Processing of personal data in connection with newsletters and invitations to events for private individuals

Stockholm Business Region is the City’s business development and destination company, charged with the task of developing and marketing Stockholm as a destination to establish business and to visit, both internationally and nationally.

Stockholm Business Region works in close collaboration with trade and industry, academia and other institutions, as well as organisations, municipalities and government agencies.

Your privacy is important to us at Stockholm Business Region. This is why we are committed to ensuring that all processing of personal data is carried out in a correct and secure manner in compliance with applicable laws and regulations. Stockholm Business Region complies with the General Data Protection Regulation, better known as GDPR, and complementary data protection legislation.

Stockholm Business Region needs to process your personal data so that it can provide newsletters and invitations to and participation at events, and to perform follow-up.

Who is the controller?

Stockholm Business Region AB is the controller for the processing of personal data in order to be able to provide events and send out newsletters, and for follow-up. The legal basis for the processing is consent and legitimate interest after a balancing of interests. Stockholm Business Region has concluded that our interest in inviting you to events and performing follow-up outweighs the potential invasion of privacy that the processing of your personal data entails for you.

Which personal data is processed?

Personal data refers to any information that can directly or indirectly identify a living person. The processing of personal data refers to all handling of personal data.

The following personal data is processed when sending out newsletters and invitations to events, and participating at events.

Newsletters

Once you have given your consent to the processing of your personal data, marketing information and newsletters will be sent to you. This involves processing personal data such as your name, email address, organisation, occupation, role/title and educational status. Personal data indirectly linked to newsletters and your consent and other metadata may be processed, such as which newsletters you have received and when you gave your consent.

Your consent remains valid until further notice. You can, however, withdraw your consent at any time by contacting us, see below. Please note that withdrawing your consent does not affect the legality of the processing of personal data before the withdrawal of consent.

Events

In order to invite you to events, your name, email address, organisation, occupation, role/title and education status are processed. Personal data included in or related to events may also be processed, such as the events in which you have participated and your preferences regarding participation at future events.

Follow-up

In connection with follow-up by such means as surveys, we process personal data such as email address and the answers you provide in the surveys about our events, as well as your name, organisation, occupation, role/title and educational status. We may also ask you questions in surveys about, for example, skills supply and your perception of Stockholm.

Who accesses the personal data?

The recipients of the personal data within Stockholm Business Region are employees whose task is to provide and administer marketing through newsletters and events, and to perform follow-up. The categories of recipients with whom Stockholm Business Region shares personal data are system providers and other departments and companies within the City of Stockholm.

For how long is the personal data stored?

Stockholm Business Region observes the principle of storage minimisation, which means that personal data is stored for as long as is necessary for the purpose. After this time, current rules on archiving and deleting determine what can be erased and what must be preserved when the information appears in public documents.

Personal data is deleted based on purpose and legal basis. Once you have withdrawn your consent, your contact details will be deleted so that you do not receive any further marketing in the form of newsletters. In connection with the receipt of newsletters, your personal data linked to newsletter mailings will be deleted after 14 months. In connection with events, the data linked to an event is deleted after 14 months. The personal data processed during follow-up linked to a specific event is deleted after 14 months.

Third country transfers

Stockholm Business Region’s processing of personal data takes place primarily within the EU/EEA. When using an external IT provider, a third country transfer may occur due to the ownership and extraterritorial legislation of a sub-processor engaged by the provider. The third country transfer that may be relevant is if a government agency request is received from a third country such as the United States.

Stockholm Business Region has ensured that safeguards are in place in accordance with the GDPR and that the European Commission’s standard contractual clauses have been entered into and that the European Commission’s adequacy decision on the Data Privacy Framework is applicable. If you would like further information about the safeguards taken to protect your personal data, you can contact us at info.sbr@stockholm.se.

Your rights

The General Data Protection Regulation (GDPR) strengthens your rights regarding how we handle your personal data. You may exercise the following rights, and more information about your rights is provided below.

Right to information

You have the right to receive information based on the GDPR when your personal data is processed. We do this by providing this information and answering questions if you contact us.

Right of access

You have the right to be informed, upon request and without undue delay, about whether or not Stockholm Business Region is processing personal data concerning you and, if so, to receive free of charge a copy of the personal data that is being processed.

Right to rectification

You have the right to have incorrect or incomplete information about yourself rectified. You can also supplement your information.

Right to erasure

You have the right to request the erasure of your personal data and, in some cases, to have it deleted if we no longer need the data for the purpose for which it was collected and if deletion is possible in accordance with the principle of public access.

Right to data portability

You have the right to request receipt of your personal data that you have provided to us in a machine-readable format, if you wish to transfer it to another controller.

Right to restriction and to object

You have the right to request the restriction of the processing of your personal data in certain cases, if you believe that the personal data is not correct or the processing is not compatible with the law. You also have the right to object to the processing of your personal data and to our use of your data for direct marketing purposes. If you do not wish to receive marketing information, we will immediately stop sending you marketing information.

Right to withdraw your consent

When we process your personal data based on your explicit consent, you have the right to withdraw your consent at any time. When you withdraw your consent, the processing of personal data ceases from the date of withdrawal, i.e. the withdrawal does not affect any previous processing of personal data.

The rules on the public availability of public documents in the Swedish Freedom of the Press Act and regulations on archiving may impose restrictions on some of your rights described above.

For more information about your rights or to submit a complaint about the processing of personal data, please contact the supervisory authority, the Swedish Authority for Privacy Protection, Data protection for individuals | IMY.

If you want to read more about how Stockholm Business Region processes personal data, see our Privacy Policy.