Processing personal data
The Debt Office is responsible for ensuring that the personal data provided to the agency is processed correctly. We process your personal data in accordance with the EU General Data Protection Regulation (GDPR). The term personal data refers to any type of information that can, directly or indirectly, be ascribed to a natural person – such as name, address, e-mail address, or mobile phone number. Images and audio recordings can also qualify as personal data.
The Swedish National Debt Office (corporate identity number 202100-2635) is the data controller responsible for ensuring the correct processing of personal data under current law.
Right of access to public information
The Debt Office is a central government agency. In accordance with the principle of public access to official documents, information provided to us thus becomes public record and may be disclosed upon request unless it is covered by confidentiality. Accordingly, your personal data can be subject to disclosure.
Collecting personal data
The Debt Office may collect personal data about you when you contact or visit us, register for or participate in one of our events or training sessions, or use one of our services. When you provide your personal data, you will receive information explaining why that data will be processed. Examples of personal data that we process include: name, Swedish personal identity number, e-mail address, residential or business address, mobile phone number, and invoice or delivery address.
One of the reasons that the Debt Office processes personal data is to be able to carry out tasks in the public interest. In addition, the agency might need to process personal data for administrative purposes in order to fulfil legal obligations or agreements with the data subject. The processing can also be part of our exercise of public authority.
With whom may we share personal data?
As necessary, we share your personal data with our suppliers. A supplier that processes personal data on our behalf and according to our instructions is called a data processor. When a data processor is to process personal data, a “personal data processing agreement” is established. The data processor and those acting under the direction of the data processor may never access more data than required to perform a service in accordance with the agreement.
There are also other organisations – independent data controllers – with whom the Debt Office shares personal data. Once personal data has been shared with an independent data controller, the Debt Office no longer controls how that information is processed. Independent data controllers that the Debt Office shares personal data with include other government authorities such as the Swedish Tax Agency, Finansinspektionen (the Swedish Financial Supervisory Authority), the Swedish Social Insurance Agency, and the Swedish Police Authority.
Unless required to do so by law, we will not share your personal data with any party other than the data processors. Your personal data will not be transferred to a country outside the EU or the EEA.
Data retention period
The Swedish Archives Act stipulates that government agencies such as the Debt Office are required to preserve public documents. The Debt Office complies with preservation procedures, and it destroys public documents in accordance with the applicable rules and decisions on data disposal.
Personal data that is not part of a public document is only stored for as long as necessitated by the purposes for which it is processed.
If you have any questions about data disposal or preservation of public documents, please feel free to contact us by sending an e-mail to email@example.com or calling us at +46 8 613 45 00.
When processing personal data, the Debt Office begins with the premise that access to personal data will only to be granted to those persons in the organisation whose work requires it.
The Debt Office has specific security procedures that protect your personal data against unlawful or unauthorised processing. These procedures are updated as new technology becomes available. We use IT systems to protect confidentiality, privacy, and access to personal data.
You always have the right to receive information about, and access to, your personal data processed by the Debt Office. If information about you is incorrect or incomplete, you have the right to ask for it to be corrected or supplemented. In some cases, you also have the right to request that the Debt Office restrict the processing of your personal data, as well as to request its transfer or deletion.
When the Debt Office processes personal data as part of exercising the agency’s public authority, or to perform other tasks in the public interest, you have the right to, at any time, object to the processing of your personal data.
If you wish to exercise your rights, you can contact us by sending an e-mail to firstname.lastname@example.org or a letter to Riksgälden, 103 74 Stockholm.
Data Protection Officer
The Debt Office has a data protection officer who monitors GDPR compliance. If you have questions regarding the Debt Office’s processing of your personal data, you can contact the Debt Office’s Data Protection Officer by sending an e-mail to email@example.com or by writing to Riksgälden, 103 74 Stockholm (be sure to also write “Debt Office’s Data Protection Officer” on the envelope).
The Swedish Authority for Privacy Protection
If you wish to lodge a complaint about the Debt Office’s processing of your personal data, you can contact the supervisory authority: the Swedish Authority for Privacy Protection (in short IMY)
To share information about its operations, the Debt Office uses the following social media as communication channels: Twitter, LinkedIn, Facebook, and YouTube. When communicating with us via social media, you choose what personal data you want to share. Never provide sensitive personal data on social media.
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and on the repealing of Directive 95/46/EC (General Data Protection Regulation)