Privacy Policy for the Confederation of Swedish Enterprise: Privacy and personal data

The Confederation of Swedish Enterprise safeguards your privacy and processes personal data in a responsible, transparent and lawful manner. All processing is carried out in accordance with applicable data protection legislation, including the General Data Protection Regulation (GDPR), and aims to protect your rights and your personal privacy.

In this policy, we explain what personal data we collect and why, how we use and protect the data, and what rights you have and how you can exercise them.

If you have any questions, you are always welcome to contact us. You will find our contact details below under the heading Contact.

A glossary explaining certain terms used in the policy can be found at the bottom of the document under the heading Definitions and Terms.

Data Controller

Svenskt Näringsliv is the data controller for the processing of personal data carried out within Svenskt Näringsliv. This means that we determine the purposes and means of processing your personal data and are responsible for ensuring that this is done in accordance with applicable data protection legislation.

In some cases, we use shared IT systems or offer services in conjunction with our member organisations. In such cases, each party is independently responsible for its own processing of personal data. Should one party process personal data on behalf of the other, this is done within the framework of a data processing agreement.

What data do we collect?

We mainly process personal data that you yourself provide to us. This may include:

  • name, contact details (email, telephone number) and details of your role,

  • login details for a user account (if you create one),

  • areas of interest (if you specify them yourself),

  • information provided in connection with training courses, seminars or events (e.g. special dietary requirements or allergies),

  • information regarding membership of the Confederation of Swedish Enterprise.

For employees of member companies, we may also process information about contact persons, e.g. in connection with negotiations or participation in working groups.

At events, we may collect information regarding dietary preferences (e.g. special dietary requirements and allergies). This information constitutes sensitive personal data under the GDPR and is processed by only with your consent and solely for the purpose of planning and conducting the event. The data is deleted once the event has concluded.

In some cases, we also collect personal data from third parties, such as your contact details if you are a contact person or CEO of a company. The data is obtained either from publicly available sources or via Syna AB, company registration number 556049-7314.

Why do we process your data?

We process personal data to provide services you have requested (e.g. newsletters, courses, events), to manage our relationship with you or your employer, to send information and offers that may be relevant to you, or to comply with legal obligations (e.g. legal requirements to retain certain data in our accounts).

We only process your personal data when we have a legal basis for doing so. The legal basis may be a contract, a legal obligation, consent or a legitimate interest.

For newsletters and events you have signed up for, processing is based on the consent you provided at the time of registration.

For services you have requested, processing is based on the contract you have entered into with us by ordering our services.

When we manage our relationship with you and send information and offers that may be relevant to you, the processing is based on our legitimate interest in maintaining contact with you and marketing our services and offers to you.

When we process your personal data in your capacity as an employee of your employer, we base the processing on the agreement we have with your employer.

We also process your personal data in accordance with a legal obligation where required by relevant legislation or collective agreements.

Sharing of data

We may share the personal data we collect with, for example, data processors (such as IT suppliers), who process data solely in accordance with our instructions. We may also share data with other independent data controllers (such as public authorities, partners or member organisations), in which case the privacy policies of those other data controllers will apply.

Personal data may sometimes be transferred to countries outside the EU/EEA. In such cases, we ensure that there are adequate safeguards in place in accordance with applicable data protection legislation. This may, for example, be achieved by ensuring that the transfer takes place in accordance with the European Commission’s decision on an adequate level of protection for such transfers. This may also be achieved by applying so-called standard contractual clauses, which have been drawn up by the European Commission and which mean that the recipient undertakes to protect personal data to the same standard as applies within the EU/EEA, or by encrypting the data or taking other technical security measures that make it more difficult for unauthorised persons to access the data.

Retention period

We only retain personal data for as long as is necessary for the purpose or as required by law. For example, certain accounting data is retained for 7 years, whilst data regarding dietary preferences is deleted once the event for which the data was required has concluded.

In certain cases, where necessary for our operations, data may be archived indefinitely, for example, data required to interpret and apply collective agreements, as well as certain corporate documents.

Your rights

As a data subject, you have the right to know what personal data we process about you and to request that incorrect data be corrected.

You also have the right, in certain cases, to request the erasure of data and to have processing restricted.

You also have the right to object to us processing your personal data if the processing is based on a balancing of interests. You have the right to object to us processing your personal data if the processing is based on a balancing of interests. This means that you can object to the processing if you consider that your own reasons outweigh our legitimate interests. When you object, we will review the processing. We will cease processing if we cannot demonstrate that we have compelling legitimate grounds that outweigh your interests and rights.

