GDPR - General Data Protection Regulation

Information about how Sollefteå municipality handles your personal data. We want you to feel safe when you submit your information to us. Therefore, it is important for us to inform you about how we handle your personal data. Here you can read more about what applies.

We handle personal data in various contexts. It is information that we need in order for you to receive the support and service to which you are entitled and for us to be able to carry out the tasks assigned to the municipality.

From 25 May 2018, a new data protection legislation (GDPR, General Data Protection Regulation) applies in Sweden and the rest of the EU. The legislation replaces the Personal Data Act and is there to protect your personal privacy.

What constitutes as personal data and what is meant by processing?

Personal data is any kind of information that can be attributed to a physical person who is alive.
It can be, for example, your name, address, social security number. Or pictures where you participate.

The processing of personal data means everything that we do when we handle information about you digitally. For example, when we write decisions, handle matters concerning individuals, in e-mail, when we create and store documents with personal data.

Why do we process your personal data?

We handle personal data in many different contexts. It is information that we need to be able to provide the support and service we are responsible for.

It may be about personal data for anyone who is a student, property owner, contractor, operator, needs care or other support, or has contact for other reasons with the municipality's operations. It could be, for example, to:

- Provide preschool and school for children and young people, and offer school health care.

- Carry out our mission in environmental and construction, e.g. managing building permits and land planning.

- Take care of our streets and provide parking.

- Take care of waste and provide water and sewage.

- Exercise supervision in the areas of alcohol and tobacco, environment and food.

- Carry out our mission for those who need support in the form of a good man or trustee.

- Provide interventions in social services, health and medical care, travel services and housing adaptation.

- Local labor market measures and integration in the labor market.

- Collaborate with external actors in business and tourism.

- Carry out elections.

- Make decisions in matters where personal data may, for example, appear in documents for decisions, summonses and minutes.

- Take care of initiatives, opinions, questions and error reports from individuals.

- Administer information about customers and suppliers, for example to provide municipal services and manage invoices, payments and disbursements.

- Administer procurements and agreements with various suppliers.

- Manage claims, insurance matters and legal disputes. Inform and market the municipality's activities in various contexts.

- Recruit new employees.

What right do we have to handle your personal data?

We handle your data in accordance with the data protection legislation and the legal grounds specified therein.

There are the following legal grounds for personal data processing:

- Consent

- Agreement

- Legal obligation

- Protection of fundamental interests

- Task of public interest and exercise of authority

- After a balancing of interests

Many personal data processing within the municipality is based on us performing a task of public interest or exercise of authority. It also happens that we handle personal data to fulfill our obligations according to an agreement with you. When we use images that identify people, we obtain consent. You can read more about consent below.

What personal data do we handle?

We handle the personal data that we need for the purpose of each task. For example, name, contact details and social security number where necessary

How does the municipality process sensitive personal data?

Some personal data are so-called sensitive personal data:

- Race or ethnic origin

- Political opinions

- Religious or philosophical beliefs

- Membership in a trade union

- Health Sex life or sexual orientation

- Genetic data and biometric data that uniquely identify a person

The main rule is that sensitive personal data should not be processed, but there are several exceptions. Sensitive personal data may, for example, be processed if the data subject has specifically agreed to it, if processing is necessary to fulfill something that follows from labor law or if there is special support in law. For example, sensitive personal data is processed with the support of law within the municipal health care and social services.

Protected identity

If you have a protected identity (either protected population registration, privacy marking or mock personal data) you should not use Sollefteå municipality's e-services, Facebook or send us e-mail. The safest thing for you is to call us.

How long do we store your personal data?

Our handling of information is covered by the principle of public disclosure and the Swedish regulations regarding public action. This means that your personal data will be handled as long as necessary and in some cases for the foreseeable future according to provisions in the Freedom of the Press Ordinance, the Publicity and Confidentiality Act and the Archives Act.

What if our processing is based on consent?

Only if you have consented to us handling your personal data do you have the right to change your mind and withdraw your consent. You do this by contacting the municipality's Citizens' Office or the Data Protection Officer. In that case, we may no longer process your data. If you withdraw your consent, it does not affect the legality of the publication before consent was withdrawn.

From which sources do we obtain your personal data?

In addition to the information you provide to us yourself, we may also collect personal data from someone else. The information we collect from others may be:

- Address information from public records to be sure we have the correct address information for you.

- Data from other authorities.

- Data from credit and information companies

When are you obliged to provide us with information?

In order to enter into an agreement with us, you need to provide the personal data we request, otherwise we cannot enter into an agreement. In cases where there is an obligation by law to provide personal data to us, we will inform you.

Automated decision making

An automated decision is a decision based solely on automatic processing, without human intervention. If we use automated decision-making, we inform the person concerned.

To whom else do we provide your personal data?

Your personal data may be disclosed to other authorities, companies or individuals if we have a legal obligation to disclose them. Personal data can also be provided to personal data assistants who handle information on our behalf.

We have personal data assistants who help us with, for example:

- Payments (invoice processing, banks and payment service providers).

- Marketing and information (advertising agencies, media agencies, printing and social media).

- IT services (providing operational support, managing operation, support and maintenance of our IT solutions).

- Transport (logistics companies, taxi and bus companies for passenger transport).

- Personnel (recruitment companies, management and employee surveys, occupational health care).

Transfer to third countries

Transfer to third countries means that data is provided to countries outside the EU and the EEA countries Norway, Iceland and Liechtenstein. We inform when personal data is transferred to third countries and the basic rule is that no transfer to third countries takes place.

Individual rights

You have the right to request a register extract to find out how we store your personal data. You also have the right to request that incorrect or incomplete personal data be corrected or deleted. You can also object to or request restriction of the handling of your personal data. In some cases, you may have the right to have your data moved.

How do you contact us with questions about data protection?

If you have questions about how we handle your personal data, you can contact the municipality's data protection officer via the switchboard or via e-mail to gdpr@solleftea.se

Who is responsible for the personal data we collect?

Each municipality committee is responsible for personal data for the personal data processed within the board's area of ​​operation.

Organization number: 212000-2437

Address: Sollefteå Municipality, Djupövägen 3, 881 80 Sollefteå

Who is the data protection officer?

Sollefteå Municipality has appointed a Data Protection Officer who you can reach at gdpr@solleftea.se or via the switchboard 0620-68 20 00.

Do you have comments on our handling?

If you think that the municipality's handling of your personal data is incorrect, you can first of all contact our Data Protection Officer.

You can also contact the Swedish Data Protection Authority, which is the supervisory authority.