Your personal privacy is important to us. We want you to feel confident that we handle your personal information responsibly, regardless of the purpose for which you are in contact with us. In this privacy policy, you will find comprehensive information on how we handle personal data in accordance with applicable legislation, specifically referring to the GDPR, General Data Protection Regulation.

What information do we collect?

The information collected is processed by the Stockholm Chamber of Commerce, registration number 262000–0261, and/or Stockholm Chamber of Commerce Service Aktiebolag, registration number 556095–7952, located at Regeringsgatan 29, 111 53 Stockholm, Sweden.

You may directly or indirectly provide us with information about yourself in various ways. For example, certain personally identifiable information is collected through our websites, contact forms, or seminar registrations. The type of information we choose to collect about you depends on how and why our contact has occurred. If you visit us online and choose to become a member, subscribe to newsletters, purchase any of our services, or register for a seminar, the information we typically retain is limited to your name, company, email, and phone number. We do this to manage your request for registration and to enhance our service. We do not require you to register or provide personal information to access the information and material on our website. If you register for membership, newsletters, services, and seminars, you will receive information about activities, reports, and events.

The Chamber of Commerce retains this information in accordance with the General Data Protection Regulation, GDPR (1).

How and for what purpose do we collect and process your personal data?

Subscriptions:

When you choose to subscribe to any of our newsletters, you need to provide your email address, which Stockholm Chamber of Commerce requires to manage your subscription. We continue to store your email address until you choose to unsubscribe from the newsletters.

Membership Organization:

To have the opportunity to influence and simultaneously benefit from reports, events, and other services offered by Stockholm Chamber of Commerce, we encourage companies to become members. For each member company, we need at least one contact person. When you apply for membership with us, we need personal data such as name, company, email, and phone number. We collect this information to inform you about invitations, newsletters, and current events at Stockholm Chamber of Commerce. We retain your information as long as it is necessary to fulfill the purposes for which the data was originally collected or as required by accounting laws.

International Trade:

When you use any of the International Trade services, such as certificates of origin or ATA carnets, but not limited to, we need to store your name, phone number, and email address to perform our services and comply with applicable legislation. We will retain your data as long as it is necessary to fulfill the purposes for which the data was originally collected. We adhere to the Union Customs Code (UCC) (EU 952/2013), the Act (1990:515) on the Authorization of Chambers of Commerce, Chamber of Commerce Regulation (1990:733), and the Accounting Act.

Depository Service:

When you enter into an agreement for depository services with the Stockholm Chamber of Commerce, we request personal information such as name, phone number, and email address. These details are necessary to perform the desired service. We retain your information as long as necessary to fulfill the purposes for which the data was originally collected or as long as required by accounting laws.

SCC Arbitration Institute:

The SCC Arbitration Institute processes personal data to fulfill its mission within the framework of the services it provides.

If you come into contact with the SCC Arbitration Institute through an arbitration proceeding, we may process personal data such as your name, postal address, email address, phone number, nationality, job title, language skills, and your connection to companies or organizations. If you are appointed as an arbitrator, we also process information about fees and, if applicable, taxes and social contributions. If you have expressed interest in being appointed as an arbitrator, we may process information such as your curriculum vitae, birth year, and specialist expertise. If you subscribe to SCC’s newsletter to receive business-related information and marketing communication from us, we process your personal information such as name and email address.

Automatically Collected Data:

We use cookies and similar tracking technologies to enhance your experience of our services. Through these means, we may obtain information about your browser type and operating system, viewed web pages, links clicked, IP address, websites visited before coming to our site, and emails from us that you open, forward, or use to navigate to our website.

You can configure your browser settings as desired, such as stopping the acceptance of new cookies, receiving a notification when you receive a new cookie, disabling existing cookies, and hiding images displayed on the website.

Photo, Video, and Audio Recordings:

When you participate in our events, lunches, seminars, training sessions, information meetings, or similar, we may record or photograph the event and individuals involved. This means that you, as a participant, may appear in audio and video recordings or photographs. The Chamber of Commerce processes this information in various ways and it may also be published internally or externally.

How do we handle personal data and social security numbers?

Legal Basis:

We primarily base the processing of your personal data on a legitimate interest.

We may share your personal data with the following entities:

We share personally identifiable information with companies within the Stockholm Chamber of Commerce Group. We may also share information with service providers we have engaged to perform services on our behalf, such as assisting in campaigns or sending out communications. These service providers may have access to personally identifiable information about our visitors and stakeholders if needed to perform tasks on our behalf, but they are not permitted to use or disclose the information unless necessary to perform services on our behalf or comply with legal requirements.

As mentioned earlier, in certain cases, we may share your personal data with selected third parties. If this occurs, we ensure that the transfer is done in a secure manner that preserves your privacy. Below are categories of recipients with whom we may share your data.

• Other companies within the Chamber of Commerce Group: To manage membership fees, personal data may be transferred from Stockholm Chamber of Commerce Service AB to the association Stockholm Chamber of Commerce within the group.
   
