Svensk Handel’s Privacy Policy
Svensk Handel values your personal integrity. We always strive to maintain a high level of data protection. In this privacy policy we explain how we collect and use your personal data. We also describe your rights and how you can enforce them.
You are always welcome to contact us regarding any questions you may have about how we process your personal data. You can find our contact details at the end of this text.
The controller
Föreningen Svensk Handel, org. no. 802001-3630, and Svensk Handel AB, org. no. 556025-8807, 103 29 Stockholm, Sverige, are data controllers for the processing of your personal data. For certain processing of personal data, such as the member register, we use systems which we share with the Confederation of Swedish Enterprise (SW: Svenskt Näringsliv). The responsibility for the processing of personal data between us and the Confederation of Swedish Enterprise are in such cases regulated in agreements.
What personal data are we collecting and why?
In general
We mainly process your name, your e-mail address, your telephone number and your position. In certain cases, additional information may however be processed. For example, if you are a Member of Parliament or a local politician, but only if you have publicly published said information yourself.
You may be obliged to provide certain personal data, for example in order for us to provide a service or fulfil a request from you. This will be stated, or you will be informed of this, in connection with the collection of the data. More information regarding how Svensk Handel processes your personal data is shown in the tables below.
1. ADMINISTRATION OF MEMBERSHIP
We will process personal data in connection with your membership in order to administer the membership and in order for us to be able to communicate with you regarding, e.g., entry and withdrawal from membership. We may therefore need to process personal data about you as a representative of our member companies.
Example of processing activities performed for the purpose |
|
Categories of personal data |
|
Legal basis | Our legitimate interest in being able to administer membership and membership benefits in accordance with the agreement entered into between Svensk Handel and the member company in connection with the company’s entry into Svensk Handel. |
Legal basis for allergies | Your previous consent. |
Retention period | We store your personal data up to three years after your company withdraws from Svensk Handel. |
2. ADMINISTRATION OF THE CERTIFICATION TRYGG E-HANDEL
We will process personal data in connection with the certification in order to administer the certification and in order for us to be able to communicate with you regarding, e.g., the certification. We may therefore need to process personal data about you as a representative of a certified company.
Example of processing activities performed for the purpose |
|
Categories of personal data |
|
Categories of recipients of personal data | Supplier of CRM systems, supplier of invoicing systems, supplier of marketing tools and supplier of contract signing systems. |
Legal basis | Our legitimate interest in being able to administer and document information necessary to fulfill our obligations under the certification agreement in an efficient and accurate manner. |
Retention period | We store your personal data as long as the company is certified. |
3. PROVIDING MEMBERSHIP SERVICE
An important part of Svensk Handel’s work is to provide good service to our members. We always strive to handle specific members cases as quickly as possible. We may process personal data in connection with this.
Example of rocessing activities performed for the purpose |
|
Categories of personal data |
|
Legal basis | Our legitimate interest in being able to provide good and efficient service to members in individual membership cases and other cases concerning our members. |
Retention period | We store your personal data up to three years after your company withdraws from Svensk Handel. |
4. PROVIDING SERVICES WITHIN THE CERTIFICATION TRYGG E-HANDEL
As a certified company, you have access to certain services such as e.g., legal advice. In connection with the use of one of our services, we may process personal data about you as a representative of a certified company.
Example of processing activities performed for the purpose |
|
Categories of personal data |
|
Categories of recipients of personal data | Supplier of services, e.g., legal advice. |
Legal basis | Our legitimate interest in being able to provide a good and efficient service to the company in individual cases. |
Retention period | We store your personal data until it has been handed over to the relevant service provider. |
5. PROVIDING A TIP FUNCTION FOR THE CERTIFICATION TRYGG E-HANDEL
Sometimes things go wrong when buying online and then it’s easy for frustration to arise. Since our certified companies must comply with our requirements regarding the certification, we are keen to find out if this is not happening. Individuals therefore have the opportunity to submit a tip to us via a form on the Trygg E-handel website.
