Svensk Handel’s Privacy Policy

Svensk Handel values your personal integrity. We always strive to maintain a high level of data protection. In this privacy policy we explain how we collect and use your personal data. We also describe your rights and how you can enforce them.

Please also see our Privacy policy for integrity and processing of personal data for union representatives, co-parties, counterparties, witnesses and others (in Swedish).

You are always welcome to contact us regarding any questions you may have about how we process your personal data. You can find our contact details at the end of this text.

The controller

Föreningen Svensk Handel, org. no. 802001-3630, and Svensk Handel AB, org. no. 556025-8807, 103 29 Stockholm, Sverige, are data controllers for the processing of your personal data. For certain processing of personal data, such as the member register, we use systems which we share with the Confederation of Swedish Enterprise (SW: Svenskt Näringsliv). The responsibility for the processing of personal data between us and the Confederation of Swedish Enterprise are in such cases regulated in agreements.

What personal data are we collecting and why?

In general
We mainly process your name, your e-mail address, your telephone number and your position. In certain cases, additional information may however be processed. For example, if you are a Member of Parliament or a local politician, but only if you have publicly published said information yourself.

You may be obliged to provide certain personal data, for example in order for us to provide a service or fulfil a request from you. This will be stated, or you will be informed of this, in connection with the collection of the data. More information regarding how Svensk Handel processes your personal data is shown in the tables below.

1. ADMINISTRATION OF MEMBERSHIP

We will process personal data in connection with your membership in order to administer the membership and in order for us to be able to communicate with you regarding, e.g., entry and withdrawal from membership. We may therefore need to process personal data about you as a representative of our member companies.

Example of processing activities performed for the purpose	Administration of entry, transfer or withdrawal of membership in Svensk Handel Invoicing of membership fee Registration of members so that they can access the Svensk Handel’s member portal Creation of user accounts Dispatch of notices to Svensk Handel’s annual general meeting Payment of conflict compensation
Categories of personal data	Name Contact details Position and company Company registration number (personal data in case of sole trader) Allergies
Legal basis	Our legitimate interest in being able to administer membership and membership benefits in accordance with the agreement entered into between Svensk Handel and the member company in connection with the company’s entry into Svensk Handel.
Legal basis for allergies	Your previous consent.
Retention period	We store your personal data up to three years after your company withdraws from Svensk Handel.

2. ADMINISTRATION OF THE CERTIFICATION TRYGG E-HANDEL

We will process personal data in connection with the certification in order to administer the certification and in order for us to be able to communicate with you regarding, e.g., the certification. We may therefore need to process personal data about you as a representative of a certified company.

Example of processing activities performed for the purpose	Administration of the application and registration of certification. Administration regarding invoicing and payment related to the certification. Communication regarding issues related to the certification.
Categories of personal data	Name Contact details Position and company Company registration number (personal data in case of sole trader)
Categories of recipients of personal data	Supplier of CRM systems, supplier of invoicing systems, supplier of marketing tools and supplier of contract signing systems.
Legal basis	Our legitimate interest in being able to administer and document information necessary to fulfill our obligations under the certification agreement in an efficient and accurate manner.
Retention period	We store your personal data as long as the company is certified.

3. PROVIDING MEMBERSHIP SERVICE

An important part of Svensk Handel’s work is to provide good service to our members. We always strive to handle specific members cases as quickly as possible. We may process personal data in connection with this.

Example of rocessing activities performed for the purpose	Administration of membership e.g., registration of the member case, handling of the request and any follow-up of the case Evaluation of individual cases or our member service in general, e.g., by sending out questionnaires Sharing of information (e.g., contact information between member companies that want to cooperate regarding staffing in the even of temporary and changed labour market conditions)
Categories of personal data	Name Contact details Position and company Company registration number (personal data in case of sole trader) Correspondence relating to the matter
Legal basis	Our legitimate interest in being able to provide good and efficient service to members in individual membership cases and other cases concerning our members.
Retention period	We store your personal data up to three years after your company withdraws from Svensk Handel.

4. PROVIDING SERVICES WITHIN THE CERTIFICATION TRYGG E-HANDEL

As a certified company, you have access to certain services such as e.g., legal advice. In connection with the use of one of our services, we may process personal data about you as a representative of a certified company.

