Skip to content
Choose language

How Göteborg & Co Processes Personal Data

The purpose of the General Data Protection Regulation, GDPR, is to prevent your personal integrity from being violated through the processing of personal data.

Why is my personal data processed?

Göteborg & Co is a municipal company owned by the City of Gothenburg. The company has been tasked by the City of Gothenburg to:

  • preform specifically assigned meetings and events, and other tasks in tourism and culture,
  • plan and initiate development of new and existing reasons for visiting Gothenburg in the field of tourism, meetings, events and culture,
  • at an overall level, be responsible for the message with which the city is to be marketed as a destination, both nationally and internationally,
  • manage, coordinate and follow-up the event activities within the city in regard to business relations and marketing, and
  • decide on major and strategically significant events.

When is my personal data processed?

We are processing personal data to fulfil these tasks that we have been assigned by the City of Gothenburg, for example when:

  • planning, marketing and carrying out specially assigned events, such as Gothenburg Culture Festival, the International Science Festival and the celebration of Gothenburg’s 400th anniversary,
  • support the organization of other meetings and events within the city, helping out with everything from the application to bring a meeting here to the implementation and evaluation of the meeting,
  • promote the city by providing information on websites, in social media and by sending out newsletters and information,
  • manage what message is used in the marketing of the city by providing marketing materials to external parties in a media bank and through email, and
  • support businesses in the hospitality industry by marketing the destination, developing events and creating structures for collaboration within the city by providing knowledge and statistics, information and by running various networks.

We are also processing your personal data when you visit any of our websites through the use of cookies.

More information about the use of cookies.

Who is responsible?

Göteborg & Co AB is the controller for the processing of personal data on this website and for other processing carried out within the company. For questions about our personal data processing, please contact info@goteborg.com.

We have a Data Protection Officer seated at the Data Protection Unit within the City of Gothenburg. You can contact the Data Protection Officer if you have any questions regarding the company’s processing of your personal data or the exercise of your rights. Contact details for our Data Protection Officer:

Email: dso@intraservice.goteborg.se

Telephone: +46 31 – 365 00 00

For how long is my data stored?

Göteborg & Co is a municipal company and subject to the Swedish Principle of Public Access to Official Records and Archive Legislation. The Swedish Archive Legislation determines for how long the company must save your data. If we are obliged to archive your personal data, the right to have your personal data erased may be affected.

How is my personal data shared?

Göteborg & Co is a municipal company and subject to the Swedish Principle of Public Access to Official Records. This means that the company on request can be obliged to share personal data about you that is part of an official document. Your personal data is not shared if confidentiality applies according to the Public Access to Information and Secrecy Act.

Lawful basis for the processing

When we process your personal data to carry out one of your assigned tasks, the lawful basis for the processing is that the processing is necessary for the performance of a task carried out in the public interest (Article 6.1 e GDPR), when nothing else is stated. When the lawful basis is public task, you have the right to object to the processing on grounds relating to your particular situation. When you choose to subscribe to information from us, the lawful basis is that the processing is necessary for the performance of a contract (Article 6.1 b GDPR). Sometimes we process your personal data based on the lawful basis consent (Article 6.1 a GDPR). When that’s the case we specifically ask for your consent, and you always have the option to withdraw your consent.

Your rights

According to the GDPR you have several rights that you should be aware of. The rights are described in Articles 15–21 of the GDPR.

Right of access

There is a right of access, which means that you can ask to get confirmation as to whether or not your personal data is being processed by Göteborg & Co. If your personal data is processed, you can also ask to get access to the data with information about the processing.

Rectification

There is a right to rectification, which means that you have the right to obtain, without undue delay, the rectification of inaccurate personal data concerning yourself. In some cases, you also have the right to have incomplete personal data completed. If you believe that data processed about you is incorrect, it is also possible for you to request restriction of your personal data.

Erasure

There is a right to erasure that means that we have to erase personal data about you where one of the following applies:

  • the personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed,
  • you withdraw a previously given consent and there is no other lawful basis for the processing,
  • you object to the processing and there are no overriding legitimate grounds for the processing,
  • the personal data have been unlawfully processed, or
  • the personal data have to be erased for compliance with a legal obligation.

The right to erasure does not apply to the extent that processing is necessary for exercising the right of freedom of expression and information, for the performance of a task carried out in the public interest or for archiving purposes in the public interest (Artikel 17.3 GDPR).

Restriction of processing

There is a right to obtain restriction of processing, which means the marking of stored personal data with the aim of limiting the processing in the future, where one of the following applies:

  • for a period enabling the controller to verify the accuracy of the personal data when the accuracy of the personal data is contested,
  • the processing is unlawful and you oppose the erasure of the personal data and request restriction of the use instead,
  • we no longer need the personal data for the purposes of the processing, but you require the data for the establishment, exercise or defense of legal claims, or
  • you have objected to the processing, pending the verification of whether our legitimate grounds override yours.

Data portability

When the lawful basis for processing your personal data is a contract or your consent and the processing is carried out by automated means you have a right to data portability. Data portability means that you can receive the personal data you have provided us with, in a structured, commonly used and machine-readable format. You can also have it transmitted to another controller.

Object to processing

When the lawful basis for processing your personal data is public task or legitimate interest you have the right to object to the processing of your personal data. If you object, we shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you. If you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

Complaints

If you believe that we are in breach of the GDPR or other privacy legislation, you can file a complaint with the Swedish Authority for Privacy Protection.

File a complaint to the Swedish Authority for Privacy Protection