Svemin processes your personal information in accordance with GDPR
Privacy and processing of personal data
Personal integrity is something we think is very important. We therefore always strive for a high level of data protection. In this policy we explain how we collect and use personal data. We also describe your rights and how you can enforce them.
You are always welcome to contact us if you have any questions about how we process your personal information. You find contact information below this text.
What is personal data and what is processing of personal data?
Anything that can be directly or indirectly derived from a person is covered by the concept of personal data. It is not just about names and social security numbers, but also about pictures and e-mail addresses, for example.
Processing of personal data is what happens with the data in IT systems, whether it is mobile devices or computers. These include, for example, collection, registration, structuring, storage, processing and transmission. In some cases, things that happen outside IT systems can also be regarded as processing.
Personal Data Controller
Svemin is responsible for personal data for the processing that takes place within Svemin’s operations. (Svemin AB, company registration number 556907-7125). For certain processes, such as the membership register, we use common systems with the Confederation of Swedish Enterprise. Responsibility between us is then regulated in agreements.
What personal information do we collect about you and why?
We mainly process names, email addresses, telephone numbers and positions within the company. Sometimes additional information can be processed, for example if you are a member of parliament or local politician, but only if you yourself can be considered to have published the information. For some services you can also, but do not have to, indicate areas of interest. If you create a user account with us, we will also process your login details.
We process personal information in order to provide the services and products requested (for example a newsletter or participation in an event, for example seminar, education, webinar, and such). We will also process your personal data to care for and administer our relationship with you and, where applicable, to administer the contract with you or with your employer. We may also inform you about our courses, events and other things that we find to be in your interest as well as our.
In addition, we may use your personal information to inform you about products and services that we offer and that may be of interest to you. If you are a professional user, we can also inform you about products and services from our member organizations and partners.
If you are a professional user, analysis and processing of the data (including for profiling) that we may take part of as mentioned above (such as information in connection with ordering services or products or participation in seminars or activities organized by us) may take place. The purpose is to provide you with more personalized and relevant information.
Svemin always processes your personal information in accordance with applicable law. We process your personal data when it is necessary to enter into an agreement with you or respond to your request for service or when we have another legitimate interest in processing your personal data, such as an interest in marketing our services.
If Svemin should process your personal data for any purpose that requires your consent, we will obtain your consent in advance. Some personal information may be required, for example, in order for us to provide a service or fulfill another request from you. This will then be stated or stated in connection with the data collection.
For employees in member companies
For employees of member companies, we may also process personal data in ways other than those mentioned above. This is mainly linked to the employer’s membership and applies to different contact persons. Contact information may be needed to manage the membership and questions related to it. This may involve, for example, contact persons during negotiations or tasks regarding membership in different working groups.
From what sources do we retrieve personal data?
Collection of your personal data takes place, for example, when you enter your information to sign up for newsletters, attend courses, seminars and other events, order services and / or products from us or contact us. Even when the company you work for applies for and / or is part of a recruitment campaign, information can be gathered about people in leading roles at the company. Sometimes we collect information from third parties.
Who can we share your personal information with?
Personal Data Processor
In some situations, it is necessary for us to hire third parties to perform our work. For example, different IT suppliers. They are to be regarded as personal data processors to us.
Svemin is responsible for signing agreements with all personal data processors and providing instructions on how they may process the personal data. We check all personal data processors to ensure that they can provide adequate guarantees regarding the security and confidentiality of personal data.
When personal data processors are hired, it only is for the purposes that are compatible with the purposes we have for processing ourselves.
Actors who are independently responsible for personal data
We also share your personal data with certain other actors who are independently responsible for personal data. This can involve both authorities, such as the Swedish Tax Agency, and other contracting parties. Some information is also provided for statistical purposes.
Furthermore, we may disclose personal data to both the Confederation of Swedish Enterprise and other employers’ and industry organizations (and their companies) to the extent necessary for the cooperation between the organizations to function. Furthermore, we may use suppliers and partners to perform tasks on Svemin’s behalf, for example to provide IT services or assist with marketing, an event, analyzes or statistics. The performance of these services may mean that these recipients have access to your personal data.
Svemin may also disclose personal information to third parties, such as the police or other authority, whether it concerns an investigation of crime or if we are otherwise obliged to disclose such information with the support of law or authority decisions.
Where do we process your personal information?
We always strive for your personal data to be processed within the EU / EEA, but sometimes it is not possible.
