Processing of personal data in connection with tours of Stockholm City Hall

The City of Stockholm’s City Executive Board is responsible for external and public guided tours of the City Hall and also offers the opportunity for private tours. Activities also include responsibility for the City Hall Shop, which is linked to the public tour, as well as external guides and their permits. Personal data is processed in all of these cases.

Your personal data is protected by the General Data Protection Regulation, also known as GDPR. When processing personal data, the City of Stockholm’s Executive City Board protects your personal privacy.

What are personal data and processing?

Personal data refers to any kind of information that can directly or indirectly identify a living person. The processing of personal data refers to all the different ways of handling personal data.

Why is personal data processed?

The City of Stockholm’s City Executive Board processes personal data in connection with the administration and implementation of tours of the City Hall, in order to maintain the City Hall’s important function as a meeting place and cultural heritage.

Which personal data is processed?

The personal data processed in connection with tours being booked is the data that you provided in the booking request or in emails, such as name, contact details (phone number and email address), need for modifications to the tour, personal ID number (when included in the corporate ID number) and address details.

The legal basis for the processing activity is to perform tasks in the public interest for the purpose of showing Stockholm City Hall, which is a cultural heritage site, and that the processing is necessary to fulfil the agreement entered into.

The personal data that is processed in connection with paying for the tour and goods consists of purchase and payment information. For larger card purchases, the customer’s ID number (passport number or personal ID number) is also processed, and for repurchases, for example, phone numbers and signature. The legal basis for the processing is that it is necessary to fulfil agreements entered into in connection with the purchase of a tour or goods.

The personal data that is processed in respect of you if you are an external guide and guides in Stockholm City Hall, consists of the information we have obtained from the guide training provider about course participants, and also the information you have provided in communication with us and information about your guide permit, such as name and contact details.

In order that we can administer guide permits and send out information to special stakeholders in the industry, we process information about the recipient’s name and email address. The legal basis for the processing activity is necessary in order to fulfil the agreement entered into and to perform tasks in the public interest for the purpose of showing Stockholm City Hall, which is a cultural heritage site.

The personal data that is processed in respect of you if you are a supplier to the City Hall Shop or tour-related activities is the information you provided in connection with agreements, invoicing and contact with us. The information consists of, for example, name, personal ID number (when included in the corporate ID number), address details, contact details (phone number and email address). The legal basis for the processing is that it is necessary in order to fulfil agreements.

How personal data is shared

Personal data processed in connection with tour-related activities will not be used for any purpose other than to administer and conduct tours of Stockholm City Hall. At the same time, it is important to be aware that documents submitted to the City of Stockholm may become public documents and, if so, they will then be archived in accordance with the Swedish Archives Act and may be disclosed on request.

Those who access the personal data within the City of Stockholm’s City Executive Board are employed staff whose job it is to manage tour-related operations. The categories of recipients with whom the City of Stockholm’s City Executive Board may share the personal data are procured suppliers, such as external IT providers.

We also share your personal data with companies that are independent controllers, such as payment service companies and banks. The fact that the company is an independent controller means that we do not control how the personal data submitted to the company is to be processed, which means that you will find additional information about how personal data is processed in their privacy policy.

Sharing of personal data can also take place with other government agencies, if we are obliged to share data by law or if there is a suspicion of crime.

How your personal data is stored

The City of Stockholm’s City Executive Board observes the principle of storage minimisation, which means that personal data is stored for as long as is necessary for the purpose. After this time, current rules on archiving and purging determine what can be erased and what must be preserved when the information appears in public documents.

Regarding the personal data that is processed in connection with bookings and when you contact us by email, the following are purged:

  • contact details (phone number and email address).

Regarding the personal data that is processed in connection with payment, the following data is purged after 8 years:

  • debit/credit card slips
  • repurchase information
  • ID number or passport number (for larger card purchases)
  • phone number and signature (in connection with repurchases).

Regarding the personal data processed in respect of you if you are an external guide, the following data is purged after the guide’s permit has not been renewed:

  • name, contact details (phone number and email address)
  • period of validity of the guide’s permit
  • your photo
  • home address (if there are no other contact details).

The rights of data subjects

You have the right to contact the City of Stockholm’s City Executive Board to gain access to your personal data, to request rectification, erasure and transfer of personal data or restriction of processing and to object to processing. The rules on the public availability of public documents in the Swedish Freedom of the Press Act and the Swedish Archives Act may impose restrictions on some of your rights.

Complaints about the processing of personal data can be made to the supervisory authority, the Swedish Authority for Privacy Protection.

The Swedish Authority for Privacy Protection
Email: imy@imy.se

Contact details

Contact details of the controller, the City of Stockholm’s City Executive Board, the City Executive Office and its data protection officer:

Email: cityhalltours@stockholm.se
Data Protection Officer: dataskydd.slk@stockholm.se