The General Data Protection Regulation (GDPR)

The Swedish Construction Federation values and respects your privacy. We therefore aim to maintain the highest standard of data protection. This policy sets out how we collect and use personal data. We also explain your rights and how you can exercise them.

If you want to know more about how we process your personal data, please do not hesitate to contact us. Our contact details are set out at the end of this text.

What is personal data, and what is the processing of personal data?

Personal data means any information that directly or indirectly relates to an identifiable natural person. This includes a person’s name and social security number, as well as images and e-mail addresses.

The processing of personal data means any operation performed upon personal data in IT systems, both mobile devices and computers. This includes collection, recording, structuring, storage, adaptation or alteration, and transmission. In some cases, this may also include non-automatic operations, such as the recording of personal data.

Data controller

For the personal data processed by the Swedish Construction Federation, the controller is either Förbundet Sveriges Byggindustrier (Corp. Reg. No. 802000-4860) or Sveriges Byggindustrier Service AB (Corp. Reg. No. 556061-2524) SE-102 42 Stockholm, Sweden. For some processing operations, such as the member database, we use systems shared with the Confederation of Swedish Enterprise. The responsibility between us and the Confederation of Swedish Enterprise is then governed by agreement.

What personal data do we collect about you and why?

General information

The information we process is mainly your name, e-mail address, phone number and job title. Other information may also be processed, such as if you are a Member of Parliament or a local politician, but only information that you have manifestly chosen to make public. For some services, you can also specify your areas of interest, but this is not required information. If you create a user account with us, we will also process your login details.

We process your personal data in order to provide the services and products that you have requested (such as a newsletter subscription or participation in a training course). We will also process your personal data to manage and administer our relationship with you and, if applicable, to administer our agreement with you or your employer. We may also inform you about our training courses, events and other activities that we consider match your own, and our, interests.

We may also use your personal data to inform you about the products and services that we offer, and that may be of interest to you. If you are a professional user, we may also inform you about products and services offered by our partners.

If you are a professional user, the data provided by you in the manner described above (such as information in connection with the ordering of services or products, or participation in seminars or activities arranged by us) may also be analysed and processed (also for profiling). The purpose is to provide you with more personalised and relevant information.

The Swedish Construction Federation always processes your personal data in accordance with applicable law. We process your personal data when processing is necessary to fulfil an agreement with you, or to respond to your request for a service or when we have another legitimate or justified interest in processing your personal data, such as an interest in marketing our services.

Should the Swedish Construction Federation decide to process your personal data for a purpose that requires your consent, we will request your consent in advance. The provision of some personal data may be mandatory, for example, in order for us to provide a service, or to perform another request from you. This will then be specified or made clear when the data is collected.

For employees of member companies

We may process the personal data of member company’s employees in a different manner to the purposes set out above. This mainly relates to their employer’s membership in the Swedish Construction Federation and applies to various contact persons. Information about contact persons may be required to administrate their company’s membership and other related matters. This may include contact persons for negotiations, for example, or information about membership in various working groups.

How do we obtain personal data?

Your personal data is collected from the information you provide when subscribing to our newsletter, registering for our seminars and events, ordering our services and/or products, or when contacting us. Also when your company applies for and/or is included in a promotional campaign, data about people with senior positions in the company may also be collected. Sometimes we obtain data from third parties.

Who do we share your personal data with?

Data processors

In some situations, it may be necessary for us to engage other organisations for assistance. This could mean, for example, using various IT providers. These providers are deemed our data processors.

The Swedish Construction Federation is responsible for having a written contract in place with all data processors, and for providing instructions for how these organisations are to process the personal data. We obviously ensure that all data processors can provide sufficient guarantees that the personal data is processed securely and confidentially.

Data processors are only engaged for purposes consistent with our own processing purposes.

Other data controllers

We also disclose your personal data to other data controllers. These include regulators, such as the Swedish Tax Agency, and the Confederation of Swedish Enterprise. Some data is also shared for statistical purposes.

When your personal data is disclosed to another data controller, that organisation’s privacy policy and processing of personal data apply.

We may also disclose personal data to the Confederation of Swedish Enterprise and its member organisations to facilitate cooperation between the organisations. We may also engage providers and partners to perform services on behalf of the Swedish Construction Federation, such as IT services or assistance with marketing, analyses or statistics. The provision of these services may mean that these recipients gain access to your personal data.

The Swedish Construction Federation may also disclose personal data to third parties, such as the police or another authority, in the event of a crime investigation or when we are otherwise required to do so for legal or regulatory purposes.

Where do we process your personal data?

While our aim is that your personal data will be processed within the EU/EEA, this is not always possible.

For some types of IT support, the data may be transferred to a country outside the EU/EEA. This applies, for example, if we share your personal data with a data processor that either personally, or via a sub-contractor, is established or stores data in a non-EU or non-EEA country. As a data controller, we are responsible for taking all reasonable legal, technical and organisational measures to ensure that these processing operations are performed in accordance with EU/EEA regulations.

