Processing of personal data

The National Historical Museums takes measures to protect your personal privacy. We want you to feel secure about our processing of your personal data. To protect your personal data, we comply with the EU General Data Protection Regulation (GDPR 2016/679).

What is regarded as personal data?

Personal data is any kind of information that can be directly or indirectly linked to a living person. It may include, for example, name, address and national identification number (personnummer).

What is meant by the processing of personal data?

Processing of personal data means any collection and utilisation of personal data, whether by electronic or other means. It may include, for example:

  • collecting personal data
  • registering personal data
  • organising personal data
  • structuring personal data
  • storing personal data
  • processing or modifying personal data
  • reading personal data
  • disclosing personal data to third parties
  • compiling personal data
  • combining personal data
  • printing out personal data
  • disseminating personal data
  • correcting personal data
  • erasure or destruction of personal data.

How do we process your personal data?

The National Historical Museums of Sweden must always keep in mind the balancing between the privacy rights of the data subject and the operational requirements of our museums including legal responsibilities as a governmental entity:

  • The National Historical Museums will process personal data in a lawful, accurate and transparent manner in relation to the data subject. The National Historical Museums must always be clear, transparent and concrete in their description of how personal data is processed and do so in accordance with the relevant data protection legislation and regulations.
  • The National Historical Museums must always ensure that personal data is processed on a designated legal basis and that other legislation affecting the processing is complied with. All processing of personal data carried out by the National Historical Museums must rest on at least one legal basis, otherwise the processing is would be unpermitted and hence unlawful.
  • Personal data must be collected for specific, explicit and legitimate purposes and not subsequently processed in a manner incompatible with those purposes.
  • Personal data must be adequate, relevant and not excessive in relation to the purposes for which they are processed (data minimisation).
  • Personal data must be accurate and, where necessary, kept up to date. Every reasonable step must be taken to ensure that personal data which is inaccurate in relation to the purposes for which it is processed is erased or corrected without delay (accuracy).
  • Personal data must not be kept in a form which permits identification of data subjects for longer than is necessary for the purposes for which the data is processed.
  • Personal data must be processed in a manner which ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or harm, using appropriate technical or organisational measures.

What personal data do we process?

By visiting or otherwise coming into contact or interacting with the National Historical Museums, you may be providing personal data to us. In order for us to have the legal authority to process your personal data, we must always establish the purpose of, and have a legal basis for, the processing. Below is the purpose for which the personal data is processed and the legal basis.

When visiting one of our museums

Payment of admission to an exhibition at our museums

The processing is necessary for the performance of a contract to which the data subject is a party.

Retention of data for financial bookkeeping purposes

The processing is necessary for the performance of a legal obligation.

CCTV monitoring of exhibitions

The processing is carried out in the exercise of our official authority. Our legitimate interest in the processing of your personal data is to prevent, deter, detect and investigate criminal offences.

When visiting the government agency’s websites

The agency’s websites use the analytics tool Google Analytics to obtain a picture of how visitors use its websites. The aim is to be able to improve the contents, navigation, and structure of the websites.

How National Historical museums handles cookies

When booking events, tours, school visits and other activities

Managing the booking

The processing is necessary to enter into a booking contract and to administer the contract. Our legitimate interest is the management of your booking. If the booking is not made by you personally and the contract has another contact person, the legal basis for the processing of personal data is to perform a task in the public interest.

In addition to contact details, information on food allergies/intolerance or food preferences may be requested here. The data is deleted as soon as it is no longer needed. Personal data contained in booking systems regarding conference rooms, lectures, public screenings and school screenings will be stored until you notify us you would like it deleted. You can notify us at any time that you would like your personal data to be removed from the system.

Retention of data for financial bookkeeping purposes

The processing is necessary for the performance of a legal obligation.

Personal data in film, video, printed material, or social media

In order to provide information about our activities, we may process personal data such as names, contact details, professional titles, still images and film and audio recordings. The information may be used in printed material such as reports, brochures and newsletters. Personal data may also be used in social media and on the government agency’s and the individual museums’ websites. General images where people do not appear in close-up, moving images and sound recordings, for example from public events, may be used without permission from each individual. The legal basis for the processing is the performance of a task in the public interest.

Personal data in newsletters

Personal data provided for the purpose of sending out newsletters is stored indefinitely until you notify us. You can notify us at any time that you want to unsubscribe, and then your personal data will be deleted. The legal basis for the processing is to fulfil the contract made with us when you subscribed to the newsletter.

