What is personal data, and what is personal data processing?
Anything that can be directly or indirectly linked to a natural, living person is considered personal data. This includes not only a person’s name and personal identity number, but also images and email addresses for example.
The processing of personal data is everything that happens to the personal data in an IT system, regardless if this involves a mobile device or computer. This involves, e.g. collection, registering, structuring, storing, processing and transfer. In some cases, processing may refer to actions that occur outside of an IT system. This applies to records.
Personal data controller
For the processing of data within Teknikföretagens, Teknikarbetsgivarnas and Tekniktjänstearbetsgivarnas operation is Teknikföretagen corp. i.d. no. 802016-1140, Box 5510, 114 85 Stockholm Sweden, Teknikarbetsgivarna, corp. i.d. no. 802003-6938, Box 5510, 114 85 Stockholm Sweden, and Tekniktjänstearbetsgivarna corp. i.d. no. 802476-9765 respectively, Box 5510, 114 85 Stockholm Sweden, the personal data controller. For certain processing activities, e.g. the member registry, we share a common system with Svenskt Näringsliv (the Confederation of Swedish Enterprise). The division of responsibility between ourselves and Svenskt Näringsliv (the Confederation of Swedish Enterprise) is regulated by an agreement.
What personal data do we collect and for what purpose?
We primarily process your name, email address, telephone number and your position. Occasionally, other information may be processed, e.g. if you are a member of Parliament or a local politician, but only if you yourself can be considered to have disclosed the information. For certain services that we provide, you may be asked, but are not required, to indicate areas of interest. If you create a user account with us, we will also process your login data.
We process your personal data in order to provide the products and services you have requested (e.g. receipt of a newsletter or participation in a training). We will also process your personal data to attend to and administer our mutual relationship, and if applicable, to administer an agreement with you or your employer. We may also inform you about our courses, events and other items in which we share a common interest.
We may also use your personal data so that we can inform you about the products and services we offer that may be of interest to you. If you are a professional user, we may also inform you about products and services from our member organisations and partners.
If you are a professional user, we may analyse and process the data (including data used for profiling) we gain access to in the manner described above (including information related to ordering products or services or participation in seminars or activities that we organise). The purpose of processing is to provide you with relevant, personalised information.
Teknikföretagen/Teknikarbetsgivarna/Tekniktjänstearbetsgivarna will always process your personal data in accordance with applicable legislation. We process your personal data when it is necessary to fulfil the terms of an agreement we have entered with you, to respond to your request for service or when we have another justifiable, legitimate interest in processing your personal data, e.g. an interest in marketing our services.
If Teknikföretagen/Teknikarbetsgivarna/Tekniktjänstearbetsgivarna wishes to process your personal data for a purpose that requires your consent, we will obtain your consent prior to processing your data. Providing certain personal data may be mandatory, e.g. so that we may provide you with a service or fulfil another request. This will be stated or otherwise indicated when we collect your personal data.
Particularly in the event of labour disputes
Teknikarbetsgivarna/Tekniktjänstearbetsgivarna is an employer organisation. This means that in court negotiations and processes, etc., in relation to labour disputes, we act as representative of our member companies or as an independent party. In connection with such disputes, we collect Contact Information for persons at member companies, union counterparts on central and local levels, any other representative for the counterparty, and contact details for company employees or former employees as well as for any other persons the dispute may concern. In addition, personal data is accessed that relates to our member companies’ employees or former employees who are affected by the dispute, as well as personal data concerning other persons who may be relevant to clarifying the circumstances of the case. Since some of this data is considered sensitive in nature, we have signed a collective agreement with our union counterparts indicating that we need to manage this type of personal data to address labour issues, but that the data must be managed in a way that maintains professional secrecy and confidentiality. Therefore, such data will not be disseminated, and within our organisation, the data will not be disseminated outside of the circle of employees that represent members in labour disputes.
For employees of member companies
For employees of member companies, we may process personal data in ways other than what is described above. This is mainly linked to the employer's membership and is applicable to different contact persons. A contact person’s data may be needed to manage the membership account and related issues. This might refer to, for example, contact persons for negotiations or data that relates to membership in different working groups.
From what sources do we collect personal data?
Personal data collection may occur, for example, when entering your information to sign up for our newsletter, participate in seminars or other events, order our products and/or services or when you make direct contact with us. In addition, when the company you are working for applies for and/or participates in an enrolment drive, data can be collected for the people with leading roles at the company. We occasionally collect data from third parties.
Who can we share your personal data with?
Under certain circumstances, it is necessary for us to hire third parties to perform work on our behalf. For example, we may use various IT service providers. In this respect, they are considered a personal data processor working on our behalf.
Teknikföretagen/Teknikarbetsgivarna/Tekniktjänstearbetsgivarna is responsible for signing an agreement with any personal data processor it employs and providing instructions for how the personal data may be processed. Of course, we take measures to ensure that any personal data processor working on our behalf can provide sufficient guarantees in terms of security and privacy for the personal data in question.
When we employ an external personal data processor, it is only for those purposes that are consistent with the purposes we have applied for processing the data.
We may also share your personal data with other actors who are independent personal data processors. These actors may be government authorities, such as the Swedish Tax Agency and other member organisations. Certain data may also be provided for statistical purposes.
We may also share your personal data with the Confederation of Swedish Enterprise to the extent that is necessary to facilitate cooperation between our organisations. In addition, we may employ suppliers and partners to perform work on our behalf, e.g. to provide IT services or assist with marketing efforts, analysis or statistics. When performing these services on our behalf, these recipients may have access to your personal data.