When personal data is processed outside the EU/EEA, the level of protection must be guaranteed through either a European Commission decision (Adequacy Decision) declaring that the country in question ensures an adequate level of protection, or by the provision of appropriate safeguards. These include the EU-US Privacy Shield framework, the application of binding corporate rules and various contractual solutions. If you would like more information about these safeguards, please contact us. The European Commission has issued a set of contractual clauses for data transfers from controllers in the EU to processors established outside the EU or EEA, and these are also available on the European Commission’s website.

How long do we save your personal data?

We will never save your personal data for longer than is necessary for each purpose. We have erasure procedures in place to ensure that personal data is not saved for longer than is necessary for the specific purpose. The length of this period varies depending on the purpose of the processing. Under the law, some accounting data must be archived for at least seven years, while data about special dietary requirements is erased within a few weeks after the event has ended.

What are your rights as a data subject?

Current legislation provides data subjects with certain rights. To find out how you can exercise your rights, refer to the “Exercising your rights” section further down. The rights of data subjects are as follows:

Right of access

If you want to know what personal data we hold, you can request a copy of the data. If you make such a request, we may ask certain questions to ensure that your request is handled efficiently. We will also take measures to ensure that the data has been requested by, and that a copy is presented to, the correct person.

Right to rectification

If you discover that your personal data is inaccurate, you have a right to request that your data be rectified. You may also complete any incomplete information.

In some cases, you can rectify or complete the information yourself, which we will inform you about.

Right to erasure

You have a right to request erasure of your personal data if:

  • The data is no longer necessary for the initial purpose of the data processing.
  • You object to our legitimate interest as a basis for processing, and the reason for your objection overrides our legitimate interest.
  • The personal data is being processed unlawfully.
  • Personal data has been collected from a child (under 13 years) for whom you are responsible.
  • The data has been obtained with your consent and you want to recall your consent.

However, we may have the right to deny your request if there are legal obligations that prevent us from immediately deleting certain personal data. The processing may also be necessary in order for us to establish, exercise or defend legal claims.

If we are prevented from erasing your personal data, we will make the data unavailable for purposes other than the purpose that prevents it from being deleted.

Right to restrict processing

You have the right to request that the processing of your personal data be restricted. If you contest the accuracy of your personal data, you may request that processing be restricted during the period we require to verify the accuracy of the data.

If, and when, we no longer require your personal data for the initial processing purposes, our normal procedure is to erase the data. However, if you need to keep the data in order to establish, exercise or defend a legal claim, you may request that our processing of your personal data be restricted. This means that you have a right to request that we do not temporarily remove or erase your data.

If you object to our legitimate grounds for processing your data, you have the right to request restricted processing while we consider whether our legitimate interest overrides your interest in erasure of the data.

If the processing has been restricted due to any of the circumstances described above, we may only, in addition to actual storage, process the data in order to establish, exercise or defend a legal claim, to protect the rights of another individual or when you have given your consent.

Right to object

You always have the right to object to all processing of personal data on the basis of a legitimate interest. You also have the right to stop the processing of your personal data for direct marketing purposes.

Right to data portability

As a data subject, you have the right to data portability if our right to process your personal data is based on either your consent or our fulfilment of an agreement with you. One condition for data portability is that the transfer of personal data is technically possible and can be automated.

Exercising your rights

A request to access personal data, or to exercise any of your other rights, must be in writing and signed by the actual data subject. We will respond to your requests without undue delay within 30 days.

Download the form, answer the questions and sign it. Scan/take a photo of the form, and send it by e-mail to The e-mail should preferably be sent from the e-mail address you have registered with the Swedish Construction Federation. Your e-mail must also include a certified copy of a valid ID document.

How do we use social security numbers?

We avoid processing social security numbers wherever possible. In some cases, however, it is justified with regard to the need for secure identification. In regard to the processing of a social security number that is also a self-employed trader’s corporate registration number, this processing is required for as long as the company is a member when the corporate registration number is also the trader’s social security number.

How is your personal data protected?

We work actively to ensure that personal data is processed securely by implementing both technical and organisational safeguards.

The Swedish Data Protection Authority (which will shortly become the Privacy Protection Agency) is the authority responsible for ensuring compliance with data protection legislation. If you are unhappy with how we have responded to your request, contact one of our employees responsible for Data Protection or the Swedish Data Protection Authority (

If you want to know more about how we process personal data, please contact us.

If you have any questions about how we process personal data or a request regarding your rights as set out above, please contact us at

We may revise our privacy policy. The most recent version of our privacy policy will always be available here on our website.

(22 May 2018)

Request form in accordance with The General Data Protection Regulation (GDPR)

skriv ut