Personal data in case of questions, requests and comments to museum activities and Archaeologists

The National Historical Museums is a government agency, which means that information received is considered public documents and may be disclosed in accordance with the principle of public access to official documents, unless it is encompassed within the obligation of confidentiality restriction. The legal basis for the processing of personal data is that it is necessary for an important public interest. The processing of questions, requests and comments is in the public interest. We do so in order to answer your questions, respond to your requests and improve our operations on the basis of your comments.

Personal data in our collections and archives

The following personal data may be processed about you in the context of the National Historical Museum’s collections:

  • Name
  • Address
  • Gender
  • National identification number
  • Citizenship
  • E-mail address
  • Telephone number
  • Date of birth
  • Year of birth
  • Journal registration number
  • Education/profession/occupation
  • Place of birth
  • Film/Video
  • Audio recordings
  • Pictures/images
  • Interests
  • Opinions
  • Experiences
  • Statements of a third person
  • Birth and death dates
  • Marital status
  • Sensitive personal data such as medical condition
  • Sexual orientation
  • Political residence
  • Ethnicity and ANY functional variations//physical disability

In some cases, we collect data indirectly in connection with documentation, collection, research, or through other partners who share content with the National Historical Museums.

What data we collect and why

We collect information of value to the work of the National Historical Museums. The legal support for the processing is that it is performed on the grounds of serving a public interest. Sensitive information about you is only processed in situations where you have expressly publicly disclosed this information or where there is an important public interest in retaining the information.

Communicating information of historical value to the public

For example, via exhibitions, publications and posting on the websites and social media. The legal support for the processing is that it is performed on the grounds of serving a public interest. Sensitive information about you is only processed in situations where you have expressly publicly disclosed this information or where there is an important public interest in retaining the information.

Providing material of historical value for research

The legal support for the processing is that it is performed on the grounds of serving a public interest. Sensitive information about you is only processed in situations where you have expressly publicly disclosed this information or where there is an important public interest in retaining the information.

Preserving and archiving material of cultural and historical value for future generations

The legal support for the processing is that it is performed on the grounds of serving a public interest. Sensitive data concerning you is processed only in situations where it is necessary for archiving purposes in the public interest, or for scientific or historical research purposes.

In the case of gifts, donations and loans to or from our collections

Administering the giving of gifts and donations and the borrowing and lending of objects of cultural and historical value. The processing is necessary for the entry into contracts concerning gifts, donations and loans, and for the administration of the contract. The processing may also be carried out if is in the public interest. Sensitive data concerning you is processed only in situations where it is necessary for archiving purposes in the public interest, or for scientific or historical research purposes.

When visiting the collections to study objects

In the case of research visits and other types of visits to the collections, names and possible institutional affiliation are recorded. The data is used to document who has had access to the collections and are kept for ten years. They also form the basis for statistics for the government agency’s Annual Report, in which case the data is anonymised. Our legal basis for the processing is a public interest.

Archaeological commissioning, sales and support

In the context of archaeological commissioning activities, personal data such as names, contact details, property designations and photographs may be processed and retained. Our legal basis for the processing is to perform a task in the public interest.

The system of support system Intrasis

In the administration of the Intrasis system, contact data of general interest are processed. The processing is necessary for the performance of a contract to which the data subject is a party as a customer.

When applying for employment

Names and contact details provided when applying for employment with the National Historical Museums are registered and retained. Personal data in application documents submitted in connection with recruitment are stored for two years. Application documents for successful applicants are retained.

Personal data provided in unsolicited applications is retained for two years. Personal data is processed for the purpose of administering applications and filling employment positions. The legal basis for the processing is to serve a public interest.

Regarding tenders in procurements

Personal data means any kind of information that refers directly or indirectly to a physical person. Examples of personal data include name, personal ID number, postal address and email address. The General Data Protection Regulation (EU) 2016/679 and the Act (2018:218) with Supplementary Provisions to the EU General Data Protection Regulation contain rules on how personal data must be processed.

National Historical Museums acts as personal data controller for the data that is submitted in connection with tendering and in any agreement that is entered into. The categories of data subjects that arise include the bidder’s contact person, as well as, where applicable, persons whose contact details are given in tenders for the purpose of complying with requirements or award criteria. This may, for example, be data about reference persons, names of employees or contact persons or email addresses. Processing of the personal data in question is necessary so that National Historical Museums can assess tenders and fulfil agreements that are entered into; processing is also necessary to perform tasks of public interest.

Personal data will be used to keep a register of suppliers for the purpose of providing information, administering agreements and enabling call-off orders from framework agreements. Bidders are responsible for informing all the persons whose data is included in the bidder’s tender or is given to National Historical Museums in some other way. Bidders are also responsible for ensuring that submitting personal data is consistent with the General Data Protection Regulation (EU) 2016/679 and the Data Protection Act (2018:218). Note that, pursuant to the principle of public access to official records, National Historical Museums may give out personal data in public documents.

