Processing of personal data

Once received, your personal data will be processed primarily by Swedish Tax Agency employees. We process your personal data so that we can carry out our responsibilities as a public authority.

Sometimes, we need to share your personal data with other public authorities or disclose public records in accordance with the principle of public access.

The Swedish Tax Agency uses various IT systems in its operations. We sometimes need to hire external suppliers to ensure that our operations run smoothly.

When external suppliers process personal data on behalf of the Swedish Tax Agency, their assignments are governed by data processing agreements. In its role as the data processor, the Swedish Tax Agency decides how its suppliers may process personal data.

Other websites

The Swedish Tax Agency cannot remove your personal data from other websites. This is because the Swedish Tax Agency is not responsible for personal data processing carried out by other organisations. The Swedish Tax Agency is only responsible for personal data processing undertaken for our own operations.

If you wish to have your personal data removed from a website, you should contact those responsible for data processing for the website, and ask them to delete the data.

You can also contact the Swedish Authority for Privacy Protection (“Integritetsskyddsmyndigheten”) if you have any questions or wish to make a complaint.

• Swedish Authority for Privacy Protection External link.

Publication certificates

Websites that publish personal data often do so under a publication certificate. This gives them a constitutional right to publish their database, in accordance with Sweden’s Fundamental Law on Freedom of Expression.

If a publication certificate is in force, the provisions of the EU Data Protection Regulation (GDPR) do not apply if they would be contrary to the constitutional right to freedom of expression. If a website publisher with a publication certificate refuses to remove your personal data, the possibilities for deleting it are very limited.

You can find out more about publication licences on the Swedish Press and Broadcasting Authority’s website, mprt.se. You can also find out more about publication certificates and the EU Data Protection Regulation on the Swedish Authority for Privacy Protection’s website, imy.se.

• Publication certificate (The Swedish Press and Broadcasting Authority) External link.

The Swedish Archives Act determines which documents and information must be retained or culled after a specified period of time. Documents of minor importance or temporary relevance can be culled at once. The Swedish Tax Agency only stores personal data that is necessary for its operations. As a public authority, the Swedish Tax Agency is generally required to preserve public records.

Do you have questions about how the Swedish Tax Agency processes your personal data, or about your rights as a data subject? If so, please email the Swedish Tax Agency’s Data Protection Officers or fill in our contact form.

Do not send sensitive information by email

If you email the Swedish Tax Agency, make sure you do not include any sensitive information – such as personal identity numbers – in your message. If you need to share sensitive information with our Data Protection Officers, please fill in the appropriate fields in our contact form. This ensures your communication with us is secure.

• Send a message via our secure contact form
• Email our Data Protection Officers

The right to access your data – which is also referred to as the right to register extracts – means that you have the right to information about your personal data processed by the Swedish Tax Agency processes, and how the data is used.

You can request an extract from the Swedish Tax Agency’s registers to find out about your personal data processed by the Swedish Tax Agency, and for what purpose we have processed the data. This is one of your unlimited rights as a data subject.

• Requesting information under the General Data Protection Regulation (GDPR) (in Swedish)

The Swedish Tax Agency is responsible for ensuring that the personal data we process concerning you is accurate and up-to-date. The right to rectification means that if you find that data relating to you is incorrect, you can request a correction within a reasonably short time.

You also have the right to add relevant details if information about you is incomplete. This right only applies if the Swedish Tax Agency has registered inaccurate information about you.

The right to erasure means you can request for your personal data to be erased in certain circumstances – for example, if the data is no longer necessary for the purpose for which it was gathered, or if the data has been processed unlawfully.

In many cases, the right to erasure is limited with regard to personal data processing within the Swedish Tax Agency’s operations, since we primarily process data in accordance with legislation and regulations.

For example, the Swedish Tax Agency processes your personal data when this is necessary to perform a task in the public interest, as part of our required activities as a public authority, or for archiving purposes. In these circumstances, legislation takes precedence and your right to erasure does not apply.

