Here, at the Confederation of Swedish Enterprise, we think personal privacy is important. We therefore strive to maintain a high level of data security. With this policy, we explain what personal data we collect and how we use it. We also describe your rights and how you can use them.
Please feel free to contact us anytime when you have questions about how we process your personal data. Our contact information is at the end of this text.
Everything that can directly or indirectly be attributable to a living, natural person is covered by the term personal data. This involves more than simply name and personal identity number, including images and email addresses.
Processing personal data involves everything that is done to your personal data in an electronic processing system, whether this involves using mobile units or computers. This includes collecting, registration, structuring, storing, processing, and transferring any information. In certain instances, processing may also involve actions taken outside a digital system. This applies to using a registry.
The Confederation of Swedish Enterprise is the controller of personal data when it comes to processing personal data in our operations. (Svenskt Näringsliv Service AB, CRN. 556169-4554, 114 82 Stockholm, Sweden). Some processing, as with our membership registry, is done in joint systems with our member organisations. Responsibilities between us and our member organisations is then regulated by contact.
We primarily process your name, email address, your phone number(s) and position. Sometimes we process additional information, such as whether you are an MEP, or local politician, but only when you can be viewed as having published that information. For some services, you may also be asked to provide areas of interest. If you create a user account with us, we will also process your log-in data.
We process your personal data for the purpose of providing the services and products you have asked for (such as a newsletter or a training course). We will also process your personal data to manage and administer our relationship with you and, when appropriate, to administer our contract with you or with your employer. We may also inform you about our courses, events, and other activities which we think match either your or our interests.
Additionally, we may use your personal data to inform you about products and services that we offer, and which you may find of interest. If you are a professional user, we may also inform you about products and services from our member organisations and partners.
We may also process and analyze data from professional users (including profiling) that we collect as stated above (such as data collected when you order services or products, or you take part in a seminar or activity we have arranged). Our purpose is to provide you more individualized and relevant information.
The Confederation of Swedish Enterprise always processes your personal data in compliance with applicable laws. We process your personal data when necessary to fulfil a contract with you, respond to your request for service, or when we have another legitimate and justified interest in processing your personal data, such as when marketing our services.
If the Confederation of Swedish Enterprise should process your personal data for any other purpose that requires your consent, we will first obtain your consent. Certain personal data may be required for you to provide, as when we want to provide you with a service or fulfil a request you have made. This will be clearly stated or specified when that data is collected.
We may process personal data of employees in our member companies in other ways than those described above. This is primarily related to the employer's membership and applies to various contact persons. Data related to contact persons may need to be processed to manage membership and related issues. For example, this may involve contact persons for negotiations or data related to membership in various working committees.
Your personal data is collected, for example, when you enter your data to request to receive a newsletter, to participate in a seminar or other event, order services and/or products from us, or when you contact us. As well, when the company you work for signs up for and/or is part of a recruitment campaign, such data may be collected regarding senior managers in the company. Sometimes we receive data from a third party.
In certain situations, it may become necessary for us to hire a third party to perform some of our processing. For example, this may be when we hire various IT service providers. These parties are considered personal data processors for us.
The Confederation of Swedish Enterprise is liable to enter contracts with all our personal data processors and provide them with instructions regarding how they may process personal data. We naturally check to ensure that all our personal data processors can provide sufficient guarantees regarding security and confidentiality of your personal data.
When we hire a personal data processor, we do this only in full compliance with the purposes for which we process such data ourselves.
We also share your personal data with certain other parties who are independent controllers of personal data. This may involve statutory authorities, such as the Swedish Tax Authority, and even other member organisations. Some data is also reported for statistical purposes.
When your personal data is shared with another party who is an independent controller of personal data, then that party’s organisational privacy policy applies to their personal data processing.
We may also provide your personal data to our member organisations (and their companies) to the extent necessary for appropriate collaboration between these organisations. Moreover, we may hire providers and partners to perform tasks on behalf of the Confederation of Swedish Enterprise, as with providing IT, or marketing services, analyses or statistics. Performing these tasks may mean these providers gain access to your personal data.
The Confederation of Swedish Enterprise may also provide your personal data to other third parties, such as the police or other statutory authority when this involves the investigation of a crime or we are otherwise liable to provide such data as required by law or authority.
We always strive to ensure your personal data is processed within the EU/EEA, but this may not always be possible.
