Information on processing of personal data

What are personal data and processing of personal data?

Personal data refers to all kinds of information that directly, or indirectly together with other data, can be linked to a living natural person. This includes, for instance, name, address, e-mail address and mobile phone number, as well as photographs and sound recordings.

Different types of measures are regarded as processing of personal data. Examples of common processing of data include collection, registration, adaptation, storage/archiving, transfer and deletion.

Controller of personal data

Sveriges Riksbank is controller for the Riksbank's processing of personal data.

Contact:

Sveriges Riksbank
Registrar
SE-103 37 Stockholm

Email: registratorn@riksbank.se

Data Protection Officer

The Riksbank is a public authority and has therefore appointed a Data Protection Officer, who has the task of overseeing that the operations of the Riksbank comply with the data protection legislation. As registered, you can contact the Riksbank's Data Protection Officer if you have any questions regarding the Riksbank's processing of your personal data or if you wish to exercise your rights.

Contact:

Sveriges Riksbank
Riksbank Data Protection Officer
SE-103 37 Stockholm

E-mail: dataskyddsombud@riksbank.se
Telephone number: 08 - 787 00 00.

Special information about the Freedom of Information Principle

Messages sent to the Riksbank usually become official documents that are registered. Official documents can be released on request if the information in them is not covered by secrecy. Personal data may therefore be released in accordance with the principle of public access to official documents.

This processing of personal data which is done to meet the requirements of The Public Access to Information and Secrecy Act, the Swedish Archives Act and the Swedish Administrative Procedure Act has support in the legal base of public interest in the General Data Protection Regulation.

How the Riksbank processes personal data

In general, it can be said that the Riksbank processes personal data for several different reasons and in several different parts of its operations. This is done so that the Riksbank as public authority can carry out its tasks pursuant to the Sveriges Riksbank Act. The Riksbank also needs to process personal data in its administrative operations, including its role as employer.

In contacts with the Riksbank

The Riksbank processes data to communicate with those who contact the Riksbank by telephone, by post, by e-mail, through social media or personal contact. The legal base for processing data is that the information is of public interest.

When applying to redeem banknotes

The Riksbank processes data to deal with cases of redemption of banknotes and commemorative coins. The legal base for processing this data is the exercise of public authority.

In correspondent bank operations

The Riksbank processes data to manage international payments. The legal base for processing data here is that the information is of public interest.

In statistical and research operations

The Riksbank processes data when producing financial market statistics and balance of payments statistics. The legal base for processing data here is that the information is of public interest.

In the Riksbank’s oversight of the financial sector

The Riksbank processes data when overseeing the stability of the payments system. The legal base for processing this data is the exercise of public authority.

In national and international cooperation

The Riksbank processes contact details for the person who is contact person for a particular case or issues within the cooperation. The legal base for processing data here is that the information is of public interest.

When applying for a job

The Riksbank processes data in connection with receiving an application for work at the Riksbank. Personal data is processed so that the Riksbank can administer the applications and fill a job vacancy. The processing for filling job vacancies is part of the Riksbank's exercise of public authority and other processing comes under public interest.

When subscribing to the press releases and newsletters

The Riksbank processes personal data in connection with registration for subscription to our press releases and newsletters, for the purpose of administering the subscription and sending out the requested information. The legal base here is to meet the requirements of the agreement entered into in connection with registration as subscriber.

Categories of personal data that are processed

The categories of personal data that are processed are largely name and contact details of individuals that have contacted the Riksbank. In cases of redemption of banknotes and correspondent bank activities, there is also data on finances and account details. If the case refers to a legal entity/organisation of some kind with a specified contact person, it is this person’s name and contact details that are used. Cases that are registered are always given a registration number.

Documents and messages sent to the Riksbank sometimes contain other types of personal data. This data is only processed by the document being added to the case in question. The data is not registered separately and is therefore not searchable in the register.

Handling of sensitive personal data

The Riksbank does not normally handle sensitive personal data, but in the case that personal data is nevertheless sent in to the authority, this data is handled so that the case can be processed. However, this data is only processed by being added to the case in question. The data is not registered separately and the data in the document is thus not made searchable. The legal base for processing sensitive personal data here is that the information is of public interest.

Who does the Riksbank share personal data with?

General public

In some cases, personal data may need to be released to the general public in connection with the principle of public access to official documents. Some data may be subject to secrecy and may not be released.

Employees

The employees at the Riksbank who may have access to the data need this to carry out their work.

Processor and/or deputies

In certain cases, the Riksbank uses processors. The processors used (and where appropriate their deputies) may only handle personal data in accordance with the purposes and instructions the Riksbank has stated for the processing pursuant to a special agreement, what is known as a processor agreement.