Example of processing activities performed for the purpose	Administration of requests regarding the use of services. Administration regarding invoicing and payment related to our services. Communication regarding issues related to the services.
Categories of personal data	Name Contact details Position and company Company registration number (personal data in case of sole trader)
Categories of recipients of personal data	Supplier of services, e.g., legal advice.
Legal basis	Our legitimate interest in being able to provide a good and efficient service to the company in individual cases.
Retention period	We store your personal data until it has been handed over to the relevant service provider.

5. PROVIDING A TIP FUNCTION FOR THE CERTIFICATION TRYGG E-HANDEL

Sometimes things go wrong when buying online and then it’s easy for frustration to arise. Since our certified companies must comply with our requirements regarding the certification, we are keen to find out if this is not happening. Individuals therefore have the opportunity to submit a tip to us via a form on the Trygg E-handel website.

Example of processing activities performed for the purpose	Registration and administration of the submitted tip. Communication with the individual regarding the submitted tip.
Categories of personal data	Name Contact details Position and company Company registration number (personal data in case of sole trader)
Categories of recipients of personal data	Supplier of marketing tools.
Legal basis	Our legitimate interest in being able to handle tips about certified companies to ensure they meet the requirements for the certification.
Retention period	We store your personal data until the case is closed. Note that certain data can also be stored according to clause 11 for the purpose of keeping statistics on received tips. Read more under clause 11 (Development, improvement and evaluation of our business).

6. MARKETING

There is a lot going on at Svensk Handel and we are constantly working to make it easier for you as a member by providing you with benefits, information about the latest news as well as any other information we believe may be interesting to you. As a designated contact person at your company, you will automatically receive our communication. We can also register you to receive our communication if you have expressed interest for our business e.g., signed up to our newsletter, attended one of our events or seminars or if you have been in contact with us in other ways. We also perform statistical analyses linked to our marketing to become even better in our communications with our members. We need to process your personal data in order to send our marketing communication to you.

Please note that you always have the right to object to our marketing. You can do this directly in the communication we send to you through the provided unsubscribe link or by contacting us (you find our contact details at the top of this privacy policy).

Example of processing activities performed for the purpose	Sending direct marketing communication (e.g., newsletters, other communications regarding membership benefits or other offers) via mail, e-mail, text messages or in other digital channels (e.g., social media) Sending direct marketing communication from our partners via mail, e-mail text messages or in other digital channels Creation of marketing material from our seminars/events, e.g., processing of photographs, film recordings or sound recordings. Creation of analyses and statistics on our users’ and visitors’ use and interactions with us, e.g., statistics on visitor flows on our website or response to our marketing communication
Categories of personal data	Name Contact details Company registration number (personal data in case of sole trader)
Categories of recipients of personal data	We may disclose company registration numbers or contact details to our partners so that you can take advantage of beneficial offers relevant to your business, e.g., better credit card agreements or lower prices on payment solutions or insurance.
Legal basis	Our legitimate interest in being able to market Svensk Handel and our services and our member companies’ legitimate interest in being able to receive membership benefits and relevant communication.
Retention period	Whichever comes first of (1) you object to our marketing or alternatively (2) one year after your company withdraws from Svensk Handel, or (3) for you who are certified company of the certification Trygg E-handel 2 years from your last activity. Activity means that your company has engaged our services, that you have attended one of our seminars, contacted us or otherwise expressed an interest in our services.

7. EVENTS, NETWORK AND EDUCATION

From time to time, we arrange events and networking meetings to inform our members and other third parties about our work, news, reports and other similar information. Various departments within Svensk Handel also arrange courses, seminars and webinars about, for example, labour law, for our member companies and other interested parties. Participants can voluntarily register for the events, networking meetings and the educational courses and seminars that we organise. We need to process your personal data in order to be able to administer and carry out the event, the networking meeting or the educational course and seminar.