Example of processing activities performed for the purpose |
|
Categories of personal data |
|
Categories of recipients of personal data | Supplier of marketing tools. |
Legal basis | Our legitimate interest in being able to handle tips about certified companies to ensure they meet the requirements for the certification. |
Retention period | We store your personal data until the case is closed. Note that certain data can also be stored according to clause 11 for the purpose of keeping statistics on received tips. Read more under clause 11 (Development, improvement and evaluation of our business). |
6. MARKETING
There is a lot going on at Svensk Handel and we are constantly working to make it easier for you as a member by providing you with benefits, information about the latest news as well as any other information we believe may be interesting to you. As a designated contact person at your company, you will automatically receive our communication. We can also register you to receive our communication if you have expressed interest for our business e.g., signed up to our newsletter, attended one of our events or seminars or if you have been in contact with us in other ways. We also perform statistical analyses linked to our marketing to become even better in our communications with our members. We need to process your personal data in order to send our marketing communication to you.
Please note that you always have the right to object to our marketing. You can do this directly in the communication we send to you through the provided unsubscribe link or by contacting us (you find our contact details at the top of this privacy policy).
Example of processing activities performed for the purpose |
|
Categories of personal data |
|
Categories of recipients of personal data | We may disclose company registration numbers or contact details to our partners so that you can take advantage of beneficial offers relevant to your business, e.g., better credit card agreements or lower prices on payment solutions or insurance. |
Legal basis | Our legitimate interest in being able to market Svensk Handel and our services and our member companies’ legitimate interest in being able to receive membership benefits and relevant communication. |
Retention period | Whichever comes first of (1) you object to our marketing or alternatively (2) one year after your company withdraws from Svensk Handel, or (3) for you who are certified company of the certification Trygg E-handel 2 years from your last activity. Activity means that your company has engaged our services, that you have attended one of our seminars, contacted us or otherwise expressed an interest in our services. |
7. EVENTS, NETWORK AND EDUCATION
From time to time, we arrange events and networking meetings to inform our members and other third parties about our work, news, reports and other similar information. Various departments within Svensk Handel also arrange courses, seminars and webinars about, for example, labour law, for our member companies and other interested parties. Participants can voluntarily register for the events, networking meetings and the educational courses and seminars that we organise. We need to process your personal data in order to be able to administer and carry out the event, the networking meeting or the educational course and seminar.
Example of processing activities performed for the purpose |
|
Categories of personal data |
|
Categories of recipients of personal data | We may share lists of participants to external lecturers or other companies, e.g., exhibitors, with whom we organize the seminar or event. We may also share lists of participants to other participants at the event to enable networking between our participants. Photos taken at our events or seminars may also be shared with our partners for the respective event. |
Legal basis | Our legitimate interest in being able to administer and carry out an event, a networking meeting and an educational course/seminar. If you participate in a seminar or event as a private person, we process your personal data based on the agreement we entered into with you. |
Legal basis for allergies | Your previous consent. |
Retention period | We store your personal data up to six months after the event or seminar. Special categories of personal data are deleted immediately after the seminar or event has been completed. |
8. PURCHASE OF SERVICES OR PRODUCTS
When we purchase services or products from our suppliers, we will process personal data about our suppliers' contact persons. We do this in order to be able to maintain a good business relationship and to fulfill commitments in the relevant supplier agreement. In connection with a seminar or event, we can also hire external lecturers and we then need to process their personal data.
Example of processing activities performed for the purpose |
|
Categories of personal data |
|
Categories of recipients of personal data | E-mail supplier and supplier of contract signing systems. |
Legal basis | Our legitimate interest in being able to use personal data to maintain a good business relationship and fulfill our commitments in the relevant supplier agreement or commission agreement, e.g., in relation to external lecturers. |
Retention period | The later of (i) the end of our agreement or the implementation of the seminar/event or (ii) the end of our right of complaint according to the agreement (or law if applicable). |
9. AVOCACY WORK
Enterprise policy is important to Svensk Handel. We conduct advocacy work towards decision-makers regarding issues that are important to the retail and wholesale industry and concerning new legislation by, for example, answering formal consultations and administering networks for the retail and wholesale industry. In connection with this Svensk Handel will, in certain cases, process personal data.
