GDPR and privacy – How do we protect personal data?
Svensk e-identitet takes the trust placed in us to process your personal data extremely seriously. Rest assured that we do our utmost to prevent unauthorized persons from gaining access to the data, to prevent the data from being forwarded beyond what is specified in this privacy policy, and to prevent the personal data being released to a third party for marketing or being otherwise misused. Svensk eidentitet assures its customers that we process.
Personal data confidentially and that we do not store personal data that are not relevant to our undertaking and for which there are legal grounds. Svensk e-identitet continually informs and trains our employees about our privacy policy and procedures for personal data processing. Svensk e-identitet also has the opportunity to have ongoing support and training – which is sometimes mandatory – by Visma.
Personal data are transferred and stored in secure environments that are only accessible by Svensk eidentitet’s authorised personnel and partners. Several layers of technical and organisational protection are used to further protect our customers’ privacy. These protection measures include firewalls, secure location of servers, redundant environments, encryption (during both storage and transmission), session management and intrusion detection.
How long do we store personal data?
Svensk e-identitet only retains personal data as long as necessary for its purpose according to this privacy policy. In order to fulfil our obligation to our customers, as well as our legal obligations, we save the personal data required for these purposes Other personal data are erased within one year of the last interaction with us. Certain data are retained for statistical purposes, but this is completely anonymous.
As a processor
Svensk e-identitet provides many different services to our customers. Many of these services involve processing customer and user data.
The instructions for processing are determined by the customer as the controller and not by Svensk eidentitet. In these cases, Svensk e-identitet plays the role of a processor and processes personal data on the customer’s behalf and according to instructions they have given us. The relationship between the customer as a controller and Svensk e-identitet as a processor is governed in a separate processor agreement.
The Customer’s and Svensk e-identitet’s respective undertakings
When the customer’s role is as the controller, the customer is responsible for ensuring that there are legal grounds for processing personal data, as well as identifying risks associated with the processing. Svensk e-identitet is responsible for processing personal data on behalf of the customer in accordance with applicable laws and regulations for personal data processing. This means that both the customer and Svensk e-identitet are required to cooperate in order to ensure that personal data are protected.