You have the right to require that the Swedish Tax Agency limits the processing of your personal data in certain circumstances. This means that certain data is tagged so that in future it may only be processed for certain limited purposes.

You may require limitation of processing, for example, if you consider your personal data to be incorrect and request for it to be corrected. In such cases, you can request limitation of processing while the Swedish Tax Agency investigates whether or not the data is correct.

This right differs from the right of erasure, since it relates to limiting the use of data rather than deleting it.

The Swedish Tax Agency will inform you when the limitation ends.

You have the right to request for automatically processed personal data to be transferred from one personal data controller to another. This is known as the right to data portability.

This applies to the processing of personal data that you have provided to the data controller, which is carried out on the legal basis of consent or a contract. If technically possible, you have the right to request for the data to be transferred immediately.

The right to data portability is limited with regard to personal data processing by the Swedish Tax Agency, since in most cases we process data based on legal grounds other than consent or contracts.

In some cases, you have the right to object to the processing of your personal data. The right to object is limited and does not apply to most of the Swedish Tax Agency’s activities.

A data subject cannot object to the processing of personal data in activities connected with taxation, the Population Register, SPAR, ID cards, the marriage register, and estate inventories.

If you think the Swedish Tax Agency has processed your personal data incorrectly, you have the right to submit a complaint to the Swedish Authority for Privacy Protection (“IMY”). You can find out more about this on IMY’s website.

• Swedish Authority for Privacy Protection (“IMY”) External link.

If the Swedish Tax Agency has processed your personal data in breach of the EU General Data Protection Regulation, Sweden’s supplementary provisions to the Data Protection Act, or other provisions that supplement the General Data Protection Regulation, we may be liable to compensate you for damages and infringements resulting from incorrect processing of your personal data.

Information about how to claim damages from the Swedish Tax Agency is available on our website. You can also contact the Chancellor of Justice (“Justitiekanslern”) to submit a claim for damages. Information about this is available (in Swedish) on the Chancellor of Justice’s website.

• Damages (Chancellor of Justice, in Swedish) External link.

The Swedish Tax Agency is committed to developing useful digital services that meet the needs of society. That’s why we invite individuals and businesses to take part in the development process.

The Swedish Tax Agency is the personal data controller responsible for personal data processing during user tests.

The legal basis for processing personal data in user tests is that the processing is necessary to perform a task of general interest. The purposes of processing are to contact those who have expressed an interest, and to conduct usability tests, workshops and interviews. The Swedish Tax Agency welcomes the involvement of individuals and businesses in the development process to make sure that our digital services are useful and accessible, and that they meet users’ needs.

We process the following personal data entered in our contact forms:

• name and business name (if applicable)
• telephone number
• email address
• the date on which you notify us of your interest in participating in our e-service development activities

If you notify us that you are interested in participating in the Swedish Tax Agency’s digital services development, your personal data will only be used to book and conduct interviews, workshops and usability tests. Your data will be processed by an appointed administrator at the Swedish Tax Agency to book relevant activities. The scope, format and timeframe for your participation will be specified at a later date.

The Swedish Tax Agency selects participants from the individuals and business owners who have expressed an interest in contributing to the development of a particular digital service. We then delete the personal data relating to those who are not selected. The participants’ personal data is deleted after the scheduled activities have been completed. The personal data is deleted when the development effort is completed, or one year after we receive the data at the latest.

The Swedish Tax Agency processes your personal data in conducting taxation-related activities – for example, to determine the basis for taxation, decide on tax refunds, and assess the right to certain types of state support.

