Information about Swedac’s privacy policy
Swedac’s processing of personal data takes place in accordance with current legislation and the General Data Protection Regulation (GDPR).
Swedac protects your personal data with the necessary measures and you always have the right to contact us to find out what personal data we have registered about you. You can read more about your rights here in Swedac’s privacy policy and visit the Privacy Protection Agency www.imy.se for further information on personal data processing.
Below is special information about how your personal data is processed by Swedac in connection with your use of e-services via My pages.
Processing of personal data
Swedac is personal data controller for the personal data processed on My pages. The legal basis for processing your personal data is that the processing is required to perform a task of general interest and that the processing is necessary as part of Swedac´s exercise of authority.
This is how Swedac process your personal data
The personal data that is processed on My pages is for example your name, e-mail address, other contact information and your role in the company or organization you represent.
As a governmental authority, Swedac is obliged to comply with the principle of public access to information. This means that Swedac is obliged to disclose public documents that may contain personal data, unless confidentiality prevents the disclosure of the information.
Swedac saves personal data only as long as necessary to be able to fulfil the purpose of the processing, or as long as we are obliged to save the data in accordance with law, ordinance or authority decision for example for archiving.
E-mail notification
Swedac´s e-services on My pages in some cases generates an e-mail notification to the user of the service.
IP address logging
Swedac logs the IP address of those who use our e-services. The logs are saved on our own servers.
Monitoring and analysis
The e-services on My pages are continuously monitored in order to identify and remedy errors for preventive purposes and to improve the services. This monitoring is managed by an IT technical solution located within the EU but the operation is managed by a supplier outside the EU. The personal data that may be processed in these logs are usernames and IP-addresses. When personal data is managed by a supplier outside the EU, it is Swedac´s obligation under the EU General Data Protection Regulation to inform about it.
Support
Upon contact with IT support for My pages, the e-mail address and other information specified in the e-mail will be stored in Swedac’s internal case management system.
Tokens* and cookies
Tokens and cookies will be saved locally on a client connecting to e-services. This is done in order to keep track of who is logged in and to prevent abuse and increase security of the e-services. For example, it would otherwise be possible for an attacker to get users to perform actions that they do not intend to performs so-called Cross-site request forgery (CSRF).
*data file used to authenticate the user to e-services on My pages.