TechSweden's data protection policy

What is personal data and what is processing of personal data? 

Any information that can be linked directly or indirectly to a living natural person is considered personal data. This includes, for example, names, email addresses and social security numbers, but also images and usernames on digital platforms. 

The processing of personal data includes all operations carried out with that data in IT systems, whether on mobile devices or computers. This includes, inter alia, collection, recording, consultation, structuring, storage, processing, transmission and erasure. In some cases, actions outside IT systems may also be considered as processing, in particular when personal data are contained in filing systems. 

Data controller 

For the processing that takes place within TechSverige, TechSverige is the data controller (TechSverige Orgnr 802410-1936, Storgatan 19, 114 82 Stockholm). For some processing operations, such as the membership register, we are joint controllers together with other organizations in the Confederation of Swedish Enterprise. 

Your personal data: Collection and use 

We mainly process your name, email address, phone number and position. In some cases, additional information may be processed, for example if you are a member of parliament or a local politician, but only if you are considered to have published the information yourself. We also process personal data when you contact us, for example when you become a member of TechSverige. Other personal data that may be processed includes contacts with negotiators and lawyers within TechSverige's advisory services. If you create a user account, for example in the Employer Guide, this account data will also be ^processed1. Personal data is also processed at various events and seminars.  

TechSverige can record calls with the operator in the switchboard for quality assurance, and the recording is automatically deleted after 72 hours. 

We process your personal data for the purpose of providing the services and products you have requested (for example, a newsletter, advice, legal assistance or participation in a training course). We will also process your personal data to maintain and administer our relationship with you and, where applicable, to administer the contract with you or with your employer. We may also inform you about our courses, events and other things that we consider to be in your interest as well as ours. We may also send out surveys to evaluate courses, seminars and other activities or services. 

In addition, we may also use your personal data to inform you about products and services we offer that may be of interest to you. 

TechSverige always processes your personal data in accordance with applicable legislation. We process your personal data when it is necessary to fulfill an agreement with you or respond to your request for service or when we have another legitimate and legitimate interest in processing your personal data, such as an interest in marketing our services. 

If TechSverige were to process your personal data for any purpose that requires your consent, we will obtain your consent in advance. Some personal data may be mandatory to provide, for example, in order for us to provide a service or fulfill another request from you. This will be indicated or disclosed at the time the data is collected. 

For employees of member companies, we may also process personal data in other ways than those mentioned above. This is mainly related to the employer's membership in TechSverige and includes various contact persons. Information about contact persons may be needed to administer the membership and handle related issues. This may include contact persons for negotiations or details of membership of various working groups. 

From which sources do we collect personal data? 

Your personal data is collected, for example, when you provide your details when you sign up to receive newsletters, attend seminars and other events, order services and/or products from us or contact us on various matters. Even when the company you work for applies for membership or is already a member, data may be collected about people in management positions at the company. 

Sometimes we collect data from third parties. This is the case for example: 

Cookies (cookies) 

Our website uses cookies. By law, we are obliged to inform our visitors about this, explaining the purpose of cookies and how to opt out. 

Who might we share your personal data with? 

In some situations, we need to rely on external parties to carry out our work, such as various IT providers. These parties act as data processors for us, and we have signed data processing agreements with them. However, the responsibility for the personal data remains with TechSverige. 

Of course, we check all data processors to ensure that they can provide sufficient guarantees regarding the security and confidentiality of personal data and sign data processing agreements. 

When data processors are used, it is only for the purposes that are compatible with our own purposes for processing, as we remain the data controller. 

We also share your personal data with certain other actors who are independent data controllers. These may be authorities, such as the Swedish Tax Agency. Some data is also provided for statistical purposes. 

When your personal data is shared with an entity that is an independent data controller, that organization's privacy policy and data processing practices apply. 

We may engage suppliers and partners to perform tasks on behalf of TechSverige, for example to provide IT services or help with marketing, analysis or statistics. The performance of these services may mean that these recipients have access to your personal data. 

TechSverige may disclose personal data to trade union organizations in connection with collective agreement negotiations and in connection with labor law advice and assistance. 

TechSverige may also disclose personal data to third parties, such as the police or other authorities, if it concerns the investigation of crime or if we are otherwise obliged to disclose such information by law or government decision. 

Where do we process your personal data? 

We always aim for your personal data to be processed within the EU/EEA but sometimes this is not possible. 

For certain IT support, data may be transferred to a country outside the EU/EEA. This applies, for example, if we share your personal data with a processor who, either itself or through a subcontractor, is established or stores information in a country outside the EU/EEA. As data controllers, we are responsible for taking all reasonable legal, technical and organizational measures to ensure that the protection of personal data is the same as within the EU/EEA. 

When personal data is processed outside the EU/EEA, the level of protection is guaranteed, for example, by a decision of the European Commission that the country in question ensures an adequate level of protection or by the use of so-called appropriate safeguards. Appropriate safeguards can be the use of Standard Contractual Clauses (SCCs) or Binding Corporate Rules (BCRs). If you would like information on the safeguards, please contact us. Standard Model Clauses for data transfers, adopted by the European Commission, are also available on the European Commission website. 