For certain IT support, the data can be transferred to a country outside the EU / EEA. This applies, for example, if we share your personal data with a personal data processor who, either him/herself or through a subcontractor, is established or stores information in a country outside the EU / EEA. As data controller, we are responsible for taking all reasonable legal, technical and organizational measures to ensure that these processes are conducted in accordance with EU / EEA regulations.
When processing personal data outside the EU / EEA, the level of protection is guaranteed either by a decision of the EU Commission that the country in question ensures an adequate level of protection or by the use of so-called appropriate safeguards. These include “Privacy Shield” the use of “Binding Corporate Rules” and various contract solutions. If you would like further information on these safeguards, please contact us. Standard model data transfer clauses adopted by the European Commission are also available on the European Commission’s website.
How long do we store your personal data?
We will never store your personal data for longer than is necessary for each purpose. We have developed erasing procedures to ensure that personal data is not stored longer than is necessary for the specific purpose. How long this varies depends on the reason for the treatment. Due to legislation, for example, some information in the bookkeeping needs to be stored for at least seven years, while data on special diets are deleted within a week after the event has ended.
What are your rights as registered?
As registered, you have a number of rights under applicable law. How to go about managing your rights, see the section “Managing your rights” below.
Right to register extract (right to access)
If you want to know what personal data we process about you, you can request access to the information. When you submit such a request, we may ask some questions to ensure that your request is effectively handled. We will also take steps to ensure that the information is requested and submitted to the right person.
Right to correction
If you find that something is wrong, you have the right to request that your personal data will be corrected. You can also supplement any incomplete personal information. In some cases, you can make corrections yourself, which we will inform you about.
Right to erasure
You can request that we delete the personal information we process about you, including:
- The data is no longer necessary for the purposes for which it is being processed
- You object to a balance of interest we made based on our legitimate interest, where your reason for objection weighs more heavily than our legitimate interest
- Personal data is processed illegally
- The personal data has been collected about a child (under 13) for whom you have parental responsibility
- If the information was obtained with the support of your consent and you want to withdraw your consent
However, we may have the right to deny your request if there are legal obligations that prevent us from immediately deleting certain personal information. It may also be that the treatment is necessary for us to be able to establish, enforce or defend legal claims.
If we are prevented from deleting your personal data, we will block the personal data from being used for purposes other than the purpose that prevents them from being deleted.
Right of restriction
You have the right to request that our processing of your personal data to be restricted. If you object to the fact that the personal data we process is accurate, you can request a limited processing during the time we need to check whether the personal data is accurate.
If, and when, we no longer need your personal information for the stated purposes, our routine is usually to delete the information. If you need them in order to be able to establish, enforce or defend legal claims, you can request limited processing of the information with us. This means that you can request that we not clear and erase your information.
If you have objected to a balancing of legitimate interests that we have made as a legal basis for a cause, you may request limited processing during the time we need to check whether our legitimate interests outweigh your interests in having the information deleted.
If the processing has been restricted according to any of the situations above, we may only, in addition to the storage itself, process the information to determine, assert or defend legal claims, to protect someone else’s rights or if you have given your consent.
Right to object to certain type of treatment
You always have the right to object to any processing of personal data based on a balance of interests. You also always have the right to avoid direct marketing.
Right to data portability
You have, as a registered right to data portability if our right to process your personal data is based either on your consent or the execution of an agreement with you. A prerequisite for data portability is that the transfer is technically possible and can be automated.
Manage your rights
The application for a register extract or if you wish to invoke any of your other rights must be in writing and independently signed by the person the data applies to. We will respond to your requests without undue delay and within 30 days at the latest. Note: this form will be available in English shortly!
Email the completed document to email@example.com The email should be sent from the email address you registered with Svemin.
How do we handle social security numbers?
As far as possible, we avoid processing social security numbers. In some cases, however, this is justified mainly because we need a secure identification. With regard to the processing of social security numbers in the form of company organizational numbers for individual business activities, this treatment is required as long as the company is a member because the social security number is the company organizational number.
How is your personal data protected?
We work actively to ensure that personal data is handled in a secure manner. This applies both through technical and organizational safeguards.
The Swedish Data Protection Authority (DPA) (which will soon change its name to the Integrity Protection Authority) is the responsible authority for monitoring the application of data protection legislation. If you believe that we are acting incorrectly, you can contact DPA: www.datainspektionen.se
Contact us with questions about how we process personal data
If you have questions about how we process personal data or have a request in accordance with the above rights, you are always welcome to contact us at: firstname.lastname@example.org or by phone: +46(0)8 762 67 35