Example of processing activities performed for the purpose	Registration and administration of participation in the event, networking meeting or educational course/seminar Communication with participants before and during the event, networking meeting or seminar regarding matters related to the aforementioned Communication via e-mail and SMS from selected exhibitors with information about stand space, speaking time or similar in connection with an event. Publications of film and/or photos from completed event or educational course/seminar Administration and implementation of competitions in connections with an event Administration and provision of meeting bookings for networking between our participants before and during an event Follow-up and evaluation of completed events, networking meetings or educational course/seminar, e.g., by sending our questionnaires
Categories of personal data	Name Contact details Position and company Allergies (if food is provided at the event or the seminar) Results from evaluations Video recordings and/or images
Categories of recipients of personal data	We may share lists of participants to external lecturers or other companies, e.g., exhibitors, with whom we organize the seminar or event. We may also share lists of participants to other participants at the event to enable networking between our participants.
Legal basis	Our legitimate interest in being able to administer and carry out an event, a networking meeting and an educational course/seminar. If you participate in a seminar or event as a private person, we process your personal data based on the agreement we entered into with you.
Legal basis for allergies	Your previous consent.
Retention period	We store your personal data up to six months after the event or seminar. Special categories of personal data are deleted immediately after the seminar or event has been completed.

8. PURCHASE OF SERVICES OR PRODUCTS

When we purchase services or products from our suppliers, we will process personal data about our suppliers' contact persons. We do this in order to be able to maintain a good business relationship and to fulfill commitments in the relevant supplier agreement. In connection with a seminar or event, we can also hire external lecturers and we then need to process their personal data.

Example of processing activities performed for the purpose	Registration and administration of the submitted tip. Communication with the individual regarding the submitted tip.
Categories of personal data	Name Contact details Position and company Company registration number (personal data in case of sole trader)
Categories of recipients of personal data	E-mail supplier and supplier of contract signing systems.
Legal basis	Our legitimate interest in being able to use personal data to maintain a good business relationship and fulfill our commitments in the relevant supplier agreement or commission agreement, e.g., in relation to external lecturers.
Retention period	The later of (i) the end of our agreement or the implementation of the seminar/event or (ii) the end of our right of complaint according to the agreement (or law if applicable).

9. AVOCACY WORK

Enterprise policy is important to Svensk Handel. We conduct advocacy work towards decision-makers regarding issues that are important to the retail and wholesale industry and concerning new legislation by, for example, answering formal consultations and administering networks for the retail and wholesale industry. In connection with this Svensk Handel will, in certain cases, process personal data.

Example of processing activities performed for the purpose	Contact and communication with decision makers regarding issues that are important for members of Svensk Handel Exchange of information with other trade associations or relevant actors, including exchange of information in digital channels (e.g., Twitter)
Categories of personal data	Name Contact details Position Political opinions
Legal basis	Our legitimate interest in being able to conduct advocacy work regarding matters important to the trading industry towards decision-makers.
Legal basis for political opinions	Information about political affiliation is only processed to the extended that a data subject has a political assignment. The information is, in other words, public.
Retention period	For this purpose, it is difficult to in advance determine how long your personal data will be stored as it may depend on the outcome of elections, the handling of matters by the legislator and relevant consultative bodies and authorities. We have instead implemented routines to review our registers no later than four years after the year that the personal data was collected with the purpose to decide if the personal data shall be deleted or not.

10. COMPETITIONS

Sometimes we want to organize competitions and offer an opportunity to win prizes. In connection with this, we will process your personal data.

Example of processing activities performed for the purpose	We communicate with you who participate in our competitions when necessary for the implementation of the competition. We select winners and convey prizes applicable to the competition. We confirm your identity and age.
Categories of personal data	Name Contact details Position and company Competition contribution
Legal basis	Our legitimate interest in being able to implement and administer our competitions.
Retention period	We store your personal data up to three months after the completion of the competition.

11. DEVELOPMENT, IMPROVEMENT AND EVALUTATION OF OUR BUSINESS

To ensure that we can improve our offers we may use personal data to produce statistics or similar data with the intent to develop and improve our business. To protect individuals’ personal integrity, we will, to the extent possible, anonymize or pseudonymize personal data so that the data merely constitute statistical data that we cannot link directly to individuals.

