Integrity policy
It is important for us at Swedavia that your personal data is handled in a secure and appropriate way.
Below we describe how and why we save your data. For example, we do this when you choose to subscribe to our newsletters or choose to receive information from us when you book parking.
How Swedavia regards the updated protection of data integrity
- We only collect the personal data vi we need in order to provide our services and run our operations
- We protect the personal data we have collected
- We only use the personal data collected for the purpose it was collected for
- We delete personal data we no longer need
- We inform people who need to register how and when we collect personal data.
- We inform those parties affected such as people registered and government authorities involved if an incident were to occur related to our handling of personal data
General
This integrity policy describes how Swedavia AB (publ) ("Swedavia") handles your personal data.
We respect your right to integrity and we are committed to complying with the regulations in effect for data security and protecting your rights. We make sure that you are aware of what kinds of information we collect from you, how this information is used and how we protect it.
This policy also describes your rights and how you can contact us if you have any questions about the use of your personal data.
Responsibility for personal data
Swedavia is responsible for the handling of your personal data in accordance with this integrity policy.
Data Protection Ombudsman
Swedavia AB
190 45 Stockholm-Arlanda Sweden
E-mail:Â personuppgifter@swedavia.se
Frequently asked questions
Swedavia collects personal data in a number of different ways and at different times, including when you use our website, when you use our parking facilities or when you contact us.
1. When you submit a form or book parking.
Personal data
Name, e-mail address, telephone number, national identification number, passport number, vehicle licence plate number, postal code, town
Reason for handling personal data
We collect the data needed, for example, in order for you to take part in a contest, submit your views, subscribe to newsletters from us, enter the parking facility booked. Â
Legal basis for handling personal data
Agreements and consent
Retention period
We store your data as long as is necessary to fulfil our purpose.
2. Device information
Personal data
Language settings, web browser settings, time zone, geographic information, operating system, platform and screen resolution (via statistical tools and newsletter systems).
Reason for handling personal data
Provide, carry out and improve services.
Legal basis for handling personal data
Authorised interest
Retention period
We store your data as long as is necessary to fulfil our purpose.
3. If you park your car with us
Purpose of the information processing
We process your personal data in order to provide pre-booked or drive-up parking.
Personal data we can collect from you
E-mail address, mobile number, vehicle registration number, payment card information.
Legal grounds for processing the information
Agreement, consent
Data retention period
We store the information as long as it is required to fulfil this purpose.
4. If you use our VIP services
Personal data we can collect from you
Name, customer number, account number, invoice number, passport number, destination or place of departure, residential address, e-mail address, telephone number, mobile number, date of birth, Â vehicle registration number.
We can obtain your personal data from another party
In some cases, we will obtain your personal data from someone else, for example, a booking company, booking agent, ground handling agent, secretary, government agency, event company, travel agent or someone else on your behalf.
Purpose of the information processing
We process your personal data in order to deliver the VIP service ordered.
Legal grounds for processing the information
Agreement, consent
Data retention period
We store the information as long as it is required to fulfil this purpose.
5. Camera surveillance of the airport area
Personal data we can collect from you
Images, video footage and in some cases sounds.
Purpose of the information processing
The information is processed in order to meet security requirements for the protection of the airport by preventing, detecting and investigating threats and criminal acts against public safety at Swedavia’s airports.Â
Legal grounds for processing the information
Our airports are subject to extensive legal requirements for safety and security measures, and as grounds for this processing we refer to Article 6.1 c in the Swedish Data Protection Act (compliance with a legal obligation to which the controller is subject).
Data retention period
Information from surveillance of the airport area is deleted within one month. Under special circumstances and related to specific cases, such information can be stored for a longer period.
6. Management of assistance for persons with restricted mobility (PRM)
Personal data we can collect from you
Name, need for PRM assistance, identity data (for example, booking number).
We can obtain your personal data from airport operators, aircraft operators and individuals if there is a need for PRM assistance.
Purpose of the information processing
We process information in messages received in order to carry out the tasks and responsibilities under Regulation (EC) 1107/2006 establishing the rights for provision of assistance to disabled persons and persons with restricted mobility.
Legal grounds for processing the information
As grounds for processing this information, reference is made to Article 6.1 c in the Swedish Data Protection Act (compliance with a legal obligation to which the controller is subject). The processing of personal data is necessary in order for us to comply with the legal obligations under the EU’s Regulation governing the rights for provision of assistance to disabled persons and persons with restricted mobility.
Data retention period
We store the information as long as this is required in order to comply with the requirements in the EU’s Regulation governing the rights for provision of assistance to disabled persons and persons with restricted mobility.Â
7. Our open WiFi
Personal data we can collect from you
Information about the device connected and your e-mail address.
Purpose of the information processing
The purpose of collecting data in conjunction with the use of our open WiFi is to improve websites and functions in the WiFi service offered and if necessary be able to target marketing offers to you.
Legal grounds for processing the information
Personal data processed in conjunction with your use of our open WiFi is processed on the basis of Article 6.1 f of the Swedish Data Protection Act, on the grounds that processing is necessary for the following legitimate interests that Swedavia strives for, such as:
-Â Â Â Â Â Â Â improving the service and necessary functionality
-Â Â Â Â Â Â Â if necessary, being able to target marketing of our products and services
-Â Â Â Â Â Â Â to some extent checking that our open WIFI is not used to download unlawful material or used in another way that is in violation of Swedish law
Data retention period
Data collected in conjunction with your use of our open WiFi is deleted within 3 months of being collected.
Swedavia uses the products and services of various suppliers for our IT infrastructure. That means these suppliers may handle your personal data. However, the suppliers assist us with personal data and may only use your personal data according to our instructions.
In some cases, Swedavia may be required to provide information to government authorities in accordance with the law or rulings.
We strive to always store your personal data in the EU/EES. However, in some situations, they may be handled outside the EU/EES by a third party, for example, a technical supplier or subcontractor. We will always take all reasonable legal, technical and organisational measures to ensure that your information is handled at the same level as the protection provided in the EU/EES.
Right to revoke consent
You have the right to revoke your consent for certain personal data at any time. If you revoke your consent, we will stop the data handling for which you gave your consent and erase the personal data that were handled only with the support of your consent.
Right of access
You have the right to receive information about what personal data we have about you and how we handle these data. You also have the right to obtain a copy of this information.
Right to correct and delete
You have the right to have erroneous data corrected and include additional data. You also have the right in some cases to have your personal data deleted, for example, if they are no longer necessary for the purpose for which they were collected.
Right to make objections and right to limit data handling
You have the right to object to the handling of your data, including for direct marketing and in cases where we handle data on the legal basis that we are have an authorised interest. You also have the right to limit handling, for example, if you believe the data are not correct.
Right to data portability
In some cases, you have the right to obtain the personal data that you have provide us. The data are provided in a structured, machine-readable format, and you also have the right to have the data transferred to another party responsible for personal data when it is technically possible.
For questions concerning the handling of your personal data, you may contact Swedavia's Data Protection Ombudsman, personuppgifter@swedavia.se.
If you believe our handling of your personal data is in violation of applicable data security laws, you also have the right to submit a complaint to the Swedish Data Protection Authority.
Our external digital channels include our website Swedavia.se, Swedavia's extranet, social media such as Facebook, Twitter, Instagram, Linkedin and Youtube, our newsletters, chatbot, digital screens and banner advertising.
Our printed channels include vepor, posters and brochures.