Other authorities responsible for personal data

There are also external parties with whom the Riksbank shares personal data, but which have independent personal data responsibility. The Riksbank is obliged by law to share personal data with, for instance, the Swedish Tax Agency, Finansinspektionen (the Swedish Financial Supervisory Authority), the Swedish Social Insurance Agency and the Swedish police.

Period during which personal data will be processed and stored

The Riksbank, in its capacity of public authority, is obliged according to the Swedish Archives Act to preserve official documents. The Riksbank follows regulations on preservation and deletes official documents in line with the applicable regulations and decisions on deleting them.

Personal data that is not part of an official document is saved only as long as needed for the purposes for which it is processed. Documents that are not official include draft decisions and minutes of meetings that have not been archived. When a case has been finally processed, an assessment is made of what the Swedish Archives Act requires to be preserved in the case. Documents that contain personal data and are not to be preserved are deleted or the personal data is removed.

Documents of little or temporary importance are usually deleted directly. These include requests, inquiries and messages received that have temporary significance or are of a routine nature as well as the replies to them. The same also applies to the Riksbank’s contributions to the Riksbank's social media and the comments, questions and answers posted by the general public and which are of a general nature. One condition for deleting these is that the document does not need to be registered.

Personal data regarding subscribers to press releases, newsletters, job vacancies and similar are deleted as soon as the subscription ends.

Your rights as registered

If your personal data is processed by the Riksbank, you as registered have several rights. If you wish to exercise your rights, or if you have questions regarding the Riksbank's processing of your personal data, you can turn to the public authority’s Data Protection Officer at e-mail dataskyddsombud@riksbank.se. You have the right to exercise your rights free of charge. However, there are some situations in which an administrative fee may be charged.

Right to information

You can ask for information on how the Riksbank handles your personal data and receive a copy of this - what is known as a register extract - together with some further information. A request for such an extract shall be made via post or e-mail and shall contain your name, personal identity number, postal address, telephone number and e mail address. The Riksbank will send the extract to your registered address within one month of receipt of the request. If you submit your request via e-mail, the Riksbank may request further information from you to ensure that the request is handled efficiently and that Riksbank gives the information to the right person.

Send your request by post to:

Sveriges Riksbank
Registrar
SE-103 37 Stockholm

or by e-mail to: registratorn@riksbank.se

Right to correction

The Riksbank is responsible for ensuring that the personal data processed is correct. If you consider personal data about you to be incorrect or incomplete, you can request to have the data corrected or supplemented.

Right to object

You also have the right to object to personal data being handled by the Riksbank within the scope of exercise of public authority, or to carry out other work tasks of public interest. In this case, you need to specify what processing you are objecting to. If the Riksbank is not able to prove that there are binding, legitimate reasons for continuing to process the data, the processing must cease.

Right to limit

In certain cases, such as if you have objected to the processing of data or requested correction of data, you have the possibility to request that the processing of your personal data should be limited. By requesting a limitation you have the opportunity, at least under a certain period of time, of stopping the Riksbank from using the data other than to respond to a legal claim, for instance.

Right to erase

You have the right in certain cases to request that the Riksbank erases your personal data. When your personal data is needed for the Riksbank is to carry out its task or is part of an official document, however, the Riksbank is not able to erase the data.

Right to move your personal data, so-called data portability

If the Riksbank processes your personal data to fulfil an agreement with your or you have agreed to give your personal data, you have the opportunity in certain cases to request personal data regarding you to use elsewhere, for instance, to transfer the data to another processor.

Right to make a complaint to the Swedish Authority for Privacy Protection

You as registered have the right to make a complaint to the Swedish Authority for Privacy Protection (IMY) if you consider that the Riksbank's processing of your personal data does not comply with the General Data Protection Regulation.

Read more about how you can make a complaint to the IMY: https://www.imy.se/en/privatperson/forms-and-e-services/file-a-gdpr-complaint/

Use of cookies

The Riksbank uses various types of cookies on its website, both necessary and non-necessary cookies. Necessary cookies have to be used for the Riksbank’s services and functions to work. Non-necessary cookies are used to analyse visitor statistics and improve the Riksbank's services, for instance. To use non-necessary cookies, the Riksbank needs to ask for your agreement.

You can adjust the settings in your browser that automatically refuse storage of cookies or that inform you every time a website wants to store a cookie. You can also go in and erase all of the cookies stored earlier. The settings you can use depend on which browser you use, see the help pages on the respective browser’s website for further information.

The Swedish Post and Telecom Authority is the supervisory authority for processing data with regard to use of cookies. See FAQ about cookies for those who use the internet:
https://www.pts.se/en/private2/internet/integritet/qa-about-cookies-for-users/

Social media

The Riksbank uses the following social media as communication channels to provide information on the bank's operations: Twitter, Linkedin, Facebook and YouTube. If you choose to use these social media, you should be aware that your personal data is processed under the respective third party’s responsibility and in accordance with the appropriate integrity policy for the respective service.