SIS’ GENERAL PRIVACY STATEMENT
SIS protects your personal data
Protecting your personal data and your privacy is important to the Swedish Institute for Standards (“SIS”). In this general privacy statement and the category-specific information texts (e.g. regarding customers, members and job applicants) below, SIS wishes to clearly and unambiguously communicate how SIS collects, stores, uses and otherwise processes your personal data.
If SIS changes how it processes personal data, or processes personal data for new purposes, this statement and the category-specific information texts may be updated. In such cases, SIS will provide information in this regard.
Personal data is all data and information that can identify you as a person. The crucial point is that the data, either alone or in conjunction with other data, can be linked to you as a person. Examples of personal data are your name, address, other contact details (e.g. IP or email address), date of birth, personal ID number, ID card number, bank account information, product or service orders and photographs of you.
The Swedish Institute for Standards (corporate ID number 802410–0151) is the data controller and is therefore also responsible for how your personal data is processed. SIS has appointed a person as data controller (“SIS Data Controller”) who monitors and checks that SIS is managing your personal data in a correct and legal manner. You can get in touch with the SIS Data Controller via email to firstname.lastname@example.org, or by sending a letter to:
SIS Data Controller
Svenska Institutet för Standarder
SE-104 31 Stockholm, SWEDEN
Under some circumstances, the responsibility for data protection and your privacy is shared with a third party, for example banks, postal services and providers of electronic communication and social media. In these cases, SIS and the third party are joint data controllers. More information about this can be found in the information texts below for each category of data subject (e.g. if you are a customer, member or website visitor).
Sources and recipients of your personal data
The personal data processed by SIS is primarily such data that you have provided to SIS, but SIS may also obtain data from other companies and organisations, for example the Swedish Tax Agency or partners.
Your personal data is only available and accessible to those at SIS who need the data to fulfil the intended purposes of the processing. To the required extent, your data may be shared with providers (e.g. providers of IT systems) that carry out tasks for SIS, as well as with SIS’ partners. Sometimes, SIS is also obliged to submit certain data to public agencies, e.g. the Swedish Tax Agency.
SIS may also submit personal data to a third party if SIS deems it necessary to be able to: i) investigate possible legal breaches, ii) identify, contact or take legal action against someone who is possibly in breach of a contract with SIS, iii) investigate security breaches or cooperate with public agencies on a legal matter, or iv) safeguard SIS’ rights, security or property.
Purpose and legal basis
Your personal data is collected and mainly used to enter into or fulfil contracts with you (e.g. when you purchase SIS products or services), meet or assert legal obligations (e.g. under accounting rules), fulfil marketing purposes or other legitimate interests of SIS. In certain special cases, SIS may request that you give your consent to certain processing of your personal data. This consent can, however, be revoked at any time.
SIS may not collect, store, use or otherwise process your personal data without a valid legal basis, e.g. consent, fulfilment of a contract or legitimate interest. For each specific purpose, SIS informs you below of which legal basis is applicable and which rights you can exercise.
The main principle is that SIS does not retain your personal data for longer than is necessary to fulfil the purpose of the processing. SIS therefore deletes personal data as soon as SIS no longer requires it.
The purposes for which SIS processes your personal data, the legal basis for the processing and how long SIS retains personal data is described in more detail in the information texts below for each category of data subject.
Processing outside the EU/EEA
The personal data SIS collects is generally stored and used within the EU/EEA but can also, when required, be transferred (e.g. to our IT system provider) and processed in a country outside the EU/EEA. All such transfer and processing of your personal data takes place in accordance with applicable legislation. Where relevant, the standard contractual clauses of the EU Commission are used to ensure protection equivalent to that you are guaranteed within the EU/EEA.
You have certain statutory rights regarding SIS’ management of your personal data. This includes the right to information, the right to erasure, the right to rectification and restriction and the right to object to, for example, direct marketing. You also have the right to complain to the Swedish Authority for Privacy Protection if you consider that SIS’ processing of your personal data does not meet requirements under applicable data protection legislation. You can read more about your rights in the more comprehensive information texts below.
If you wish to complain about how SIS processes and protects your personal data, you are entitled at any time to lodge a complaint with the Swedish Authority for Privacy Protection or other competent supervisory authority.
SIS may update this text and the information texts below. The latest versions are always available on SIS’ website (www.sis.se).
Date for this version of the General Privacy Statement: 13 January 2023
In case of discrepancies between the English and Swedish language versions of SIS Personal Data Protection Information, the Swedish version shall take precedence.