Example of processing activities performed for the purpose |
|
Categories of personal data |
|
Legal basis | Our legitimate interest in being able to conduct advocacy work regarding matters important to the trading industry towards decision-makers. |
Legal basis for political opinions | Information about political affiliation is only processed to the extended that a data subject has a political assignment. The information is, in other words, public. |
Retention period | For this purpose, it is difficult to in advance determine how long your personal data will be stored as it may depend on the outcome of elections, the handling of matters by the legislator and relevant consultative bodies and authorities. We have instead implemented routines to review our registers no later than four years after the year that the personal data was collected with the purpose to decide if the personal data shall be deleted or not. |
10. COMPETITIONS
Sometimes we want to organize competitions and offer an opportunity to win prizes. In connection with this, we will process your personal data.
Example of processing activities performed for the purpose |
|
Categories of personal data |
|
Legal basis | Our legitimate interest in being able to implement and administer our competitions. |
Retention period | We store your personal data up to three months after the completion of the competition. |
11. DEVELOPMENT, IMPROVEMENT AND EVALUTATION OF OUR BUSINESS
To ensure that we can improve our offers we may use personal data to produce statistics or similar data with the intent to develop and improve our business. To protect individuals’ personal integrity, we will, to the extent possible, anonymize or pseudonymize personal data so that the data merely constitute statistical data that we cannot link directly to individuals.
Example of processing activities performed for the purpose |
|
Categories of personal data |
|
Legal basis | Our legitimate interest in being able to use personal data to develop, improve, evaluate and in general optimize our operations. |
Retention period | It is difficult for us to in advance determine how long your personal data will be stored for this purpose. We have instead implemented routines to continuously examine whether your personal data still is necessary for this purpose. We will remove personal data which we have not used for a period of five years because as we in such cases no longer consider your personal data to be necessary. |
12. LEGAL OBLIGATIONS
There are several legislative acts that Svensk Handel has to comply with. Some of these acts require that we process personal data.
Example of processing activities performed for the purpose |
|
Categories of personal data |
|
Categories of recipients of personal data | We may disclose your personal data to relevant counterparties, agents, authorities or courts. |
Legal basis | The processing is necessary to be able to comply with legal obligations according to applicable law. |
Retention period | During the time that is necessary to fulfil the relevant legal obligation or in accordance with applicable law. For example, there is a legal obligation in the Swedish Bookkeeping Act that we need to store certain information related to our invoicing. |
13. SECURITY WORK AND TO PREVENT ABUSE OR PREVENT AND INVESTIGATE CRIME
To ensure that we can protect your personal integrity and to create a safe environment within our business, we actively work with our security to be able to, e.g., prevent abuse of our services, unauthorized access to our premises, or to prevent or investigate crimes against our business. For this purpose, we may process personal data.
Example of processing activities performed for the purpose |
|
Categories of personal data |
|
Legal basis | Our legitimate interest in being able to provide secure services, to prevent abuse of a service or to prevent and investigate crimes against Svensk Handel. |
Retention period | 36 months after the end of the year in which the data were collected. Images from camera surveillance are saved for two months after collection. If we suspect abuse of a service or that a crime has been committed, we will save the information for the time necessary to establish, excercise or defend our (or third parties') legal claims. |
FOR EMPLOYEES OF OUR MEMBER COMPANIES
For employees at our member companies, we may also process personal data in other ways than those mentioned above. This is mainly linked to the employer's membership and applies to various contact persons. Contact information may be needed to manage membership and issues related to it. This may concern, for example, contact persons related to the connection of collective agreements, collective agreement negotiations, trade union negotiations, labor law advice and disputes in court. It can also be about information regarding membership in various working groups. Please find more information in our Privacy policy for integrity and processing of personal data for union representatives, co-parties, counterparties, witnesses and others (in Swedish).
How we process your personal data related to Varningslistan
The security department at Svensk Handel provides daily advice and support directly to retail and wholesale companies. Varningslistan is published on Svensk Handels' website and publishes warnings related to fraudulent invoices, companies with unscrupulous sales methods and of offers or mailings that may be perceived as misleading. In connection with Varningslistan, we may process your personal data.
