Processing Personal Data
The General Data Protection Regulation (GDPR) is intended to prevent violations of personal privacy through personal data being processed.
When is My Personal Data Processed?
Göteborg & Co is a municipal company owned by the City of Gothenburg. We have been commissioned by the city to lead the work relating to the city’s 400th anniversary. We process personal data on this website and via our social media channels for the purposes of planning, marketing and implementing the city’s 400th anniversary celebrations.
As part of this assignment, we process personal data in various ways. We process your personal data:
- when you email us or contact us via any of our social media channels: Twitter, Facebook, YouTube and Instagram,
- when you choose to subscribe to any information from us,
- when you are involved in any way in arranging the celebrations, and
- when we present various events and provide other information about the 400th anniversary on our website or via social media.
What data is processed?
If you contact us by email or via social media, we will process your email address, your user name and the information that you send us. If you choose to subscribe to information from us, we will process your email address. When we present various events and information on websites, the names of editors and organisers will be processed together with images and sometimes videos. Information about events is provided to Göteborg & Co by organisers of events within the city.
Who Is Responsible?
Göteborg & Co AB is the data controller for processing personal data on this website and via our social media channels, and for other processing carried out within the company. You can contact us about our personal data processing by emailing firstname.lastname@example.org.
Our data protection officer is based at the Data Protection Unit at Intraservice, which is part of the City of Gothenburg. You can contact the data protection officer if you have any questions about how the company processes your personal data or in connection with exercising your rights. Contact details for our data protection officer:
Telephone: +46 (0)31 365 00 00
How Long Will My Be Data Saved?
As a municipal company, we must comply with the principle of public access to official records and Sweden’s archiving legislation. This means that it is Sweden’s archiving legislation that determines how long we should save your data. Our websites should be archived, together with requests of economic significance that we receive. Other requests are deleted when they are no longer relevant. If your personal data needs to be saved due to the Swedish archiving rules, your right to have your personal data deleted may be limited.
How Is My Personal Data Shared?
As a municipal company, we must comply with the principle of public access to official records. This means that in some cases we are obliged to share personal data about you that is contained in public documents upon request. Your personal data is not shared if confidentiality applies in accordance with the Swedish Public Access to Information and Secrecy Act. If you use social media to contact us, information and personal data are always transferred to a third party (the company/organisation that operates the social media channel). For your own sake, we recommend that you do not send sensitive information to us via social media.
Legal Basis for Processing Data
When you contact us by email or via social media, and when we otherwise process your personal data for the purposes of planning, marketing and implementing the city’s 400th anniversary celebrations, the legal basis for this processing is public interest (Article 6.1e of the GDPR). When the legal basis is public interest, you have the right to object to processing for reasons relating to your specific situation. When you choose to subscribe to information from us, the legal basis is a contract (Article 6.1b of the GDPR).
In certain cases, we process your personal data with the support of the legal basis of consent (Article 6.1a of the GDPR). In such a case, we will specifically ask for your consent and you always have the option to withdraw your consent.
The GDPR gives you a number of different rights that you should be aware of. These rights are described in Articles 15–21 of the GDPR.
The right to access means that you can obtain confirmation of whether your personal data is processed by Göteborg & Co. If your personal data is processed, you can also access this data in a register extract free of charge, together with information about the processing.
The right to correction means that you have the opportunity to have incorrect personal data about you corrected. In certain cases, you can also add to incomplete data. If you believe that the data processed about you is incorrect, you can request restriction of your personal data.
The right to deletion means that, in certain situations, we are obliged to delete your personal data.
Your Personal Data Will, at Your Request, Be Deleted:
- when it is no longer necessary to process your personal data in order to fulfil the purpose of the processing,
- when the legal basis for the processing of your personal data is consent and your consent is withdrawn,
- when you object to the processing and there is no legitimate reason for the processing that outweighs your legitimate reasons,
- when your personal data is processed unlawfully, and
- when your personal data must be deleted in order to comply with a legal obligation.
The right to deletion has some limitations that may affect your opportunities to have your personal data held with us deleted. This right does not apply when the processing is necessary in order to perform a task carried out in the public interest or in the exercise of official authority. Nor does the right to have personal data deleted apply when we must save the data in accordance with Swedish archiving legislation. This is detailed in Article 17.3 of the GDPR.
Restriction of Processing
The right to restriction of processing means that you have the opportunity to have stored personal data flagged in order to limit its processing in the future.
The processing of personal data shall, at your request, be restricted:
- during the time that the Company checks whether your personal data is correct, if you have disputed the accuracy of your personal data,
- if processing your personal data is unlawful and you want processing to be restricted instead of having data deleted,
- if the company no longer needs your personal data but you need it in order to establish, exercise or defend legal claims, and
- while waiting for the company to check whether our legitimate reasons outweigh your legitimate reasons, if you have objected to processing.
If the legal basis for processing your personal data is consent or agreement and the processing is automated, you have the right to data portability. Data portability means that you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format, and that you have the right to transfer this data to another data controller.
Objecting to Processing
If the legal basis for processing your personal data is public interest, exercise of official authority or balancing of legitimate interests, you have the right to object to this processing. The right to objection means that you can object to your personal data being processed for reasons relating to your specific situation. If you have raised an objection, the company may only continue to process your personal data if compelling legitimate grounds for processing can be demonstrated that outweigh your legitimate interests, or if processing takes place for the establishment, exercise or defence of legal claims. If as a data subject you have objected to processing, you can also request that your personal data is restricted.
Making a Complaint
If you believe that we are in breach of the GDPR or other privacy legislation, you can file a complaint with the Swedish Authority for Privacy Protection.