IFMSA-Sweden is a membership and our policy for handling personal information, you can read below, or in the document policy for handling personal data and in our Member portal. Our website uses Google Analytics for traffic analysis, and on some pages even Facebook for social sharing using cookies.
Policy for handling personal data
This applies to all engaged in IFMSA-Sweden as well as IFMSA-Sweden's local centres and projects. It was adopted on 2018-05-04 and is valid for three years or until the Board is updating the.
GDPR is data protection regulation which will enter into force on 25 may 2018. All data that can be attached to a living individual counts as personal data, t.ex. name, social security numbers and email addresses. The law also mentions that special consideration should be taken when sensitive personal data is handled, which is defined as any of the following:
- racial or ethnic origin,
- political opinions,
- religious or philosophical beliefs,
- membership in a Trade Union,
- a person's sexual life or sexual orientation,
- genetic and biometric data that unambiguously identifies a person.
Under the regulation, all personal data are handled according to basic principles that follow.
Legality, correctness and transparency
Data should be collected on a legal basis (t.ex. with consent) and information that is stored and what it is used for should be clear to the person who the data is about.
Personal data shall only be collected for specific, explicit and legitimate purposes. These purposes must be clear for the person in question and are documented in writing.
Data minimisation means that personal data should be adequate, relevant and not excessive in relation to the purposes for which they are processed. In other words, it is not allowed to collect personal information for the indefinite future needs.
Personal data should be accurate and up to date. If something is incorrect, the person in question to be able to change it.
Personal data may not be stored for no longer than necessary for the purpose. When the purpose is not relevant anymore, the information is deleted or depersonalized.
Integrity and confidentiality
The personal data shall be protected in particular against unauthorised or unlawful processing and against loss, destruction or damage by accident
Those who handle personal data is responsible for ensuring compliance with the law and that it is clear how it intends to comply with them.
IFMSA-Canada respects the individual's right to their data and understand the importance of data protection regulation. IFMSA-Sweden strives to manage the personal data we handle in accordance with the data protection regulation.
IFMSA-Sweden to our Association shall operate in accordance with the data protection regulation:
- Appoints annually a controller within the Board.
- Have a list of the personal data processed, the purpose of the data, how it communicated with relevant and when it should be removed; as well as update the list annually.
- Establishes, monitors and evaluates our internal practices for handling data, in accordance with the list below.
- Strive to inform people that the Association collects data about the, why and how long the data will be saved.
- If people want to delete or modify their data as the Association handle, it will be done as soon as possible.
- Guidelines should be established and followed for how security around logging into mail- and drive-accounts are managed.
List of personal data
Personal data of alumni will be stored in the document on drivekonto President indefinitely, or until alumni choose to leave group.
Grant applications, final reports and other financial documents
Grant applications, requisitions and final reports are collected and stored in order to keep the economy and distribute grants to Member activities. They are saved in IFMSA-Sweden joint drive echoes the tone for an indefinite period and is regarded as the official document that everyone in society can read as they are the basis for economic decisions. All documents required for IFMSA-Sweden's or local centres ' records are stored in seven years, According to the law.
Engaged in the Association
Lists the names of Board members as well as local President is stored in accordance with the bylaws of the archive.
To many national and local events are registered participants registered, allergies etc. The data that is collected is used only to the event itself and deleted at the latest one year after max. Data is stored at the IFMSA-Sweden's official drive-accounts and shared only with those who need to have access to the.
IFMSA-Sweden and other Facebook pages belonging to IFMSA-Sweden (including local city pages) will delete messages to this page after a maximum 5 years. Other data stored on this page will not be considered systematically. Any communication on Facebook that take place between individuals taking IFMSA-Sweden no responsibility for.
No data about those who visit the site are stored by IFMSA-Sweden. Information published on the website (for example, in blog posts, etc) be saved indefinitely for documenting what IFMSA-Sweden as coalition makes.
MailChimp handles mail lists and allows mail to be sent to all members. No email addresses are saved in mailchimp after a member has gone out of the Association. Only those who have the need to email members or a subset of all members have access to mailchimp.
IFMSA-Sweden is a small compound with high turnover of engaged. For the convenience of those responsible within the compound in their daily activities include mail accounts that are attached to each post of responsibility. This means that those who sit in positions of responsibility can take note of what the forerunners made as part of handover. It also means that there can be continuity in long-term internal processes as well as vis-à-vis external contacts, Despite the fact that those who sit on the liability item is changed frequently.
Emails will not be used for any purpose other than IFMSA-Sweden or IFMSA-Sweden's local cities or project's continuous operations.
We understand that there is a lot of personal data in the mail and have weighted for- and disadvantages to save them. We will take the following measures to the data- and lagringsminimera in our mail accounts.
- All data that is sensitive, as well as information that could be considered sensitive in addition to those that the law specifies (incl.. social security number, account number, long lists of attendees/members), will be highlighted and deleted after the end of each fiscal year. Sensitive data is saved, therefore the maximum one year.
- Mail that is older than 10 years will be automatically deleted, unless there is a specific reason that they should be saved.
This means that mail sent to IFMSA-Sweden e-mail addresses can be saved for up to 10 years. Email with sensitive personal data can be stored up to one year.
In every email sent from all mail accounts in ifmsa-Sweden's National Board of Directors and LORFar information on this will be clear and accessible.
All members are registered on the website, for us to know who's in the Club.
Data depersonalized after max three year, but stored de-identified to follow number of members over time. The data will not be used for anything other than the activities of IFMSA-Sweden.
Notification to Exchange is to be able to distribute and manage Exchange places, and any spare seats. It is not used for other purposes. Information about Exchange stores max 3 years. Data is stored at the IFMSA-Sweden's official drive-accounts and shared only with those who need to have access to the.
Travel stories submitted after exchanges are stored indefinitely to serve as guidelines for the next person who goes to the same country. They are shared with all members.
Information about involvement in the Association are recorded and saved to be able to implement the points system for priority access to the exchanges that we have within the business. This data is stored on the google drive in max 3 years, and are not used for other purposes than exchanged scoring system.
Protocols and annexes at Board meetings and FUM
All the National Board's protocols and annexes are saved in accordance with Charter instructions in the archive for an indefinite period of time. They are saved even in driven to the Association shall retain information on decisions taken in the Association.