About the website and processing of personal data

Information about cookies

According to the Electronic Communications Act, everyone visiting a website with cookies must have access to information that the website contains cookies and the purpose of the use of cookies. The visitor must also consent (have the opportunity to act/choose) to the use of cookies. However, if cookies are used that are necessary to provide a service that the user or subscriber has expressly requested, there is no consent requirement.

A cookie is a small text file that a website can request to save on the visitor’s computer. The text file is usually used to facilitate the visitor’s use of the website, e.g. to give the visitor access to various functions or services.

There are different types of cookies. For its website, Swedsec uses a cookie of the type that saves a file for a longer period of time on the visitor’s computer. Swedsec uses the web analysis service Google Analytics to be able to analyze how visitors use the website, with the help of cookies. Cookies from swedsec.se are saved on your computer/browser if you continue to surf on swedsec.se, an information box about this appears at the bottom of the page when you visit any part of the website.

The following cookies may be requested by Swedsec’s website to be stored by the visitor:

“_umtz”: Google Analytics on the swedsec.se domain

Below is information about Swedsec’s processing of personal data.

Personal data controller

Swedsec Licensiering AB (”Swedsec”)
Org. nr. 556601-8569

The purposes of Swedsec’s processing of your personal data

The main purpose of Swedsec’s processing of your personal data is to fulfill the commitment to provide a system of licensing for the financial industry. Swedsec’s licensing system is governed by Swedsec’s regulations.

In order for you to take advantage of our services, your personal data is processed in Swedsec’s online service. Swedsec processes personal data for booking and carrying out licensing tests and diagnostic tests, as well as when recording information about such carried-out tests. Swedsec processes personal data relating to (i) application and grant of exemption from license and licensing test, (ii) application for, grant of, and information on granted licenses, (iii) reporting of completed annual knowledge update, and (iv) declaration of suspension, activation and expiry of license. In addition, personal data about license holders is published in a search service on Swedsec’s website. Licensees who upload a personal photo to the online service can order a license certificate.

Swedsec provides a disciplinary procedure, which is regulated in Swedsec’s regulations. In the handling of disciplinary matters, personal data is processed. The disciplinary board’s decision on disciplinary sanctions contains personal data. The disciplinary sanctions that can be actualized are revocation of license, temporary revocation of license, warning, and recall.
In the online service, disciplinary sanctions and ongoing disciplinary cases are registered, as well as information reported to Swedsec if the license holder’s terminated employment has been connected to a violation.

Other personal data that Swedsec processes are your contact details, data intended to facilitate the administrative handling of affiliated companies, and data for Swedsec’s invoicing and other administrative purposes. Among other things Swedsec processes personal data regarding affiliated companies’ contact persons and administrators so that these persons can fulfill the affiliated company’s commitments according to Swedsec’s regulations as well as personal data regarding so-called test leaders so that they can take care of the execution of licensing tests in the test room.

We send newsletters, press releases, etc., and process e-mail addresses and other contact information for this purpose. Furthermore, we provide and administer seminars and other events that you have registered for or participated in. When participating in events, Swedsec may record or photograph. This means that you may appear in sound or image recordings or photographs that Swedsec processes and which may also be published. Swedsec will notify you in advance if such recording or photography will take place.

The processing of personal data relating to Swedsec’s disciplinary activities is carried out with the support of Swedsec’s and affiliated companies’ legitimate interest in the processing (balancing of interests). Other processing of personal data is done because it is necessary for the fulfillment of agreements or with the support of Swedsec’s and affiliated companies’ legitimate interest in the processing (balancing of interests). The legitimate interest is – both for the processing related to the disciplinary procedure and other processing carried out on this basis – that it is necessary to fulfill Swedsec’s obligations towards the affiliated companies and to provide a system of licensing for the financial industry.

Recipients of personal data that Swedsec processes

Below is an account of different categories of recipients of personal data that Swedsec processes.

Access to and registration of personal data in Swedsec’s online service

Swedsec’s affiliated companies have access to personal data in Swedsec’s online service and also perform, in their capacity as personal data assistants, registration measures for personal data in the online service. Affiliated companies’ right to access to – and to register personal data in – the online service is, however, limited to personal data relating to its own employees and other persons who, in the application of Swedsec’s regulations, are considered employees of the affiliated company.

Even companies that, without being affiliated companies, are connected to Swedsec’s online service have access to personal data in the online service and perform registration measures of personal data in the online service. Such companies’ right to access to – and to register personal data in – the online service is limited to personal data relating to their own employees.

Swedsec’s disciplinary procedure

In addition to some of Swedsec’s own employees, members of the disciplinary committee and the disciplinary board participate in the handling of a disciplinary case (ie the preparation of the case before the disciplinary board’s decision). During the preparation, documents that come into the case are communicated to the parties (i.e. the licensee and the notifying company) or, where applicable, their representatives.

The Disciplinary Committee’s decision is communicated to the licensee (i.e. the person the decision refers to), the affiliated company where the licensee is employed, and the company that made the report (if this is a different company than where the licensee is employed).

As long as your personal data is saved

Personal data about license holders and other registered users are thinned based on time periods whose length depends on the nature of the data.

Right to information, rectification, complaints, and data portability

You have the right to receive information free of charge about which personal data about you Swedsec processes. If you request that Swedsec provide such information more than once, Swedsec has the right to charge a reasonable fee.

You also have the right to contact us regarding personal data that Swedsecs processes about you

1. to request correction of personal data
2. if these are incorrect or incomplete request deletion or limitation of personal data and/or
3. object to the processing of personal data

A request or objection made according to the immediately preceding paragraph will be examined by Swedsec. In some cases, Swedsec will not comply with the request or objection. This can e.g. be the case when it follows Swedsec’s regulations that certain processing of personal data must be carried out.
You have the right to request the personal data that you yourself provided to Swedsec, in a structured, generally used and machine-readable format, to have it transferred to another personal data controller in cases where this data is processed based on consent or based on an agreement.

You also have the right to file a complaint with the Swedish Data Protection Authority (formerly the Data Protection Authority) regarding Swedsec’s processing of personal data about you.

Certificate of issue

Swedsec has a certificate of publication for the website swedsec.se and the publisher is Swedsec CEO Agneta Oscarsson.

Dispatch

Swedsec sends out newsletters and press releases to subscribers via e-mail. Swedsec’s CEO Agneta Oscarsson is a publisher. If you want to subscribe to newsletters or press releases, you can sign up on our press page.