The personal data policy of the Swedish Investment Fund Association

We treat your personal data in accordance the General Data Protection Regulation. Information on our processing of personal data can be subject to revision and all changes are advertised on this website.

This personal data policy describes what personal data we collect, the purpose of the processing of personal data, the lawful grounds for processing of personal data and what rights you have as regard processing of personal data under the GDPR and how to contact us.

This personal data policy applies to Fondbolagens förening, corporate identity number 802014–7735, (the Association) and the subsidiary Fondbolagens förenings Service AB, corporate identity number 556380–7287 (Service company).

The Association and the Service Company are jointly the data controller and are responsible for ensuring that the processing of your personal data is done in accordance with the General Data Protection Regulation (GDPR) and associated legislation. For the purpose of this policy the Association and the Service Company are jointly referred to as ‘the Swedish Investment Fund Association, SIFA’.

The SIFA safeguards your privacy and does not collect more data than is necessary to realise the purpose of collecting the data. 

The SIFA collects and processes personal data relating to employees of our member companies, employees of authorities, journalists, researchers, politicians, employees of SIFA and other professional associations and others that register for our newsletters or participate in our activities.

We also process personal data concerning contact persons at our suppliers and collaborating partners.

The purpose of the SIFA’s processing of personal data is to perform tasks with the aim of realising the Association’s business objectives, i.e. to promote the fund industry in Sweden and to protect the common interests of investors and fund management companies and to realise the Service Company’s business objectives, i.e. to provide service to members of the Association by providing technical collaboration, research, information and publicity.

The personal data the SIFA collects include name, e‐mail address, phone number, employer’s name and professional title. We have received your data from you directly, from your employer or, in certain cases, from publicly available sources.

The SIFA may process your personal data on the basis of the four legal grounds below. Should the SIFA intend to process your personal data on a legal ground other than that which was initially used for the basis of data collection, you will be informed of this prior to commencement.  

1. Legitimate interest/ balancing of interest

In the light of the business carried out by the SIFA, we have an interest in processing your personal data. We consider that our interest in processing of data is necessary for our business objective and that your interest in protecting your data does not outweigh our interest.

2. Performance of a contractual obligation

The processing of personal data is necessary for the performance of a contract to which you are party or to make arrangement at your request prior to such contract.

3. Consent

You have given your consent to the processing of your personal data for one or more specific purposes. You can revoke your consent at any time.

4. Legal obligation

The processing of personal data is necessary to discharge a legal obligation to which the SIFA is subject, such as the Accounting Act. 

Storage time

The SIFA does not store personal data for longer than is deemed necessary for the purpose of the processing of the personal data.

  • If the ground for the processing is legitimate interest, the data is deleted when there no longer exists legitimate reasons to process your personal data. For example, we retain your personal data as long as they are required for the administration of the contact with you as an employee of the member company. When your personal data is no longer necessary, for example because you ended your employment at the member company, the personal data will be deleted from the SIFA’s systems (if you did not consent to us saving them). 
  • If the ground for collecting personal data is legitimate interest, the information will be saved until further notice in internal protocols or in lists of participants to be able to, in the future, account for the handling of a question.  Emails that contain information that is important to the Association’s business objective till be also be saved.
  • If the ground for processing personal data is performance of a contract, the data is deleted when the agreement has expired and when there is no longer any reason for the processing of the personal data, for example according to limitation rules.
  • Personal data that has been collected in accordance with a legal obligation will be stored for as long as it is required according to applicable legislation, for example up to 7 years according to the provisions of the Accounting Act or 10 years according to limitation rules.
  • When personal data has been collected with consent as the legal ground, the data will be deleted immediately when you revoke your consent.  

Access to your personal data

Your personal data will not be transferred, shared or otherwise made available for use by other companies or persons. However, we may need to provide our and our member companies’ suppliers and other contractors access to your data when they provide services to us, especially IT maintenance and support, or in conjunction with organising events that the SIFA arranges itself or together with other organisations. The SIFA ensures that such transfers are made safely and in accordance with applicable data protection legislation. 

The SIFA safeguards your privacy and has established internal guidelines to protect your personal data. Appropriate security measures are applied to ensure that personal data is protected against destruction, unauthorized disclosure, unauthorised access, loss or alteration.

Under the GDPR you have a range of rights as regards the processing of your personal data as described below. To exercise your rights, you are welcome to contact us using the contact information given at the end of this policy.

Right to access personal data 

You have the right to receive confirmation of whether personal data concerning you are processed by the SIFA and, if so, be given access to the personal data and, for example, obtain information about: 

  • the purposes of the processing, 
  • the categories of personal data that the processing concerns,
  • the recipients to whom the personal data have been or will be provided or disclosed, and
  • if possible, the predicted period during which the personal data will be stored or, should this not be possible, the criteria used to establish this period.

If we process your personal data you are entitled to receive, free of charge, information about the processing, a so‐called register extract. If your request is evidently unfounded or unreasonable, we may charge a reasonable fee for such request in accordance with the provisions of the GDPR. In order to meet our security requirements, we also reserve the right to verify that it is the right person who is requesting personal data about him‐ or herself. 

Right to rectification of inaccurate personal data

You have the right, without undue delay, to have your inaccurate personal data rectified and to have incomplete personal data completed. 

Right to deletion (“right to be forgotten”)

In certain cases, you have the right to have your personal data deleted, for example if:

  • the personal data is no longer necessary for the purposes for which it was collected or otherwise processed,
  • the processing of your personal data is based on consent and you have subsequently revoked your consent, provided that no other lawful grounds exist for the processing of the personal data,
  • you object to the processing based on a legitimate interest and there are no legitimate reasons for the processing that override your interest of protection for your personal data, or
  • if the personal data has been unlawfully processed.

The right to deletion does not apply if the personal data is required for the SIFA to fulfil a legal obligation.   

Right to restriction

In certain cases, you have the right to request that the processing of your personal data be restricted, i.e. that it may only be processed with your consent. This may be, for example, if you do not consider that the personal data is correct and wish to restrict the use of the data while the SIFA verifies the data.

Right to data portability

You have the right to obtain personal data that you have provided to the SIFA in a structured, widely used and machine‐readable format in order to transfer it to another data controller in case the processing of the personal data is based on consent or performance of a contractual obligation.

Right to object

You have the right to object to processing of your personal data that is based on a legitimate interest. The SIFA may no longer process the personal data unless we can prove that compelling legitimate grounds exist for such processing which outweighs your interests and rights.

Right to lodge a complaint with a supervisory authority

If you consider that we are not respecting your rights, you also have the right to lodge a complaint with the Swedish Data Protection Authority.

If you have questions about the processing of personal data or wish to exercise your rights according to the above, please contact us at:

personuppgiftsansvarig@fondbolagen.se 

or

Fondbolagens förening (or Fondbolagens förenings Service AB)

GDPR

David Bagares Gata 3

S‐111 38 Stockholm

This policy was updated on May 24 2018 and may be subject to further revision. SIFA’s up to date personal data policy can be found on the Association’s website.