How long do we keep your personal data? 

We never keep your personal data longer than necessary for the respective purpose. We have developed deletion procedures to ensure that personal data is not stored longer than necessary for the specific purpose. The length of storage varies depending on the purpose of the processing and how long the data is necessary for the purpose. After that, we will securely delete or de-identify your data so that it can no longer be linked to you. For example, some accounting data needs to be kept for a minimum of seven years due to legislation, while data on special costs is deleted as soon as the event is over. 

What are your rights as a data subject? 

As a data subject, you have a number of rights under current legislation. We list these rights below. 

If you want to know what personal data we process about you, you can request access to the data. When you make such a request, we may ask you a number of questions to ensure that your request is handled effectively. We will also take steps to ensure that the data is requested by and provided to the right person. 

If you notice that something is incorrect, you have the right to request a rectification of your personal data. You also have the possibility to complete incomplete data. In some cases, you can make corrections yourself, and we will inform you when this is possible. 

You can request that we erase the personal data we process about you if, among other things: 

However, we may have the right to refuse your request if there are legal obligations that prevent us from immediately erasing certain personal data. It may also be that the processing is necessary for the establishment, exercise or defense of legal claims.
 

You have the right to request that our processing of your personal data be restricted. For example, if you request rectification because you believe that the personal data we are processing is inaccurate, you can request a restriction of processing for the time we need to check whether the personal data is correct. 

If and when we no longer need your personal data for the identified purposes, our normal practice is to delete the data. If you need the personal data to establish, exercise or defend legal claims, you can request restricted processing of the data by us. This means that you can request that we do not purge and delete your data. 

If you have objected to personal data processing we carry out on the basis of a balancing of interests as a legal ground, you can request restricted processing for the time we need to verify whether our legitimate interests outweigh your interests in having the data erased. 

If processing has been restricted under any of the situations above, we may only, in addition to the storage itself, process the data for the establishment, exercise or defense of legal claims, for the protection of the rights of another person or if you have given your consent. 

You always have the right to object to any processing of personal data based on a balance of interests. You also always have the right not to receive direct marketing. 

As a data subject, you have the right to data portability (transfer of personal data) if our right to process your personal data is based either on your consent or the performance of a contract with you. A prerequisite for data portability is that the transfer is technically feasible and can be automated. 

To request a record extract or exercise any of your other rights, your request must be in writing and personally signed. We will respond to your request without undue delay, and at the latest within 30 days. Please send your request to dataskydd@techsverige.se, preferably from the email address registered with TechSverige. 

How do we handle social security numbers? 

As far as possible, we avoid processing social security numbers. In some cases, however, it is justified mainly because we need to have a secure identification. As regards the processing of personal identity numbers in the form of organization numbers for individual business activities, this processing is required as long as the company is a member by the organization number being the personal identity number. 

How is your personal data protected? 

We work actively to ensure that personal data is handled in a secure manner. This applies to both technical and organizational protection measures. 

How we process your personal data for membership 

As part of the membership of the Confederation of Swedish Enterprise, an annual collection of membership data is made. In connection with the collection of this information, member companies also submit personal data, primarily in the form of contact details for contact persons. The collection of this information is necessary for the Confederation of Swedish Enterprise and TechSverige to be able to fulfill their obligations to members and also follows from the Confederation of Swedish Enterprise's statutes § 22. 

Those submitting personal data about others in the context of membership data collection are obliged to check that consent has been obtained to provide this data. 

The personal data is processed in accordance with the law applicable at any given time and the Confederation of Swedish Enterprise also works actively to prevent your personal data from being misused, disseminated, lost, altered, destroyed or that unauthorized parties gain access to the personal data. 

The personal data may be processed in CRM systems that are accessible to the entire Confederation of Swedish Enterprise and its member organizations. The Confederation of Swedish Enterprise shall, according to the statutes § 3, constitute a fixed unit and the common systems are part of creating this unit. The only people who have access to these common systems are authorized users. 

The Confederation of Swedish Enterprise and the member organizations process the personal data to inform contact persons at the members about news, events and the like. In addition, the Confederation of Swedish Enterprise and TechSverige may process the personal data to fulfill legal obligations. 

Personal data is stored until the obligations on which the processing is based no longer require processing. 

Supervisory authority 

The Data Protection Authority is the authority responsible for monitoring the application of data protection legislation. If you think we are acting incorrectly, you can contact the Authority, see imy.se 

Contact us if you have questions about how we process personal data 

If you have any questions about how we process personal data or have a request in accordance with the above rights, you are always welcome to contact us at: dataskydd@techsverige.se, or by phone at: 08-665 36 60. 

Contact details
TechSverige's Data Protection Officer
TechSverige AB
Postal address: Storgatan 19, 114 82 Stockholm
E-mail: dataskydd@techsverige.se
Telephone number: +46(0)8-665 36 60