Processing of personal data

What is personal data and processing of personal data?

Personal data refers to all kinds of information that directly, or indirectly together with other data, can be linked to a living natural person. This includes, for instance, name, address, e-mail address and mobile phone number, as well as photographs and sound recordings.

Different types of measures are regarded as processing of personal data. Examples of common processing activities include collection, registration, adaptation, storage/archiving, transfer and deletion.

Controller of personal data

The Riksbank is controller for the processing of personal data for which it determines the purposes and the means. This information is intended to provide general information about the kinds of personal data processing activities for which the Riksbank is the controller and that implies contact with the public.

Contact:

Sveriges Riksbank
Registrar
SE-103 37 Stockholm

Email: registratorn@riksbank.se

Data Protection Officer

The Riksbank is a public authority and has therefore appointed a Data Protection Officer, who has the task of overseeing that the operations of the Riksbank comply with the data protection legislation. As a data subject, you can contact the Riksbank's Data Protection Officer if you have any questions regarding the Riksbank's processing of your personal data or if you wish to exercise your rights.

Contact:

Sveriges Riksbank
Riksbank Data Protection Officer
SE-103 37 Stockholm

E-mail: dataskyddsombud@riksbank.se

Telephone number: 08 - 787 00 00.

The principle of public access to official records

Messages sent to the Riksbank usually become official documents that are registered. Official documents can be disclosed on request if the information in them is not covered by secrecy. Personal data may therefore be disclosed in accordance with the principle of public access to official documents.

The processing of personal data which is done to meet the requirements of The Public Access to Information and Secrecy Act, the Swedish Archives Act and the Swedish Administrative Procedure Act is considered to be necessary to perform a task of important public interest.

How the Riksbank processes personal data

In general, it can be said that the Riksbank processes personal data for several different reasons and in several different parts of its operations. This is done so that the Riksbank as a public authority can carry out its tasks pursuant to the Sveriges Riksbank Act. The Riksbank also needs to process personal data in its administrative operations, including its role as employer.

In contact with or visits at the Riksbank

The Riksbank processes data to communicate with those who contact the Riksbank by telephone, by post, by e-mail, through social media or via personal or virtual contact and to administrate visits at the Riksbank’s premises. The legal base for processing data is  to perform a task of public interest.

When applying to redeem banknotes

The Riksbank processes data to administrate cases of redemption of banknotes and commemorative coins. The processing is necessary as part of the Riksbank’s exercise of its official authority.

When providing settlement services   

The Riksbank process personal data to provide the system RIX that has two settlement services, RIX-RTGS and RIX-INST. For more information on the Riksbank’s processing of personal data in the context of RIX, please see this page: Processing of personal data in the context of RIX.  

In correspondent bank operations

The Riksbank processes data to manage international payments. The legal base for processing data is to perform a task of public interest.

In statistical and research operations

The Riksbank processes data in its statistical and research operations, for example in the context of conducting surveys and research projects and when producing certain statistics. The legal base for processing data is to perform a task of public interest.

In the Riksbank’s oversight of the financial sector

The Riksbank processes data when overseeing the stability of the payments system. The processing is necessary as part of the Riksbank’s exercise of its official authority and to perform a task of public interest.

In national and international cooperation

The Riksbank processes contact details for the person who is contact person for a particular case or issues within the cooperation. The legal base for processing data here is to perform a task of public interest.

When applying for a job

The Riksbank processes data in connection with receiving an application for work at the Riksbank. Personal data is processed so that the Riksbank can administer the applications and fill a job vacancy. The processing for filling job vacancies is necessary as part of the Riksbank's exercise of official authority and other processing activities are necessary to perform a task of public interest.

When subscribing to the press releases and newsletters

The Riksbank processes personal data in connection with registration for subscription to our press releases and newsletters, for the purpose of administering the subscription and sending out the requested information. The legal base here is to meet the requirements of the agreement entered into in connection with registration as subscriber.

When visiting our website

The Riksbank will process the IP-address when visiting our website to improve the user experience. The legal base for processing data here is to perform a task of public interest.

Categories of personal data that are processed

The categories of personal data that are processed are largely name, identity data and contact details of individuals that have contacted the Riksbank or that represents a legal entity/organisation that the Riksbank is in contact with as well as financial data. Cases that are registered are always given a registration number.

Documents and messages sent to the Riksbank sometimes contain other types of personal data. This data is only processed by the document being added to the case in question. The data is not registered separately and is therefore not searchable in the register.

Handling of sensitive personal data

The Riksbank does not normally handle sensitive personal data, but in the case that personal data is nevertheless sent in to the authority, this data is handled so that the case can be processed. However, this data is only processed by being added to the case in question. The data is not registered separately and the data in the document is thus not made searchable. The legal base for processing sensitive personal data is to perform a task of important public interest.

Who does the Riksbank share personal data with?

General public

In some cases, personal data may need to be released to the general public in connection with the principle of public access to official documents. Some data may be subject to secrecy and may not be released.

Employees

The employees at the Riksbank who may have access to the data need this to carry out their work.

Processor and/or sub-processors

In certain cases, the Riksbank uses processors. The processors used (and where appropriate their sub-processors) may only handle personal data in accordance with the purposes and instructions the Riksbank has stated for the processing pursuant to a special agreement, what is known as a data processor agreement. The Riksbank uses processors for various kinds of IT services and to perform certain surveys.

