Data Protection Policy
Individual privacy is important to Almega and Almega’s associations. We believe it is important for you to feel confident about how we process your personal data. We therefore endeavour to achieve a high level of protection for your personal data at all times. This Data Protection Policy contains information about how we collect and use your personal data. We also provide details of your rights and how to exercise them.
Almega AB includes nine associations: Kompetensföretagen, TechSverige, Medieföretagen, Innovationsföretagen, Almega Tjänsteförbunden, Almega Tjänsteföretagen, Tågföretagen, Säkerhetsföretagen and Vårdföretagarna. Almega and its associations are collectively data controllers for the processing of your personal data.
You are always welcome to contact us if you have any questions about how we process your personal data.
Personal data includes all information that can be directly or indirectly attributed to a physical, living person. For example, it includes your name, email address and personal identification number, but also images and user names in digital media.
Processing of personal data includes all actions that are carried out with personal data in IT systems, whether using a mobile device or computer. It covers such processes as collection, registering, reading, organising, storing, handling, transferring and deleting, etc. In some cases, actions that occur outside IT systems may also be regarded as processing, for example when personal data is included in a register.
Almega is the data controller for all processing that occurs within Almega and Almega’s associations. (Almega AB, Box 55545, 102 04 Stockholm, corp. reg. no 556334-0941). For certain types of processing, such as the member register, we share the role of data controller with other organisations in Svenskt Näringsliv (Confederation of Swedish Enterprise).
We mainly process your name, your email address, your phone number and your position. Sometimes additional information may be processed, for example if you are Member of Parliament or local politician, but only if you personally are considered to have made such information public. We also process certain personal data when you contact us, for example when you become a member of one of Almega’s associations. Other personal data that may be processed relates to contact with negotiators and lawyers as part of Almega’s advisory service. If you create a user account, for example in our Employer Guide, we will also process this account information. Personal data may also be processed in connection with various events and seminars. Almega may record your call with the operator for quality assurance. The recording will be automatically deleted after 72 hours.
We process your personal data in order to provide the services and products you have requested (for example a newsletter, advice, legal assistance or participation in training). We will also process your personal data to manage and administer our relationship with you and, where appropriate, to administer the contract with you or with your employer. We may also send you details about our courses, events and other information that we regard as being in the interests of both yourself and our organisation. We may also send out questionnaires to evaluate courses, seminars and other activities or services.
Furthermore, we may use your personal data to inform you about products and services that we offer, and that may be of interest to you.
Almega and Almega’s associations always process your personal data according to the relevant legislation. We process your personal data in order to fulfil an agreement with you or to respond to your request for a service, or when we have another legitimate interest in processing your personal data, e.g. an interest in marketing our services.
If Almega and Almega’s associations were to process your personal data for any other purpose requiring your consent, we will obtain your consent prior to such processing. It may be obligatory to provide certain personal data, for example in order for us to provide a service or to fulfil another request from you. In such cases, this will be stated or made clear in connection with the data being collected.
For employees of member companies
For employees of member companies, we may process personal data in other ways besides those mentioned above. This is mainly related to the employer’s membership of one of Almega’s associations and applies to various contacts. Details of contacts may be required in order to manage membership and related issues. For example, it may concern contacts during negotiations or details about membership of different working groups.
Your personal data is collected, for example, if you enter your details when registering for our newsletter, when you participate in seminars and other events, order services and/or products from us, or when you contact us regarding some other matter. If the company you work for applies for membership or is already a member, data may also be collected about individuals in senior positions at the company.
Sometimes we collect data from a third party. For example:
- Data from Bolagsverket (Swedish Companies Registration Office) via the Bisnode service
- Data from union organisations
- Data from Fora
- Data from external websites
In some situations we need to engage the services of third parties in order to carry out our work. For example, we use various IT suppliers. They are to be regarded as data processors on our behalf and we have signed processor agreements in these cases. Responsibility for personal data still rests with Almega and Almega’s associations.
Naturally we check all data processors to ensure that they are able to provide sufficient guarantees with regard to security and confidentiality for personal data and sign processor agreements.
When the services of data processors are engaged, we only do so for those purposes that are consistent with the purposes we ourselves have for such processing, since we remain the data controller.
Organisations that are independent data controllers
We also share your personal data with certain other organisations that are independent personal data controllers. This may include authorities such as Skatteverket (Swedish Tax Agency). Some data is also submitted for statistical purposes.
We may engage suppliers and partners to perform tasks on Almega AB’s behalf, e.g. to provide IT services or assist with marketing, analyses or statistics. The provision of such services may involve these recipients having access to your personal data.
In connection with negotiating collective agreements and providing labour law advice and assistance, Almega and its associations may share personal data with union organisations.
Almega may also pass on personal data to a third party such as the police or other authority, if it is relevant to a criminal investigation or if we are otherwise obliged to pass on such data as required by law or decisions by public authorities.
We always endeavour to ensure that your personal data is processed within the EU/EEA, but sometimes this is not possible.
For certain types of IT support, the data may be transferred to a country outside the EU/EEA. This applies, for example, if we share your personal data with a data processor that, either themselves or via a subcontractor, is established or stores information in a country outside the EU/EEA. For such data processors, we are responsible for taking all reasonable legal, technical and organisational measures to ensure that protection of personal data is consistent with that which exists within the EU/EEA.
