Processing of personal data
The Riksbank safeguards your personal integrity. This information is aimed partly at providing an overall picture of the Riksbank’s processing of personal data in its operations, and partly at providing you as an individual with information on how the Riksbank, in its capacity as data controller, processes this data so that you can safeguard your rights.
What is personal data and processing of personal data?
Personal data refers to all kinds of information that directly, or indirectly together with other data, can be linked to a living natural person. This includes, for instance, name, address, e-mail address and mobile phone number, as well as photographs and sound recordings.
Different types of measures are regarded as processing of personal data. Examples of common processing activities include collection, registration, adaptation, storage/archiving, transfer and deletion.
Controller of personal data
The Riksbank is controller for the processing of personal data for which it determines the purposes and the means. This information is intended to provide general information about the kinds of personal data processing activities for which the Riksbank is the controller and that implies contact with the public.
Contact:
Sveriges Riksbank
Registrar
SE-103 37 Stockholm
Email: registratorn@riksbank.se
Data Protection Officer
The Riksbank is a public authority and has therefore appointed a Data Protection Officer, who has the task of overseeing that the operations of the Riksbank comply with the data protection legislation. As a data subject, you can contact the Riksbank's Data Protection Officer if you have any questions regarding the Riksbank's processing of your personal data or if you wish to exercise your rights.
Contact:
Sveriges Riksbank
Riksbank Data Protection Officer
SE-103 37 Stockholm
E-mail: dataskyddsombud@riksbank.se
Telephone number: 08 - 787 00 00.
The principle of public access to official records
Messages sent to the Riksbank usually become official documents that are registered. Official documents can be disclosed on request if the information in them is not covered by secrecy. Personal data may therefore be disclosed in accordance with the principle of public access to official documents.
The processing of personal data which is done to meet the requirements of The Public Access to Information and Secrecy Act, the Swedish Archives Act and the Swedish Administrative Procedure Act is considered to be necessary to perform a task of important public interest.
How the Riksbank processes personal data
In general, it can be said that the Riksbank processes personal data for several different reasons and in several different parts of its operations. This is done so that the Riksbank as a public authority can carry out its tasks pursuant to the Sveriges Riksbank Act. The Riksbank also needs to process personal data in its administrative operations, including its role as employer.
In contact with or visits at the Riksbank
The Riksbank processes data to communicate with those who contact the Riksbank by telephone, by post, by e-mail, through social media or via personal or virtual contact and to administrate visits at the Riksbank’s premises. The legal base for processing data is to perform a task of public interest.
When applying to redeem banknotes
The Riksbank processes data to administrate cases of redemption of banknotes and commemorative coins. The processing is necessary as part of the Riksbank’s exercise of its official authority.
When providing settlement services
The Riksbank process personal data to provide the system RIX that has two settlement services, RIX-RTGS and RIX-INST. For more information on the Riksbank’s processing of personal data in the context of RIX, please see this page: Processing of personal data in the context of RIX.
In correspondent bank operations
The Riksbank processes data to manage international payments. The legal base for processing data is to perform a task of public interest.
In statistical and research operations
The Riksbank processes data in its statistical and research operations, for example in the context of conducting surveys and research projects and when producing certain statistics. The legal base for processing data is to perform a task of public interest.
In the Riksbank’s oversight of the financial sector
The Riksbank processes data when overseeing the stability of the payments system. The processing is necessary as part of the Riksbank’s exercise of its official authority and to perform a task of public interest.
In national and international cooperation
The Riksbank processes contact details for the person who is contact person for a particular case or issues within the cooperation. The legal base for processing data here is to perform a task of public interest.
When applying for a job
The Riksbank processes data in connection with receiving an application for work at the Riksbank. Personal data is processed so that the Riksbank can administer the applications and fill a job vacancy. The processing for filling job vacancies is necessary as part of the Riksbank's exercise of official authority and other processing activities are necessary to perform a task of public interest.
When subscribing to the press releases and newsletters
The Riksbank processes personal data in connection with registration for subscription to our press releases and newsletters, for the purpose of administering the subscription and sending out the requested information. The legal base here is to meet the requirements of the agreement entered into in connection with registration as subscriber.
When visiting our website
The Riksbank will process the IP-address when visiting our website to improve the user experience. The legal base for processing data here is to perform a task of public interest.
Categories of personal data that are processed
The categories of personal data that are processed are largely name, identity data and contact details of individuals that have contacted the Riksbank or that represents a legal entity/organisation that the Riksbank is in contact with as well as financial data. Cases that are registered are always given a registration number.
Documents and messages sent to the Riksbank sometimes contain other types of personal data. This data is only processed by the document being added to the case in question. The data is not registered separately and is therefore not searchable in the register.
Handling of sensitive personal data
The Riksbank does not normally handle sensitive personal data, but in the case that personal data is nevertheless sent in to the authority, this data is handled so that the case can be processed. However, this data is only processed by being added to the case in question. The data is not registered separately and the data in the document is thus not made searchable. The legal base for processing sensitive personal data is to perform a task of important public interest.
Who does the Riksbank share personal data with?
General public
In some cases, personal data may need to be released to the general public in connection with the principle of public access to official documents. Some data may be subject to secrecy and may not be released.
Employees
The employees at the Riksbank who may have access to the data need this to carry out their work.