Example of processing activities performed for the purpose	Collection, registration, processing and analysis of statistical data to e.g., be able to understand visitor flows on our website, opening and reading statistics related to our communication, sales statistics or changes and trends linked to different industries Collection, registration, processing and analysis of results from evaluations and other feedback related to our services Produce reports and statistics for follow-up, administration, planning and evaluation of our business.
Categories of personal data	Statistical data regarding e.g., visitor flows on our website, opening and reading statistics related to our communication Anonymized results from evaluations and other feedback related to our services IP-addresses and other technical data related to used devices and their settings (e.g., language settings, browser settings, time zone, operating system, screen resolution and platform)
Legal basis	Our legitimate interest in being able to use personal data to develop, improve, evaluate and in general optimize our operations.
Retention period	It is difficult for us to in advance determine how long your personal data will be stored for this purpose. We have instead implemented routines to continuously examine whether your personal data still is necessary for this purpose. We will remove personal data which we have not used for a period of five years because as we in such cases no longer consider your personal data to be necessary.

12. LEGAL OBLIGATIONS

There are several legislative acts that Svensk Handel has to comply with. Some of these acts require that we process personal data.

Example of processing activities performed for the purpose	Necessary administration to comply with legal obligations that we need to comply with according to mandatory legal acts, court rulings or decisions from governmental authorities (e.g. the Swedish Bookkeeping Act or the Swedish Money Laundering Act) or processing that is necessary in connection with a regulatory matter.
Categories of personal data	Name Contact details Company Company registration number (personal data in case of sole trader)
Categories of recipients of personal data	We may disclose your personal data to relevant counterparties, agents, authorities or courts.
Legal basis	The processing is necessary to be able to comply with legal obligations according to applicable law.
Retention period	During the time that is necessary to fulfil the relevant legal obligation or in accordance with applicable law. For example, there is a legal obligation in the Swedish Bookkeeping Act that we need to store certain information related to our invoicing.

13. SECURITY WORK AND TO PREVENT ABUSE OR PREVENT AND INVESTIGATE CRIME

To ensure that we can protect your personal integrity and to create a safe environment within our business, we actively work with our security to be able to, e.g., prevent abuse of our services, unauthorized access to our premises, or to prevent or investigate crimes against our business. For this purpose, we may process personal data.

Example of processing activities performed for the purpose	Camera surveillance on our premises Administration and implementation of access logs to our premises Prevention of spam, phishing, harassment, attempts to illegally log in to user accounts or other actions that are prohibited by our terms of use for our services Prevention and investigation of possible fraud or other violations of the law. Implementation of measures to protect and improve our IT environment against attacks and intrusions
Categories of personal data	Name Images from camera surveillance User-generated data (e.g. click and visit history) IP-addresses and other technical data related to used devices and their settings (e.g., language settings, browser settings, time zone, operating system, screen resolution and platform) Information about how our services is being used
Legal basis	Our legitimate interest in being able to provide secure services, to prevent abuse of a service or to prevent and investigate crimes against Svensk Handel.
Retention period	36 months after the end of the year in which the data were collected. Images from camera surveillance are saved for two months after collection. If we suspect abuse of a service or that a crime has been committed, we will save the information for the time necessary to establish, excercise or defend our (or third parties') legal claims.

FOR EMPLOYEES OF OUR MEMBER COMPANIES

For employees at our member companies, we may also process personal data in other ways than those mentioned above. This is mainly linked to the employer's membership and applies to various contact persons. Contact information may be needed to manage membership and issues related to it. This may concern, for example, contact persons related to the connection of collective agreements, collective agreement negotiations, trade union negotiations, labor law advice and disputes in court. It can also be about information regarding membership in various working groups. Please find more information in our Privacy policy for integrity and processing of personal data for union representatives, co-parties, counterparties, witnesses and others (in Swedish).

How we process your personal data related to Varningslistan

The security department at Svensk Handel provides daily advice and support directly to retail and wholesale companies. Varningslistan is published on Svensk Handels' website and publishes warnings related to fraudulent invoices, companies with unscrupulous sales methods and of offers or mailings that may be perceived as misleading. In connection with Varningslistan, we may process your personal data.