Other authorities responsible for personal data

There are also external parties with whom the Riksbank shares personal data, but which have independent personal data responsibility. The Riksbank is obliged by law to share personal data with, for instance, the Swedish Tax Agency, Finansinspektionen (the Swedish Financial Supervisory Authority), the Swedish Social Insurance Agency and the Swedish police.

Where we process your personal data

We always aim to process your personal data within the EU/EEA. In some cases, the Riksbank or its processors may transfer your personal data to a country outside the EU/EES or to an international organisation. Such processing may only occur in accordance with the requirements stated in data protection legislation for example, that the European Commission has decided that the country has an adequate level of protection equivalent to the EU/EES or that the Riksbank and the organisation receiving the personal data has entered a contract with the Standard Contractual Clauses adopted by the European Commission.  

Period during which personal data will be processed and stored

The Riksbank, in its capacity of public authority, is obliged according to the Swedish Archives Act to preserve official documents. The Riksbank follows regulations on preservation and deletes official documents in line with the applicable regulations and decisions on deleting them.

Personal data that is not part of an official document is retained only as long as needed for the purposes for which it is processed. Documents that are not official include draft decisions and minutes of meetings that have not been archived. When a case has been finally processed, an assessment is made of what the Swedish Archives Act requires to be preserved in the case. Documents that contain personal data and are not to be preserved are deleted or the personal data is removed.

Application documents that do not relate to the person appointed to the position or a person who has appealed the appointment decision are deleted two years after the appointment decision has gained legal force.

Documents of little or temporary importance are usually deleted directly. These include requests, inquiries and messages received that have temporary significance or are of a routine nature as well as the replies to them. The same also applies to the Riksbank’s contributions to the Riksbank's social media and the comments, questions and answers posted by the general public and which are of a general nature. One condition for deleting these is that the document does not need to be registered.

Personal data regarding subscribers to press releases, newsletters, job vacancies and similar are deleted as soon as the subscription ends.

Your rights as data subject

If your personal data is processed by the Riksbank, you as data subject have several rights. If you wish to exercise your rights, or if you have questions regarding the Riksbank's processing of your personal data, you can turn to the Data Protection Officer or to the registrar, see contact details above. You have the right to exercise your rights free of charge. However, there are some situations in which an administrative fee may be charged.

Right to access

You can ask for information on how the Riksbank handles your personal data and receive a copy of this   together with some further information. If necessary, the Riksbank may request further information from you to ensure that the request is handled efficiently and that the information is provided to the right recipient.

Right to rectification

The Riksbank is responsible for ensuring that the personal data processed is correct. If you consider personal data about you to be incorrect or incomplete, you can request to have the data rectified or completed.

Right of objection

You also have the right to object to personal data being handled by the Riksbank within the scope of exercise of official authority, or to carry out other tasks of public interest. In this case, you need to specify what processing you are objecting to. If the Riksbank is not able to prove that there are compelling, legitimate reasons for continuing to process the data, the processing must cease.

Right to limitation

In certain cases, such as if you have objected to the processing of data or requested correction of data, you have the possibility to request that the processing of your personal data should be limited. By requesting a limitation you have the opportunity, at least under a certain period of time, of stopping the Riksbank from using the data other than to respond to a legal claim, for instance. You can also prevent the Riksbank from erasing the data, for example if you need the information to claim damages.

Right to erasure

You have the right in certain cases to erasure of your personal data. When your personal data is needed for the Riksbank to carry out its task of public interest or is part of an official document, however, the Riksbank is not able to erase the data.

Right to data portability

If the Riksbank processes your personal data to fulfil an agreement with your or it is based on your consent, you have the opportunity in certain cases to request personal data regarding you to use elsewhere, for instance, to transfer the data to another processor.

For more information on your rights, see the Swedish Authority for Privacy Protection's website.

Right to make a complaint to the Swedish Authority for Privacy Protection

As a data subject you have the right to make a complaint to the Swedish Authority for Privacy Protection if you consider that the Riksbank's processing of your personal data does not comply with the General Data Protection Regulation.

Read more about how you can make a complaint to the Swedish Authority for Privacy Protection.

Use of cookies

The Riksbank uses various types of cookies on its website, both necessary and non-necessary cookies. Necessary cookies have to be used for the Riksbank’s services and functions to work. Non-necessary cookies are used to analyse visitor statistics and improve the Riksbank's services, for instance. To use non-necessary cookies, the Riksbank needs to ask for your agreement.

You can adjust the settings in your browser that automatically refuse storage of cookies or that inform you every time a website wants to store a cookie. You can also go in and erase all of the cookies stored earlier. The settings you can use depend on which browser you use, see the help pages on the respective browser’s website for further information.

The Swedish Post and Telecom Authority is the supervisory authority for processing data with regard to use of cookies.

Social media

The Riksbank uses the following social media as communication channels to provide information on its operations: Bluesky, Facebook, Instagram, Linkedin and Youtube. If you choose to use these social media, you should be aware that your personal data is processed under the respective third party’s responsibility and in accordance with the appropriate integrity policy for the respective service.

About the information on this page

If the information in English is different from the Swedish version of this page, the Swedish version applies.