When personal data is processed outside the EU/EEA, the level of protection is guaranteed, for example, via a decision from the EU Commission that the country in question ensures an adequate level of protection, or via the use of ‘appropriate safeguards’. Such safeguards include privacy shields, the use of binding corporate rules and various contractual solutions. Please contact us if you would like information about appropriate safeguards. Standardised model clauses for data transfer, as adopted by the EU Commission, are also available on the EU Commission’s website.
We never save your personal data for any longer than is necessary for the respective purpose. We have drawn up data removal procedures to ensure that personal data is not stored for longer than is required for each specific purpose. The period of time that data is stored may vary depending on the purpose of the processing and how long the data is required for the purpose. After such period of time, we will securely remove or anonymise your data, so that it is no longer possible for it to be linked to you. We are legally required to save certain accounting data for a minimum of seven years, while data about special dietary requirements is deleted as soon as the event is finished.
As a data subject, you have a number of rights according to the relevant legislation. To follow is a list of these rights.
Right of access
If you would like to know what personal data we process about you in particular, you may request access to such data. When you submit such a request, we may ask a number of questions to ensure that it is handled efficiently. We will also take several actions to ensure that the data is requested by and submitted to the correct individual.
Right to rectification
If you discover that something is wrong, you are entitled to request that your personal data be rectified. You may also add details to any incomplete personal data. In some cases you may make corrections yourself, in which case we will inform you.
Right to erasure
You can request that we delete the personal data we process about you if, for example:
- The data is no longer necessary for the purposes for which it is being processed.
- You object to a balancing test we have carried out based on our legitimate interest, and the reason for your objection overrides our legitimate interest.
- The personal data is being unlawfully processed.
- The personal data has been collected about a child (under the age of 13) for whom you have parental responsibility.
- If the data has been collected with your consent and you wish to withdraw your consent.
However, we may be entitled to reject your request if there are legal obligations preventing us from immediately deleting certain personal data. It may also be the case that the processing is necessary for the establishment, exercise or defence of legal claims.
Right to restrict processing
You are entitled to request that our processing of your personal data be restricted. If, for example, you request rectification because you consider the personal data we process to be incorrect, you may request that processing be restricted for the period of time required for us to verify the accuracy of the personal data.
If, and when, we no longer need your personal data for the established purposes, our standard procedure is to delete the data. If you need the personal data for the establishment, exercise or defence of legal claims, you may request that we restrict the processing of such data. This means that you may request that we do not clear or delete your data.
If you have made an objection to the personal data processing we carry out with the support of a balancing test as a lawful basis, you may request restricted processing for the period of time we need in order to check whether our legitimate interests override your interests in having the data deleted.
If the processing has been restricted according to one of the situations mentioned above, we may only, in addition to the storing of the data, process the data for the establishment, exercise or defence of legal claims, to protect someone else’s rights, or if you have given your consent.
Right to object
You are at any time entitled to object to all processing of personal data based on a balancing test. You also have the right to be excluded from direct marketing.
Right to data portability
As a data subject, you have the right to data portability (transfer of personal data) if our right to process your personal data is based on either your consent or fulfilment of a contract with you. For the data portability right to be exercised, the transfer must be technically possible and automated.
Managing your rights
Applications for a copy of your data or requests to exercise one of your other rights must be submitted in writing and signed personally by the individual concerned. We will respond to your request without undue delay and within no more than 30 days. Email email@example.com. The email should if at all possible be sent from the email address under which you are registered with Almega.
As far as possible we avoid processing personal identification numbers. However, in some cases it is necessary in view of the fact that we need to have a secure way of identifying individuals. With regard to the processing of personal identification numbers in the form of company registration numbers for sole proprietors, such processing is required as long as the company is a member via the company registration number being made up of the personal identification number.
How is your personal data protected?
We are proactive about ensuring that personal data is handled in a secure manner. This applies to both technical and organisational safeguards.
Member data is collected every year as part of membership of Svenskt Näringsliv (Confederation of Swedish Enterprise). When such data is collected, member companies also submit personal data primarily in the form of contact details. The collection of this data is necessary to enable Svenskt Näringsliv and Almega to fulfil their commitments to our members, and is also in compliance with section 22 of Svenskt Näringsliv’s statutes.
Anyone submitting personal data about other individuals within the remit of member data collection is responsible for checking that consent has been obtained for submitting such data.
The personal data is processed according to the relevant laws at any given time, and Svenskt Näringsliv is also proactive about preventing your personal data from being misused, distributed, lost, modified or destroyed, or being accessed by an unauthorised party.
The personal data may be processed in CRM systems that are available to Svenskt Näringsliv’s entire organisation, including member organisations. According to section 3 of its statutes, Svenskt Näringsliv shall constitute a cohesive unit and the shared systems are part of this unit. Only authorised users have access to these shared systems.
Svenskt Näringsliv and the member organisations process personal data to inform member contacts about news, events and suchlike. The data may also be processed to develop operations. In addition, Svenskt Näringsliv and Almega may process personal data to fulfil statutory obligations.
The personal data is saved until such time as the undertakings on which the processing is based no longer require processing.
Integritetsskyddsmyndigheten (Swedish Authority for Privacy Protection) is the authority responsible for monitoring application of data protection legislation. If you feel that we are acting incorrectly, you can contact Integritetsskyddsmyndigheten, visit https://www.imy.se/other-lang/in-english/
If you have any questions about how we process personal data, or if you have a request in accordance with the rights detailed above, please feel free to contact us at firstname.lastname@example.org, or by phone on: +46 (0)8-762 6900.
Almega’s Data Protection Officer
Mailing address: Box 55545, SE-102 04 Stockholm, Sweden
Phone number: +46 (0)8-762 6900