The personal data policy
The Bankers’ Association is the data controller according to this personal data policy and is responsible for ensuring that processing is done in accordance with the applicable legislation. All processing of personal data within the Bankers’ Association is done in accordance with the General Data Protection Regulation (GDPR) and associated legislation.
This personal data policy describes what personal data we collect, the purpose of the processing of personal data, the lawful grounds for processing of personal data, and what rights you have as regard processing of personal data under the GDPR and how to contact us.
The types of data we collect and the purpose of the processing
The Bankers’ Association safeguards your personal privacy and does not collect more data than is necessary to realise the purpose of collecting the data. The Bankers’ Association among other things collects and processes personal data relating to employees of our member companies, employees of authorities, journalists, politicians, employees of other professional associations and others that register for our newsletters or participate in our activities. We also process personal data concerning contact persons at our suppliers and collaborating partners.
The purpose of the Bankers´ Association processing of personal data is to perform tasks with the aim of realising the purposes laid down in the association’s and its subsidiaries´ articles.
When the Bankers’ Association collects personal data as described above, the person in question is informed of where he/she can find the association’s personal data policy.
The personal data the Bankers’ Association collects include name, e-mail address, phone number, employer’s name and in certain cases professional title. We have received your data from you directly, from your employer or, in certain cases, from publicly available sources.
Lawful ground for processing of personal data
When the Bankers’ Association processes personal data, we rely on one of the four lawful grounds stated below. If the Bankers’ Association intends to process the personal data further for another purpose than for which the data was originally collected, you will be informed of this beforehand.
1. Legitimate interest
According to the activities and operations carried on by the Bankers’ Association, we have an interest in processing your personal data and our point of departure is that the processing is necessary for our legitimate interest and that your interest of protection for your personal data is overridden by our legitimate interest.
2. Performance of a contract
The processing is necessary for the performance of a contract to which you or your employer are a party or to take measures at your or your employer´s request before such a contract is concluded.
You have given your consent to your personal data being processed for one or more specific purposes. You can withdraw your consent at any time.
4. Legal obligation
The processing of personal data is necessary for compliance with a legal obligation to which the Bankers’ Association is subject, for example the Accounting Act.
Storage and erasure of personal data
Personal data is not stored for longer than is deemed necessary for the purpose of the processing of the personal data.
- When the ground for the processing is legitimate interest, the data is erased continuously from the Bankers’ Association’s systems, for example when a registered contact person of a member company terminates his/her employment.
- When the ground for processing is performance of a contract, the data is erased when there is no longer any reason for the processing of the personal data.
- When personal data has been collected with consent as the ground, the data will be erased immediately when you revoke your consent.
- When the personal data has been collected with legal obligation as the ground, the data is stored for as long as is required according to applicable legislation, for example up to 7 years according to the provisions of the Accounting Act.
Processing of personal data by other than the Bankers’ Association
Processing of personal data can within the framework of the current regulations be done by companies that the Bankers’ Association collaborates with, to carry out its services, for example IT maintenance and support or in conjunction with organising events that the Bankers’ Association arranges itself or together with other organisations.
Security for the protection of personal data
The Bankers’ Association has established internal guidelines to protect your personal data. Appropriate security measures are applied to ensure that personal data is protected against destruction, unauthorised disclosure, unauthorised access, loss or alteration.
Under the GDPR you have a range of rights as regards the processing of your personal data as described below. To exercise your rights, you are welcome to contact us using the contact information given at the end of this policy.
Right of access to personal data
You have the right to receive confirmation of whether personal data concerning you are processed by the Bankers’ Association and, if so, be given access to the personal data and, for example, obtain information about:
- the purposes of the processing,
- the categories of personal data that the processing concerns,
- the recipients to whom the personal data have been or will be provided or disclosed, and
- if possible, the predicted period during which the personal data will be stored or, should this not be possible, the criteria used to establish this period.
If the Bankers´ Association processes personal data about you, you are entitled to receive, free of charge, information about the processing, a so-called register extract. If your request is obviously unfounded or unreasonable, we may charge a reasonable fee for such request in accordance with the provisions of the GDPR. In order to meet our security requirements, we also reserve the right to verify that it is the right person who is requesting personal data about him- or herself.
Right to rectification of inaccurate personal data
You have the right, without undue delay, to have inaccurate personal data about you rectified and to have incomplete personal data completed.
Right to erasure (“right to be forgotten”)
In certain cases, you have the right to have your personal data erased, for example if:
- the personal data is no longer necessary for the purposes for which it was collected or otherwise processed,
- the processing of your personal data is based on consent and you have subsequently revoked your consent, provided that no other lawful grounds exist for the processing of the personal data,
- you object processing based on a legitimate interest and there are no legitimate reasons for the processing that override your interest of protection for your personal data, or
- if the personal data has been unlawfully processed.
The right to erasure does not apply if the personal data is required for the Bankers’ Association to fulfil a legal obligation.
Right to restriction
In certain cases, you have the right to request that the processing of your personal data be restricted, i.e. that it may only be processed with your consent. This may be, for example, if you do not consider that the personal data is correct and want the use of the personal data to be restricted while the Bankers’ Association verifies whether the personal data is correct.
Right to data portability
In certain cases, you have the right to transfer your personal data that you have provided to the Bankers’ Association to another data controller, if this is technically possible. This might for example be the case if the processing of the personal data is based on consent.
Right to object
You have the right to object to processing of your personal data that is based on a legitimate interest. The Bankers’ Association may no longer process the personal data unless we can prove that compelling legitimate grounds exist for such processing which override your interests and rights.
Right to lodge a complaint with a supervisory authority
If you consider that we are not respecting your rights, you also have the right to lodge a complaint with the Swedish Data Protection Authority.
If you have questions about the processing of personal data or wish to exercise your rights according to the above, please contact us at:
The Swedish Bankers’ Association
S-103 944 Stockholm