GDPR – General Data Protection Regulation

The General Data Protection Regulation, GDPR (EU 2016/679), is intended to protect individuals’ rights and freedoms regarding the processing of personal data. At the national level in Sweden, the GDPR has been supplemented by a Data Protection Act (2018:218) for personal data processing.

GDPR in brief: Source: Swedish Association of Local Authorities and Regions (skr.se) External link.

Personal data

It is important for Ludvika Municipality to implement all reasonable measures to ensure the protection of personal data within the municipality. This refers to both the processing of personal data concerning residents and business operators with a relationship to the municipality, as well as employees and other people whose personal data may be processed. Personal data is information that can in one way or another be linked to a living person. This can be obvious information, such as name or personal identity number, but also indirect information, such as a property name or a phone number. Images of people are also personal data.

Examples of processing of personal data:

In the processing of your case, your data is registered and processed. Processing refers to, among other things, collection, storage, handling, structuring, distribution and deletion. Your submitted information becomes an official document and can be disclosed in accordance with the principle of public access to official documents. This does not apply if your case is classified according to confidentiality regulations.

Your rights

You have the right at any time to request information on what personal data we process about you. To ensure that the information is disclosed to the right person, you need to verify your identity. If you believe that your personal data is incorrect, incomplete, irrelevant or being improperly handled, you have the right to contact us and object.

What information is processed about you:

• and who is the personal data controller for your data
• the purpose of the processing
• where this information has been obtained
• the recipients or categories of recipients to which the information may be disclosed
• how long your data is stored

Here’s how we handle your case when you request a register extract:

• We receive your request for a register extract and register it. We need to identify you, so we ask you for your personal identity number and name.
• The case is then forwarded to the respective committee that is the personal data controller based on your inquiry.
• Each committee sends you a written response. The response is sent by letter to your officially registered address. We obtain your officially registered address from the Swedish Tax Agency’s register.

Personal data controller and data protection officer

The personal data controller is the entity who alone or together with another entity decides the purpose and means for the processing of personal data, meaning what personal data is necessary in a particular matter as well as why and how the personal data shall be processed. The respective committee has responsibility for the municipal activities and its boards has responsibility for the municipal companies.

The committees and boards have in turn appointed a data protection officer who advises them and their administrations on issues regarding data protection legislation. The data protection officer also checks that they comply with applicable data protection legislation. The data protection officer is not responsible for how the personal data controller (the committee or the board) chooses to process personal data.

• The contact information of the various committees is on the page The Municipal Executive Board and other committees.
• The Swedish Authority for Privacy Protection is the supervisory authority, www.imy.se External link..

Privacy statement – Processing of personal data in Ludvika Municipality