Processing of personal data at the Swedish Work Environment Authority

The Swedish Work Environment Authority processes a large volume of data relating to private individuals and companies. Here you can read about what personal data is, how the Swedish Work Environment Authority processes personal data and what rights you have as a data subject.

The Swedish Work Environment Authority takes your privacy very seriously. It is a matter of course and a central issue of trust for the Swedish Work Environment Authority that your personal data is processed with care and in accordance with the requirements of existing legislation. We hope that this information will give you a clear idea of how we process your personal data.

The Swedish Work Environment Authority takes a number of measures to protect your personal data. We have also appointed a Data Protection Officer whose primary task is to monitor our compliance with existing laws and internal guidelines. Contact details for the Data Protection Officer can be further down in at this page.

What is personal data?

Personal data is all types of information that is directly or indirectly attributable to a living natural person. This means that, if data directly or indirectly reveals whom it concerns, it is personal data. Examples of personal data include names, addresses and personal identity numbers. However, a photograph, an email address or a case reference number may also constitute personal data.

Legislation relating to personal data processing

Several laws and regulations govern what processing of personal data is permitted and what rights you have as a data subject. The main purpose of the rules is to protect people against violation of their privacy when personal data is processed.

The basic rules are contained in the EU General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data). This Regulation is supplemented by a Swedish Act (2018:218). Some of the Swedish Work Environment Authority’s processing is also subject to provisions in the Swedish Act (2018:258) on the processing of personal data in the Swedish Work Environment Authority’s data system on occupational injuries.

Processing of personal data

The Swedish Work Environment Authority, corporate identity number 202100-2148, is the controller for the processing for which the authority itself has determined the purpose and means and for processing for which legislation directly stipulates that the Swedish Work Environment Authority is the controller.

The processing of personal data means, in principle, everything that can be done with the data. This may, for example, be collecting, recording or storing data or disclosing data to someone who wants to access it.

The Swedish Work Environment Authority processes personal data on a large number of people and for a variety of purposes. A common feature of these purposes is that they concern processing that is necessary for the performance of the tasks that the Swedish Parliament and government have given the Swedish Work Environment Authority.

How we collect your personal data

The personal data processed by the Swedish Work Environment Authority is collected from several different sources. You may be the source when you ask the authority a question or submit an application of some kind.

Personal data on you may also be obtained from other parties with which the Swedish Work Environment Authority is in contact within the context of the authority’s tasks. An example of this is collection within the context of the Swedish Work Environment Authority’s supervisory activities, where personal data may be obtained from employers, safety representatives and other persons. Examples of other important activities at the Swedish Work Environment Authority are statistical activities and information activities. In the course of its statistical activities, the authority collects data on, among other things, occupational injuries and, in the course of its information activities, the authority is obliged to receive both questions and other information from the public which may contain personal data.

Purpose and legal basis for our processing of your personal data

The processing of personal data must be supported by existing data protection legislation. There must be a legal basis for the processing. In summary, we process your personal data on the basis of one or more of the following legal bases.

  • Consent – you have given your consent for your personal data to be processed for one or more specific purposes
  • Contract – the processing of your personal data is necessary for the performance of a contract between you and us or to take action at your request before such a contract is made
  • Legal obligation – the processing of your personal data is necessary to perform a legal obligation that is incumbent on the Swedish Work Environment Authority under legislation or a collective agreement
  • Public interest or the exercise of official authority – the processing of your personal data is necessary to perform a task of public interest arising out of a law or collective agreement or related to the exercise of the official authority of the Swedish Work Environment Authority.

Some of the data the Swedish Work Environment Authority processes on you may be of a particularly sensitive nature. This includes data on health and trade union affiliation. The processing of sensitive personal data requires special statutory authority, and the Swedish Work Environment Authority may process sensitive personal data on you on one of the following bases.

  • Consent – you have given your consent for your personal data to be processed for one or more specific purposes
  • Processing is necessary for reasons of major public interest – sensitive personal data may be processed by the authority if the data has been submitted to the authority and the processing is required by law (for example, to carry out the authority’s tasks under the Swedish Work Environment Act or to record and archive a public document). Sensitive personal data may also be processed if this is necessary to deal with a case or in other cases if the processing is necessary for reasons of major public interest and the processing does not constitute an undue violation of your privacy.

A list of purposes for which the Swedish Work Environment Authority processes personal data and information on the legal basis are provided below. The list is not complete and should be seen as common examples of processing by the Swedish Work Environment Authority.

Purpose and legal basis
Purpose Legal basis

  • collecting relevant data via the authority’s dedicated occupational injuries data system
  • processing the data for statistical purposes

The processing is necessary to perform a legal obligation that is incumbent on the Swedish Work Environment Authority under legislation.

The processing is necessary to perform a task of public interest arising out of a law or related to the exercise of the official authority of the Swedish Work Environment Authority.

Processing of applications for permits and exemptions in accordance with the Swedish Work Environment Authority’s regulations, including:

  • collecting relevant data
  • storing it during the processing period
  • communicating data to stakeholders such as employers, safety representatives and others
  • decision-making and handling appeals to the courts

 

The processing is necessary to perform a task of public interest arising out of a law or related to the exercise of the official authority of the Swedish Work Environment Authority.

Recording of reported posted workers and supervision of compliance with the posting legislation, which entails

  • collecting relevant data
  • storing said data during the processing period
  • communicating data to stakeholders such as employers, recipients of services and others 
  • decision-making and handling appeals to the courts
  • to, when deemed necessary, process data in the Internal Market Information System (IMI) of the European Commission and share it with competent authorities in other member states of the EES. 

