The Riksbank safeguards your personal integrity and always endeavours to properly protect all personal data. This integrity policy explains how the Riksbank processes personal data in accordance with the General Data Protection Regulation (GDPR). It also describes your rights and how you can assert them. This integrity policy applies as of 25 May 2018. However, the Riksbank make at some point in the future make amendments to the policy.
What are personal data and processing of personal data?
Personal data refers to all of the information that directly or indirectly together with other data, can be linked to a living natural person. This includes, for instance, name, address, e-mail address and mobile phone number, as well as photographs and sound recordings.
Anything that is done with personal data is counted as processing of personal data. Examples of common processing of data include collection, registration, storage, transfer and deletion.
Personal data responsibility
Sveriges Riksbank at the address 103 37 Stockholm, firstname.lastname@example.org, has personal data responsibility for the Riksbank's handling of personal data.
When does the Riksbank process your personal data?
The Riksbank gathers and stores information on you that you have sent to the authority yourself, for instance, via the Riksbank's website, telephone, ordinary mail and e-mail as well as personal contacts. The Riksbank may also gather personal data from, for instance, other public authorities or from other open sources when this data is needed for the Riksbank to carry out its statutory tasks pursuant to the Sveriges Riksbank Act or to agreements.
The Riksbank's aim and purpose in processing personal data is primarily to carry out tasks of public interest. The processing can also be part of the exercise of our public authority in accordance with the Sveriges Riksbank Act or other legislation. The Riksbank also needs to process personal data to administer its operations. Processing may also be necessary to complete legal obligations or to observe an agreement.
The Riksbank has access to the personal data needed for its own operations. This concerns, for instance, data on employees of the bank, on contact persons at various financial institutions, on contractual parties, on visitors and on people who have applied to redeem invalid banknotes.
Who does the Riksbank share personal data with?
In cases where it is necessary for the Riksbank to be able to manage its tasks and assignments pursuant to the Sveriges Riksbank Act, we share personal data with companies that process the information on our behalf and according to our instructions and agreements, so-called personal data processor. The Riksbank uses external consultants, for instance, in IT maintenance and the administration of invoices, salaries and so on.
There are also others with whom the Riksbank shares personal data but which have independent personal data responsibility. This means that in these cases it is not the Riksbank that governs how the information is processed after it has been shared. Those with independent personal data responsibility with whom the Riksbank may share personal data include other public authorities (the Swedish Tax Agency, Finansinspektionen - the Swedish financial supervisory authority, Försäkringskassan - the Swedish Social Insurance Agency and the Police authority), with reference to our statutory obligation to do so.
Special information about the Freedom of Information Principle
The Riksbank is a public authority and this means that messages sent to us usually become what is known as public documents. If, for instance, you send a letter or an e-mail to the Riksbank, anyone has the right to request a copy of this message, on condition that it is not covered by some confidentiality provision.
The Riksbank will not store your personal data for longer than is necessary. Many of the personal data the Riksbank processes must be saved, however, and can only be screened out in accordance with the provisions of the Swedish archive act.
The Riksbank's starting-point with regard to processing personal data is that it is only those people in our operations who need those particular personal data in their work who will have access to them. The Riksbank has special security routines that protect your personal data against unlawful or unauthorised handling. These routines are constantly updated in line with technological developments. We use IT systems to protect confidentiality, integrity and access to personal data.
Your rights as registered
Right to access
You have the right, free of charge and upon request, to receive information once a year on what personal data about your that the Riksbank processes and for what purpose (what is known as a register extract). A request for such an extract shall be made by post or e-mail and shall contain your name, personal identity number, postal address, phone number and email address. The Riksbank will send the extract to the applicant's registered address within one month of receipt of your application.
Send your request to:
SE-103 37 Stockholm
Please bear in mind that in these cases the Riksbank may request further information from you to ensure that the request is handled efficiently and that the information is given to the right person.
Right to amend
We have a responsibility for the data we handle being correct, but you also have the right to supplement this with data that is lacking and is relevant. If you detect incorrect or incomplete data about yourself, you have the right to request that it is amended.
Right to limit
If you consider that your personal data is incorrect and you have requested an amendment from us, you can also request that the processing of your data is limited as long as our investigation of the matter continues.
If the processing of your data is limited temporarily, we will inform those with whom we have share the data about the temporary limitation. However, this does not apply if it proves impossible or entails considerable difficulty to do so.
Right to deletion
You also have the right to request that the Riksbank deletes your personal data from its system as long as the data is not needed for archive purposes of public interest or as part of the Riksbank's exercising of its public authority.
Right to object
You also have the right to object to your personal data being processed. In this case, you need to specify what processing you are objecting to. We will only continue to process the data in these cases if we can show that there are justifiable reasons that weigh more heavily than your interests.
Data protection officer
The Riksbank has a data protection officer who ensures that the provisions of the General Data Protection Regulation regarding processing of personal data are observed. If you wish to contact the data protection officer, you can write to the Riksbank's address or send an e-mail to email@example.com or call +46 8 787 00 00.
Report of an infringement
If you consider that your personal data is being processed in contravention of the General Data Protection Regulation, you can register a complaint with the Swedish Data Protection Authority, which is responsible for monitoring compliance with the legislation.
The Riksbank uses the following social media as communication channels to provide information on the bank's operations: Twitter, Linkedin, Facebook and YouTube. If you communicate with us via social media at any point you yourself choose which personal data you wish to share.