Example of processing activities performed for the purpose |
|
Categories of personal data |
|
Legal basis | Our legitimate interest in being able to warn retail and wholesale companies of fraudulent invoices, companies with unscrupulous sales methods and of offers or mailings that may be perceived as misleading. |
Categories of recipients of personal data | Governmental authorities |
Retention period | It is difficult for us to in advance determine how long your personal data will be stored for this purpose. We have instead implemented routines to continuously examine whether your personal data still is necessary for this purpose, e.g. criteria to control if a published company still is or can be relevant against the number of complaints that we have received. |
From what sources do we collect your personal data?
Except for personal data that you disclose to us, we may also collect personal data from a third party.
Source of collection | Types of personal data |
Member companies (for example, when member companies apply for and / or are part of a recruitment campaign, information can be collected about people in leading roles at the company) | Name and contact details |
The Swedish Companies Registration Office via Bisnode | Name, contact details and company registration number (personal data in case of sole trader) |
External web pages | Publicly available information about political affiliation |
Parties with whom we may share your personal data
Data Processors
In some situations, it is necessary for us to hire other parties to be able to perform our work. This concerns, for example, when companies within our group processes personal data on our behalf or when we use various IT suppliers. They are to be regarded as data processor to us and they only process personal data in accordance with our instructions.
Third parties that are data controllers
We also share your personal data with certain other actors who are independently responsible for personal data, i.e. other data controllers. This can be both authorities, such as the Swedish Tax Agency, and other member organizations as well as partners providing membership benefits. We may also disclose personal information to the Confederation of Swedish Enterprise and other member organizations of the Confederation of Swedish Enterprise (and to their member companies) to the extent necessary for collaboration between the organizations. Svensk Handel may also disclose personal information to third parties, such as the police or other authorities, if it concerns an investigation of a crime or if we are otherwise obliged to disclose such information on the basis of law or a decision by a governmental body.
When your personal data is shared with an actor who is independently responsible for personal data, that organization's privacy policy apply. We encourage you to read their information on how they process your personal data.
Where do we process your personal data?
We always strive for your personal data to be processed within the EU/EEA, but sometimes this is not possible.
For certain IT support, the data can be transferred to a country outside the EU/EEA. This applies, for example, if we share your personal data with a data processor who, either itself or through a subcontractor, is established or stores information in a country outside the EU/EEA. As the data controller, we are responsible for taking all reasonable legal, technical and organizational measures to ensure that the processing takes place in accordance with EU/EEA regulations.
When personal data is processed outside the EU/EEA, the level of protection is guaranteed either through a decision by the European Commission that the country in question ensures an adequate level of protection or through the use of so-called appropriate safeguards, in the form of standard contract clauses or binding corporate rules that ensure your rights are protected.. If you would like further information about these safeguards, please feel free to contact us.
How long do we store your personal data?
We never store your personal data longer than is necessary for each purpose. We have implemented retention schedules to ensure that personal data is not stored longer than is needed for the specific purpose. How long this is depending on the purpose of the processing. Some information related to our accounting is saved for at least seven years in accordance with the Swedish Bookkeeping Act, while information on special diets is deleted within approximately a week after the event has ended. Specific storage times can be found in the tables under the heading "What personal data do we collect about you and why?".
Please note that personal data collected for certain purposes may be stored for a longer time than stated above as the same data can be used for other purposes with a longer retention period. For example, information that we collect in connection with membership (purpose 1) can be used to be able to establish, exercise or defend legal claims concerning Svensk Handel's business (purpose 8).
What are your rights as a data subject?
When we process your personal data, you have certain rights. Please see below more information about how you exercise your rights. In this section we inform your about your rights.
Your right to access
If you want to know more about the personal data that we process about you, you have the right to request access to your personal data. If we receive a request for access, we may ask for additional information to ensure that we administer your request efficiently. We may also take measures to ensure that we disclose the personal data to the right person.
Your right to rectification
If you discover inaccuracies in relation to your personal data, you have the right to request that your personal data is corrected. In some cases, you have the possibility to make the corrections yourself, which we will inform you of if this is the case.