Processor and/or sub-processors
In certain cases, the Riksbank uses processors. The processors used (and where appropriate their sub-processors) may only handle personal data in accordance with the purposes and instructions the Riksbank has stated for the processing pursuant to a special agreement, what is known as a data processor agreement. The Riksbank uses processors for various kinds of IT services and to perform certain surveys.
Other authorities responsible for personal data
There are also external parties with whom the Riksbank shares personal data, but which have independent personal data responsibility. The Riksbank is obliged by law to share personal data with, for instance, the Swedish Tax Agency, Finansinspektionen (the Swedish Financial Supervisory Authority), the Swedish Social Insurance Agency and the Swedish police.
Where we process your personal data
We always aim to process your personal data within the EU/EEA. In some cases, the Riksbank or its processors may transfer your personal data to a country outside the EU/EES or to an international organisation. Such processing may only occur in accordance with the requirements stated in data protection legislation for example, that the European Commission has decided that the country has an adequate level of protection equivalent to the EU/EES or that the Riksbank and the organisation receiving the personal data has entered a contract with the Standard Contractual Clauses adopted by the European Commission.
Period during which personal data will be processed and stored
The Riksbank, in its capacity of public authority, is obliged according to the Swedish Archives Act to preserve official documents. The Riksbank follows regulations on preservation and deletes official documents in line with the applicable regulations and decisions on deleting them.
Personal data that is not part of an official document is retained only as long as needed for the purposes for which it is processed. Documents that are not official include draft decisions and minutes of meetings that have not been archived. When a case has been finally processed, an assessment is made of what the Swedish Archives Act requires to be preserved in the case. Documents that contain personal data and are not to be preserved are deleted or the personal data is removed.
Application documents that do not relate to the person appointed to the position or a person who has appealed the appointment decision are deleted two years after the appointment decision has gained legal force.
Documents of little or temporary importance are usually deleted directly. These include requests, inquiries and messages received that have temporary significance or are of a routine nature as well as the replies to them. The same also applies to the Riksbank’s contributions to the Riksbank's social media and the comments, questions and answers posted by the general public and which are of a general nature. One condition for deleting these is that the document does not need to be registered.
Personal data regarding subscribers to press releases, newsletters, job vacancies and similar are deleted as soon as the subscription ends.
Your rights as data subject
If your personal data is processed by the Riksbank, you as data subject have several rights. If you wish to exercise your rights, or if you have questions regarding the Riksbank's processing of your personal data, you can turn to the Data Protection Officer or to the registrar, see contact details above. You have the right to exercise your rights free of charge. However, there are some situations in which an administrative fee may be charged.
Right to access
You can ask for information on how the Riksbank handles your personal data and receive a copy of this together with some further information. If necessary, the Riksbank may request further information from you to ensure that the request is handled efficiently and that the information is provided to the right recipient.
Right to rectification
The Riksbank is responsible for ensuring that the personal data processed is correct. If you consider personal data about you to be incorrect or incomplete, you can request to have the data rectified or completed.
Right of objection
You also have the right to object to personal data being handled by the Riksbank within the scope of exercise of official authority, or to carry out other tasks of public interest. In this case, you need to specify what processing you are objecting to. If the Riksbank is not able to prove that there are compelling, legitimate reasons for continuing to process the data, the processing must cease.
Right to limitation
In certain cases, such as if you have objected to the processing of data or requested correction of data, you have the possibility to request that the processing of your personal data should be limited. By requesting a limitation you have the opportunity, at least under a certain period of time, of stopping the Riksbank from using the data other than to respond to a legal claim, for instance. You can also prevent the Riksbank from erasing the data, for example if you need the information to claim damages.
Right to erasure
You have the right in certain cases to erasure of your personal data. When your personal data is needed for the Riksbank to carry out its task of public interest or is part of an official document, however, the Riksbank is not able to erase the data.
Right to data portability
If the Riksbank processes your personal data to fulfil an agreement with your or it is based on your consent, you have the opportunity in certain cases to request personal data regarding you to use elsewhere, for instance, to transfer the data to another processor.
For more information on your rights, see the Swedish Authority for Privacy Protection's website.
Right to make a complaint to the Swedish Authority for Privacy Protection
As a data subject you have the right to make a complaint to the Swedish Authority for Privacy Protection if you consider that the Riksbank's processing of your personal data does not comply with the General Data Protection Regulation.
Read more about how you can make a complaint to the Swedish Authority for Privacy Protection.
Use of cookies
The Riksbank uses various types of cookies on its website, both necessary and non-necessary cookies. Necessary cookies have to be used for the Riksbank’s services and functions to work. Non-necessary cookies are used to analyse visitor statistics and improve the Riksbank's services, for instance. To use non-necessary cookies, the Riksbank needs to ask for your agreement.
You can adjust the settings in your browser that automatically refuse storage of cookies or that inform you every time a website wants to store a cookie. You can also go in and erase all of the cookies stored earlier. The settings you can use depend on which browser you use, see the help pages on the respective browser’s website for further information.
The Swedish Post and Telecom Authority is the supervisory authority for processing data with regard to use of cookies.
Social media
The Riksbank uses the following social media as communication channels to provide information on its operations: Bluesky, Facebook, Instagram, Linkedin and Youtube. If you choose to use these social media, you should be aware that your personal data is processed under the respective third party’s responsibility and in accordance with the appropriate integrity policy for the respective service.
About the information on this page
If the information in English is different from the Swedish version of this page, the Swedish version applies.
Thanks for your feedback!
Your comment could not be sent, please try again later
Questions? Visit our FAQ on kundo.se (opens i new window).