Data protection policy

For the Psychological Defence Agency to process personal data, a legal basis for such processing is required. A legal basis may be, for example, that the Agency performs tasks in the public interest or when such processing is necessary for the performance of a contract.

The Psychological Defence Agency is the personal data controller for which the Agency determines the purposes and means. Below is general information about some common personal data processing for which the Psychological Defence Agency is responsible.

The Psychological Defence Agency processes the personal data needed to perform the tasks and duties incumbent upon it, primarily in accordance with the Agency’s instructions and the Government’s appropriation directions. This may concern contact information in connection with the administration of research grants, or in connection with ordering other knowledge development resources. The legal basis for such processing is that it concerns a task performed in the public interest or for the performance of a contract.

The Psychological Defence Agency also processes personal data when required for compliance with the provisions of the Protective Security Act (2018:585) and the Installations Protection Act (2010:305), such as for visits or record checks concerning a security-classified service. The legal basis for such processing is a task performed in the public interest, in compliance with a legal obligation or for the performance of a contract.

The Psychological Defence Agency processes personal data in connection with holding courses, exercises and conferences. Such processing is done for administration of such courses, exercises and conferences and to enable follow-up. The legal basis for such administration is the performance of the contracts entered into in connection with arranging the course, exercise or conference. The legal basis for the processing conducted in connection with our follow-up is the performance of a task in the public interest.

The Psychological Defence Agency processes personal data to enable communicating with a person submitting a request. The legal basis for such processing is that it concerns a task performed in the public interest.

The Psychological Defence Agency processes the contact details of the contact person for the Agency’s collaboration and any other external individuals included in the collaboration. The legal basis for such processing is that it concerns a task performed in the public interest and for the performance of a contract.

The Psychological Defence Agency processes personal data in connection with subscriptions to its news. The legal basis for such processing is the performance of the contract entered into when registering as a subscriber.

Personal data of subscribers is deleted upon termination of their subscription.

The Psychological Defence Agency processes the contact details of contacts at the Agency’s contractual partners in connection with procurements and purchasing. The legal basis for such processing is that it concerns the performance of a contract.

The Psychological Defence Agency processes personal data in connection with personnel-related tasks and in connection with job applications submitted to the Agency. The legal basis for such processing is that it concerns the exercise of public authority, a legal obligation or public interest. Public-sector job appointments are included in the legal basis for the exercise of public authority.

The Psychological Defence Agency processes personal data in connection with reports of serious work-related anomalies being submitted to the Agency (i.e. whistleblowing). The legal basis for such processing is that it concerns a legal obligation.

As a government agency, the Psychological Defence Agency is obliged to preserve public records. Such documents may be destroyed if regulations or special decisions are in place.

Public records containing personal data may be released if they are not subject to secrecy. Personal data that does not form part of a public record is saved for as long as is necessary for the purposes for which it is processed. When a case has been concluded, an assessment is made of what should be preserved in the case.

Job application documents concerning a person who was not appointed to the position they applied for, and who has appealed the appointment decision, are destroyed two years after the appointment decision became legally binding. Spontaneous applications that do not concern advertised positions are usually destroyed immediately.

Documents of minor or temporary importance are usually destroyed immediately or no later than two months after the document was prepared or received.

The Psychological Defence Agency is a public authority. Messages sent to the Agency therefore generally become public records that are registered and will be released upon request if the data is not subject to secrecy. In other words, personal data may be released in accordance with the principle of public access to information.

The Psychological Defence Agency’s employees, personal data processors and other contractual and collaborative parties may access the personal data necessary for the performance of their duties. The Psychological Defence Agency uses personal data processors for different types of processing, for example concerning various IT services. These processors and any sub-processors may only process personal data in accordance with the personal data processor contracts and the instructions provided by the Psychological Defence Agency. Processors and those acting under their guidance may not access more data than is necessary to perform the service covered by the contract with the Psychological Defence Agency. If you would like to know more about personal data controllers and personal data processors, more information is available on the website of the Swedish Authority for Privacy Protection: Data controllers and data processors (link to another website) External link.

Right to information

You can request to be informed if the Psychological Defence Agency processes personal data about you and, in such a case, obtain a copy of the data. This copy is called a register extract.

Right to objection

When the Psychological Defence Agency processes personal data as part of performing tasks in the public interest, you have the right to object to such processing at any time. If the Psychological Defence Agency cannot demonstrate that there are compelling, legitimate reasons to continue the processing, the processing must cease.

Right to deletion and restriction

In some cases, you have the right to request the deletion or restriction of your personal data. In this context, it may be useful to know that the Agency’s ability to accommodate your request may be limited due to its duty or obligation to preserve public records.

Right to transfer personal data - data portability

If the Psychological Defence Agency processes personal data about you for the performance of a contract, you may in some cases have the right to obtain the data to use it elsewhere.

How to exercise your rights

If you wish to exercise any of your rights, or have any questions regarding the Psychological Defence Agency’s processing of personal data, you can contact the Agency’s Data Protection Officer by sending an e-mail to dataskyddsombud@mpf.se or by letter:

Swedish Psychological Defence Agency
Data Protection Officer
Våxnäsgatan 10
653 40 Karlstad

If you would like to know more about the rules applying to your rights, you can find more information on the website of the Swedish Authority for Privacy Protection: The data subject’s rights (link to another website) External link..