The Swedish Tax Agency can process personal data when conducting taxation-related activities in order to:

• establish the basis for and determine, account for, pay and refund taxes (all types of taxes that the Swedish Tax Agency manages) and contributions (including social security contributions, late payment penalty charges, tax surcharges and contributions to registered religious organisations)
• determine pensionable income
• administer property taxation and preparatory work for property taxation
• carry out audits and other analysis and control activities
• exercise supervision, suitability testing (for example, when assessing F-tax applications), permit checks and other similar control measures
• undertake administration:
  
  • in accordance with Swedish legislation (2007:324) on the conduct of certain creditor duties by the Swedish Tax Agency
  • relating to other liability matters with regard to somebody else’s taxes and charges,
  • in accordance with Swedish legislation (2015:912) on the automatic exchange of financial account information, and Chapter 22b of the Tax Procedures Act
  • in accordance with Swedish legislation (2017:182) on the automatic exchange of country-by-country reports in the field of taxation, and Chapter 33a of the Tax Procedures Act
  • in accordance with Chapter 33b of the Tax Procedures Act,
  • in accordance with Swedish legislation on short-time work allowance (2013:948) and reorientation support (2020:548)
    
• fulfil obligations regarding international commitments to which Sweden is bound
• administer notifications from employers regarding the employment of citizens of countries other than Sweden referred to in Swedish legislation (2013:644) on the right to salary and other compensation for work performed by a citizen of another country who is not entitled to reside in Sweden
• manage data relating to sick pay costs
• internal supervision, control, follow-up and planning relating to the Swedish Tax Agency’s activities
  

Data relating to taxation activities is used in carrying out the following activities, for example: prefilling and reviewing tax returns; determining taxes, contributions and pensionable income; issuing tax decisions (final tax details); selection, control and audit processes; property taxation; automatic exchange of taxation information; assessment of cases concerning the payment of reorientation support and short-time work allowance.

This data may also be processed in order to provide information needed for the statutory activities carried out by other public authorities, such as the Swedish Social Insurance Agency (“Försäkringskassan”), the Swedish Enforcement Authority (“Kronofogden”) and the Swedish Customs Service (“Tullverket”). These activities may include:

• establishing the basis for and determining, accounting for, paying and refunding taxes or fees (for example when the Swedish Tax Agency provides information to the Swedish Customs Service to enable the collection of taxes and duties)
• manage enforcement and recovery proceedings, and debt and corporate debt restructuring processes
• provide the basis for calculation, decision-making and control with regard to benefits, contributions and other support (for example, in order to assess housing benefit, maintenance allowances and study grants)
• calculate pensions
• exercise supervision and control, suitability and authorisation tests and other similar tests (such as the Swedish Customs Service’s checks regarding goods subject to excise duty)
• update and supplement property information in the registers of other public authorities
  

We may also disclose data processed during taxation-related activities to other recipients. For example, we often disclose data on determined incomes and taxes to municipalities and certain credit information companies.

Credit information companies can also obtain data relating to taxation; F-tax approval; property ownership; and registration for VAT and employer contributions. We also provide banks with information required for payments; registered religious organisations with data regarding fees; and employers or hiring companies with data needed to deduct preliminary tax.

Legislative provisions

• Legislation (2001:181) on the processing of personal data in the Swedish Tax Agency’s taxation activities; Swedish Constitutional Collection 2001:2001:181 to SFS 2022:169 (The Riksdag, in Swedish) External link.
  
• Regulation (2001:588) on the processing of personal data in the Swedish Tax Agency’s taxation activities; Swedish Constitutional Collection 2001:2001:588 to SFS 2022:868 (The Riksdag, in Swedish) External link.

The Swedish Tax Agency processes personal data in its activities to combat crime – for example, to investigate and prevent crimes specified in our list of offences. Our Tax Offences Unit is separate from the Swedish Tax Agency’s other operational areas. The list of tax offences can be found in Section 1 of the legislation (1997:1024) on the Swedish Tax Agency’s activities to combat crime.

The Swedish Tax Agency processes personal data in conducting its activities to combat crime. The special provisions include regulations on how we may process personal data during intelligence gathering and criminal investigation activities.

Legislative provisions

• Criminal Data Act (2018:1177) (The Riksdag, in Swedish) External link.
  
• Criminal Data Ordinance (2018:1202) (The Riksdag, in Swedish) External link.
  
• Legislation (2018:1696) on the Swedish Tax Agency’s processing of personal data in activities to combat crime (The Riksdag, in Swedish) External link.
  
