The Government’s privacy policy
Responsibility for personal data
The Government Offices (organisation no. 202100-3831) is the data controller for the processing of personal data. As the responsible authority, it determines purposes and funds for such processing. For example, the Government Offices processes personal data in the handling of the authority’s business, in the handling of questions, in connection with job applications and in the administration of subscriptions.
The principle of public access to official documents
The Government Offices is a central government authority. Messages sent to this authority become official documents and may be disclosed under the principle of public access to official documents.
The type of personal data processing required under the Public Access to Information and Secrecy Act, archiving legislation and the Administrative Procedure Act for the lawful processing of the authority’s official documents is considered to be necessary in consideration of the public interest.
How the Government Offices processes personal data
A specific and explicit purpose and legal basis are required for the processing of personal data.
The Government Offices processes your personal data for the purpose of carrying out, developing and providing information about the authority’s activities. The Government Offices’ right to process personal data is generally supported on the legal basis of it being necessary based on the public interest or a legal obligation. In certain cases, the Government Offices processes personal data because this is necessary to fulfil an agreement with the registered person. The Government Offices can also process personal data with your consent.
The Government Offices only processes the personal data that is relevant for the purposes of the processing.
The most common types of processing by the authority are listed below.
Job applications
The Government Offices processes personal data in connection with job applications. The Government Offices processes personal data so as to be able to administer applications, appoint staff and for statistical review purposes. For appointments to a post, the processing takes as part of the Government Offices exercising public authority and other processing that is necessary to carry out a task that in the public interest.
Employees and contractors
As an employer, the Government Offices processes the personal data of employees and contractors on the basis of the public interest, the exercise of official authority and to fulfil an agreement
Ordering of information material and subscriptions
Personal data provided when ordering information material or subscriptions is processed so that the Government Offices can administrate the order or subscription and send mailouts. Consent is the legal basis and you choose when you wish to cancel your subscription and withdraw your consent.
Manage your government.se email preferences
Registration for training, conferences, press conferences and other events
The Government Offices processes personal data in connection with registration for courses, conferences, press conferences and other events. This processing is carried out to administrate the registration and to follow up the government agency’s courses, etc. The legal basis for the administration of the registration is to fulfil the agreement entered into in connection with the registration. The legal basis for the processing in connection with the follow-up is that it is necessary for the performance of a task carried out in the public interest.
Enquiries and letters from the general public
The Government Offices processes personal data to communicate with those who submit an enquiry or letter and to handle the matter. The legal basis for this processing is that it is a task carried out in the public interest.
Administrative matters
The Government Offices processes personal data in connection with various types of administrative matters. This includes the appointment of judges, applications concerning criminal and civil law cases, and consular matters. The processing of personal data takes place in the course of the Government Offices exercising public authority or carrying out a task in the public interest.
Categories of personal data that are processed
The categories of personal data that are processed are primarily names and contact details of individuals, names and contact details of representatives of organisations, and case numbers of cases that are registered.
Documents and messages sent to the Government Offices will also often include other types of personal data.
Sensitive personal data
Sensitive personal data is sometimes sent to the authority. If this data is connected to a matter, it will be processed for the purpose of handling and will not be searchable. The legal basis for the processing of sensitive personal data is that it is a task carried out in the public interest.
How long personal data is stored
As the Government Offices is a central government authority, the basic rule is that the authority must keep official documents. This follows archival legislation. Therefore, the Government Offices keeps and culls official documents in accordance with applicable regulations on culling documents and culling decisions.
Personal data that is not part of an official document is only saved as long as necessary for the purposes for which it is processed, and then deleted or pseudonymised on a regular basis.
Application documents that do not concern the individual who was appointed to the position are stored for two years after the recruitment has concluded.
Personal data submitted in connection with ordering information material is only stored as long as necessary to process the order.
The personal data of subscribers is deleted when a subscription is terminated.
Who may access personal data
The employees of the Government Offices who access personal data need to do so to carry out their tasks.
In certain cases, for example as regards employees and contractors, the Government Offices is obliged to disclose personal data to other authorities and, when relevant, to the bank used by the Government Offices. Other relevant authorities include the Swedish Tax Agency and the National Government Employee Pensions Board.
According to the principle of public access to official documents, official documents can be released to journalists and individuals who request them.
In certain cases, the Government Offices uses data processors. This may include various IT services and systems in connection with recruitment. In these cases, data processors process personal data on behalf of the Government Offices and according to its instructions.
The Government Offices normally processes personal data within the EU/EEA. If personal data is transferred to a supplier outside the EU/EEA, the Government Offices will take safety precautions such as standard contractual clauses.
Your rights
You have several rights as a data subject. Certain rights apply without limitation as regards personal data processing by authorities, while other rights apply only to a limited extent.
Your rights under the General Data Protection Regulation are outlined below.
Right of access
You can request information as to whether the Government Offices has processed personal data relating to you and, if so, receive a copy of such data (extract from the register) together with certain more detailed information about the processing.
Right to rectification
If you consider that the personal data relating to you is inaccurate or incomplete, you may request to have the data rectified or completed.
Right to object
In certain cases, you have the right to object to the processing of your personal data. This right to object applies, for example, when personal data is processed to carry out a task in the public interest or as part of the exercise of public authority.
If you object to personal data processing, the Government Offices can only continue processing the data if it is able demonstrate that there are compelling reasons to continue doing so.
Right to restriction of processing
In certain cases, you have the right to demand that the Government Offices restricts the processing of your personal data. Restriction may take place under certain conditions, such as the personal data being inaccurate or no longer needed for the purposes of the processing.
Where processing has been restricted, the personal data will be flagged, indicating that it can only be processed for certain purposes.
Right to erasure
In certain cases, you may have your personal data erased if, for example, it is no longer needed for the purposes of the processing. When personal data is needed for the Government Offices to be able to fulfil its mandate or when it the data has been provided in an official document, the Government Offices will not be able to erase it.
Right to data portability
If the Government Offices processes your personal data, you have, in certain cases, the right to receive and transfer your data to another controller. This applies to personal data that you have submitted to the Government Offices based on consent or agreement.
This right is limited as regards personal data within an authority, as the processing of personal data usually takes place based on legal grounds other than consent or agreement.
How does the Government Offices protect personal data?
The Government Offices takes appropriate technical and organisational measures to ensure the protection of the personal data it processes from unauthorised access, changes or destruction. The measures taken depend on the type of processing and the associated risk, among other things.
If you have comments about the processing of your personal data
If you have comments about how the Government Offices processes your personal data, you can contact the authority.
You also have the right to lodge a complaint with the Swedish Authority for Privacy Protection.
Contact
You can contact the Government Offices data protection officer if you have questions concerning the authority’s processing of your personal data or if you, as the data subject, wish to exercise your rights in relation to the Government Offices.
By letter:
Regeringskansliet
Förvaltningsavdelningen
103 33 Stockholm
Mark the envelope ‘Regeringskansliets dataskyddsombud’.
Via email:
Government Offices Data Protection Officer Maria Hedegård,
email to: Government Offices Data Protection Officer