Privacy Policy

Here you will find information about how personal data collected by e.g. the website, is being processed at the Biodiversity Atlas Sweden (BAS) research infrastructure. BAS complies with the General Data Protection Regulation (GDPR). BAS is responsible for all processing of personal data in its operations. Here it is explained how your personal data is processed within BAS. Use the bookmarks to reach the different sections of the page.

BAS processes personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and Council, see link below.

What do BAS do with your personal data?

BAS processes personal data to fulfill our mission as a research infrastructure i.e. to provide access to rich biodiversity data, offer high-quality tools to analyze and visualize this data, and interact with society on these issues. We also do this to review, develop and improve our services and tools and to comply with Swedish law.

All processing of personal data within BAS is done to in promote these purposes. The processing must have legal basis and we only process personal data when needed for a specific purpose.

What Personal data does BAS collect?

There are several reasons why BAS processes your personal data. The most common reasons are that you are a user of our analysis services, participant in a conference or other event, collaborating partner, or if you for some reason have contacted BAS.

We collect all data directly from you. What data we process depends on the reason we process your personal data, it may consist of following:

  • Contact information such as name, address, phone number and e-mail.
  • Personal data obtained from participation in a research study.
  • Information on how you use our websites, in order to improve the user interface, such as through the use of cookies.
  • Information when attending conferences or courses.
How is your personal data protected?

BAS shall ensure that personal data and the processing of personal data are protected by appropriate technical and organizational measures. The measures should be such as to ensure a level of safety appropriate to the risk of handling the data. The security aspects shall include confidentiality, accuracy and availability as well as adequate technical protection. For example, only one authorized person has access to the data, the data is encrypted, stored in specially protected containers.

Who can access your personal data?

Some of the information available at BAS is public documents since BAS is operated from the authority of the Swedish Museum of Natural History. If your personal data is part of a public document, anyone requesting the public document may access your personal data, unless secrecy under the privacy law (offentlighets- och sekretesslagen, 2009: 400) prevents this.

Furthermore, your personal data may be disclosed to BAS’s partners in research projects or to other parties who need to access them as a result of agreements between BAS and you, or because of legal obligations that BAS may have.
Upon transfer of personal data to another party, BAS shall take all reasonable legal, organizational and technical measures that may be required to protect your personal data. You will receive information if we plan to disclose information about you to other organizations.
BAS will not transfer personal data to other parties without legal support.

How long is your data stored?

We save your personal data only for as long as the purpose of the process is required, or as long as required by law.
In the case of public documents, personal data are handled in accordance with the provisions of the Freedom of Press Regulation (1949: 105), the Archives Act (1990: 782) and the National Archives regulations. In many cases, this means that your personal data can be saved for in between five years and for all future in the central archives of the Swedish Museum of Natural History.

Data to third country

BAS may transfer personal data to third countries outside the EU / EEA, in particular for international research projects, conferences or other training events. BAS will then take all reasonable legal, organizational and technical measures required to achieve an adequate level of protection for your personal data. You will also be informed about this.

Your rights according to the GDPR

The General Data Protection Regulation gives you a number of rights towards BAS:


You are entitled to request a reply as to whether BAS processes personal data about you and to receive a free copy of the personal data being processed. In connection with such a request, BAS also provides additional information about the data processed, e.g. its purpose, categories of personal data being processed, expected storage time, etc.


You are entitled to request that your personal data processed at BAS be corrected if they are incorrect. BAS is then required to correct your personal data without unnecessary delay.


You are entitled to have your personal data deleted from BAS’s system, if your personal data is no longer required to meet the purpose for which they were collected.
There may be provisions requiring BAS not to delete your personal data, such as the regulations regarding public documents. If your personal data has been disclosed to another party, BAS will take all reasonable steps to notify these parties of your request for deletion.
If BAS cannot delete your personal data for legal reasons, we will limit the processing of your data to only include what is required to comply with BAS obligations.


You are entitled to request that the processing of your personal data be limited, which means that we will only process your personal data for specific purposes. BAS will limit processing of personal data in the following cases:

  • If you claim that your personal data is incorrect and BAS needs time to check the accuracy of the data.
  • If you oppose processing of personal data by BAS. The processing is then limited until considerations have been made balancing between your reasons for objection and the BAS compelling legitimate reasons.
  • If you request deletion of your personal data, but we cannot do this for any reason.

You are entitled to object to BAS’s processing of your personal data in certain cases, such as research or educational activities. BAS will then terminate processing your personal data unless we have compelling reasons to continue with it or if the processing of personal data is required for BAS’s legal claims.

Our site may, from time to time, contain links to and from the websites of our partners and members. If you follow a link to any of these websites, please note that these websites and any services that may be accessible through them have their own privacy policies and that we do not accept any responsibility or liability for these policies or for any personal data that may be collected through these websites or services. Please check these policies before you submit any personal data to these websites or use these services.

Changes to this policy

Any changes we may make to this policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy.

Questions and Contact

If you have questions regarding data protection, you can contact the privacy and data protection officer the Swedish Museum of Natural History, see below.

Privacy and data protection officer, the Swedish Museum of Natural History
email, Phone: +46 709-163270 Address: Frescativägen 40, 104 05 Stockholm, Sweden