Personal data processing

SIS GENERAL PRIVACY STATEMENT

SIS protects your personal data

Protecting your personal data and your privacy is important to the Swedish Institute for Standards (‘SIS’). In this general privacy statement and the category-specific information texts (e.g. regarding customers, subscribers to specific harmonized European standards, members and job applicants) below, SIS wishes to clearly and unambiguously communicate how SIS collects, stores, uses and otherwise processes your personal data.

If SIS changes how it processes personal data, or processes personal data for new purposes, this statement and the category-specific information texts may be updated. In such cases, SIS will provide information in this regard.

The purpose of this information text and the category-specific information texts below is for you to understand what SIS does with, and how SIS processes, your personal data, what obligations SIS has and what rights you have under the EU General Data Protection Regulation (‘GDPR’).

Personal data

Personal data is all data and information that can identify you as a person. The crucial point is that the data, either alone or in conjunction with other data, can be linked to you as a person. Examples of personal data are your name, address, other contact details (e.g. IP or email address), date of birth, personal ID number, ID card number, bank account information, product or service orders and photographs of you.

Data controller

The Swedish Institute for Standards (corporate ID number 802410–0151) is the data controller and is therefore also responsible for how your personal data is processed. SIS has appointed a person as data controller (‘SIS Data Controller’) who monitors and checks that SIS is managing your personal data in a correct and legal manner. You can get in touch with the SIS Data Controller via email to sisgdpr@sis.se, or by sending a letter to:

SIS Personuppgiftsansvarige
Svenska Institutet för Standarder
Solnavägen 1E/Torsplan
Box 45443
104 31 Stockholm
SWEDEN

Under some circumstances, the responsibility for data protection and your privacy is shared with a third party, for example banks, postal services and providers of electronic communication and social media. In these cases, SIS and the third party are joint data controllers. More information about this can be found in the information texts below for each category of data subject (e.g. if you are a customer, subscriber to specific harmonized European standards, member or website visitor).

Sources and recipients of your personal data

The personal data processed by SIS is primarily such data that you have provided to SIS, but SIS may also obtain data from other companies and organizations, for example the Swedish Tax Agency or partners.

Your personal data is only available and accessible to those at SIS who need the data to fulfil the intended purposes of the processing. To the required extent, your data may be shared with providers (e.g. providers of IT systems) that carry out tasks for SIS, as well as in certain cases with other SIS’ partners. Sometimes, SIS is also obliged to submit certain data to public authorities, e.g. the Swedish Tax Agency.

SIS may also in certain cases submit personal data to a third party if SIS deems it necessary to be able to: i) investigate possible legal breaches, ii) identify, contact or take legal action against someone who is possibly in breach of a contract with SIS, iii) investigate security breaches or cooperate with public authorities on a legal matter, or iv) safeguard SIS’ rights, security or property.

Purpose and legal basis

Your personal data is collected and mainly used to enter into or fulfil contracts with you (e.g. when you purchase SIS products or services), meet legal obligations (e.g. under accounting rules or provision of specific harmonized European standards), fulfil marketing purposes regarding certain categories below or safeguard other legitimate interests of SIS. In certain special cases, SIS may request that you give your consent to certain processing of your personal data. This consent can, however, be withdrawn at any time.

SIS may not collect, store, use or otherwise process your personal data without a valid legal basis, e.g. consent, fulfilment of a contract or legitimate interest. For each specific purpose, SIS informs you below of which legal basis is applicable and which rights you can exercise.

Storage period

The main principle is that SIS does not retain your personal data for longer than is necessary to fulfil the purpose of the processing. SIS therefore deletes personal data as soon as SIS no longer requires it.

The purposes for which SIS processes your personal data, the legal basis for the processing and how long SIS retains personal data is described in more detail in the information texts below for each category of data subject.

Processing outside the EU/EEA

The personal data SIS collects is generally stored and used within the EU/EEA but can also, when required, be transferred (e.g. to our IT system provider) and processed in a country outside the EU/EEA. All such transfer and processing of your personal data takes place in accordance with applicable legislation. In applicable cases the EU Commission’s standard contractual clauses are used or, regarding transfer of personal data to the USA specifically, the EU-US Data Privacy Framework, to ensure equivalent protection to that guaranteed in the EU/EEA.

Your rights

You have certain statutory rights regarding SIS’ management of your personal data. This includes the right to information, the right to erasure, the right to rectification and restriction and the right to object to, for example, direct marketing. You also have the right to complain to the Swedish Authority for Privacy Protection if you consider that SIS’ processing of your personal data does not meet requirements under applicable data protection legislation. You can read more about your rights in the more comprehensive information texts below.

Complaints

If you wish to complain about how SIS processes and protects your personal data, you have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY) or another competent supervisory authority at any time

Updates

SIS may update this text and the information texts below. The latest versions are always available on SIS’ website (www.sis.se).

Date for this version of the General Privacy Statement: 2024-10-08

In case of discrepancies between the English and Swedish language versions of SIS Personal Data Protection Information, the Swedish version shall take precedence.

Customer
Providers and partners
Members
Participants in standardisation work
Seeking employment
Subscriber to specific harmonized european standards
References for job applicants
Visitors to the website sis.se
Social media
Visitors to SIS or participants in events or training courses