• Collaboration partners: Used, for example, when the Stockholm Chamber of Commerce releases reports and press releases. The Chamber of Commerce, being a venue for many seminars, networking events, and activities, uses your data to invite and inform about its events. Newsletters and event invitations may also be sent.
   
• System providers: For business systems and case management. To execute our tasks and services, we store your data, for example, in our business system (a system that manages our customers and contacts).
   
• Print and distribution suppliers: We may also share data about you with suppliers providing print and distribution services.
   
• Parties, agents, and arbitrators: Within the framework of an arbitration proceeding.

When do we collect social security numbers?

Sometimes, we may need your social security number as it is the only way to ensure your identity, for example, during contract signing or if you are a member with a sole proprietorship. We will only process your social security number when it is clearly justified for the purpose and to ensure your identity, such as during contract signing or if you are a party in an arbitration proceeding.

Storage and Storage Duration:

Personal data is stored by the Stockholm Chamber of Commerce for the time necessary for the specified purposes. This may be as long as required to fulfill our agreements or other commitments. It may also be as long as required by law or regulatory decisions. The Stockholm Chamber of Commerce regularly purges registered personal data. Reasonable measures are taken to keep the processed personal data current and to delete outdated and otherwise incorrect or unnecessary personal data. We at the Stockholm Chamber of Commerce have ongoing procedures to ensure that we do not store unnecessary information about you, and we minimize the storage time as much as possible.

Where do we process your personal data?

As a general rule, the Stockholm Chamber of Commerce and our suppliers and collaborators process your personal data within the EU/EEA. In cases where personal data is processed outside the EU/EEA, we ensure that our suppliers and collaborators adhere to the same level of security and protection as applied within the EU/EEA.

What are your rights?

Right to Information:

You have the right to receive information about the data we have about you, how we process it, the purpose, and the duration of processing.

Right to Access:

Upon request, we provide you with a copy of the personal data being processed (a register extract). For any additional copies requested by the data subject, the data controller may charge a reasonable fee based on administrative costs. If the request is made in electronic form, the information will be provided in an electronic format that is commonly used unless the data subject requests otherwise.

Right to Rectification:

We are responsible for ensuring the accuracy of the personal data we process. However, you, as the data subject, also have the right to supplement missing and relevant information and to have incorrect data corrected. When your personal data is corrected, we will notify those to whom we have disclosed the data, except when it proves impossible or involves a disproportionate effort. Upon your request, we will also inform you about to whom the correction has been disclosed.

Right to Erasure:

Your data will be stored for as long as we have a relevant purpose for them.

You have the right to have your data erased without undue delay under the following conditions:

• If the data is no longer needed for the purposes for which it was processed.
   
• If the processing is based solely on your consent, and you withdraw that consent.
   
• If you object to processing based on a legitimate interest, and there are no overriding legitimate grounds for the processing.
   
• If the personal data has been processed unlawfully.
   
• If erasure is required to fulfill a legal obligation.

If the data is deleted at your request, we will notify those to whom we have disclosed the data about the deletion. However, this does not apply if it proves impossible or involves a disproportionate effort. Upon your request, we will also inform you about to whom the information has been disclosed.

Right to Restriction of Processing:

You have the right to request a temporary restriction of the processing of your personal data. Processing may be restricted in the following situations:

• When you believe your personal data is incorrect, and you have requested correction. In this case, you can request that the processing of your personal data be restricted for a period that allows us to verify whether the personal data is accurate.
   
• When the processing is unlawful, and you object to the deletion of personal data, instead requesting a restriction of their use.
   
• When we no longer need the data for the purposes of processing, but you need them to establish, exercise, or defend legal claims.
   
• When you have objected to processing under Article 21.1 (balancing of interests), pending verification of whether our legitimate grounds override your legitimate grounds.

If processing is restricted, except for storage, such personal data will only be processed with your consent, or to establish, exercise, or defend legal claims, or to protect the rights of another natural or legal person, or for reasons of important public interest of the Union or a Member State. If the processing has been restricted, you will be informed by us before the restriction is lifted.

Right to Data Portability:

You have the right to receive your personal data that you provide to us in a structured, commonly used, and machine-readable format. Additionally, you have the right to transmit this data to another data controller without hindrance from us, if the processing is based on consent or a contract, and the processing is automated.

Right to Object:

You have the right to object to the processing of your personal data in certain cases. The right to object applies when personal data is processed to perform a task of public interest, as part of official authority, or based on a legitimate interest. If we believe that such processing should still take place, we must demonstrate that there are interests that outweigh yours.

Complaints:

If you believe that your personal data is being processed in violation of applicable regulations, you should report it to us as soon as possible. You can also file a complaint with the Swedish Data Protection Authority (Integritetsskyddsmyndigheten – IMY).

Damages:

If you have suffered harm due to the processing of your personal data in violation of the General Data Protection Regulation (GDPR), you may be entitled to damages from us or the data controllers involved in the processing.

You can request damages from us or file a damages claim in court. Such a request should be made in writing to us.