Example of processing activities performed for the purpose	We receive complaints about companies We publish warnings related to companies with unscrupulous sales practices and of offers or mailings that may be perceived as misleading We administer the comment field linked to published warnings
Categories of personal data	Company registration number (personal data in case of sole trader) Name Contact details Information in free text fields
Legal basis	Our legitimate interest in being able to warn retail and wholesale companies of fraudulent invoices, companies with unscrupulous sales methods and of offers or mailings that may be perceived as misleading.
Categories of recipients of personal data	Governmental authorities
Retention period	It is difficult for us to in advance determine how long your personal data will be stored for this purpose. We have instead implemented routines to continuously examine whether your personal data still is necessary for this purpose, e.g. criteria to control if a published company still is or can be relevant against the number of complaints that we have received.

From what sources do we collect your personal data?

Except for personal data that you disclose to us, we may also collect personal data from a third party.

Source of collection	Types of personal data
Member companies (for example, when member companies apply for and / or are part of a recruitment campaign, information can be collected about people in leading roles at the company)	Name and contact details
The Swedish Companies Registration Office via Bisnode	Name, contact details and company registration number (personal data in case of sole trader)
External web pages	Publicly available information about political affiliation

Parties with whom we may share your personal data

Data Processors

In some situations, it is necessary for us to hire other parties to be able to perform our work. This concerns, for example, when companies within our group processes personal data on our behalf or when we use various IT suppliers. They are to be regarded as data processor to us and they only process personal data in accordance with our instructions.

Third parties that are data controllers

We also share your personal data with certain other actors who are independently responsible for personal data, i.e. other data controllers. This can be both authorities, such as the Swedish Tax Agency, and other member organizations as well as partners providing membership benefits. We may also disclose personal information to the Confederation of Swedish Enterprise and other member organizations of the Confederation of Swedish Enterprise (and to their member companies) to the extent necessary for collaboration between the organizations. Svensk Handel may also disclose personal information to third parties, such as the police or other authorities, if it concerns an investigation of a crime or if we are otherwise obliged to disclose such information on the basis of law or a decision by a governmental body.

When your personal data is shared with an actor who is independently responsible for personal data, that organization's privacy policy apply. We encourage you to read their information on how they process your personal data.

Where do we process your personal data?

We always strive for your personal data to be processed within the EU/EEA, but sometimes this is not possible.

For certain IT support, the data can be transferred to a country outside the EU/EEA. This applies, for example, if we share your personal data with a data processor who, either itself or through a subcontractor, is established or stores information in a country outside the EU/EEA. As the data controller, we are responsible for taking all reasonable legal, technical and organizational measures to ensure that the processing takes place in accordance with EU/EEA regulations.

When personal data is processed outside the EU/EEA, the level of protection is guaranteed either through a decision by the European Commission that the country in question ensures an adequate level of protection or through the use of so-called appropriate safeguards, in the form of standard contract clauses or binding corporate rules that ensure your rights are protected.. If you would like further information about these safeguards, please feel free to contact us.

How long do we store your personal data?

We never store your personal data longer than is necessary for each purpose. We have implemented retention schedules to ensure that personal data is not stored longer than is needed for the specific purpose. How long this is depending on the purpose of the processing. Some information related to our accounting is saved for at least seven years in accordance with the Swedish Bookkeeping Act, while information on special diets is deleted within approximately a week after the event has ended. Specific storage times can be found in the tables under the heading "What personal data do we collect about you and why?".

Please note that personal data collected for certain purposes may be stored for a longer time than stated above as the same data can be used for other purposes with a longer retention period. For example, information that we collect in connection with membership (purpose 1) can be used to be able to establish, exercise or defend legal claims concerning Svensk Handel's business (purpose 8).

What are your rights as a data subject?

When we process your personal data, you have certain rights. Please see below more information about how you exercise your rights. In this section we inform your about your rights.

Your right to access

If you want to know more about the personal data that we process about you, you have the right to request access to your personal data. If we receive a request for access, we may ask for additional information to ensure that we administer your request efficiently. We may also take measures to ensure that we disclose the personal data to the right person.

