§ 1. Background

This personal data policy ("Policy") specifies rules and guidelines regarding how personal data should be handled on the Stockholm Radio & TV Service(s) website (www.srtservice.se). The policy states how personal data is collected, how it is used, how the website's users have control over the handling of their personal data and how they can get in touch with the person responsible for questions.

The policy is applicable to all parts of the website.

§ 2. Purpose

The purpose of the policy is to provide the website's users with information about how their personal data may be handled on the website.

§ 3. Definition of personal data

The concept of personal data includes all information that, either directly or indirectly, can identify a living natural person. Direct personal data is understood as that which alone can identify a certain person, while indirect personal data can identify a person together with other personal data.

§ 4. Consent

a) Obtain consent

In order for personal data to be processed, consent must first be obtained from the website's user. The consent must be informative and clear so that all users understand its meaning.

We obtain consent in the following ways:

Consent is obtained by allowing visitors to accept the terms of use, including the privacy policy, before being granted access to the website.

b) Withdraw consent

A user who has given their consent can withdraw this at any time, which is done in the following way:

Consent can be revoked by contacting us via email kundtjanst@srtservice.se

c) The right to have their personal data deleted

When consent has been withdrawn, the user can, if desired, also request that their information be deleted from all of the website's servers. This is done via e-mail sent to kundtjanst@srtservice.se.

§ 5. Processing of personal data

a) Personal data processed

The following personal data is collected on the website and processed by us:

Name, email, phone number, address, IP address and gender.

b) Reason for processing personal data

The personal data is saved and processed for the following purposes:

The personal data is processed for the purpose of fulfilling statutory or contractual requirements,
The personal data is processed in connection with the delivery of purchases and quotation requests.

c) The personal data is shared with

The personal data will be kept within the company and thus not disclosed to third parties.

d) Period for which personal data is saved

The personal data may only be saved as long as necessary for the purpose.

§ 6. Security and encryption

The website has an SSL certificate (Secure Socket Layer) which ensures that users' personal data is transmitted in a secure and confidential manner by encrypting the information. Furthermore, the website has taken appropriate security measures to prevent personal data stored on the website from being lost or used in an inappropriate or illegal way. Access to the personal data collected is limited to authorized persons and the information will be treated confidentially.

If a personal data incident occurs, the affected user will be notified and the Privacy Protection Authority will be reported.

§ 7. Users' rights

a) Right to register extracts

After consent has been given, the website's user has the right to receive a register extract with confirmation of whether the personal data is being processed. If the personal data is processed, the user has the right to access it.

Register extracts are requested by us via e-mail sent to kundtjanst@srtservice.se.

The register extract is given out in written form, either digitally or by post.

b) Right to information and right to correction

After giving consent, the website's user has the right to contact us to find out what personal data is stored and to have incorrect data changed. If any information is missing, users also have the right to supplement this.

c) Right to restriction of processing

In some cases, a person whose personal data is concerned may demand that the processing of these be restricted. This is the case, e.g. when the person in question has already requested correction due to incorrect information. During this time, the processing of the incorrect data can also be limited.

d) Data portability

In some cases, a person who has disclosed their personal data has a right to have it transferred to another, for example a media service. The person who first received the personal data must then facilitate such a transfer.

e) Right to object

In some cases, a person has the right to object to how their personal data is processed. This applies when the personal data is processed to perform a task of public interest, as part of the exercise of authority or after a balancing of interests.

f) Right to erasure

The website's users have the right to have their personal data deleted if desired. There are exceptions when this right is restricted, but in the following cases the data must be deleted:

- If the data is no longer needed for the purposes for which it was collected,
- If consent is revoked,
- If the personal data is used for direct marketing and the user objects to it,
- If there are no justified reasons that outweigh the individual's interest in deleting the information,
- If the personal data has been processed illegally,
- If deletion is required to fulfill a legal obligation,
- If the personal data has been collected in connection with a minor creating a profile in a social network.

g) Automated decision-making

The users have the right not to be subject to automated decisions, if such a decision may have legal consequences for the individual or in a similar way significantly affect him.

h) Identification

If a user requests information or requests that information be deleted, the person in question must be identified. This is done in the following way:

Photo of passport, driver's license or ID card to be emailed to us at kundtjanst@srtservice.se

i) Complaints

If a user considers that their personal data is being processed in violation of the GDPR on the website, a complaint can be submitted primarily to us and secondarily to the Swedish Data Protection Authority.

j) Damages

In a situation where a user's personal data has been processed in violation of the GDPR, a right to compensation may arise. A claim for damages can be brought in general court with the district court as the first instance.

§ 8. Changes in the policy

This policy was published on ________.

This policy may change, so website users are advised to read the policy periodically.

Users will also be notified of changes in the following way:

Via e-mail

§ 9. Contact

For questions relating to the website and its content, we can be reached via e-mail sent to kundtjanst@srtservice.se.

Email response time: 3-5 days.