VA values the protection of personal data, and wants to protect your privacy. As personal data controllers, we explain below how we treat our visitors’ personal data according to (EU) 2016/679, the general data protection regulation (GDPR).
Processing of personal data
- What is personal data and what is personal data processing?
- Who is responsible for the processing of personal data?
- Personal data that we handle
- From which sources do we retrieve personal data?
- With whom can we share your personal data?
- Where is the personal data processed?
- How long do we save your personal data?’
- What are your rights when your data is registered?
- How do we handle social security numbers?
- How is your personal data protected?
- Supervisory authority
What is personal data and what is personal data processing?
All information that can be directly or indirectly derived from a living person is covered by the term personal data. It’s not just about names and social security numbers, but also about things like pictures, IP addresses, and e-mail addresses.
Processing of personal data is everything that happens to the personal data, especially with the help of IT. This involves, for example, collection, registration, structuring, storage, processing and transfer.
Who is responsible for the processing of personal data?
For processes that take place within VA (Public & Science), the association is responsible for personal data. For some processes, e.g. accounting, we use systems that are handled by external consultants. The responsibility between VA and external consultants is regulated in a contract.
Personal data that we handle
We mainly deal with names, e-mail addresses, telephone numbers, titles and organisation affiliations. Sometimes additional information can be processed, for example social media accounts, but only if the person in question can be considered to have published the information.
We process personal data in order to manage our database of members, administer events, take minutes, write news articles, send out invitations and newsletters, fulfil agreements and to manage and report financial transactions.
We process personal data in accordance with applicable legislation and obtain prior consent when needed.
Collection of personal data takes place in connection with subscription to newsletters, registration for seminars and events, photography or filming of events, ordering of services or when contacting VA. Personal data can also be obtained from public information, such as web pages, directories etc.
With whom can we share your personal data?
Personal Data Partners
Sometimes we hire third parties to be able to carry out our work, e.g. IT suppliers, accountants, and communication consultants. They are personal data assistants to VA.
VA writes an agreement with the personal data partners stipulating how they may process the personal data, which is only in exact accordance with VA’s own data handling policy.
Agencies that are independently responsible for personal data
We share personal information with certain agencies that have their own personal data responsibility, such as the Swedish Tax Agency and the Swedish Social Insurance Agency. These organisations’ own privacy and personal data management policies apply in such cases.
Where is the personal data processed?
Primarily, administrative work is carried out at VA’s offices. In some cases, data may be processed by external parties, e.g. suppliers of software. For certain IT support, the data may be transferred to a country outside the EU / EEA. Our data protection responsibilities mean that we are responsible for taking all reasonable legal, technical, and organisational measures to ensure that data is processed in accordance with GDPR regulations
within the EU / EEA.
When personal data is processed outside if the EU / EEA, the level of protection is guaranteed either by a decision of the EU Commission that the country in question ensures an adequate level of protection or through the use of appropriate protection measures.
How long do we save your personal data?
We never save your personal information beyond what is necessary for each purpose. We have prepared cleaning procedures to ensure that personal data are not stored longer than is needed for the specific purpose. The length of time varies depending on the purpose of the data processing. For example, some information for accounting is legally required to be saved for at least seven years, while information about a person’s dietary requirements are deleted within a month of an event taking place.
What are your rights when your data is
As a person with registered personal data, you have a number of legal rights.
To find out how to manage your rights, see the section ”Managing your rights” further down. Below we list the rights of the data subject.
Right to register extract (right to access)
If you want to know which personal data we are holding about you, you can request access to the data. When you submit such a request, we may ask some questions to ensure that your request can be handled efficiently. We will also take measures to ensure that the information is requested by and handed over to the right person.
Right to correction
If you find that something is wrong, you have the right to request that your personal data be corrected. You can also supplement incomplete personal data.
Right to erase
You can request that we delete your personal data that we process e.g. if:
- The data are no longer necessary for the purposes for which they are being processed.
- You object to a “balance of interests” we have made based on our “legitimate interest”, where your reason for objection weighs heavier than our “legitimate interest”.
- Personal data is processed illegally.
- The personal information has been collected about a child (under 13 years of age) for whom you are responsible.
- If the data has been collected with your consent and you want to withdraw your consent.
However, we may have the right to refuse your request if there are legal obligations that prevent us from deleting certain personal data. It may also be that the processing is necessary for us to be able to determine, assert or defend legal claims.
If we are prevented from deleting your personal data, we will ensure that the personal data is not used for purposes other than the purpose that prevents them from being deleted.
Right to limitation
You have the right to request that our processing of your personal data be limited. If you claim that the personal information we process is inaccurate, you may request a limited processing during the time we need to verify whether the personal data is correct.
If, and when we no longer need your personal data for the stated purposes, VA’s routine is that the data are deleted.
If you have objected to a balance of legitimate interest that we have made as a legitimate basis for a purpose, you may request limited processing during the time we need to verify whether our legitimate interests outweigh your interest in removing the information.
If the treatment has been restricted according to one of the above situations, we may, in addition to the actual storage, process the data to determine, enforce or defend legal claims, to protect someone else’s rights or if you have given your consent.
The right to object to certain types of processing
You always have the right to object to all processing of personal data based on a balance of interests. You also always have the right to opt out of direct marketing.
Right to data portability
You have the right to data portability if our right to process your personal data is based on either your consent or an agreement with you. One prerequisite for data portability is that the transmission is technically possible and can be done automatically.
Manage your rights
An application for registry access or to invoke any of your other rights must be made in writing and self-signed by the person to whom the data pertains. We will reply to your requests no later than 30 days.
How do we handle social security numbers?
Wherever possible we avoid dealing with social security numbers. In some cases, however, it is justified, especially in cases requiring secure identification.
How is your personal data protected?
We work actively to ensure that personal data is handled safely. This applies both through technical and organisational protection measures.
The Swedish Data Inspection Authority (which will soon change its name to the Swedish Integrity Protection Authority) is the authority responsible for monitoring the application of the legislation on data protection. If you believe that we acted incorrectly, you can contact the Swedish Data Inspection Authority, see datainspektionen.se
What is a Cookie?
A cookie is a small text file that is stored on the visitor’s computer and contains information. Cookies are normally used to improve the website for the visitor. There are two types: Permanent cookies and temporary cookies.
Permanent cookies are files that are saved on the visitor’s computer or mobile phone and remain until a scheduled date expires. However, permanent cookies may be stored for 24 months. The file is used e.g. for the visitor to be able to use the website more easily based on their wishes and interests. However, these cookies will disappear earlier if the visitor chooses to clear cookies from their browser.
Temporary cookies are stored temporarily in the visitor’s computer or mobile device memory during a single visit to the site. These cookies disappear when the visitor closes their browser.
Turn off cookies
For those who do not want cookies to be stored on their computer or mobile, cookies can be blocked in their browser’s security settings. It is also possible to go into the browser’s settings and choose to clear all the cookies stored so far.
Contact us for questions!
If you have questions about how we process personal data or have a request in accordance with the above rights, you are always welcome to contact us at [email protected] or by telephone: 08-791 30 54.