Data protection policy of Jernkontoret
We protect your personal data. Here you can learn how we at Jernkontoret handle your personal data and how we use so-called cookies.
Integrity and the processing of personal data
Your integrity is most important for us at Jernkontoret. For this reason, we always strive for a high level of data protection. This data protection policy explains how we go about collecting and using personal data. We also describe the rights you enjoy and how you can assert them in practice. You are always welcome to contact us if you have any questions concerning how we handle your personal data. Our contact details can be found at the end of this text.
What exactly is personal data and the processing of personal data?
Everything that can be traced, either directly or indirectly, to a living natural person is deemed to be covered by the concept of personal data. This does not refer only to the person’s name and Swedish ID number but also, for example, to photos and email addresses.
The processing of personal data is everything that takes place with personal data in IT systems, regardless of whether such systems relate to mobile devices or computers. This includes, for example, the collection, registration, structuring, storage, processing and transfer of data. In certain cases also, the handling of data that takes place outside IT systems may be considered to be data processing. This applies where registers are concerned, for example.
For the processing of data that takes place within Jernkontoret’s activities, Jernkontoret is considered the data controller (Jernkontoret, Registration No. 802001-6237, Box 1721, 111 87 Stockholm, Sweden).
The type of personal data that we collect and why we do this
Our data processing covers principally your name, your email address, your phone number and your job title. On occasion, additional information may be processed; for example, if you happen to be a member of parliament or a local councillor. However, this applies only where you may be considered to have already made such information public. For certain posts, moreover, you may - though you are not obliged to - specify particular areas of interest. If you have a user account with us, for example via PIAplus, we will also handle your login details. We process your personal data in order to supply the services or information you have requested (e.g. a newsletter or participation in a degree programme, workshop, meeting or project). We will process your personal data too in order to safeguard and administer our relationship with you. We may also inform you about our future courses, events and other matters that we consider to be in our mutual interest.
In addition, we may use your personal data to keep you informed you of the services and products that we offer or events that may be of interest to you. If you are a professional user the analysis and processing of the data (including for profiling), which we may have access to in accordance with the above (such as data arising from ordering of services, products or participation in seminars or activities arranged by us) will take place. The goal is to be able to offer more relevant and customised information to you.
Jernkontoret always treats your personal data in accordance with the applicable legislation. We process your personal data when it is necessary to fulfil an agreement with you or to respond to your request for service or when we have some other legitimate and justified interest in processing your personal data, for example an interest in being able to market our services, inform about our activities and our special areas of interest.
Should Jernkontoret process your personal data for some purpose that requires your consent, we shall obtain your consent in advance. The supply of some personal data, for instance to enable us to provide a particular service or to perform another of your requests, may in fact be obligatory. This will then be indicated or will appear in connection with the information being collected.
For employees of Jernkontoret’s co-owners, stakeholders and collaboration partnersFor the employees of Jernkontoret’s co-owners, stakeholders as well as collaboration partners we may also process personal data in other ways than those mentioned above. This is mainly linked to different working groups and projects.
From which sources do we obtain personal data?
The collection of your personal data takes place, for example, when you indicate your details in connection with registering to receive newsletters; participation in seminars and other events; ordering services and/or products from us and when you contact us. Sometimes also we collect data from third parties.
Who do we share your personal data with?
Personal data processors
In certain situations, it is necessary for us to contract other parties in order to carry out our work. This involves, for example, making use of different suppliers, for example within IT, conference-related activities or in finance. These operators are to be regarded as personal data processors on our behalf. Jernkontoret is responsible for drawing up agreements with all personal data processors and for submitting instructions about how these may handle the personal data. Self-evidently we check all personal data processors in order to ensure that they are able to provide sufficient guarantees in respect of security and confidentiality where the personal data is concerned.
When the personal data processors are hired, this takes place only for those purposes that are in accord with the purposes we ourselves have for the handling in question.
Operators who are independent data controllers
We also share your personal data with certain other operators who are independent data controllers, for example Skatteverket (Swedish Tax Agency). Certain data is also submitted for statistical purposes.
When your personal data is shared with an operator who is an independent data controller then that organisation’s integrity policy and personal data processing are applicable. Furthermore, we may disclose personal data to our co-owners, stakeholders and collaboration partners (and their companies) to the extent that this is required for the co-operation between the organisations to function. Moreover, we may hire contractors and partners to carry out tasks on behalf of Jernkontoret e.g. the supply of IT services or help with marketing activities, analyses, events or statistics. The execution of these services may imply that the recipients of such services obtain access to your personal data.
Jernkontoret may also disclose personal data to third parties such as the police or other public authority, where a criminal investigation is concerned or where, for other reasons, we are obliged to disclose such information, on the basis of current law or the decision of a public authority.
Where do we handle your personal data?
In all circumstances, we strive to ensure that your personal data is processed within the EU/EEA but sometimes this is not possible.
For certain IT support purposes, the data concerned may be transferred to a country outside the EU/EEA. This applies, for example, when we share your personal data with a data processor which itself, or through a sub-contractor, is either established in or stores information in a country outside the EU/EEA. As data controller, we are responsible for adopting all reasonable legal, technical and organisational measures to ensure that these processes take place in accordance with the relevant provisions effective within the EU/EEA.
