Policy on privacy and personal data processing | Transportföretagen

Policy on privacy and personal data processing

Privacy in personal data processing is paramount to The Swedish Confederation of Transport Enterprises. Therefore, we strive towards maintaining a high level of data security. This document describes our policy, what personal data we collect and how we use it. The policy also includes your rights and how you can use them.

Please feel free to contact us anytime when you have questions about how we process your personal data. Our contact information is at the end of this text.

What is personal data, and what does processing personal data involve?

Everything that can directly or indirectly be attributable to a living, natural person is covered by the term personal data. This involves more than simply name and personal identity number, including images and email addresses.

Processing personal data involves everything that is done to your personal data in an electronic processing system, whether this involves using mobile units or computers. This includes collecting, registration, structuring, storing, processing, and transferring any information. In certain instances, processing may also involve actions taken outside a digital system. This applies to using a registry.

Personal Data Controller

The Swedish Confederation of Transport Enterprises is the controller of personal data when it comes to processing personal data in our operations. (Transportföretagen TF AB, CRN. 556498-9373, Storgatan 19, 102 49 Stockholm, Sweden). Some processing, as with our membership registry, is done in joint systems with the Swedish Confederation of Enterprises and its member organizations. Responsibilities between us and the Swedish Confederation of Enterprise and other member organizations is controlled by special agreements made for this purpose.

What personal data do we collect about you, and why?

Generally

We primarily process your name, email address, your phone number(s) and position. Sometimes we process additional information, such as whether you are an MEP, or local politician, but only when you can be viewed as having published that information. For some services, you may also be asked to provide areas of interest. If you create a user account with us, we will also process your log-in data.

We process your personal data for the purpose of providing the services and products you have asked for (such as a newsletter or a training course). We will also process your personal data to manage and administer our relationship with you and, when appropriate, to administer our contract with you or with your employer. We may also inform you about our courses, events, and other activities which we think match either your or our interests.

Additionally, we may use your personal data to inform you about products and services that we offer, and which you may find of interest. If you are a professional user, we may also inform you about products and services from us and our partners.

We may also process and analyze data from professional users (including profiling) that we collect as stated above (such as data collected when you order services or products, or you take part in a seminar or activity we have arranged). Our purpose is to provide you more individualized and relevant information.

The Swedish Confederation of Transport Enterprises always processes your personal data in compliance with applicable laws. We process your personal data when necessary to fulfil a contract with you, respond to your request for service, or when we have another legitimate and justified interest in processing your personal data, such as when marketing our services.

The Swedish Confederation of Transport Enterprises should process your personal data for any other purpose that requires your consent, we will first obtain your consent. Certain personal data may be required for you to provide, as when we want to provide you with a service or fulfil a request you have made. This will be clearly stated or specified when that data is collected.

For employees of member companies

We may process personal data of employees in our member companies in other ways than those described above. This is primarily related to the employer's membership and applies to various contact persons. Data related to contact persons may need to be processed to manage membership and related issues. For example, this may involve contact persons for negotiations or data related to membership in various working committees.

What sources do we retrieve personal data from?

Your personal data is collected, for example, when you enter your data to request to receive a newsletter, to participate in a seminar or other event, order services and/or products from us, or when you contact us. As well, when the company you work for signs up for and/or is part of a recruitment campaign, such data may be collected regarding senior managers in the company. Sometimes we receive data from a third party.

Who do we share your personal data with?

Personal data processor

In certain situations, it may become necessary for us to hire a third party to perform some of our processing. For example, this may be when we hire various IT service providers. These parties are considered personal data processors for us.

The Swedish Confederation of Transport Enterprises is liable to enter contracts with all our personal data processors and provide them with instructions regarding how they may process personal data. We naturally check to ensure that all our personal data processors can provide sufficient guarantees regarding security and confidentiality of your personal data.

When we hire a personal data processor, we do this only in full compliance with the purposes for which we process such data ourselves.

Other parties who are independent controllers of personal data

We also share your personal data with certain other parties who are independent controllers of personal data. This may involve statutory authorities, such as the Swedish Tax Authority, and even other member organizations. Some data is also reported for statistical purposes.

When your personal data is shared with another party who is an independent controller of personal data, then that party’s organizational privacy policy applies to their personal data processing.

We may also provide your personal data to our member organizations (and their companies) to the extent necessary for appropriate collaboration between these organizations. Moreover, we may hire providers and partners to perform tasks on behalf of the Confederation of Swedish Enterprise, as with providing IT, or marketing services, analyses or statistics. Performing these tasks may mean these providers gain access to your personal data.

The Swedish Confederation of Transport Enterprises may also provide your personal data to other third parties, such as the police or other statutory authority when this involves the investigation of a crime or we are otherwise liable to provide such data as required by law or authority.

Who processes your personal data?

We always strive to ensure your personal data is processed within the EU/EEA, but this may not always be possible.

