It is important for us at Nationalmuseum that you feel safe and secure with how we manage your personal data we collect and process. Therefore, we want to be transparent about how we collect, process and share the information we collect about you. All personal data we collect and process is used to provide, perform and improve the services and products we provide and items we sell. We never sell or rent your personally identifiable information to other companies. When we process personal data in our operations, we comply with the European Union General Data Protection Ordinance.
1. Personal Data Controller
The legal entity responsible for the processing of your personal data is:
SE-103 24 STOCKHOLM
Telephone: +46(0)8 5195 4300
Organisation registration number: 202100-1108
2. Usage of Personal Data
We use your personal data for the following purposes:
a) Provision of items for sale and services: Personal data is used to enable the Nationalmuseum to deliver the desired items and services, and to enable us to provide you with the best service possible, to communicate with you and inform you about our items for sale and services.
b) E-mail and telephone: In our contacts with you, we process personal data to fulfil and manage existing and future agreements, or otherwise assist in providing the information you seek.
c) Exercise of public authority: In connection with decisions in export and export cases, we process personal data.
d) Newsletters: Personal data is used for customised targeted marketing of our activities, which takes your interests into account, to enable us to provide you with relevant, direct and inspiring information in our communications with you.
e) Optimisation of the experience with our digital platforms: When you use our digital platforms, we collect cookies. We use this information to make your experience as good as possible and to develop and improve our digital platforms.
f) Statistics and analysis: Personal data is used to compile statistics and analyses including that relating to the use of our services, the use of our digital platforms, customer satisfaction and visitor statistics, for the purpose of developing and improving the services we offer.
g) The role and responsibilities as a museum: The processing personal data by the Nationalmuseum occurs to the extent required for the performance of its role and responsibilities as a public authority, which among other things involves organising, arranging and researching in the museum’s collections, and in general making is collections accessible.
h) Electronic Surveillance: We use electronic surveillance in the Museum for the purpose of maximising the safety and security of our visitors and collections. Pictures and video footage from the surveillance may be turned over to public authorities engaged in the investigation of criminal activities.
i) Documentation of the authority’s operations and activities: We document our operations and activities to make them more accessible, and to contribute to future research.
3. Categories of Personal Data
a) Provision of our items for sale and services, booking of tours and events
To be able to provide items for sale and services as described above, we collect company and business information, contact details and information relating to transactions. This may include, for instance, names, civil registration numbers, company/organisation registration numbers, address details, e-mail addresses, telephone numbers and other information in messages so as be able to us to perform and accomplish tasks. The legal basis for the processing of this personal data is that the data subject has an agreement, or will enter into an agreement, with the data controller. This applies to i.a. to customers, suppliers and employees.
b) E-mail, text messages and documents received
Documents that arrive to the Nationalmuseum in the form of e.g. e-mail, postal mail, and text messages are usually considered to then become public document. The documents of a public authority are a part of the national heritage and, pursuant to the Swedish Archives Act must be organised, maintained and protected. This means that personal data may need to be retained and preserved even when it was originally collected and processed for a purpose other than for archival purposes of public interest.
c) Decisions concerning export permits and export licenses
In connection with decisions concerning export permits and export licences, contact information and details of the transaction are processed by virtue it being in the public interest and being an exercise of public authority.
d) Marketing (newsletters, optimisation of the experience in our digital channels, statistics and analyses)
To enable us to provide you with relevant information and improve our services, we collect personal data in the form of contact details (name and e-mail address) to be able to send out newsletters. We also collect cookies when you visit our website, for the purpose of optimising your experience on our website. The legal basis for the processing of this personal data is your consent.
e) The National Museum’s mission
Our collections database contains personal data about objects made by artists alive today. The Nationalmuseum also provides information to the “Artist List,” where the Museum collects, processes and stores information in the data set in order to enable us to make the collections, and the knowledge associated with it, accessible.
The personal data in the “Artist List” is entirely focused on the artists’ professional activities, and the information is of an encyclopaedic nature which usually refers to sources where information relating to personal data has already been made public. This information is web-published via our website as linked public data, as part of the Nationalmuseum’s role and responsibilities. Thus, the Artist List becomes a joint professional resource that other cultural heritage institutions can link their cultural heritage information to.
The legal basis for this processing of personal data is that it is necessary so that the Nationalmuseum will be able to fulfil its role and responsibilities as a public authority and top enable it to carry out a responsibility of a public interest.
f) Electronic surveillance
For the purpose of ensuring the safety of visitors, staff and our collections, we may make use of video surveillance (CCTV or similar). In connection with this, we process personal data in the form of photographs, pictures and video recordings. This personal data is processed by virtue it being in the public interest and as an exercise of public authority.
g) Documentation of the activities of a public authority
An important part of our role and responsibilities is to document our activities, so as to enable future research and to make our collections accessible. In connection with this, we collect, process and retain photographs, pictures and video recordings. This personal data is processed by virtue it being in the public interest. In those instances where we document the activities where children (up through age 18) are involved, this is done only when we have a legal ground to so, such as the child’s parent or guardian has given consent.
4. Disclosure of Personal Data
We release your personal data to third parties where this is required in order to fulfil our obligations to you or in accordance with applicable law, to the to the extent necessary. In those cases where we employ subcontractors to process your personal data, we ensure that the personal data is processed in accordance with the General Data Protection Regulation and our wishes via entering into a data processing contract with our subcontracted processors.
It may occur that we disclose your personal data if they are part of a public document which is requested by someone outside the public authority. With each such request, a confidentiality review is made in accordance with the Swedish Public Access to Information and Secrecy Act prior to the release of such information. If there are grounds for maintaining confidentiality, the personal data is not disclosed.
It may also occur that we disclose your personal data to other governmental authorities, such as the Police or the Swedish Tax Agency.
5. Transfer to countries outside of the EU/EEA
The Nationalmuseum stores all personal data it collects within the EU/EEA.
6. Retention of your Personal Data
We retain your personal data for as long as is necessary in order to fulfil the purpose for which the information was collected or our commitments to you, or as long as it is required by law, for instance as required by the Swedish Archive Act or Swedish Bookkeeping Regulation.
7. Your rights
You always have the right to:
• Request the correction of your personal data what is retained is inaccurate, incomplete or misleading; and the right to restrict the processing of your personal data until it is corrected.
• Object to receiving direct mail and other advertising, and at any time withdraw your consent for our processing of your personal data, which in such case applies to the processing of personal data from the time when the consent is withdrawn.
• Request that your personal data be deleted, which will be done if it is no longer required for the purpose, as long as this does not conflict with law (e.g. the Archive Act), a decision of a public authority, a court order, or the public interest.
• Receive access to your personal data retained free of charge and in a readable format.
Any questions or complaints concerning our processing of your personal data may be directed to the public authority’s Data Protection Officer email@example.com. If you feel that we are in violation of the rules in some way, or there are other shortcomings of our processing of the personal data concerning you, you can also file a complaint with the Swedish Data Protection Authority www.datainspektionen.se.
8. Modifications to our Policy for the Collection and Processing of Personal Data
It may occur that changes or updating of our Policy for the Collection and Processing of Personal Data are made. Notification of changes is made via our website www.nationalmuseum.se. You are also welcome to contact our Data Protection Officer (see the address above) to obtain the latest version.