Swedenergy’s Integrity Policy
At Energiföretagen Sverige, we are committed to protecting your personal privacy. Our aim is for you to feel safe when providing your personal data to us. All processing of personal data is carried out in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR), supplementary legislation and our internal guidelines
On this page we explain what personal data we collect, why we process it, how long we retain it, and what rights you have.
Data Controller
Energiföretagen Sverige – Swedenergy AB
Organizational number: 556104-3265
Address: Olof Palmes gata 11, 101 53 Stockholm
E-mail: dataskydd@energiforetagen.se
What is Personal Data and Processing?
Personal data is any information that can directly or indirectly be linked to you as a living individual – for example, name, address, email address, phone number, national identity number, IP address, or photographs.
Processing of personal data refers to any action taken with such data, whether automated or manual – for example, collection, registration, storage, processing, transfer, or erasure.
Personal Data Processed
Depending on how you interact with us, we process the following categories of personal data:
Private Individuals and Representatives
- Identity information – first name, last name, and where applicable, national identity number
- Contact information – address, email address, and phone number
Organizational affiliation – employer and job title - Competency and certification data – authorizations, certificates and training history
- Data regarding membership and subject areas
- Data you provide yourself when making contact, registering, or responding to surveys
- For recruitment: CV, cover letter, employment and education history, and references
- Sensitive data (e.g. allergies or dietary preferences) - processed solely in connection with events and deleted immediately afterwards
Business Contacts
When processing personal data about contact persons at partners, suppliers, and other organizations, we also collect:
- Organizational affiliation – title, position and role
- Company-specific data – corporate email address, phone number and postal address
- Business communication – communications and correspondence within the scope of the business relationship
When We Process Personal Data
We collect and process personal data when you:
- Visit our websites
- Apply for, create, modify or close a user account
- Participate in councils, networks or working groups
- Book or register for one of our events
- Are registered in our competency and certification register
- Order publishing products such as publications or subscriptions
- Subscribe to our newsletters
- Apply for vacancies with us
- Respond to surveys or evaluations
- Appear in photographs or videos from our events
- Contact us by email, phone or other means
Purposes, Legal Basis and Retention Period
The table below sets out, for each processing activity, the applicable purpose, the legal basis we rely on, and how long the data is retained.
Private Individuals and Representatives
Administer memberships, events and services
Legal basis: Contract
Categories of personal data: Identity information, contact information, organizational affiliation
Retention period: For the duration of the contract or membership and up to 7 years after under the Swedish Bookkeeping Act
Administer the competency and certificate register and communicate about certificates, renewals and updates
Legal basis: Contract / Legitimate interest / Consent (legitimate interest applies to data subjects registered from 2026-06-22; previously given consent remains in effect and may be withdrawn at any time)
Categories of personal data: Identity information, contact information, competency and certificate data
Retention period: For the duration of the contract. Data concerning issued certificates is retained for as long as the certificate is valid and up to 7 years thereafter
Fulfill agreements with you or your employer
Legal basis: Contract
Categories of personal data: Identity information, contact information, organizational affiliation
Retention period: For the duration of the contract and up to 7 years after under the Swedish Bookkeeping Act
Fulfill legal obligations
Legal basis: Legal obligation
Categories of personal data: Identity information, contact information, financial data
Retention period: As long as we are required to retain the data under applicable law or regulatory decision
Handle communications, invoicing and support
Legal basis: Contract / Legitimate interest
Categories of personal data: Identity information, contact information
Retention period: For the duration of the contract and up to 7 years after under the Swedish Bookkeeping Act
Send newsletters and direct marketing for our own services and events
Legal basis: Consent
Categories of personal data: Identity information, contact information
Retention period: For as long as the consent exists. Data is deleted when consent is withdrawn, upon email bounce or according to internal retention schedule
Subscriptions and publishing products
Legal basis: Contract
Categories of personal data: Identity information, contact information
Retention period: During the duration of the subscription and up to 7 years after under the Swedish Bookkeeping Act
Web analytics and service improvement
Legal basis: Consent (cookies) / Legitimate interest (aggregated analysis)
Categories of personal data: IP address, website behavioral data
Retention period: In accordance with our cookie policy
Photos and videos from events
Legal basis: Legitimate interest / Consent
Categories of personal data: Photographs or video
Retention period: Until consent is withdrawn or as long as the material is assessed to have documentation or communication value for the organization
Processing of applications and recruitment
Legal basis: Contract / Legitimate interest
Categories of personal data: Identity information, CV and application data, employment and education history
Retention period: Two years after the conclusion of the recruitment process, unless consent to longer retention is obtained
Survey and evaluation responses
Legal basis: Legitimate interest
Categories of personal data: Identity information (where applicable), response data
Retention period: Until the purpose is fulfilled; data is deleted or anonymized
Prevent and investigate potential fraud or security incidents
Legal basis: Legitimate interest / Legal obligation
Categories of personal data: Identity information, contact information, identification number
Retention period: 12 months after the matter is closed
Business Contacts
Administer the business relationship
Legal basis: Legitimate interest
Categories of personal data: Identity information, contact information, organizational affiliation, business communications
Retention period: As long as the organization has an active relationship with us
Fulfill and preserve contracts
Legal basis: Legitimate interest (safeguarding of legal claims)
Categories of personal data: Identity information, contact information, organizational affiliation, business communications
Retention period: For the duration of the contract and 10 years under the Swedish Statute of Limitations Act
Erasure and Anonymization
Personal data is deleted or anonymized when it no longer needs to be retained for the purpose of which it was collected. We have internal procedures for erasure and anonymization that ensure data is not retained longer than necessary.