Teknikföretagen/Teknikarbetsgivarna/Tekniktjänstearbetsgivarna may also share your personal data with other third parties, e.g. the police or another government authority, in the event of a criminal investigation or if we are otherwise required to provide such data by law or decision by an authority.
Where do we process your personal data?
We strive to always process your personal data within the EU/EEA, but that is not always possible.
For certain IT support services, data can be transferred to a non-EU/EEA country. This may occur, for example, if we share your personal data with a personal data processor who, either themselves or through a subcontractor, is established or stores data in a non-EU/EEA country. As a personal data controller, we are obligated to take all reasonable legal, technical and organisational measure necessary to ensure that this type of processing occurs in accordance with EU/EEA regulations.
When personal data is processed outside the EU/EEA, the level of protection must be guaranteed either by an EU Commission decision indicating that the country in question ensures an adequate level of protection or by the application of appropriate safeguards. Among other things, Privacy Shield utilises “Binding Corporate Rules” and other contract solutions. If you would like more information about these safeguards, please feel free to contact us. The Standardized model clauses for data transfer, as adopted by the EU Commission, are also available on the EU Commission’s website.
How long do we save your personal data?
We will never save your personal data longer than it is needed for the respective purpose. We have developed data purging procedures to ensure that personal data is not saved longer than it is needed for the specific purpose. The length of time varies depending on the reason for processing. In accordance with accounting legislation, certain data needs to be saved for a minimum of seven years, while other data, e.g. information on special diets associated with participation in an event, is deleted within a week of the event’s conclusion.
What are your rights as a registered person?
Under current legislation, you have a number of rights afforded to you as a registered person To learn how to proceed to manage your rights, see the item "Manage your rights" further along in this document. Below, we list your rights as a Registered person.
Right to a register record (right of access)
If you would like to know what personal data we are processing about you as an individual, you can request access to the data. When you make such a request, we may ask you a few further questions so that we can effectively respond to your request. We will also take the measures necessary to ensure that the data is requested by and submitted to the correct person.
Right to rectification
If you believe that any of your personal data is inaccurate, you have the right to request that your personal data be corrected. You also have the right to supplement incomplete personal data.
In certain cases, you are able to make corrections yourself. We will inform you when this is possible.
Right to erasure
You may request that we erase the personal data we are processing that refers to you as an individual, including:
- Data that is no longer needed for the purpose it is being processed.
- You object to a weighing of interests we performed based on our legitimate interest, where your reason for objection weighs heavier than our legitimate interest.
- Personal data is being processed in an unlawful manner.
- Personal data has been collected for a minor (under 13 years of age) for whom you are a legal guardian
- If the data was collected on the basis of consent and you wish to withdraw that consent
However, we may have the right to deny your request if there are legal obligations that prevent us from immediately erasing specific personal data. The continuation of data processing may also be necessary for us to be able to establish, exercise or defend legal claims.
If we are prevented from erasing your personal data in any way, we will block your personal data so that it will not be used for purposes other than the purpose that prevents the data from being erased.
Right to restriction
You have the right to request that our processing of your personal data be restricted. If you contend that the personal data we are processing about you is incorrect, you may request that processing is restricted for the length of time it takes us to verify the accuracy of your personal data.
If and when we no longer need your personal data for the established purpose, our normal procedure is to erase the data. If you need your personal data to establish, exercise or defend legal claims, you may request that we restrict our processing of your data. This means that you have the right to request that we refrain from purging or erasing your data.
If you have objected to a weighing of interests we have performed to establish our legitimate interest as a legal basis for a purpose, you may request that processing be restricted for the length of time we need to verify whether our legitimate interests outweigh your interest in having your data erased.
If processing has been restricted according to any of the above conditions, we may, in addition to storing the data, process the data to establish, exercise or defend legal claims, to protect the rights of a third party or on the basis of your consent.
The right to object to specific types of processing
You retain the right to object all processing of your personal data that is based on a weighing of interests. You also retain the right to opt out of direct marketing.
The right to data portability
As a registered person, you have the right to data portability if our right to process your personal data is based on either your consent or the fulfilment of an agreement that we have made with you. A prerequisite for data portability is that data transmission is a technical possibility and that it can be automated.
Managing your rights
An application for a registry record or to exercise any of your other rights shall be submitted in writing and personally signed by the person to whom the record relates. We will respond to your request without undue delay and no later than 30 days after receipt
How do we manage personal identity numbers?
As far as possible, we avoid processing personal identity numbers. However, it is necessary to process personal identity numbers in some cases, primarily to securely identify an individual’s identity. In regards to the processing of personal identity numbers in the form of a corporate identity number for individual business activities, processing is required as long as the company is a member as the corporate identity number consists of the personal identification number.
How do we protect your personal data?
We work actively to ensure that your personal data is managed in a secure way. This applies both for organisational and technical protection measures.
The Swedish Data Protection Authority is the responsible authority for monitoring the application of data protection legislation. If you believe that we are acting improperly, you may contact the Swedish Data Protection Authority at datainspektionen.se
You are always welcome to contact us if you have any questions about how we process your personal data!
If you have any questions about how we process your personal data or would like to make a request according to the rights described above, you are always welcome to contact us at: firstname.lastname@example.org.
We reserve the right to make changes to our personal data policy. The latest version of this policy is always available on our website.