Privacy Policy

1. What type of personal data do we collect?

1.1 Websites visitors

When you visit one of our public websites under the upsight.se domain, we may collect and process the following personal data:

• Basic browsing data, such as your IP address, browser and device type, the time and date of your visit, and the referring source (i.e., how you arrived at our site). This information is automatically provided by your browser when accessing our site.
• Details about how you interact with the website, including which files you download, your navigation path through the site, and how the site performs during your visit. These interactions are recorded as they occur.

We collect and process this data for the following purposes:

• To evaluate the reach and effectiveness of our communication efforts. In this case, the data is anonymized and analyzed in aggregate form.
• To maintain a secure and reliable experience on our websites. For this purpose, basic browsing information is retained in its original, non-anonymized form.

Our websites use essential browser cookies to function correctly, as well as Google Analytics to gather usage statistics. The essential cookies are anonymous and not connected to any personal data we collect. These are automatically deleted when you close your browser. Some Google Analytics cookies may persist but are automatically removed by your browser after two years. You can toggle off any non-essential cookie category at any time using the floating cookie menu.

Some pages on our websites include integrations with external service providers to display multimedia content or interactive data visualizations. These integrations are clearly labeled and do not establish a connection with the external service unless you actively choose to engage with them. Once you interact with an integration, you are connecting directly to the external provider, and their own privacy policy will apply. In these cases, the external provider acts as an independent data controller in relation to your personal data.

1.1.1 Embedded YouTube videos (cookies)

We embed videos from our official YouTube channel on our website, primarily featuring lectures and other educational content. No connection to YouTube is made until you actively click to play a video. Once playback begins, YouTube may place cookies in your browser for various purposes, similar to visiting youtube.com directly. Learn more about YouTube’s use of cookies.

1.2 Workshops, bootcamps, and course participation

When you register for one of our training services, we may collect and process the following personal information:

• Your name
• Your email address
• Your institutional affiliation (Optional)
• Your phone number (Optional)

We collect and use this information for the following purposes:

• To prepare and organize the training session effectively
• To contact you in case of changes to the time or location of the event
• To register your attendance upon arrival, if required
• To follow up after the training, when relevant (e.g., to share materials, request feedback, or provide additional information)

1.3 Subscribers to event invitations, newsletters, or other updates

When you subscribe to receive content from UpSight, we collect and process the following personal data:

• Your name
• Your email address
• Your institutional affiliation

We use this information for the following purposes:

• To deliver the content you have signed up to receive
• To manage and maintain your subscription preferences

To monitor engagement with our content, we and our service providers may use tracking pixels and tracked links to gather aggregated data on how recipients interact with our communications. To help improve the quality of our training, content, and overall service, we may occasionally contact subscribers for feedback.

1.4 Applicants for positions or freelance opportunities

When you apply or express interest in working with UpSight, we collect and process the following personal information:

• Your name
• Your contact information
• General background details, such as your location, current employment, and citizenship
• Your CV or résumé
• Any additional information relevant to the role or opportunity you are seeking

We collect and use this data for the following purposes:

• To assess your application and qualifications
• To manage and track your progress throughout the hiring or selection process

1.5 Collaborators and contributors on UpSight projects

When you take part in UpSight projects, contribute to our publications, or co-author work with one or more UpSight researchers, we may collect and process the following personal data:

• Your name
• Your institutional affiliation

We collect and use this information for the following purposes:

• To promote the project or publication in which you are a contributor

1.6 Speakers at events held by UpSight

When you participate as a speaker at an UpSight event, we may collect and process the following personal data:

• Your name
• Your institutional affiliation
• Your biography
• A photo of you
• Your image and voice if the event is filmed or live-streamed
• Your voice if the event is audio recorded

We collect and use this data for the following purposes:

• To publicly promote and communicate the UpSight event you are speaking at–before, during, and after it takes place–via our website, social media, and other external platforms.

2. Legal grounds for collecting and processing your personal data

We collect and process your personal data based on the following legal grounds:

• Your consent (in accordance with GDPR Article 6(1)(a))
• Performance of a contract to which you are a party (GDPR Article 6(1)(b))
• Compliance with legal obligations applicable to UpSight (GDPR Article 6(1)(c))
• UpSight’s legitimate interests in operating and improving its services (GDPR Article 6(1)(f))

The legitimate interests pursued by UpSight include, but are not limited to, the following purposes:

• Supporting UpSight’s overall mission and objectives
• Maintaining an adequate level of information security
• Ensuring that our recruitment and selection processes are fair, transparent, and effective

3. From whom do we obtain personal data?

We primarily obtain your personal data directly from you. In some cases, we may also collect information from publicly available sources or through an institution with which you are affiliated.