When Energiföretagen carries out an erasure, the action cannot be reversed. After the erasure has been completed, no individual can be associated with the remaining information.
Recipients of Personal Data
We only disclose personal data to external parties where necessary to fulfill a purpose described in this notice. The following types of recipients may be involved:
- Technical service providers and system suppliers who assist us in providing our services (e.g. IT systems, email platforms and analytics tools)
Suppliers of certificate production, card manufacturers and training providers. - Conference venues, restaurants, and hotels in connection with events.
- Authorities, where disclosure is required by law or regulatory decision – in certain cases we may be legally prohibited from informing you that your data has been requested.
All external parties that process personal data on our behalf are data processors and are bound by data processing agreements that ensure data is handled in accordance with GDPR.
We do not share personal data with third parties for their own marketing purposes.
Third-Country Transfers
We process as much data as possible within the EU/EES. If data is transferred for processing by a supplier or sub-processor outside the EU/EES, we have ensured that this is done in accordance with the requirements of Chapter V GDPR – i.e. that the recipient is either located in a country, or is a company, deemed to provide an adequate protection, or that the recipient has entered into contractual clauses with Energiföretagen that ensure the recipient maintains a level of protection comparable to that within the EU/EES.
Information Security
Energiföretagen implements appropriate technical and organizational measures to protect your personal data in accordance with article 32 GDPR. This includes internal guidelines and processes for information security, as well as measures to prevent and detect personal data breaches. Access to your personal data is restricted through access controls to staff with a legitimate need for access.
If your personal data is affected by a personal data breach, we may contact you in accordance with Article 34 GDPR.
Cookies
We use cookies on our website to enable functions such as login, to improve user experience, and to analyze traffic. Cookies that are not strictly essential, require your consent.
You may change or withdraw your consent at any time via the cookie settings on our websites.
Read more in our cookie policy: https://www.energiforetagen.se/ovrigt/information-om-cookie/
Your Rights
Under the GDPR, you have the following rights regarding the personal data we process about you:
- Right of access
You have the right to request a register extract confirming whether we process personal data about you and, if so, what data. We compile information and send it to you normally within a month. - Right to rectification
You have the right to request that we correct inaccurate personal data or supplement incomplete data. - Right to erasure
You have the right to request that we delete your personal data when it is no longer necessary for the purpose for which it was collected. Please note that in certain cases we are legally required to retain data. - Right to restriction of processing
You have the right to request that the processing of your personal data be restricted in certain situations, e.g, if you contest the accuracy of the data. - Right to object
You may at any time object to processing based on legitimate interest. You always have the right to object to processing for direct marketing purposes. - Right to data portability
You have the right to request that personal data you yourself have provided to us be provided in a structured, commonly used, and machine-readable format, and to have it transferred to another data controller. This does not apply to data we are legally required to retain. - Right to withdraw consent
If processing is based on consent, you have the right to withdraw it at any time without this affecting the lawfulness of processing carried out prior to the withdrawal.
To exercise your rights – contact us at: dataskydd@energiforetagen.se
If you believe that we have done something incorrect or are not living up to this privacy notice, we encourage you to contact us int the first instance, but you always have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY). For more information, see www.imy.se.
Changes to the Privacy Notice
This privacy notice may be updated as a result of changes to the GDPR or other applicable legislation, or due to new practice in the interpretation or application of such legislation. The most recent version is always published on our website.
If we make material changes, we will inform you clearly, for example by e-mail or via a notice on our website. Where required by law, we will also obtain your consent anew.