Data protection policy
We process personal data as part of our work to fulfil our mission as a government agency. The EU Data Protection Regulation and Swedish Data Protection Act regulate how personal data can be processed. Here you can read more about how we process personal data.
What is personal data?
Personal data is all kinds of data about a living, physical person. This applies to names, addresses, social security numbers, e-mail addresses or images.
In principle, all our work that comes into contact with personal data is affected by the data protection regulation. This can be reading, collecting, registering, storing, coordinating or printing information.
Our Data Protection Officer
Like all authorities, we have a Data Protection Officer in accordance with Article 37 of the EU Data Protection Regulation. You will find contact information at the bottom of this page.
This is how we process your personal data
We process personal data in several different areas, in different IT systems and for different purposes. We require legal support in order to process personal data. Examples of purposes and legal bases include:
- Decision-making takes place mainly on the legal bases of general interest. legal obligation or the exercise of public authority.
- Contract management takes place on the legal basis agreement.
- Publication of data on our website can take place on the basis of legal obligation, public interest or agreement.
If you have contact with an individual department with us you can get more specified information about how your personal data is collected and processed.
This is how we save your personal data
Personal data is processed for the time required to fulfil the purpose and what follows from applicable legislation, such as the Archives Act and the Accounting Act. Personal data in public documents is preserved and evaluated in accordance with the Archives Act, the Swedish National Archives’ regulations and the authority’s decision on the application of these regulations.
The principle of public access to official records
As we are a state authority we are obliged to preserve public documents. These can only be evaluated if there are special decisions or regulations. Public documents containing personal data may be disclosed unless they are covered by confidentiality.
Who can receive personal data from us?
Our employees may receive personal data that is necessary for them to perform their tasks.
We take technical and organizational measures to ensure all information processed is protected from unauthorized access, alteration or destruction.
Are you registered with us? – These are your rights
You have the right to receive information free of charge about the personal data we process that concerns you and receive an entry with information about we process such data.
Right to correction
The personal data we process must be correct. You have the right to request that information should be corrected or supplemented.
Right to deletion, restriction and objection
In some cases, you have the right to request to the deletion of your personal data, object to its processing or request restriction of its processing. However it may be good to know that our possibility to oblige you may be limited due to legal obligations that we have to preserve public documents.
In some cases, when you provide personal data you have the right to access and use it elsewhere (the right to data portability). We are obliged under certain conditions to facilitate such a transfer.
How to make a request
If you want to use any of your rights under the Data Protection Regulation, we have special forms we would like you to use – one for register extracts and one for other rights. This is because it is important to be clear about what your request is and for us to really know that we are in contact with the right person. You can get the forms by contacting our data protection officer.
Once we have received your request, we will handle it as a special case. We will also check to ensure that you are the person who submitted the request. You will then receive confirmation from us which you need to return. When we have finished processing your request we will send our decision to the address where you are registered.
If you are not satisfied
If you do not think that your personal data has been processed correctly in accordance with the Data Protection Regulation, you can submit a complaint to The Swedish Authority for Privacy Protection (formerly the Data Inspection Board).
Contact information for the data protection officer