You also always have the right to object to direct marketing, in which case we will cease using your data for that purpose.

If the processing is based on your consent, you have the right to withdraw your consent to the processing at any time.

We will process your request without undue delay, normally within 30 days.

Personal identification number

As a general rule, we do not process personal identification numbers. In certain cases, however, this may be necessary, for example for secure identification, where required by law, or where the organisation number consists of a personal identification number (e.g. for sole traders).

Processing takes place only where there are compelling legitimate grounds that clearly justify it in view of the purpose and on the basis of a valid legal basis (e.g. a legal obligation or contract).

Security

We work continuously on technical and organisational measures to protect your personal data. This includes, amongst other things, restricting access to personal data to authorised persons, using encryption during transmission where relevant, and regularly updating our systems to reduce security risks. We have procedures in place to detect and manage any personal data breaches. Our suppliers and partners are bound by agreements that ensure they also maintain a high level of security.

Specifically regarding cookies and digital channels

We use cookies

We use cookies to ensure our website and services function properly, to understand how they are used and – provided you consent to this – to be able to display content and adverts that are more relevant to you.

A cookie is a small text file that is stored in your browser when you visit a website. It enables the website to recognise your device and remember your settings or analyse how you use the website.

What types of cookies do we use and why?

  • Essential cookies – ensure the website works as it should.

  • Functional cookies – save your preferences, such as language or region.

  • Statistical cookies – help us understand how the website is used and how we can improve it.

  • Marketing cookies – used to display relevant adverts and to measure the effectiveness of campaigns.

  • Third-party cookies

Some cookies come from our partners, such as Google, Facebook, YouTube, and newsletter and marketing tools, such as Mailchimp, Apsis and Emarketeer. These partners may set cookies and collect data via our services. Read more in their respective privacy policies on their websites.

Your choices

You decide which cookies you wish to allow, apart from those necessary for the website to function. You can change or withdraw your consent at any time via the cookie settings or your browser. Please note that certain features may stop working if you block cookies.

Supervisory authority

If you have any questions or comments regarding how we process your personal data, you are always welcome to contact us in the first instance. You also have the right to lodge a complaint directly with the Swedish Data Protection Authority (IMY), which is the authority in Sweden responsible for supervision and ensuring compliance with data protection legislation. Further information is available at www.imy.se.

Contact

If you have any questions about how we process your personal data or if you wish to exercise any of your rights, please feel free to contact us. Contact us at: dataskydd@svensktnaringsliv.se or by telephone on 08-553 430 00.

We may occasionally need to update this policy. The latest version is always available on our website.

***

Definitions and terms

Below are key terms and definitions used in this policy.

Processing: Any operation or set of operations which is performed on personal data or on sets of personal data. Processing of personal data may, for example, consist of collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Legitimate interest: Where the data controller’s interest in carrying out the processing of personal data outweighs the data subjects’ interests and fundamental rights and freedoms, the interest is considered to be legitimate.

GDPR (General Data Protection Regulation): The EU’s data protection regulation, which is directly applicable in all EU Member States.

Sensitive personal data: Personal data which, by its nature, is considered particularly sensitive and therefore warrants stronger protection. Examples of such data include health data, data concerning ethnic origin, political opinions or religion.

Storage: The length of time for which the data controller retains the personal data.

Personal data: Any information relating to an identified or identifiable living natural person.

Data controller: A natural or legal person, public authority or other body which is responsible for determining the purposes and means of the processing of personal data.

Data processor: A natural or legal person, public authority or other body which has been entrusted with the processing of personal data, in whole or in part, on the instructions of the controller and on its behalf.

Data Processing Agreement: An agreement between the data controller and the data processor aimed at addressing liability issues and ensuring that the parties comply with the GDPR during the term of the agreement.

Data subject: The individual whose personal data is being processed.

Legal basis: A valid reason required under the GDPR for processing personal data; consent, performance of a contract, legal obligation, protection of vital interests, exercise of official authority and tasks carried out in the public interest, and legitimate interest.

Data requiring special protection: Data for which Swedish supplementary legislation to the GDPR extends the protection of certain personal data. This applies, for example, to Swedish personal identity numbers and coordination numbers, which may only be processed without consent if this is clearly justified in view of the purpose of the processing, the importance of secure identification, or some other compelling reason.

Updates

This policy was last updated on 22 January 2026.