GDPR
GDPR stands for General Data Protection Regulation and is a new data protection regulation from the EU that will become law in all EU member states from May 25, 2018. GDPR is intended to strengthen the rights of individuals over how companies, authorities, and organizations may collect and use their personal data.
Within each EU member state, there is a supervisory authority that will control this. In Sweden, this authority is called the Swedish Authority for Privacy Protection, formerly the Data Protection Authority. More information and help that you can use to find out what you need to do are available on their website. Swedish Authority for Privacy Protection
Processing of personal data
GDPR is primarily about the protection of personal data, and in Article 4 of the Data Protection Regulation there are the following important definitions for “personal data” and “processing”:
personal data: varje upplysning som avser en identifierad eller identifierbar fysisk person (nedan kallad en registrerad), varvid en identifierbarfysisk person är en person som direkt eller indirekt kan identifieras särskilt med hänvisning till en identifierare som ett namn, ett identifikationsnummer, en lokaliseringsuppgift eller onlineidentifikatorer eller en eller flera faktorer som är specifika för den fysiska personens fysiska, fysiologiska, genetiska, psykiska, ekonomiska, kulturella eller sociala identitet,
any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Data controller and data processor
The data controller is a natural or legal person, public authority, institution, or another body that alone or jointly with others determines the purposes and means of the processing of personal data. A data processor is a natural or legal person, public authority, institution, or another body that processes personal data on behalf of the data controller.
Controller and processor for data in Organizer
You, as the customer, are the data controller for all processing of personal data in Organizer. Organizer i Sverige AB is the data processor and takes technical and organizational security measures to ensure that you feel confident that your collected personal data will be processed securely and in accordance with the law. Organizer i Sverige AB’s technical and organizational measures are described under Security.
Organizer i Sverige AB as data controller
We are the data controller for all processing of personal data about you as a customer or user when you order Organizer or contact us. We have described what we do with your personal data in our Privacy Policy.
Legal bases
At the Swedish Authority for Privacy Protection you can read about the legal bases that apply to personal data processing: To be allowed to process personal data, there must always be a basis in the Data Protection Regulation, a so-called legal basis. One such legal basis is consent from the data subject. Other legal bases are if the personal data processing is necessary to fulfill an agreement with the data subject, fulfill a legal obligation, protect the data subject’s fundamental interests, perform a task of public interest, for the exercise of authority, and after a balancing of interests.
Legal basis for data in Organizer i Sverige AB’s services
You as the data controller must find out and document the legal bases that exist for the processing of personal data in Organizer i Sverige AB’s services. This can vary from case to case depending on the business, which laws you need to follow, and whether you collect data that is required or that may be useful to have.