For certain IT support, your data may be transferred to a third country outside the EU/EEA.  For example, this may involve us sharing your personal data with a personal data processor who, either directly or through a subcontractor, is established or store information in a country outside the EU/EEA. As the controller of personal data, we are liable to take all reasonable legal, technical, and organizational measures to ensure that such processing complies fully with the regulations applicable within the EU/EEA.

When personal data is processed outside the EU/EEA, the level of protection is guaranteed – either through a decision of the EU Commission that the country in question ensures an adequate level of protection, or through the use of appropriate safeguards. This could include having a Privacy Shield policy, the use of Binding Corporate Rules, and various contractual arrangements. Feel free to contact us for additional information regarding these safeguard measures. Standardized Model Clauses for data transfer, as adopted by the EU Commission, are available at the Commission website.

How long do we save your personal data?

We never save your personal data for longer than necessary for the purpose at hand. We have instituted clearing procedures to ensure that personal data is not stored longer than necessary for each specific purpose. The length of time this involves varies depending on the purpose for the processing. Certain bookkeeping data are required by law to be saved for seven years, while information about special diet needs is deleted within a few weeks after the event is concluded.

What are your rights regarding registered information?

When you are recorded in a registry, you have several legally enforceable rights. The procedures available to you in enforcing these rights are described in the paragraph below headed ‘Exercising your rights.’ Here, we list the rights you have relating to registered data.

Right to registry extract (Right of access)

If you want to know what personal data of yours that we process, you can request access to the data. When you submit such a request, we may ask you several questions to ensure efficient handling of your request. We will also take measures to ensure the information is requested by and provided to the right person.

Right of rectification

If you find an error in your data, you have the right to request that it be corrected. You may also supplement any incomplete personal data.
In certain instances, you can make the corrections yourself, in which case we will inform you.

Right to erasure

You can request that we erase the personal data about you that we process, including:

  • Data that is no longer necessary for the purposes for which they are processed.
  • You object to the balancing of interests we have made regarding our legitimate interest, where your reasons for objecting weigh greater than our legitimate interest.
  • Personal data is being processed illegally.
  • The personal data has been collected regarding a child (less than 13 years) for whom you have parental responsibility.
  • If the data was obtained based on your consent and you want to rescind that consent.

However, we may have the right to deny your request when legal duties prevent us from immediately erasing certain portions of your personal data. We may also be required to process such information to be able to establish, pursue, or defend a legal claim.

If we are prevented from erasing your personal data, we will block that data from being able to be used for other purposes than those preventing their erasure.

Right to restriction

You have the right to request that our processing of your personal data be restricted. If you object to the factual correctness of the personal data that we process, you may request restriction to that processing for the period we need to ensure that the personal data is correct.

If, and when, we no longer need your personal data for the established purposes, our normal procedure is to delete them. If you require them to be able to establish, pursue, or defend a legal claim, you may request restrictions to our processing of your personal data. This means that you can request that we do not delete and erase your data.
If you have objected to a balancing of legitimate interests that we have made as legal grounds for a purpose, you may request restriction to that processing for the period we need to ensure that our legitimate interest weighs greater than your interests in having the data erased.

If the processing has been restricted as provided in any of the situations described above, we may, in addition to simply storing that data, only process them to establish, pursue, or defend a legal claim, to protect the rights of a third party, or where you have issued your consent.

Right to object certain types of processing

At all times, you have a right to object to all processing of your personal data that relies on a balancing of interest. You also have the right to stop their use for direct marketing.

Right to data portability

As the person registered, you have the right to data portability if our right to process your personal data relies on either your consent or fulfilment of a contract with you. A prerequisite for data portability is that the transfer is technically possible and can be done automatically.

Exercising your rights

Your request for a registry extract, or your demand to invoke any of your other rights, shall be made in writing with your handwritten signature. We will respond to your request without undue delay, or not later than within 30 days. Download the document and fill in the questions before you sign it. Then email the completed document to dataskyddsombud@transportforetagen.se. The email shall, to the extent possible, be sent from the email address you are registered with at the Swedish Confederation of Transport Enterprises.

How do we process your personal identity number?

We avoid processing personal identity numbers to the extent possible. However, in certain instances this may be justified with regard primarily to a need to have certain identification. Regarding processing of personal identity numbers, such as the corporate registration number for sole traders, this is necessary when such companies are members, since the registration number is the same as the sole trader’s personal identity number.

How are your personal data protected?

We actively work to ensure that personal data is processed securely. We do this using both technical and organizational security measures.

Supervisory Authority

The Swedish Data Protection Authority (currently Datainspektionen, but soon to change name) is responsible for monitoring the application of data protection laws. If you feel we have acted incorrectly, you can contact the Authority at datainspektionen.

Contact us when you have any question about how we process personal data!

If you have any question about how we process personal data, or you want to request to invoke your rights as detailed above, you are always welcome to contact us at: gdpr@transportforetagen.se or by phone at: +46 (0) 8-762 71 00.

We may amend our privacy policy. The latest version of our privacy policy is always available here at our website.