This policy relates to the processing of personal data that V.S. VisitSweden AB or its subsidiaries or representation offices in different countries (‘Visit Sweden’ or ‘we’ or independently “Visit Sweden-company”) obtains: in conjunction with the performance of our services; through you/your organisation in its capacity as, for example, our cooperating partner; through visiting our websites www.visitsweden.com , corporate.visitsweden.com or our social media channels (primarily Facebook, Instagram, WeChat and YouTube), via electronic mail, SMS, telephone; or that we may receive from our cooperating partners, or from a third party.
We care about your personal privacy. This policy regulates how we collect, use and protect data about you and how you can exercise your rights. Please contact us if you have any questions or comments regarding this Personal Data Policy.
With reference to law, we refer below to the General Data Protection Regulation (GDPR) and other applicable Swedish data protection legislation.
What data do we collect about you?
‘Personal data’ means data relating to you that can identify you.
You can usually use our websites without providing us with any data. There may be a request for data about you on some pages, for example, if you register to receive electronic newsletters, reports, webinars or the like. The personal data that we process about you will normally come from you or from someone within your organisation in conjunction with entering into a cooperation agreement or the like. You may also have provided data about yourself to a Visit Sweden-company, which has been transferred to one or more other Visit Sweden-companies or to our cooperating partners that is forwarded to us. Furthermore, we use data about you that we have obtained from other sources provided by a third party, e.g. marketing and sales activities companies.
The personal data about you that may be affected is:
Personal data and contact details (name, address, email address and telephone number, demographic information and – when clearly justified considering the purpose of the processing or the importance of secure identification – personal identity (ID) number)
Technical data about your unit or Internet connection (IP address, cookies, electronic images and similar track and trace technologies on websites and in email communication and also your geographic location and login details)
Information about your user behaviour (for example, your search patterns on the website, your response time for pages and how you use our services). Our websites and our email communication may include an electronic image (‘web signal’ or ‘pixel tag’)
User-generated information (content that you voluntarily register or publish, for example in conjunction with competitions and newsletter applications)
Purpose and legal basis
It is a precondition for our processing of your personal data to be lawful that there is a legal basis for doing so, i.e. that it is necessary to perform a contract with you or a legal obligation to which we are subject, or that the processing is done following a balance of interests or that you have given your consent to specific processing. The following are examples of the purposes for which we process your personal data and the legal basis on which this is done.
One of our primary purposes for collecting personal data is to be able to perform and administer our services, either directly by us ourselves or through one or more Visit Sweden-companies, our cooperating partners, such as to provide ourselves with information about the circumstances of a specific matter, protect the interests of you and your organisation, for reporting and invoicing purposes and also, as regards personal data from our cooperating partners, to administer or perform contractual obligations.
Legal basis: The performance of a contract or legal obligation, or if you are a representative, employee or otherwise represent an organisation that is on the verge of or has entered into a contract with us – legitimate interest. Visit Sweden’s legitimate interest in the above-mentioned processing of personal data is to be able to perform contractual or legal obligations.
Another main purpose is to be able to offer you a good service through adapted services and to deliver better services with more relevant content. We use the data we collect to provide you with information about services you request but also to be able to better understand our customers and cooperating partners. We conduct, among other things, customer surveys to achieve this. Customer and market analyses and also processing for statistical purposes are performed at an amalgamated level and are not intended to identify individual customers.
Legal basis: Legitimate interest. Visit Sweden’s legitimate interest in the above-mentioned processing of personal data is to be able to offer you/your organisation better services and also to provide you with relevant information about the services.
We may use data about you to provide newsletters and also news information and marketing related to our services, both general and customer-specific, inform you about campaigns, special offers and other information about our activities or services that we offer ourselves or through our cooperating partners and that we think may be of interest to you or your organisation. We may thus later use the data about you for direct marketing, unless you/your organisation have instructed us not to do this. However, if you are a private individual we will only use your data for electronic direct marketing if you have consented to us doing so.
You have an opportunity at any time to object to us using your personal data for marketing purposes by contacting us in the manner described in Clause 10 below, or directly in our electronic mailing.
Legal basis: Legitimate interest or consent. Visit Sweden’s legitimate interest in the above-mentioned processing of personal data is to be able to offer you/your organisation better services and also to provide you with personally adapted offers and other relevant information.
Information about cookies and how we collect data about you
We also obtain personal data in conjunction with the performance of our services or from you/your organisation in our capacity as cooperating partner or the like. You personally decide whether you want to provide most of the other personal data beyond this, for example, by registering for our newsletter, by sending email messages to us or through social media activities or if you/your organisation provide data to us in some other way. One Visit Sweden-company may also possibly obtain data about you from one or more other Visit Sweden-companies, our cooperating partners or another third party.
Who do we disclose your data to?
We process your personal data with great caution, and your data is only used by us, other Visit Sweden-companies, , our cooperating partners, and by selected third parties.
