We apply the EU General Data Protection Regulation (GDPR) to all our activities, unless local
equivalent legislation would provide stronger protection. This data protection policy explains, in part, how we collect and use your personal information, and what rights you have towards us and how you can act to enforce these rights. You can always contact us if you have questions regarding personal privacy and data protection by sending an e-mail to si@si.se.

One of the reasons for us to handle personal information is to be able to offer our services, such as
participation in our educational programmes or events. We may also need to handle personal
information in order to offer you other services or to provide you with information that you have
requested.

How we look at our handling of your personal information:

When we ask for personal information we will:

  •  be transparent as to why and for what purpose we need to access the personal information in
    question
  • only ask for the information we need and not gather too much or irrelevant information
  • protect the information and make sure that no inappropriate person has or can gain access to
    the information
  • be transparent whenever we share personal data with organisations with which we cooperate
    that are based in countries outside the EU and EEA, and if so, for what purpose we share that
    information
  • make sure that we do not handle and store your personal data longer than is necessary for the
    specific purpose or for longer than what is in compliance with Swedish law.

What we would like from you:
When you choose to take part of our offers and services, or otherwise provide your personal
information to us, such as when you receive service and information, please provide us with accurate
information and inform us promptly if the information needs to be updated. This may concern
information such as your contact information (new address, e-mail address, phone number, etc.) since
this helps us keep your information accurate and up to date.

Contact us for more information about:

  • what specific information about you we handle, for what reasons and with which legal basis
    we handle the information
  • your rights regarding getting incorrect information adjusted or getting information about you
    deleted
  • agreements we have with other organisations about sharing information
  • our instructions to our staff on how to collect, use and remove personal data
  • how we verify that the personal data we handle is correct and current
  • your rights to contact the Swedish Privacy Protection Authority with tips and complaints if
    you believe that we violate the rules for handling personal data.

Is your personal information handled in a safe way?
Our security systems are developed with your privacy in focus and will to a great extent protect against intrusion, destruction and other changes that could endanger your privacy.

Principles for our handling of your personal data
All handling of personal data by us complies with the principles set out in the GDPR. The principles
imply, inter alia, that personal data may only be collected for legitimate purposes that are not overly
general, and that the amount of data is limited to what is necessary for the purposes. The data will not
be handled at a later date in a way that is incompatible with these purposes and will not be saved
longer than necessary.

Legality, correctness and transparency
We will treat personal data in a legal, correct and transparent manner in relation to you as a registered
person. It will be clear to you as a registered person how your personal information is collected and
otherwise handled. Should we fail in this regard, we would be grateful if you contacted us so that we
could improve our information in relation to you and also improve our routines.

Limitation of purpose
We collect only personal information for specific, explicitly stated, and legitimate purposes. Personal
data is handled only in accordance with the stated purpose. In addition, your personal data may be
handled for archival purposes of general interest, scientific or historical research or for statistical
purposes.

Data minimisation
The personal data we handle should be adequate, relevant and not overly comprehensive in relation to
the purposes for which they are handled. We do not collect personal data for indefinite future needs
and the like. Should personal data be too old and no longer relevant for the original purposes, they are
deleted immediately, unless they are part of a general document to be archived (Archives Act 1990:
782).

Correctness
We take all reasonable steps to ensure that any personal information we have registered about you is
accurate and up to date, and that incorrect personal data is deleted or corrected without delay.

Archive minimisation
We do not store personal data in a form that allows you to be identified for a longer period of time
than is necessary for the purposes for which your personal data is handled. When personal data is no
longer required for those purposes, we delete or make them unidentifiable. To ensure that personal
data is not saved longer than necessary, we have deadlines and routines for deletion. Your personal
data may be stored for a longer period of time for archival purposes of public interest, scientific or
historical research or for statistical purposes.

Integrity and confidentiality
We protect your personal data against unauthorised or illegal use and against loss, destruction or
accidental damage and have for this purpose implemented appropriate technical and organisational
measures.

Limited access
Access to your personal data is limited in such a way that only those who need the information to fulfil
a task of public interest in relation to you, or otherwise provide information or a service you have
requested, will have access to the task.

Gain access to your personal information
You are entitled to request a copy of any personal information that we have about you. In order to
ensure that we provide information about our processing of personal data to the person concerned and
not to someone who claims to be that person, and also to ensure that your request can be handled
quickly and efficiently, we ask that you first provide us with:

  • a written request
  • proof of identity
  • proof of current address
  • information about which organisational units or staff members at SI that you have been in
    contact with, for what purpose and when that contact was made.

Contact us
The Swedish Institute is responsible for the personal data, which means that we are responsible for
how your personal data is processed and handled, and that your rights are respected. The Swedish
Institute has a personal data protection officer and a team of data protection coordinators.
You can always reach the Swedish Institute’s registrar at si@si.se.