For certain IT support, your data may be transferred to a third country outside the EU/EEA. For example, this may involve us sharing your personal data with a personal data processor who, either directly or through a subcontractor, is established or store information in a country outside the EU/EEA. As the controller of personal data, we are liable to take all reasonable legal, technical, and organisational measures to ensure that such processing complies fully with the regulations applicable within the EU/EEA.
When personal data is processed outside the EU/EEA, the level of protection is guaranteed – either through a decision of the EU Commission that the country in question ensures an adequate level of protection, or through the use of appropriate safeguards. This could include the use of Standard Contractual Clauses that the EU Commission has decided on (these are available at the EU Commission’s website), the use of Binding Corporate Rules, or the use of various approved codes of conduct or certification mechanisms. Feel free to contact us for additional information regarding these safeguard measures.
We never save your personal data for longer than necessary for the purpose at hand. We have instituted clearing procedures to ensure that personal data is not stored longer than necessary for each specific purpose. The length of time this involves varies depending on the purpose for the processing. Certain bookkeeping data are required by law to be saved for seven years, while information about special diet needs is deleted within a few weeks after the event is concluded.
When you are recorded in a registry, you have several legally enforceable rights. The procedures available to you in enforcing these rights are described in the paragraph below headed ‘Exercising your rights.’ Here, we list the rights you have relating to registered data.
If you want to know what personal data of yours that we process, you can request access to the data. When you submit such a request, we may ask you several questions to ensure efficient handling of your request. We will also take measures to ensure the information is requested by and provided to the right person.
If you find an error in your data, you have the right to request that it be corrected. You may also supplement any incomplete personal data.
In certain instances, you can make the corrections yourself, in which case we will inform you.
You can request that we erase the personal data about you that we process, including:
However, we may have the right to deny your request when legal duties prevent us from immediately erasing certain portions of your personal data. We may also be required to process such information to be able to establish, pursue, or defend a legal claim.
If we are prevented from erasing your personal data, we will block that data from being able to be used for other purposes than those preventing their erasure.
You have the right to request that our processing of your personal data be restricted. If you object to the factual correctness of the personal data that we process, you may request restriction to that processing for the period we need to ensure that the personal data is correct.
If, and when, we no longer need your personal data for the established purposes, our normal procedure is to delete them. If you require them to be able to establish, pursue, or defend a legal claim, you may request restrictions to our processing of your personal data. This means that you can request that we do not delete and erase your data.
If you have objected to a balancing of legitimate interests that we have made as legal grounds for a purpose, you may request restriction to that processing for the period we need to ensure that our legitimate interest weighs greater than your interests in having the data erased.
If the processing has been restricted as provided in any of the situations described above, we may, in addition to simply storing that data, only process them to establish, pursue, or defend a legal claim, to protect the rights of a third party, or where you have issued your consent.
At all times, you have a right to object to all processing of your personal data that relies on a balancing of interest. You also have the right to stop their use for direct marketing.
As the person registered, you have the right to data portability if our right to process your personal data relies on either your consent or fulfilment of a contract with you. A prerequisite for data portability is that the transfer is technically possible and can be done automatically.
Your request for a registry extract, or your demand to invoke any of your other rights, shall be made in writing with your handwritten signature. We will respond to your request without undue delay, or not later than within 30 days. Download the document and fill in the questions before you sign it. Then email the completed document to dataskydd@svensktnaringsliv.se. The email shall, to the extent possible, be sent from the email address you are registered with at the Confederation of Swedish Enterprise.
We avoid processing personal identity numbers to the extent possible. However, in certain instances this may be justified with regard primarily to a need to have certain identification. Regarding processing of personal identity numbers, such as the corporate registration number for sole traders, this is necessary when such companies are members, since the registration number is the same as the sole trader’s personal identity number.
We actively work to ensure that personal data is processed securely. We do this using both technical and organisational security measures.
The Swedish Authority for Privacy Protection (Sw. Integritetsskyddsmyndigheten, IMY) is the supervisory authority under the General Data Protection Regulation (GDPR) and responsible for monitoring the application of data protection laws. If you feel we have acted incorrectly, you can contact the authority at imy.se.
If you have any question about how we process personal data, or you want to request to invoke your rights as detailed above, you are always welcome to contact us at: dataskydd@svensktnaringsliv.se” dataskydd@svensktnaringsliv.se, or by phone at: +46 (0) 8-553 430 00.
We may amend our privacy policy. The latest version of our privacy policy is always available here at our website.
Updated: 2021-10-01