Processing of personal data
At the Göta Canal Company (AB Göta kanalbolag), we want everyone that we are in contact with to feel confident that we process their personal data in a proper, secure and responsible way. Below is a detailed description of how we process your personal information.
The EU General Data Protection Regulation (GDPR) regulates processing of your personal information. The purpose of this regulation is to prevent infringement on your personal integrity through mismanagement of personal data. Your personal data must therefore be processed according to the principles and requirements of the Data Protection Regulation
Dataskyddsförordningen (Swedish implementation of the GDPR)
Lag (2018:218) med kompletterande bestämmelser till EU:s dataskyddsförordning Additional Swedish provisions relevant to the GDPR.
What constitutes personal data?
Personal data is information or a combination of information that can be connected to a single, living person. Examples are:
Names, addresses and other contact information
Pictures and audio recordings
Vehicle registration numbers
The Göta Canal Company (AB Göta kanalbolag) manages personal data in the form of newsletter subscriptions, registrations for events, ticket sales, sales of tree sponsorships etc. The personal data we manage depends on events signed up for or services used by you.
Collection of personal data
We collect and process the following personal data:
- data provided by you in communicating with us, such as for subscriptions, events and other communications.
- contact information relevant to your professional role, provided to us by the company or organisation that you work for.
- data used by services such as basetool.se, the database powering our website.
- data generated by cookies when you visit our website. (Cookies are small text files which the website requests to save to your computer. No personal information is saved at our end as a result of this function).
Categories of personal data that are collected
The following is a description of the categories of personal data that are collected, as well as examples of data belonging to the respective category.
Personal identification: Name
Location data: Address
Contact information: Phone number, email
Lifestyle related data: Memberships/subscriptions
IT related data: Cookies
Use of personal data and lawful basis of personal data processing
The following describes why we collect and use personal data.
We collect personal data when canal ticket purchases are made, when you register as a sponsor for a tree, subscribe to our newsletters, register interest in available canal houses, sign up for events etc.
Lawful basis: You consent to the processing of personal data when you send/enter your data using the respective sign up form, ticket system or database of available canal houses, for example.
In certain cases, we process data on the lawful basis of balancing of interests. This occurs when you as an individual, or the employer/organisation that you represent, has an ongoing collaboration with us, which requires us to manage your data in order to send out information, invitations and similar.
Storage of personal data
The fundamental principle is that your personal data will only be stored for as long as it is needed needed to fulfil a particular purpose. Thereafter, the data shall be removed.
Sharing of personal data
Data may be shared with:
- Staff working with AB Göta kanalbolag, in order to assist you with ticket purchases, signups for events and similar.
- A contracted Personal Data Controller, such as a contractor providing services to AB Göta kanalbolag.
- The Swedish Police or other authorities, for the purpose of complying with Swedish law.
Protection of personal data
We actively work to protect your personal integrity. Our security work concerns protection of individuals, information and IT infrastructure.
AB Göta kanalbolag takes active information security measures to prevent information from spreading to unauthorised recipients or being lost and to discover breaches in the event that they occur. Access to your personal data is only granted to those who need it to carry out their work. Data processing is logged and systematically monitored.
Data is encrypted using publicly verified and secure encryption methods. We work continuously to prevent spam and viruses across our networks.
You have a right to know how we process your data. The GDPR provides you greater rights to your personal data. Which rights apply depends on the legal basis of the data processing in question.
Read the contact information section for information on who to contact.
You have the following rights:
Right of access
You may request a register extraction once every year, at no cost, clearly specifying which data you would like to receive. AB Göta kanalbolag must handle your request without unnecessary delay and within one month. If we for some reason cannot fulfil your request, we shall provide a reason therefore.
Right to rectification
AB Göta kanalbolag is responsible for ensuring that your personal data, as processed by us, is accurate. If you discover inaccuracies, you have a right to request rectification. Inaccurate information shall be rectified without unnecessary delay. If you find that relevant information is missing, you have a right to notify us about this.