The processing is necessary to perform a legal obligation that is incumbent on the Swedish Work Environment Authority under legislation.

The processing is necessary to perform a task of public interest arising out of a law or related to the exercise of the official authority of the Swedish Work Environment Authority.

The Swedish Work Environment Authority is commissioned by the government and Parliament to supervise compliance with the posting legislation. The Swedish Work Environment Authority is also the competent authority to submit or provide assistance to or from competent authorities of other member states within the EES when we or they process cases under the posting legislation. The Swedish Work Environment Authority also has an obligation to provide data to other competent authorities of the member states of the EES if suspicion of irregularities regarding the posting legislation arises. The exchange of data between authorities may occur within the IMI.

Production of statistics on reported occupational injuries and the working environment and research in the field, including:

  • collecting relevant data via the authority’s dedicated occupational injuries data system
  • processing the data for statistical purposes

The processing is necessary to perform a legal obligation that is incumbent on the Swedish Work Environment Authority under legislation.

The Swedish Work Environment Authority is the official statistics authority under the Swedish Act and Ordinance on official statistics. Under the Swedish Act on the processing of personal data in the Swedish Work Environment Authority’s data system on occupational injuries, the Swedish Work Environment Authority may process personal data when it is necessary to provide a basis for the work to prevent occupational injuries.

 

Communication with the public, answering questions and handling tip-offs from the public, including:

  • collection of data via email, social media, the authority’s contact form on the website, and in other channels
  • answering questions and other measures

The processing is necessary to perform a legal obligation that is incumbent on the Swedish Work Environment Authority under legislation.

The processing is necessary to perform a statutory task of public interest.

According to the instructions given to the Swedish Work Environment Authority, the authority must disseminate information in relation to the working environment. The Swedish Administrative Procedure Act states that the authority is obliged to provide services to the public and to be available for contact with individuals.

 

Human resources activities, including:

  • Recruitment of staff
  • Processing staff data for human resources and staff-related social purposes
The processing is necessary to perform a legal obligation that is incumbent on the Swedish Work Environment Authority under legislation or a collective agreement.

The processing is necessary to perform a statutory task of public interest.

The Swedish Work Environment Authority has legal obligations under both legislation and collective agreements that include the processing of personal data on staff for human resources and staff-related social purposes.

It is in the public interest for the Swedish Work Environment Authority to have human resources activities aimed at recruiting, retaining and developing the appropriate staff.
Registration, disclosure and archiving of the authority’s public documents The processing is necessary in order to perform legal obligations incumbent on the Swedish Work Environment Authority under the Swedish Freedom of the Press Act, the Swedish Public Access to Information and Secrecy Act and archives legislation.

The processing is also necessary to perform tasks related to the exercise of the official authority of the Swedish Work Environment Authority.

Our obligations as the controller

Data protection legislation places great demands on the person responsible for the processing of personal data. The Swedish Work Environment Authority is the controller for the processing of personal data in the authority’s operations. One of the most important obligations is that the Swedish Work Environment Authority must ensure that all personal data processing is legal. This means, among other things, that there must be a clear purpose for all processing and also that there must be a legal basis for the processing. When the Swedish Work Environment Authority needs to process personal data to perform its tasks as an authority, the authority also generally has the right to process the personal data.

Other obligations include, in particular:

  • The authority must process as little personal data as possible in relation to the purpose

  • The authority must ensure that the data is as up-to-date and accurate as possible

  • The authority must take security measures to protect personal data against unauthorised or prohibited processing and other threats.

The Swedish Work Environment Authority’s Data Protection Officer

The authority has a Data Protection Officer whose primary task is to monitor our compliance with existing laws and internal guidelines. The Data Protection Officer may also provide general information on the processing of personal data at the Swedish Work Environment Authority. You can contact the Data Protection Officer by email at the following address:

dataskyddsombud@av.se

Your rights as the data subject

As a data subject at the Swedish Work Environment Authority, you have a number of rights as shown below. Contact details can be found at the end of this page.

Right of access

You have the right to access your personal data. This means that you have the right to receive confirmation of whether personal data on you is being processed and also to access the personal data (‘register extract’ and certain additional information about the processing).  You request access by email at the following address:

arbetsmiljoverket@av.se

Rectification

You have the right to have inaccurate personal data on you rectified or supplemented. You request rectification by email at the following address:

arbetsmiljoverket@av.se

Erasure

You have the right to have personal data on you erased if:

  • the data is no longer necessary for the purposes for which it is processed

  • you withdraw your consent for certain processing and there is no other legal basis for the processing by the Swedish Work Environment Authority

  • the processing is not necessary to comply with applicable statutory requirements, to establish or assert legal claims or for archives or research purposes.

You request erasure by email at the following address:

Please note that the right to erasure applies with extensive limitations when processing of the data is necessary for purposes related to the tasks and obligations of the Swedish Work Environment Authority as an authority.

arbetsmiljoverket@av.se

Right to withdraw consent

If you have given specific consent for certain processing of personal data, you always have the right to withdraw that consent. You withdraw consent by email at the following address:

arbetsmiljoverket@av.se

Right to complain to the supervisory authority

As a data subject, you have the right under Article 77 of the GDPR to lodge a complaint with the supervisory authority if you consider that the processing of personal data has been unlawful. In Sweden, the Swedish Data Protection Authority is the supervisory authority.

Last updated 2023-12-18