The Swedish Coast Guard’s processing of personal data

This is where you can read general information about how the Swedish Coast Guard processes personal data and what rights you have as a data subject. In connection with the collection of personal data, we also provide more specific information about the current processing of personal data. Use the menu on the left to quickly find the information you are looking for.

Responsibility of the data controller

The Swedish Coast Guard processes personal data in connection with the fulfilment of our mission that we have received, as a public authority, from the government. The Swedish Coast Guard is the data controller for the processing of personal data that takes place in our operational activities. For example, the Swedish Coast Guard processes personal data in the authority’s case management, in its operational activities, in collaboration with other authorities or when someone applies for employment with us.

Data protection officer

If you have any questions about the processing of your personal data by the Swedish Coast Guard, please contact the Swedish Coast Guard’s Data Protection Officer:

E-mail: dataskyddsombud@kustbevakningen.se
Telephone: +46 766 70 70 00
Address: Kustbevakningen, Box 536, 371 23 KARLSKRONA

Current legislation 

When processing personal data, the Swedish Coast Guard must comply with several regulations. When the Swedish Coast Guard processes personal data in the context of law enforcement activities or to maintain public order and security, the authority must comply with the Criminal Data Act. All other processing of personal data by the authority must comply with the General Data Protection Regulation (GDPR) and supplementary national legislation. The Swedish Coast Guard also has so-called register statutes, which are specific to the Swedish Coast Guard, and which supplement the Criminal Data Act and the General Data Protection Regulation. The data protection regulations contain, among other things, rules with basic principles for the processing of personal data and requirements for the processing to be lawful. They also contain rules regarding rights to information and access to personal data.

The Swedish Coast Guard uses cameras in its operations and, where applicable, also complies with the data protection regulations and the Camera Surveillance Act.

What is personal data? 

Personal data is any kind of information that can be directly or indirectly linked to a (natural) person who is alive. For example, it can be a name, address, personal identification number or a photograph of a person.

Some personal data are more sensitive than others and therefore need stronger protection. Examples of sensitive personal data are health, political views, or membership of a trade union. As a general rule, it is forbidden to process sensitive personal data, but there are exceptions.

What is meant by the processing of personal data? 

In principle, the processing of personal data means everything that can be done with personal data, such as collection, registration, processing, or storage.

The Swedish Authority for Privacy Protection’s website imy.se provides more information about data protection regulations and explanations of words and concepts related to the processing of personal data.

For what purposes does the Swedish Coast Guard process personal data? 

The Swedish Coast Guard processes personal data for different purposes depending on the activities within which the processing of data is carried out. The purpose of data processing governs how we manage the data. The Swedish Coast Guard primarily processes personal data within the framework of the government authority’s mission in terms of its rescue services and maritime surveillance. As an employer, the Swedish Coast Guard also processes personal data in its personnel administration activities. You can read more about how the Swedish Coast Guard processes personal data in different operational areas under each heading on the website. 

Categories of personal data processed 

The Swedish Coast Guard processes different categories of personal data depending on the purpose of the processing. This may include an individual’s name, e-mail address, telephone number and other contact information. The information shall be limited to what is necessary in order for us to be able to fulfil our mission and comply with given legislation. Since we are a government authority, we must, for example, keep records and archives in accordance with the Public Access to Information and Secrecy Act and the Archives Act. Personal data must also be processed in order for our internal administration to function. You can read more about the categories of personal data that are processed in different operational areas in the menu on the left.

How long do we keep the personal data? 

The personal data is not processed for longer than is necessary with respect to the purpose of the processing. The time limits for how long personal data may be retained vary and are governed by data retention provisions and different archive rules. You can read more about how long the Swedish Coast Guard retains personal data in different operational areas in the menu on the left.

What are the legal bases for the processing of personal data by the authority? 

In order for the processing of personal data to be permitted, there must be a legal basis in the data protection regulations. Most of the processing of personal data by the Swedish Coast Guard takes place because it is necessary in order for the authority to carry out its mission and this is done under the legal basis of public interest. There is also a legal basis for our processing of personal data in that we have a legal obligation, which means that there are laws and regulations that require us to process certain personal data. When we process personal data in order to fulfil a contract, the legal basis is the contract, which becomes the legal support for the processing of the data. Such processing is relevant, for example, when we, as an employer, have to fulfil various aspects of the employment contract, for example, when making salary calculations. Some processing activities can be carried out on the basis of consent. For example, if you choose to subscribe to the Swedish Coast Guard’s newsletter.

The above-mentioned processing of personal data is specifically regulated in the Swedish Coast Guard’s so-called register statute within the area of the General Data Protection Regulation, the Swedish Coast Guard Data Act (2019:429).

The Swedish Coast Guard also processes personal data for law enforcement purposes. The legal bases upon which the processing is based include:

• to prevent, hinder and detect criminal activities
• to investigate or prosecute criminal offences
• to maintain public order and security
• to fulfil obligations arising from international obligations

This processing of personal data is specifically regulated in the Swedish Coast Guard’s register statute in the area of the Crime Data Act, the Act (2018:1695) on the Swedish Coast Guard’s processing of personal data within the area of the Criminal Data Act and the Crime Data Act (Brottsdatalag – 2018:1177).

Handling of sensitive personal data 

The Swedish Coast Guard’s mission means that sensitive personal data may be processed. The legal basis depends on the operational activity in which the processing takes place. When sensitive personal data is processed, a special assessment is always carried out to ensure the protection of the data. 

Who has access to the personal data? 

Only those Swedish Coast Guard employees who need it to carry out their work assignments can access the personal data. In some cases, the Swedish Coast Guard needs to use personal data processors. In cases where personal data processors are engaged, they may only process personal data in accordance with the purposes and instructions given by the Swedish Coast Guard through a so-called personal data processing agreement. The assistant or the person engaged as a sub-processor may not have access to more information than necessary for them to be able to perform the tasks agreed upon by the Swedish Coast Guard. As a result of the principle of public access to official records, public documents that may include personal data are disclosed. External recipients of our personal data are primarily cooperating authorities, municipalities, and other organisations. The Swedish Coast Guard also collaborates with various organisations internationally. If personal data needs to be transferred to a third country, an assessment is first carried out as to whether the data may be transferred.

Supervisory authority for the processing of personal data 

The Swedish Authority for Privacy Protection (IMY) is Sweden’s national supervisory authority for the processing of personal data. The Swedish Authority for Privacy Protection (IMY) reviews compliance with the rules in the area of data protection, primarily through supervision. Read more about IMY’s mission here.

Complaints to the supervisory authority and verification of legality 

If you would like to submit a complaint, you are entitled to contact the Swedish Authority for Privacy Protection. For contact information regarding the Swedish Authority for Privacy Protection, please refer to their website:www.imy.se/en

The principle of public access to official records

The Swedish Coast Guard is a public authority, which means that communications sent to us are, as a general rule, public documents that are registered, and will be released upon request if the information is not subject to confidentiality. Accordingly, personal data may be disclosed in accordance with the principle of public access to official documents. The Swedish Coast Guard has no right to investigate to whom the information is disclosed unless it is of crucial importance for the actual confidentiality assessment.

The processing of personal data required by the Public Access to Information and Secrecy Act, the Archives Act and the Administrative Procedure Act for the correct management of the authority’s public documents, which takes place pursuant to the EU’s General Data Protection Regulation, is considered necessary for reasons of important public interest. Read more about the principle of public access to official records