When personal data is processed outside the EU/EEA, the protection level is guaranteed either through a decision from the EU Commission to the effect that the country in question ensures an appropriate protection level or through applying suitable protection measures. Examples include the “Privacy Shield”, the use of “Binding Corporate Rules” and various contractually based solutions. If you would like additional information about these protection measures then you are welcome to contact us. Standardised contractual clauses for data transfer, as adopted by the EU Commission, are also available on the EU Commission’s website.
How long do we save your personal data for?
In no circumstances do we save your personal data for longer than is necessary for the respective purpose. We have prepared data cleansing procedures to ensure that personal data is saved for no longer than strictly necessary for the specific purpose. How long this is varies depending on the reason for the data processing. Some bookkeeping data, owing to legislation for example, needs to be saved for at least seven years whereas information on e.g. special diets, is deleted within a week or two after conclusion of the event.
What are your rights as a registered data subject?
As a registered data subject, you possess a number of rights in accordance with the applicable legislation. For information about how to manage your rights, please see the paragraph “Your rights” further down. Below here, we list the rights of the registered data subject.
Your right as data subject to extracts from registers (right of access)
If you wish to know the personal data relating to yourself that we process, you can request access to the data. When you submit such a request we may ask you a number of questions to ensure that your request is handled efficiently. We shall also take measures to ensure that the data is requested by and submitted to the right person.
Right to rectification
If you discover that the data entry is incorrect you then have the right to request that your personal data be rectified. You also have the right to supplement any incomplete personal data. In certain cases you are able to make corrections yourself; where this is the case we shall inform you about this.
Right to erasure
- You can request that we erase the personal data on you that we process in the following cases, for example:
- The data is no longer necessary for the purposes for which it is processed.
- You object to a balancing of interests test we have carried out based on our legitimate interests, whereby the reason for your objection weighs more heavily than our legitimate interests.
- The personal data is processed in an unlawful manner.
- The personal data has been collected on a child (under 13 years) for whom you have parental responsibility.
- Where the data has been obtained on the basis of your consent but you now wish to revoke that consent.
However, we may have the right to deny your request where there are legal obligations that prevent us from immediately erasing certain personal data. It may also be the case that the processing is necessary in order for us to be able to establish, maintain or defend legal claims. If we are prevented from erasing your personal data we shall block the personal data for further use for other purposes than the one that means that it cannot be erased.
Right to restrict data processingYou have the right to request that our processing of your personal data be restricted. If you disagree that the personal data we process is correct, you are able to request a restriction of processing during the period of time that we need to check whether or not the personal data is correct.
If you have objected to a balancing test assessment of legitimate interests that we have carried out as a legal basis for a particular purpose, you may request a restriction of data processing during the period that we require to check whether our legitimate interests weigh more heavily than your interests in having the data erased.
Where the processing has been restricted in accordance with one or other of the situations above we can, in addition to the storage itself, only process the data in order to establish, exercise or defend legal claims, to protect someone else’s rights or in the event that you have granted your consent.
Right of objection to certain type of processing
You always have a right to object to all processing of personal data based on a balancing of interests. You always have the right, moreover, to avoid receiving direct marketing.
Right to data portability
You have, as registered user, the right to data portability if our right to process your personal data is based either on your consent or on fulfilment of the terms of an agreement with you. A precondition for data portability is that the data transfer is technically possible and can take place automatically.
Manage your rights
The application for a register extract or your wish to plead one or other of your other rights must be in written form and be signed personally by the individual that the extract relates to. We shall respond to your request as soon as possible and within 30 days at the latest. Download the document and answer the questions as well as signing it. Then please send the filled-in document to firstname.lastname@example.org. As far as possible, please endeavour to send the email from the email address that you registered with at Jernkontoret.
How do we handle Swedish ID numbers?
As far as possible we avoid processing Swedish ID numbers. In certain cases, however, it is justified, principally owing to the need we have for secure identification. So far as the processing of Swedish ID numbers in the form of company registration numbers for sole trader businesses is concerned, such processing is required provided that the firm is a member through the registered number constituting the Swedish ID number.
How is your personal data protected?
We actively work to ensure that personal data is managed in a secure manner. This applies both through the technical and organisational protective measures that we adopt.
The Swedish Data Protection Authority (which will be changing its name to the Integrity Protection Authority) is the responsible authority for monitoring the application of legislation concerning data protection. If you consider that we act incorrectly you can contact the Data Protection Authority, see datainspektionen.se.
Contact us if you have questions about how we process personal data
If you have any questions about how we handle personal data, or if you have a request in accordance with the rights outlined above, you are always welcome to contact us at email@example.com.
You can also contact our Communications Director Maja Bostrom, firstname.lastname@example.org, phone + 46 8 679 17 10.
We may make changes to our integrity and confidentiality policy. The most recent version of the policy is always to be found here on the website.
This website contains so-called cookies. A cookie is a short text stored in the browser on first contact with the web server; it is then sent back to the web server on each new contact. The web server can thereby recognise your browser.
We make use of Google Analytics for monitoring the traffic to our website. On certain pages embedded material occurs such as video clips which can place cookies on the user’s computer as well as so-called Flash cookies.
However, if you do not wish to accept cookies, you can set your browser so that you automatically deny the storage of cookies or are informed each time a website requests to be able to store a cookie. Through the browser, moreover, previously stored cookies can be deleted.
You can also use our website without cookies.