Third parties that we engage to help us to conduct our business (for example, for customer surveys and mailings) only have permission to use your personal data on our behalf and for the specific tasks they have to perform following our instructions, acting as a data processor for us. They are obliged to keep your personal data confidential and secure. If and as stated by statutory you are entitled to get a list of any processors that process your personal data on our behalf.
We may also forward your personal data to one or more other Visit Sweden-companies, our cooperating partners and other third parties, who in that case generally act as independent controllers, to be able to offer better services and for marketing purposes, to enable them to perform a service for us or you/your organisation, for example, regional tourism organisations, their industry, and other tourism industry actors, our operators, media agencies, postal or service companies for delivery of, for example, mailings or public authorities where such is required according to law.
We may also possibly disclose personal data for other special reasons, e.g. when we have reason to believe that the data is necessary to identify, contact or bring proceedings against someone who may have intruded into our website or in some other way infringed or encroached upon our rights or property, or the rights of other visitors, when we are acting in good faith and are convinced that legislation requires us to disclose personal data.
The transfer of personal data to countries outside the EU/EES requires the country in question to have a contract with the EU/EES, that the country is deemed to have sufficient data protection legislation, or that we have concluded an agreement with the third party in question about them being compelled to apply the clauses approved by the EU Commission relating to the protection of personal privacy. You will find a list of approved third countries and standard clauses on the website of the EU Commission or the website of the Swedish Data Protection Authority concerning the transfer of data to third countries.
You are entitled to request information about Visit Sweden’s processing of the personal data relating to you. You should clearly state in such a request what information you wish to receive (for example, what categories of specific personal data we process about you and for what purpose). The request must also be in writing and be personally signed. We will respond to your request as soon as possible and within one month. In the event that we cannot fulfil your request, we will notify you of this, stating the reasons why. We will send the information to your population register address.
Visit Sweden will, at your request or on its own volition, rectify personal data about you that is incorrect and, when necessary, supplement the same and/or restrict the processing of your data.
If you consider that the data about you is incorrect or incomplete, you are entitled to ask for it to be rectified in the manner prescribed by law. We will rectify or update the data about you as quickly as reasonably possible.
You are also entitled, in the manner prescribed by law, to have the data about you removed or request that we restrict the processing of your personal data and also to withdraw any consent. You are also entitled, in the manner prescribed by law, to have the personal data you provided to us transferred (ported).
Please note that it may be required that we retain necessary personal data in conjunction with erasure, withdrawal of consent or porting to be able to fulfil our obligations by law or contract. It may also be permitted for us according to law to retain certain personal data to satisfy our business needs.
You are entitled to object to such processing of your personal data that we do pursuant to a balance of interests. We must then, after you have specified the processing to which you are objecting, demonstrate that there are overriding interests. You are also entitled to object at any time to the processing of your personal data carried out for direct marketing.
How long do we save your personal data?
We will only save your personal data for as long as it is necessary for the purposes prescribed by this Personal Data Policy or for as long as is required by law or contract. Your personal data is thinned out or rendered anonymous when it is no longer relevant for the purposes for which it has been collected or is no longer required according to law or contract.
What do we do to protect your data?
All personal data that Visit Sweden handles is processed in accordance with the legislation concerning the processing of personal data applicable at any given time. The personal data is stored in operating environments that use security measures to prevent unauthorised access. Reasonable standards for the protection of personal data are complied with. The measures are taken with a view to preventing unpermitted or unlawful processing of the data about you and unintentional loss or destruction of, or damage to, this data.
If a personal data breach is detected, this will, in the manner prescribed by law, be notified to the Swedish Data Protection Authority and also to you when and in the manner prescribed by law.
Links to other websites
Please note that there may be links to other websites on Visit Sweden’s website and channels in social media. If you follow such a link, this may mean that you visit other websites that have other rules for the protection of privacy than the provisions of this Personal Data Policy.
Amendment of the Personal Data Policy
This Personal Data Policy may be updated by us. If there are significant amendments to this Personal Data Policy, we will notify you by putting a clear message on our website or in some other appropriate way. We invite you to read through this Personal Data Policy to keep yourself informed about how we process your personal data.
Please notify us as soon as possible if you consider that the processing of your personal data has been dealt with incorrectly. You also have the option to make a complaint to the Swedish Data Protection Authority about our personal data processing.
You may be entitled to damages if you consider that you have suffered a loss because our processing of your personal data has taken place in violation of the law. You can then request damages from us or institute proceedings at a court.
V.S VisitSweden AB, corporate identity (ID) number 556500-7621, or the Visit Sweden-company in the country in which the collection of your personal data takes place, is the controller for the processing of your personal data as shown above, unless otherwise expressly stated in conjunction with the collection of your data. Please contact the controlling Visit Sweden-company directly, or us in accordance with the following if you have any questions about the policy or our processing of personal data.
Email: [email protected]
Postal address: Visit Sweden, Box 3030, SE-103 61 Stockholm
Telephone: +46 (0)8-789 10 00