Right to erasure or restriction of processing
You have the right to request that we delete the personal data that we process about you. For example, this applies if:
The personal data are no longer necessary for the purposes for which they are processed.
You object to a balance of interests we have made based on our legitimate interest, where we cannot demonstrate compelling legitimate grounds that overweighs your rights and freedoms.
Your personal data is processed illegally.
If the information has been obtained with the support of your consent and you want to revoke your consent.
Please note that we may have the right to deny your request if there are legal obligations that prevent us from immediately deleting certain personal data. It may also be that the processing is necessary for us to be able to establish, assert or defend legal claims.
If we are prevented from deleting your personal data, we will restrict the personal data from being used for purposes other than the purpose that prevents them from being deleted.
Your right to restriction
You have the right to request that our processing of your personal data is restricted. For example, if you object to that the personal data we process are correct, you can request that we restrict our processing during the time we need to control whether the personal data are correct.
If, and when, we no longer need your personal data for the stated purposes, our routine is normal for the data to be deleted. If you need them to be able to establish, exercise or defend legal claims, you can request that we restrict processing of the data. This means that you can request that we do not delete your information during this time.
If you have objected to a balance of interests of legitimate interest that we have made as a legal basis for a purpose, you can request that we restrict our processing during the time we need to assess whether we have compelling legitimate grounds that overweighs your rights and freedoms, in which case your data will not be deleted.
If the processing has been restricted according to any of the above situations, we may only, in addition to the actual storage, process the data to establish, exercise or defend legal claims, to protect someone else's rights or if you have given your consent.
Your right to object to certain types of processing
You always have a right to object to any processing of personal data that is based on our legitimate interest as a legal basis. We will then assess whether there are compelling legitimate reasons why we must continue to process your information despite your request.
Your right to withdraw your consent
Have you given your consent to any processing we preform? In such a case, you have the right to withdraw your consent at any time. When you withdraw your consent, we will not collect new information about you for the purpose that your consent was the legal basis for. We have, however, the right to process the personal data which we have collected about you before you withdrew your consent. If there are no other legal basis that require us to store the information, we will delete the information.
Your right to data portability
As a data subject, you have the right to data portability if the legal basis for processing your personal data is either your consent or fulfilment of a contract with you.
Manage your rights
If you want to exercise your right of access or if you want to exercise one of your other rights, we kindly ask the person to send us such request in writing and from the data subject concerned. We will respond to your requests without undue delay and no later than 30 days from the date of your request. Download this document, answer the questions and sign it. Then email the completed document to gdpr@svenskhandel.se. The email should, as far as possible, be sent from the email address you are registered with at Svensk Handel.
How do we process personal identification numbers?
As far as possible, we avoid processing personal identity numbers. In some cases, however, it is justified mainly by the fact that we need a secure identification. With regard to the processing of personal identity numbers in the form of company registration numbers for sole traders, this processing is required as long as the company is a member in that the company registration number consists of the social security number.
Supervisory authority
The Swedish Authority for Privacy Protection (Sw. Integritetsskyddsmyndigheten) is the authority responsible for monitoring the application of data protection legislation. If you believe that we unlawfully process your personal data, you can complain to the Swedish Authority for Privacy Protection, see imy.se.
Collective bargaining agreements
Svensk Handel has signed a collective bargaining agreement with the Handelsanställdas förbund, Unionen and the Akademikerförbunden on the processing of personal data. The agreement only regulates processing performed by the unions. It therefore does not apply to the member companies' processing of personal data and is therefore irrelevant in local assessments.
Please see Kollektivavtal rörande skyldighet att föra register i vissa avseenden m.m.
Contact us with questions regarding our processing of personal data
If you have questions about how we process your personal data or if you want to exercise your rights, you are always welcome to contact us at: gdpr@svenskhandel.se, or by phone at: 010-47 18 500.
We may make changes to our privacy policy. The latest version of the privacy policy is always available on the website.
- Publicerad:
- 2023-02-02
- Senast uppdaterad:
- 2023-06-01