We may also contact you via mailing to inform you of events and current affairs in the city. We may do so if you ever have registered your interest in receiving such information or if we judge there to be a legitimate interest in sending you this information; for example, if you are a journalist, blogger, or contact person in a relevant organization. You always have the option of contacting us and saying that you do not wish to receive information from us. Write to us at email@example.com.
Who may we share information with?
Data processors. Sometimes it is necessary for us to share your personal data with other organizations in order to provide our services. A data processor is a company that deals with the information on our behalf in accordance with our instructions. We have data processors that help us with:
- IT services (companies that handle the necessary operation, technical support, and maintenance of our IT solutions).
- Marketing (print and distribution, social media, media agencies, or ad agencies).
Organizations that are independent data controllers
- State authorities (the police, the National Tax Board, or other authorities), if we are required by law to share the information or in cases of suspected crimes.
- Other administrations and municipal companies (in the City of Stockholm) in order to fulfill our establishment service obligations to a business, we may need to share your personal data with other administrations and companies concerned, for example with the City Development Department if your case regards matters related to construction or land.
- Business partners (professional organizations or other industry actors, such as hotels and restaurants). The Group's activities aim to promote interaction with the City of Stockholm both nationally and internationally, and we may therefore pass on some of your data in order to promote and facilitate such collaboration.
Where do we process your personal data?
We always strive to process your data within the EU/EEA. However, data may in some situations be transferred to and/or processed by suppliers or subcontractors in countries outside the EU/EEA.
How long do we store your personal data?
We never save your personal data for longer than is necessary for their respective purposes, is required to meet the existing statutory storage periods, or is necessary for the purposes of other legitimate interests. Aside from legal grounds, the continued relevance/necessity of data is determined by the relationship we have with you, such as an ongoing relationship through a trade organization or event coordination.
What are your rights as a registered person?
Right of access (so-called “extracts from the register”). You have the right to obtain access to the data we process that pertains to you and may request a copy of these. (Information is provided in the form of an extract from the register indicating the purpose, categories of personal data, categories of recipients, storage periods, information about where the information was collected and the presence of automated decision-making).
Pursuant to the General Data Protection Regulation, we may ask you for additional information in order to ensure that you are the one who has the right to request the data.
The right to rectification. You have the right to correct incorrect or incomplete personal information (about yourself), within the context of the purpose for which this data is being processed.
The right to deletion (“the right to be forgotten”). You have the right to request that we delete the personal data we process about you if:
- The data are no longer necessary for the purposes for which they were collected or processed.
- You object to a balancing of interests we have made based on the legal grounds of legitimate interests and your reasons for objection outweigh our legitimate interests.
- You object to the processing of your personal data for direct marketing purposes.
- Personal data has been processed in an unlawful manner.
- Personal data must be deleted in order to fulfill a legal obligation to which the Group is subject.
- The personal data collected is about a child (under 13 years) for whom you have parental responsibility, and the collection took place in connection with the provision of information society services (e.g. social media).
Please be aware that there may be legal obligations that prevent us from immediately deleting parts of your data. These obligations are imposed by the Public Access to Information and Secrecy Act, the Archives Act, the Administrative Procedure Act, and accounting and tax legislation, among others.
The right to the limitation. Under certain circumstances, you have the right to request that our processing of your personal data be limited. For example, if you should call into question whether or not the data are accurate or if we no longer need them for our purposes, but you require them in order to establish, exercise or defend legal claims. This means that you can request that we refrain from deleting your data.
If you object to the processing we conduct with reference to the balancing of interests, you may request that we limit the processing during the time necessary to determine whether our legitimate interests outweigh your interests in having the data deleted.
If the processing is limited as described above, we cannot do anything else with your personal data (beyond actually storing it) other than to use it in the establishment, exercise or defense of legal claims, or to protect the rights of another person, unless we request your specific consent.
The right to object to certain types of processing. You always have the right to avoid direct marketing (for example, when an organization directly contacts a customer via email, SMS or newsletter. Marketing measures in which the customer him/herself actively chose to use a service or otherwise sought out an organization in order to learn more about its services do not count as direct marketing.) and to object to any processing of personal data based on a balancing of interests.
In the instance that you have objected to a balancing of interests, to continue to process your data we are required to demonstrate compelling legitimate grounds for the processing which outweigh your interests. In other cases, we only process the data in order to establish, exercise, or defend legal claims.
The right to data portability. If your personal data are processed automatically on the legal grounds of consent or the fulfillment of a contractual obligation, you also have the right to request these so long as doing so does not affect the rights or freedoms of any other person.
Submitting a complaint to the Data Protection Authority. The Data Protection Authority is a regulatory government authority that is responsible for monitoring the application of privacy legislation. If you believe that an organization is processing personal data incorrectly, you may file a complaint with them.
Cookies – What are they and how do we use them?
Cookies are small text files consisting of letters and numbers that are sent from our web server and stored in your internet browser or on your device. These may consist of:
- Session cookies (a temporary cookie that expires when you close your browser or device).
- Persistent cookies (cookies that remain on your computer until you delete them or they expire).
- First-party cookies (cookies set by the site you are visiting).
- Third-party cookies (cookies set by a third party. These are used for analyses).
In order to improve your experience of interacting with us, we use all the above-mentioned types of cookies on our websites www.stockholmbusinessregion.com, www.visitstockholm.com, www.investstockholm.com, professionals.visitstockholm.com, and stockholmbusinessalliance.se. Some are directly necessary to the functioning of our websites, while others are used to save your selected preferences as a visitor, to obtain visitor statistics, and for marketing.
You can control the use and scope of the cookies you allow by changing your browser settings. For example, you can block all cookies, only accept first-party cookies, or delete cookies when you close your browser. However, be aware that such settings may interfere with the functionality of certain websites.
Stockholm Business Region AB, reg. # 556491-6798, located at Fleminggatan 4, SE-102 26 Stockholm, and its subsidiaries Visit Stockholm, reg. # 556027-5736 and Invest Stockholm, reg. # 556083-1306, are the data controllers for the processing of your personal data as described above.
If you have any questions related to how we treat your personal data, please contact us at firstname.lastname@example.org.