Skip to content

Privacy policy

Stockholm Business Region AB is a wholly owned company of the City of Stockholm and part of Stockholms Stadshus AB.

Part of the island of Skeppsholmen seen from above.Photo: Vist Stockholm

This privacy policy explains the processing for all data-controlling companies within Stockholm Business Region (hereafter referred to as ”SBR”).

  • It explains how we collect and use your personal information.
  • It describes your rights and how you can exercise them.
  • The policy is aimed at you who come into contact with SBR in its core business, either through your own outreach or through us contacting you.

You are always welcome to contact us with any questions about privacy and data protection.

Central concepts

  • Personal data is information that can be directly or indirectly linked to a living natural person. Examples include name, address, telephone number, and email address. Under certain circumstances, data such as IP numbers or other combined information can also constitute personal data.
  • Processing of personal data includes all handling, such as collection, registration, and storage.
  • Data controller is the party that, alone or together with others, determines the purposes and means of the processing of personal data.

Purpose of processing personal data

SBR is responsible for marketing and developing Stockholm as an establishment and tourist destination under the brand Stockholm – The Capital of Scandinavia. We maintain close collaboration with the business community, academia, and other institutions, as well as organisations, municipalities, and authorities.

This means that personal data is collected and processed for the purpose of achieving SBR's goals.

When and what personal data do we collect?

Information you provide to us

For example, when you participate in our events, sign up for our registration lists for events and newsletter mailings, or interact with us on social media, we may collect:

  • Personal and contact information – name, email address, telephone number, role, and online ID. If you participate in our focus groups, we may also collect information such as gender, place of residence, and nationality.

Information we collect about you

If you are, for example, a public figure, journalist, or work as a contact person at a company or are a visitor to our websites, we may actively collect:

  • Personal and contact information – name, email address, mobile number, photo, and online ID.
  • Interaction data – how you use our websites.
  • Device information – IP address, language settings, browser settings, time zone, operating system, platform, and screen resolution.

Information from third parties

We may also collect personal data from someone other than you (so-called third party). The information we collect from third parties is as follows:

  • Address information from public registers to be sure that we have the correct address information for you.
  • If you belong to a certain target group that we want to reach, we can also collect personal data about you from other marketing organisations.

How we use your data

Purpose and Legal Basis

  • Administer and develop digital communication: e.g., social media communication, press releases, and national/international marketing. (Legal basis: Performance of a contract and legitimate interests).
  • Provide business services: e.g., arranging training and conferences, providing industry support, establishment services, and other advisory services. (Legal basis: Performance of a contract and legitimate interests).
  • Conduct surveys and analysis: e.g., ongoing statistics, environmental scanning, and customer satisfaction surveys. (Legal basis: Legitimate interests).
  • Manage external dialogue: e.g., responding to feedback, complaints, and legal claims. (Legal basis: Legal obligation and legitimate interests).
  • Project management: e.g., administering and implementing various projects. (Legal basis: Performance of a contract and legitimate interests).
  • Collaborate with the business community: e.g., international business meetings, seminars, and marketing Stockholm. (Legal basis: Performance of a contract and legitimate interests).
  • Provide tourist services: e.g., answering email enquiries or handling exhibitors. (Legal basis: Performance of a contract, legitimate interests, and legal obligation).
  • Brand management: e.g., marketing Stockholm to international talent, producing promotional films, or hosting foreign press and travel agencies. (Legal basis: Performance of a contract and legitimate interests).

Direct Mail

  • We may contact you regarding events and current happenings if you have expressed interest or if we have judged a legitimate interest (e.g., you are a journalist or a contact person in a relevant organisation).
  • You can always opt-out by contacting info.sbr@stockholm.se.

Who we may share information with

Data processors

Occasionally, it is necessary for us to share your personal data with other organisations to provide our services. A data processor is a company that processes information on our behalf and according to our specific instructions. We utilise data processors to assist with:

  • IT services (companies managing necessary operations, technical support, and the maintenance of our IT solutions).
  • Marketing (print and distribution, social media, media agencies, or advertising agencies).

Organisations acting as independent data controllers

  • Government authorities (the police, the Swedish Tax Agency, or other relevant authorities) if we are legally obliged to share data or in cases of suspected criminal activity.
  • Other departments and municipal companies (within the City of Stockholm) – to fulfil our mandate for providing business establishment services, we may need to share your personal data with other involved departments and companies. This may include, for example, the Development Office (exploateringskontoret) if your case concerns construction or land-use matters.
  • Partners (industry organisations or other business stakeholders, such as hotels and restaurants). SBR’s operations focus on promoting collaboration with the City of Stockholm both nationally and internationally; we may therefore share certain aspects of your data to foster and facilitate such strategic cooperation.Data Storage and Security

Where do we process your personal data?

We strive to process data within the EU/EEA, though it may occasionally be transferred outside by sub-contractors.

How long do we save your personal data?

We never save your personal data longer than is necessary for each specific purpose, or what is required to comply with statutory retention periods or for what is necessary for other legitimate interests. Unless required by law, this is determined by the relationship we have with you, such as an ongoing connection through an industry organisation or event coordination.

Your Rights

  • Right to access: You can request a copy (register extract) of the data we process about you.
  • Right to rectification: You can correct inaccurate or incomplete information.
  • Right to erasure ("Right to be forgotten"): You can request deletion under specific conditions (e.g., data no longer necessary, you object to legitimate interest, or unlawful processing). (Note: Legal obligations like the Archives Act or Accounting Act may prevent immediate deletion).
  • Right to restriction: You can request that processing be limited in certain situations (e.g., while checking accuracy or for legal claims).
  • Right to object: You have the right to object to direct marketing and processing based on a balancing of interests.
  • Right to data portability: You can request that your automated data be transferred to you or another party if the legal basis was consent or a contract.
  • Complaints: You can lodge a complaint with the Swedish Authority for Privacy Protection (IMY).

Cookies – what they are and how we use them

Cookies are a small text file consisting of letters and numbers sent from our web server and saved on your browser or device. These can consist of so-called:

  • Session cookies (a temporary cookie that expires when you close your browser or device).
  • Persistent cookies (cookies that remain on your computer until you delete them or they expire).
  • First-party cookies (cookies set by the website you are visiting).
  • Third-party cookies (cookies set by a third-party site; these are used for analysis).

We use all types of cookies mentioned above on our website, stockholmbusinessregion.se, to improve your experience with us. Some are strictly necessary for our websites to function, while others are used to save your chosen preferences as a visitor, maintain visitor statistics, and for marketing purposes.

You can control the use and scope of cookies by changing the settings in your own browser, for example by blocking all cookies, only accepting first-party cookies, or deleting cookies when you close your browser. Please be aware, however, that such settings may mean that certain web pages may not function correctly.

Contact information

Stockholm Business Region AB (org. no. 556491-6798) is the data controller for the processing of your personal data as described above. If you have any questions, you are welcome to contact us at info.sbr@stockholm.se.