A data subject has the right, at any time, to request information from National Historical Museums about what personal data is registered about that person. Such a request must be in writing and personally signed and sent to registrator@shm.se.

For what period of time is your personal data stored?

Your personal data is not stored longer than necessary to fulfil the purpose of the processing. However, there are other statutes, such as the Swedish Archives Act and the Swedish Accounting Act, that regulate how long your personal data must be stored.

Information to data subjects and to others

You have the right to be informed when your personal data is being processed. Information about the processing of personal data must be provided by the National Historical Museums both when the data is collected and when you otherwise request it. In addition, there are certain occasions when specific information must be provided to you, for example if there is a data breach or similar event (an incident involving breach of personal data) at the National Historical Museums and there is a risk of, for example, identity theft or fraud.

Register extracts

You have the right to request a “register extract” with information about which of your personal data the National Historical Museums of Sweden processes. Upon request, you will receive this information free of charge once a year and without the need to state a reason for your request. The National Historical Museums will then verify your identity before fulfilling the request. There are various ways to request a register extract from the register: This can be done either in writing to our address with a signed request by the applicant him/herself, or sending the request by e-mail.

In order for us to be able to process your request, you must personally sign the written request. Your signature is important so that no one else can request information in our register about you.

If there is personal data about you, this will be sent to your address registered in the central population register.

Sensitive personal data

Some personal data is by their nature more sensitive than others and may only be processed in exceptional circumstances. Such personal data may include:

  • racial or ethnic origin
  • political opinions
  • religious or philosophical beliefs
  • membership in a trade union
  • health
  • a person’s sexual life or sexual orientation
  • genetic data and biometric data uniquely identifying a person (such as fingerprints).

The National Historical Museums shall only process sensitive personal data where there is specific legal basis or where the data subject has given specific consent to the specific processing. Even personal data that is not specifically regulated as sensitive may be more deserving of protection than others. Personal data of a highly personal or private nature is generally considered to be more deserving of protection than other types of personal data.

Your rights

Right to rectification

You have the right to contact the National Historical Museums and ask for inaccurate personal data to be corrected. You also have the right to supplement any missing personal data that is relevant to the processing.

Right to erasure (“right to be forgotten”)

You have the right to ask the National Historical Museums to erase personal data concerning you, primarily in the following situations:

  • If the data is no longer necessary for the purposes for which it was collected
  • If the processing is based on consent and you have withdrawn your consent
  •  If you object to processing carried out in the exercise of official authority and there are no legitimate grounds that outweigh your interests
  • If your personal data has been processed unlawfully
  • If erasure is necessary to comply with a legal obligation.

There are exceptions to the right to erasure for the following reasons:

  • To exercise the right to freedom of expression and access to information
  • To comply with a legal obligation requiring processing pursuant to applicable law
  • To carry out a task in the public interest or in the exercise of official authority
  • For archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes
  • for the establishment, pursuit, or defence of legal claims.

Right to Restrict Processing

In certain cases, you have the right to request that the processing of your personal data be restricted. Restriction means that the data is marked by blocking and a form of restriction of access for a certain period of time necessary to investigate, for example, the accuracy of the data, legitimate reasons or to enable the National Historical Museums to establish, pursue or defend legal claims, even if the data is not needed for its original purpose.

Right to object

You have the right to object to the processing (using) your personal data when the National Historical Museums of Sweden processes your personal data for the performance of a task in the public interest or in the exercise of official authority.

If you object to the processing, the National Historical Museums may continue to use the personal data only if it can be shown that there are compelling legitimate grounds for the need to process the personal data that outweigh your interests, rights and freedoms or if the processing is for the establishment, exercise or defence of legal claims.

Perhaps you have some questions about how we collect and process personal data?

If you have any questions about the National Historical Museum’s collection and processing of personal data, please contact the National Historical Museum’s Data Protection Officer: erica.nystrom@shm.se or the Registrar, info@shm.se.

Contact details for the National Historical Museums of Sweden

Postal mail to:
Statens Historiska Museer / National Historical Museums
Registrar
PO Box 5428
SE-114 84  Stockholm

Registering complaints

If you are concerned that the National Historical Museums of Sweden is processing your personal data in breach of relevant data protection legislation, you can lodge a complaint with the relevant Swedish supervisory authority. The supervisory authority will examine all complaints and decide whether to initiate supervision, after which it will notify you.

If you desire to lodge a complaint, you can contact Swedish Authority for Privacy Protection:

Box 8114
SE-104 20  Stockholm
Telephone: 08-657 61 00