Since 25 May 2018, the EU General Data Protection Regulation (GDPR) is applicable. It is a common regulation for the entire European Union. GDPR has replaced the national Swedish Personal Data Act (PUL).
GDPR regulates processing of personal data
The new regulation is intended to strengthen the protection of private persons when personal data is processed. All processing of personal data must meet the basic requirements set in the GDPR. Among other things, the requirements mean that personal data may only be collected for justified purposes that are not excessively general and that the amount of data shall be limited to what is necessary for these purposes. The data may not subsequently be processed in a way that is incompatible with these purposes and may not be saved longer than necessary. The party processing personal data must be able to show that the requirements are followed.
Here, you can read how the Swedish National Board of Housing, Building and Planning (Boverket) processes personal data.
We never process personal data unnecessarily
What is personal data?
According to the GDPR, personal data includes information about a living natural person who can be directly or indirectly identified by for example name, identification number, location information or one or more other factors that are specific to that natural person.
Personal data that Boverket processes
Boverket is the personal data controller for the processing of personal data in the authority. The personal data we process about you may include first name and surname, address, contact information, property designation and other personal data depending on what your case concerns. There are always relevant reasons for our processing of information about you, referred to as legal grounds. What legal grounds mean is stated in GDPR Article 6. In Boverket’s data protection policy, you can read more about some basic principles in the authority’s handling of personal data.
Storage (removal) and archiving
Since Boverket is a national authority, we have an obligation to follow the rules of the Archives Act. Among other things, this means that personal data in the cases that are to be archived is stored in our operational systems. According to the archive rules, some documents can be discarded after a certain amount of time. This means that personal data in such documents is removed when that time has expired. Removing personal data that is no longer needed is called storage limitation.
Where do we get your information from?
In most cases, it is you yourself who send your personal data to us in connection with a grant application, a question or another matter. We may also receive it from another authority, such as Lantmäteriet (the cadastral and land registration authority), the Swedish Tax Agency, the Swedish Consumer Agency, the Swedish Environmental Protection Agency, the Swedish Energy Agency or the county administrative boards.
Cases when Boverket may forward data
To fulfil legal obligations, Boverket must provide certain information to other authorities, such as the Swedish Tax Agency and the Swedish Social Insurance Agency (Försäkringskassan).
For some information, Boverket engages external help, such as for the development of systems and dispatch of newsletters. The companies we engage then become the personal data processors for us, but only receive access to the information they need to be able to carry out their assignments.
Providing personal data always entails a risk, regardless if it is done in person, by phone or over the Internet, and no technical systems are completely protected from intrusion. Boverket makes every effort to implement suitable and adequate measures to prevent and minimise the risks of unauthorised access to and tampering with your personal data.
General data collection
When you visit boverket.se, the website can use certain technology to gather personal data such as the IP address, operating system and web browser. More information about this is on the page “About cookies”.
Where is your data processed?
Boverket and our suppliers process your personal data within the EU/EEA.
If any information proves to be incorrect, you have the right to request that it be corrected. Under certain circumstances, you have the right to request deletion or restriction of your personal data, and to object to our processing. Contact our data protection officer for help with this.
In some cases you can request deletion of personal data that we process about you, if the information is no longer necessary for the purposes for which it was collected or processed. Keep in mind that there are often legal obligations that apply to authorities which mean that we have to refuse your request for deletion.
You also have the right to access information on the personal data we process (the right to register transcript). Information is provided in the form of a register transcript where we state the purpose of the processing, categories of personal data processed, wherefrom the personal data has been collected and categories of recipients. If the information is not to be archived according to the provisions of the Archive Act, we will provide information about how long the information is stored.
The Swedish Data Protection Authority is responsible for supervising the application of the legislation. You have a right to submit a complaint to the supervisory authority.
Boverket is the personal data controller
Boverket’s corporate identification number: 202100-3989
Boverket’s postal address:
Data protection officer
If you have questions or opinions regarding Boverket’s processing of your personal data, you are welcome to contact our data protection officer.