• Ordinance (2018:1877) on the Swedish Tax Agency’s processing of personal data in activities to combat crime (The Riksdag, in Swedish) External link.
  
• Legislation (1997:1024) on the Swedish Tax Agency’s activities to combat crime (The Riksdag, in Swedish) External link.

The Swedish Tax Agency processes personal data to carry out its population registration activities – for example, concerning people who are, or have been, registered in Sweden, and individuals who have been assigned coordination numbers. The purpose of the Swedish Population Register is to meet society’s needs for personal data on Sweden’s population.

The Swedish Tax Agency can process the following data in the Population Register database:

• personal identity number or coordination number
• names
• date and time of birth
• place of residence at time of birth
• place of birth
• address
• building, apartment number, city/town, district and population registration
• citizenship
• marital status
• spouse, children, parents, guardians and other individuals with whom the data subject is associated in the Population Register
• relationship to individuals including spouse, children or parents in connection with an adoption
• moving to Sweden from abroad
• deregistration in accordance with the Population Registration Act (1991:481)
• notification under the Swedish Elections Act (2005:837)
• burial
• personal identity number assigned in another Nordic country
• an individual’s right of residence
  

In the case of individuals who are employed by, or who serve, a foreign diplomatic mission or consulate, the Swedish Tax Agency may process information regarding the grounds for an individual being granted a personal identity number or coordination number, and the documents with which they have identified themselves. We may also process data relating to individuals who have been given coordination numbers if there is uncertainty about their true identity.

All personal data processing is carried out at the Swedish Tax Agency’s offices, where we register data based on documentation such as birth notifications, change of address notifications, notifications of a move to Sweden, and death certificates. Swedish Tax Agency offices can also disclose personal data in the form of population registration certificates, for example.

The Swedish Tax Agency provides information to other public authorities on a daily basis, including the Swedish Social Insurance Agency (“Försäkringskassan”), the Swedish Mapping, Cadastral and Land Registration Authority (“Lantmäteriet”), the Swedish Migration Agency (“Migrationsverket”), the Swedish Board of Student Aid (“Centrala studiestödsnämnden”) and the Swedish Transport Agency (“Transportstyrelsen”). We also provide municipal administrations, county councils and the Church of Sweden with information they require.

Legislative provisions

• Legislation (2001:182) on the Swedish Tax Agency’s processing of personal data in its population registration activities (The Riksdag, in Swedish) External link.
• Ordinance (2001:589) on the Swedish Tax Agency’s processing of personal data in its population registration activities (The Riksdag, in Swedish) External link.
• Population Registration Act (1991:481) (The Riksdag, in Swedish) External link.
• Swedish Elections Act (2005:837) (The Riksdag, in Swedish) External link.

The Swedish Tax Agency processes the personal data entered in our forms to make it easier for private individuals and businesses to ask us questions, to help us provide satisfactory answers to technical questions, and to facilitate registration for webinars.

The Swedish Tax Agency is the personal data controller, and is responsible for the processing of personal data in accordance with the applicable data protection regulations.

The legal bases for processing your personal data are to perform tasks of public interest and to carry out our responsibilities as a public authority. The Swedish Tax Agency wants to provide excellent service to private individuals and businesses – for example, by making it easier for them to ask questions about taxation, property ownership or population registration. We also need personal data in order to answer technical questions, and to facilitate your registration for webinars.

We process the following personal data in our contact forms:

• names
• telephone numbers
• email address
• IP address
  

If you wish to provide additional details relating to an ongoing case, you must also state your personal identity number.

The personal data you provide will be processed by Swedish Tax Agency case administrators who have the authority to answer your question or to initiate or supplement the details associated with a case.

Do not enter personal data in the free text field

If you have a general question for the Swedish Tax Agency, you only need to state your email address or telephone number – please do not enter any other personal information in the free text field. We will contact you if we need any further information to be able to answer your question.

All the details you email to us are public records and may be disclosed to another party on request.