4. Who we share data with and why

In relation to one or more of the purposes described above, your personal data may be shared with relevant parties such as public authorities, service providers, collaborators, and professional advisers (e.g., auditors).

4.1 Sharing with data processors

We sometimes engage external providers to handle personal data on our behalf–for example, for IT infrastructure, cloud storage, or other technical services. When doing so, we ensure formal agreements are in place that clearly define the provider’s responsibilities, limit the scope of data use, and guarantee that strong security measures are applied throughout the data processing.

4.2 Sharing with other data controllers

In certain cases, we may share your personal data with other data controllers. This may occur, for instance, when UpSight is legally required to disclose information to public authorities, when we jointly process data with a partner institution for a shared purpose, or when another controller needs the data for their own legitimate and independent use.

4.3 Transfer of personal data to recipients outside EU/EEA

Your personal data may be transferred to data processors or controllers based outside the EU/EEA in connection with the purposes outlined in Section 1. Any such transfer will only occur in accordance with the safeguards and requirements set out in Article 44 of the GDPR, ensuring an adequate level of protection for your information.

5. How long do we retain your personal data?

We retain your personal data only for as long as necessary to fulfill the purposes outlined above, and no longer than permitted by the applicable legal bases. Data will either be anonymized or securely deleted in accordance with defined retention policies for each processing activity.

• If processing is based on your consent, your data will be retained until the purpose is fulfilled–unless you choose to withdraw your consent earlier.
• If processing is based on a contract or legal obligation, your data will be retained until the contract is completed, terminated, or the legal obligation expires–unless another valid purpose and legal basis apply.
• If processing is based on UpSight’s legitimate interest in supporting our mission, the data may be retained indefinitely.
• If processing is based on our legitimate interest in maintaining information security, we retain the data for up to two years from the date of collection.
• If processing is based on our legitimate interest in ensuring fair and transparent hiring practices, application data will be stored for up to three years from the date of submission.

6. Your data protection rights

As a data subject, you have certain rights under applicable data protection laws. Below, we outline what those rights are and how you can exercise them.

6.1 Right to withdraw consent

You have the right to withdraw your consent to our processing of your personal data at any time. Once withdrawn, we will cease processing any data that was being handled on the basis of that consent.

6.2 Right to request access to personal data

You may submit a request for access to find out whether we process personal data about you—and, if so, to receive details about the specific information we hold.

6.3 Right to rectify personal data

If you believe that any personal data we hold about you is inaccurate, you have the right to request a correction at any time.

6.4 Right to erase personal data

If you request the erasure of your personal data, we will delete the information unless there are valid reasons to retain it. The right to erasure is not absolute and must be balanced against UpSight’s legal obligations and legitimate interests. For instance, UpSight may be required or entitled to continue processing your data in the following cases:

• When the original purpose for processing has not yet been fulfilled, and there is another valid legal basis for continued processing
• When we are subject to a legal obligation that requires us to retain or process your personal data further
• When you object to the processing, but we determine that our legitimate interest outweighs your objection—provided that appropriate safeguards are in place to protect your rights as a data subject

6.5 Right to restrict processing

If you prefer that we retain your data but limit how it is used, you may, under certain conditions, have the right to request a restriction on the processing of your personal data.

6.6 Right to data portability

Under Article 20 of the GDPR, you have the right to data portability for personal information you have provided to UpSight, where the processing is based on your consent or a similar agreement. If you choose to exercise this right, we will export the relevant data in a structured, commonly used, and machine-readable format and provide it to you.

6.7 Right to object to the processing of your personal data

You have the right to object to the processing of your personal data when the processing is based on UpSight’s legitimate interest or on a task carried out in the public interest. In such cases, we will cease processing your data unless we can demonstrate compelling legitimate grounds that, following a balancing assessment, are considered to override your objection.

6.8 Right to file a complaint with a supervisory authority

You have the right to lodge a complaint with a supervisory authority. In Sweden, this is Integritetsskyddsmyndigheten (The Swedish Authority for Privacy Protection). Complaints can be submitted via their website: imy.se.