the.

Travel stories submitted after exchanges stored indefinitely to serve as guidelines for the next person who goes to the same country. They shared with all members.

Information about the commitment of the association are recorded and saved to be able to implement the credit system for priority access to the exchanges that we have within the business. This data is stored on Google Drive max 3 year, and is not used for purposes other than the exchange point system.

The protocols and annexes at Board and FUM

All national board minutes and attachments are stored in accordance with stadgeinstruktioner in the archive indefinitely. They also saved in the drive for the association to retain information about decisions taken in the association.