Right to erasure (the “right to be forgotten”)
In certain instances, you have a right to demand erasure of your personal data. This applies, for instance, when you have previously consented to our processing of your personal data.
The right to have data removed does not apply when we process your data to comply with laws which require us to process said data.
Right to restrict processing
You have a right to request a temporary restriction of the processing of your data. It applies in the following situations:
When you find that data is inaccurate and have requested rectification. Processing may then be limited for the duration of our investigation into the matter.
When you need your data in order to establish, exercise or defend a legal claim, even if we no longer need your data for the purposes of our processing.
When you have objected to processing of your data, we are permitted to continue processing your data for the duration of our investigation into the matter. See section ‘Right to object’ for more information.
If a temporary restriction is placed upon the processing of your data, we will notify those to whom we have provided your data of the fact that this restriction has occurred.
The right to restrict processing does not apply if the restriction is shown to be impossible to fulfil, manifestly unfounded or excessive.
Right to transfer data
The right to transfer data (data portability) means that you may request extraction of your data for the purpose of transferring them to another service provider. This right applies only in cases where you have provided consent or entered into an agreement and provided the information yourself.
Rights related to automated decision making including profiling
You have a right not to be subjected to a decision based solely on automated processing, including profiling, if the decision has legal or similarly significant effects on you.
However, automated decision making is permitted if you have consented to it, if it is necessary for the entry into or performance of a contract or if it is permissible by law, as long as appropriate measures are taken to protect your rights and freedoms. If you feel that you have been subjected to automated decision making on improper grounds, contact the Data Protection Officer.
Cookies are small text files containing letters and numbers, with the purpose of improving our websites for you as a user whilst providing us with statistics concerning the usage of the websites. Cookies are sent by our web server and saved to your device as specified below. We use the following cookies:
- Session cookies: temporary cookies that expire when you close your web browser or app
- Persistent cookies: cookies that remain on your computer until you remove them or they expire
- First-party cookies: cookies set by the website you are visiting
- Third-party cookies: cookies set by a third-party website
The cookies we use are there to improve the services we offer to you. Generally, we categorise them as follows:
- Essential cookies are fundamentally essential to the services we offer, such as our payment options – and the services would not function without them.
- Optimisation cookies provide general analytical information related to your usage of our services.
- Preference cookies enable us to save settings such as language preferences and preferences on whether to auto-fill forms.
- Security related cookies ensure the security of our services and safe, secure processing of your data, for example by helping us discover fraud and protect your data. Given that this is an essential part of our services, these cookies are considered essential.
- Marketing cookies are used to tailor and improve your experience of our website, marketing emails and third-party advertising.
- Automated marketing: Based on personal data voluntarily provided by the user, i.e. using forms on our website, we can improve our ability to display more relevant information on the website and across advertising channels.
- Analytics: Analytical cookies help us gather information on how users interact with our website, giving us insights into general interaction patterns rather than the behaviour of any individual user.
- Advertisement: Advertisement cookies help us gather information on your activity and your areas of interest on our website so that we may show relevant, targeted ads in third-party channels (search engines, social media and ad networks).
Settings for the use and extent of cookies can often be changed in your web browser. For instance, you can choose to block all cookies, to only accept first-party cookies or to delete cookies when you close your browser. However, please note that some of our services may not work as intended if you choose to block or delete cookies.
Reporting violations (submitting complaints)
If you experience your data being processed in violation of current regulations or Swedish law, we request that you notify us as soon as possible. You may also submit a complaint to Datainspektionen, the Swedish Data Protection Authority.
Personal Data Representative AB Göta kanalbolag
If you have questions about or comments on the processing of your data, you are welcome to contact us. Our Personal Data Representative is CFO Maria Elken Person.
Phone (switchboard): +46(0)141-20 20 50
AB Göta kanalbolag
591 21 Motala
Contact information for the Swedish Data Protection Agency (Datainspektionen)
You also have the right to lodge complaints with the regulatory authority Datainspektionen, the Swedish Data Protection Agency.
Phone: +46(0)8-657 61 00
Fax: +46(0)8-652 86 52
104 20 Stockholm