Personal data processed for general questions is stored for a maximum of two years. For case administration, your personal data will be stored to the extent, and for the time period, required by law – for example, in accordance with the Swedish Archives Act.

The Swedish Tax Agency has a database containing information about ID cards issued to people listed in the Swedish Population Register. The Swedish Tax Agency processes the personal data in the database required to issue identity cards. We may also process personal data in this database when we disclose data in accordance with laws or regulations.

This database includes the following personal data categories:

• names
• personal identity number
• date and time of birth
• height
• gender
• date of ID card issue
• ID card number
• expiry date
• applicant’s signature
• copy of the photo on the individual’s ID card
  

Legislative provisions

• Legislation (2015:899) on ID cards issued to those listed in the Swedish Population Register (The Riksdag, in Swedish) External link.
• Ordinance (2015:904) on ID cards issued to those listed in the Swedish Population Register (The Riksdag, in Swedish) External link.

The Swedish Tax Agency processes your personal data in SPAR, the Swedish state’s personal address register. SPAR is a public register with details of everyone who is listed in the Swedish Population Register – regardless of citizenship. The register also includes some individuals with coordination numbers. The register is regulated by a special law. The Swedish Tax Agency has a special committee (the SPAR Board: “Sparnämnden”), which has decision-making powers in certain matters concerning SPAR.

The data contained in SPAR may only be processed for two purposes: control and selection.

An example of data processing for control purposes is when an organisation requests information to update its customer register with accurate data.

An example of selection is to enable organisations to obtain name and address data for purposes such as direct marketing and market research. Population samples can be selected according to parameters such as gender, age, location and income range.

The following categories of personal data are processed in SPAR:

• names
• personal identity number or coordination number
• date and time of birth
• address
• city/town and district of residence
• place of residence at time of birth
• Swedish citizenship
• spouse or guardian
• deregistration from the Swedish Population Register due to death (indicating the date of deregistration), or deregistration for other reasons
• the sum of determined earned income and income from capital, down to a minimum of SEK 0
• ownership of residential houses, or farm units with land comprising residential houses, and details of the municipality
• taxable value of residential houses
  

A special application procedure must be followed to obtain SPAR data from the Swedish Tax Agency. The data may be provided electronically in certain circumstances.

Legislative provisions

• Legislation (1998:527) on the Swedish state’s personal address register (The Riksdag, in Swedish) External link.
• Ordinance (1998:1234) on the Swedish state’s personal address register (The Riksdag, in Swedish) External link.

The Swedish Tax Agency is the personal data processor for the marriage register and the estate inventories register. The marriage register includes details of prenuptial agreements and gifts between spouses. The estate inventories register includes personal data relating to deceased persons, the names and addresses of those summoned to estate inventory proceedings, and assets and liabilities.

The Swedish Tax Agency processes personal data if necessary to manage the marriage register. We may also process personal data in the marriage register database when we disclose data in accordance with laws or regulations.

The marriage register includes information about:

• gifts between spouses
• division of property
• prenuptial agreements
• spouses’ names
• spouses’ personal identity numbers
• assets and liabilities
• information contained in divorce judgements
  

The Swedish Tax Agency also administers estate inventories and archives deceased persons estate notifications. We may process personal data if necessary when registering estate inventories. We may also process personal data when we disclose data in accordance with laws or regulations.

The estate inventories register includes personal data such as:

• details about deceased persons
• names and addresses of those who have been summoned to estate inventory proceedings
• assets and liabilities
• prenuptial agreements
• wills and gifts.
  

Legislative provisions

• Legislation (2015:898) on the Swedish Tax Agency’s processing of personal data in activities relating to the marriage register and estate inventories register (The Riksdag, in Swedish) External link.
• Legislation (2015:905) on the Swedish Tax Agency’s processing of personal data in activities relating to the marriage register and estate inventories register (The Riksdag, in Swedish) External link.
• Marriage Code (1987:230) (The Riksdag, in Swedish) External link.
• Inheritance Code (1958:637) (The Riksdag, in Swedish) External link.