Processing of personal data

The purpose of this information is to provide, in accordance with the General Data Protection Regulation (GDPR) 2016/679, information about the processing of personal data at the Inspectorate of Strategic Products (ISP). The information also intends to provide information to those whom the ISP processes personal data about and make it easier for them to exercise their rights.

The ISP processes personal data

The ISP mainly processes personal data when it is necessary in the exercise of official authority vested in the ISP (Article 6.1 e).

What is personal data?

Personal data means any information relating to an identified or identifiable natural person. An identifiable natural person (data subject) is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number or other factors specific to the identity of that natural person.

Personal data processed by the ISP

In most cases, the data subject submits personal data to the ISP in connection with an application or a question. Personal data can also be submitted to the ISP from another individual, another authority or when a company joins our customer web.

The ISP is the controller and determines the purposes and means of the processing of personal data within the authority. The ISP primarily processes personal data such as names, address and contact information but other personal data may also be processed.

When does the ISP forward personal data?

Sometimes the ISP hires external help for administrative tasks. These companies are personal data processors - processing personal data on behalf of the controller. The processors only have access to the information they need in order to carry out their tasks.

Sometimes the ISP must forward personal data to other authorities, for example the Swedish Police, in order to fulfill its legal obligations.

The principle of public access to official documents gives the public the right to read official documents submitted to or drawn up by the ISP, provided the document is not secret. The ISP may therefore disclose personal data in connection with a request to obtain official documents.

Storage limitation

As a public authority the ISP must comply with the provisions of the Archives Act (1990:782). Personal data in archived documents is stored in our operating system. According to the Archives Act some documents can be disposed after a prescribed retention period. The ISP no longer stores the personal data once the document is disposed.

Security

Disclosing personal data always involves a risk. The ISP makes sure to take appropriate and adequate measures to minimize the risks of unauthorized access to and corruption of your personal data.

General data collection

When visiting isp.se, the website uses certain technologies to collect personal data such as IP address, operating system and browser. This data is never reviewed at an individual level. Read more about cookies.

Where is your data processed?

The ISP and its processors only process personal data within the EU/EEA.

Your rights

If the ISP is processing your personal data you have certain rights.

Right to rectification

You have the right to contact the ISP and request that inaccurate information be rectified. If you have such a request contact the Data Protection Officer for help.

Right to erasure

You have the right to contact the ISP and request the deletion of personal data .e.g. if the processing of personal data is no longer necessary for the purposes for which it was collected. If you have such a request contact the Data Protection Officer for help.

The right of access

You have the right to access information about the personal data the ISP processes about you. This gives you the right to obtain a copy of your personal data as well as other supplementary information. In addition, the ISP also provides information about the purpose of the treatment, categories of personal data concerned and the recipients or categories of recipient the personal data is disclosed to.

If the information is not to be archived according to the provisions of the Archives Act, the ISP will inform you about how long the personal data is stored.

Supervisory authority

The Swedish Data Protection Authority is responsible for monitoring compliance of the General Data Protection Regulation (GDPR) 2016/679 through supervision. You have the right to file a complaint to the supervisory authority.

Data Protection Officer

Anyone who wishes to comment on or who has questions regarding ISP's processing of personal data can contact the Data Protection Officer at ISP, via dso@isp.se.

The ISP is the controller

Inspectorate for Strategic Products

Box 6086, SE-171 06 Solna, Sweden

E-mail: registrator@isp.se

Phone: +46 8 406 31 00

Fax: +46 8 20 31 00

Organisation number: 202100-4912

Note: If the information in English is different from the Swedish version, it is the Swedish version that applies.