Your right to rectification

If you discover inaccuracies in relation to your personal data, you have the right to request that your personal data is corrected. In some cases, you have the possibility to make the corrections yourself, which we will inform you of if this is the case.

Right to erasure or restriction of processing

You have the right to request that we delete the personal data that we process about you. For example, this applies if:

The personal data are no longer necessary for the purposes for which they are processed.
You object to a balance of interests we have made based on our legitimate interest, where we cannot demonstrate compelling legitimate grounds that overweighs your rights and freedoms.
Your personal data is processed illegally.

If the information has been obtained with the support of your consent and you want to revoke your consent.

Please note that we may have the right to deny your request if there are legal obligations that prevent us from immediately deleting certain personal data. It may also be that the processing is necessary for us to be able to establish, assert or defend legal claims.

If we are prevented from deleting your personal data, we will restrict the personal data from being used for purposes other than the purpose that prevents them from being deleted.

Your right to restriction

You have the right to request that our processing of your personal data is restricted. For example, if you object to that the personal data we process are correct, you can request that we restrict our processing during the time we need to control whether the personal data are correct.

If, and when, we no longer need your personal data for the stated purposes, our routine is normal for the data to be deleted. If you need them to be able to establish, exercise or defend legal claims, you can request that we restrict processing of the data. This means that you can request that we do not delete your information during this time.

If you have objected to a balance of interests of legitimate interest that we have made as a legal basis for a purpose, you can request that we restrict our processing during the time we need to assess whether we have compelling legitimate grounds that overweighs your rights and freedoms, in which case your data will not be deleted.

If the processing has been restricted according to any of the above situations, we may only, in addition to the actual storage, process the data to establish, exercise or defend legal claims, to protect someone else's rights or if you have given your consent.

Your right to object to certain types of processing

You always have a right to object to any processing of personal data that is based on our legitimate interest as a legal basis. We will then assess whether there are compelling legitimate reasons why we must continue to process your information despite your request.

Your right to withdraw your consent

Have you given your consent to any processing we preform? In such a case, you have the right to withdraw your consent at any time. When you withdraw your consent, we will not collect new information about you for the purpose that your consent was the legal basis for. We have, however, the right to process the personal data which we have collected about you before you withdrew your consent. If there are no other legal basis that require us to store the information, we will delete the information.

Your right to data portability

As a data subject, you have the right to data portability if the legal basis for processing your personal data is either your consent or fulfilment of a contract with you.

Manage your rights

If you want to exercise your right of access or if you want to exercise one of your other rights, we kindly ask the person to send us such request in writing and from the data subject concerned. We will respond to your requests without undue delay and no later than 30 days from the date of your request. Download this document, answer the questions and sign it. Then email the completed document to gdpr@svenskhandel.se. The email should, as far as possible, be sent from the email address you are registered with at Svensk Handel.

How do we process personal identification numbers?

As far as possible, we avoid processing personal identity numbers. In some cases, however, it is justified mainly by the fact that we need a secure identification. With regard to the processing of personal identity numbers in the form of company registration numbers for sole traders, this processing is required as long as the company is a member in that the company registration number consists of the social security number.

Supervisory authority

The Swedish Authority for Privacy Protection (Sw. Integritetsskyddsmyndigheten) is the authority responsible for monitoring the application of data protection legislation. If you believe that we unlawfully process your personal data, you can complain to the Swedish Authority for Privacy Protection, see imy.se.

Collective bargaining agreements

Svensk Handel has signed a collective bargaining agreement with the Handelsanställdas förbund, Unionen and the Akademikerförbunden on the processing of personal data. The agreement only regulates processing performed by the unions. It therefore does not apply to the member companies' processing of personal data and is therefore irrelevant in local assessments.

Please see Kollektivavtal rörande skyldighet att föra register i vissa avseenden m.m.

Contact us with questions regarding our processing of personal data

If you have questions about how we process your personal data or if you want to exercise your rights, you are always welcome to contact us at: gdpr@svenskhandel.se, or by phone at: 010-47 18 500.

We may make changes to our privacy policy. The latest version of the privacy policy is always available on the website.

Publicerad:: 2023-02-02
Senast uppdaterad:: 2023-02-10