Svensk e-identitet sometimes uses subcontractors to process personal data, and the company may transfer customer data to a third party for relevant business reasons. These are frequently suppliers of cloud services or other IT storage services, as well as federation and integration partners.
When we use subcontractors, Svensk e-identitet is responsible for preparing a Data Processor Agreement (DPA) with them. Svensk e-identitet is the controller and ensures the customer’s privacy.
In order to guarantee information security and access to our services, Svensk e-identitet only uses servers inside the EU.
However personal data may be transferred to other countries if the login service is not located, owned or operated in Sweden. This includes transfer to countries outside the EU, that do not have legislation that specially protects personal data or that have other statutory requirements for data protection.
In cases where a user has linked other accounts (such as Facebook, Google etc.) to one of our services such as the E-Citizen Account, this may mean that personal data are transferred from the identity platform (such as Google, Facebook or OpenID) that the user uses. The personal data transferred in this context are thus the data recorded by the relevant identity platform (such as Facebook or Google), and not the data recorded by Svensk e-identitet. Svensk e-identitet never stores these data; rather they are only forwarded through us.