Personal data processing at Swerea
You should always feel safe when providing personal data to the Swerea Group. We do everything we can to protect your data from unauthorised access. All personal data processing is carried out pursuant to the EU’s General Data Protection Regulation (GDPR).
What is personal data?
Personal data is any information that can be linked to you as an individual. For example, your name, private email address, private telephone number, etcetera.
Information linked to companies, such as company identification numbers, company telephone number, e-mail linked to company or position etc. are not considered personal data. The personal ID number of a sole proprietor is registered since this doubles as the company ID number.
How does Swerea process personal data?
Collection and consent
Swerea collects personal data through both digital and analogue channels (e.g. websites, seminars, customer meetings, by telephone, etc.). The data is stored in the company's internal customer databases (Swerea IVF, Swerea KIMAB, Swerea MEFOS, Swerea SICOMP, Swerea SWECAST and/or Swerea AB).
We always request your consent if we need to save your personal data for a specific purpose. Exceptions may take place:
- When we are obligated to store your data owing to legal requirements (e.g. the Swedish Accounting Act).
- When you or your company enters into a business relationship with us (legitimate interest).
Use and purpose
We never collect more information than the situation requires and only for specific purposes. Such purposes include:
- providing a product or service
- marketing activities
- legal requirements
We seldom process sensitive data, but this may occur. If you personally choose to provide us with that type of information, Swerea considers that you have given your consent to the registration of the data in accordance with the purpose explicitly stated in conjunction with the submission of the data. For example, when you personally provide information about cost preferences prior to a seminar, without Swerea requiring it.
Swerea’s social media accounts
Personal data can and may be found on Swerea’s social media accounts provided that it is uncategorised. Offensive/abusive comments and information containing sensitive personal data are not permitted. If such are identified, they will be reported to Swerea’s marketing department or webmaster [at] swerea.se and promptly deleted.
In cases where external suppliers or partners have access to systems in which personal data is available, we have set up so-called ‘associate agreements’ to ensure that the data is processed and protected in a secure manner.
How long is personal data stored?
We store your personal data for as long as it is necessary to perform the task for which the personal data has been collected and saved.
Right of access
You have the right to request information, once a year, regarding what personal data we process about you or your company. The request for information must be submitted in writing to the personal data controller in the Swerea subsidiary/parent company applicable to your enquiry.
Right to rectification and right of erasure
You may request, at any time, that rectifications be made to your personal data or request to be erased from our registry if you are unable to do so yourself. We will rectify or erase your data without undue delay.
To request rectification or erasure, see contact details below. Please note that legal limitations and other regulations may exist which restrict your abovementioned rights.
Who should I contact regarding questions on personal data processing?
If you have any questions about Swerea’s processing of personal data, please contact privacy [at] swerea.se. Please note that personal data management is carried out per subsidiary/parent company and you may receive a speedier response if you specify the company/companies to which your request relates.
Changes to personal data provisions
Changes concerning personal data processing in Swerea will be communicated on this website. Provisions may change owing to, for example, legislative amendments. However, if the processing of personal data is governed by a customer agreement, the contractual provisions apply until amended, unless these are irreconcilable with law or other legally binding provisions.