Processing of personal data
Here, you can find out how the Swedish Tax Agency handles your personal data. We outline which personal data we process, why we need to process it, and the regulations that apply. You can also find out how we process personal data in accordance with principle of public access to information.
What is personal data, and what do we mean by “processing”?
Personal data is information that can directly or indirectly identify an individual. Typical examples include names, addresses and personal identity numbers. However, a photo, bank account number, car registration number or case reference number is also personal data if it can be connected to a living person.
Processing of personal data refers to a wide range of measures that can be applied to data. This includes the gathering, registration, storage, organisation, merging or printing of data. Blocking, deletion and destruction of personal data also count as processing.
How the Swedish Tax Agency processes your personal data
The Swedish Tax Agency processes your personal data in order to fulfil its responsibilities as a public authority. The Swedish Tax Agency is the data processor responsible for all the processing of personal data that we carry out. We process personal data within several different types of activities and areas of operation.
The Swedish Tax Agency is only allowed to process your personal data if there is a legal basis and the processing is for a specifically declared purpose.
For example, we process your personal data:
- when your employer notifies us of your income
- when you register a change of address
- when we assess the tax you need to pay
- to ensure that your population registration details are correct
- when we receive information from other public authorities – such as when you become a parent or when you buy a car and need to be registered for vehicle tax.
The Swedish Tax Agency provides non-confidential information on request in accordance with the principle of public access to information
As a public authority, the Swedish Tax Agency must follow the principle of public access to information. The purpose of this principle is to ensure that public-sector operations are transparent to the general public and the media. This means that most of the documents we receive and register become public records. Copies can therefore be provided to members of the public on request – unless documents are subject to confidentiality.
The rules regarding public records and the principle of public access in Sweden are included in the Freedom of the Press Act and the Public Access to Information and Secrecy Act.
The Freedom of the Press Act takes precedence over the EU General Data Protection Regulation and the Swedish Data Protection Act. The Swedish Tax Agency may therefore process personal data in order to disclose it in accordance with the principle of public access – even if disclosure does not fall within the scope of the original purpose for processing the data.
Who can access your personal data?
Once received, your personal data will be processed primarily by Swedish Tax Agency employees. We process your personal data so that we can carry out our responsibilities as a public authority.
Sometimes, we need to share your personal data with other public authorities or disclose public records in accordance with the principle of public access.
The Swedish Tax Agency uses various IT systems in its operations. We sometimes need to hire external suppliers to ensure that our operations run smoothly.
When external suppliers process personal data on behalf of the Swedish Tax Agency, their assignments are governed by data processing agreements. In its role as the data processor, the Swedish Tax Agency decides how its suppliers may process personal data.
When other parties process your personal data
Other websites
The Swedish Tax Agency cannot remove your personal data from other websites. This is because the Swedish Tax Agency is not responsible for personal data processing carried out by other organisations. The Swedish Tax Agency is only responsible for personal data processing undertaken for our own operations.
If you wish to have your personal data removed from a website, you should contact those responsible for data processing for the website, and ask them to delete the data.
You can also contact the Swedish Authority for Privacy Protection (“Integritetsskyddsmyndigheten”) if you have any questions or wish to make a complaint.
Publication certificates
Websites that publish personal data often do so under a publication certificate. This gives them a constitutional right to publish their database, in accordance with Sweden’s Fundamental Law on Freedom of Expression.
If a publication certificate is in force, the provisions of the EU Data Protection Regulation (GDPR) do not apply if they would be contrary to the constitutional right to freedom of expression. If a website publisher with a publication certificate refuses to remove your personal data, the possibilities for deleting it are very limited.
You can find out more about publication licences on the Swedish Press and Broadcasting Authority’s website, mprt.se. You can also find out more about publication certificates and the EU Data Protection Regulation on the Swedish Authority for Privacy Protection’s website, imy.se.
For how long will my personal data be stored?
The Swedish Archives Act determines which documents and information must be retained or culled after a specified period of time. Documents of minor importance or temporary relevance can be culled at once. The Swedish Tax Agency only stores personal data that is necessary for its operations. As a public authority, the Swedish Tax Agency is generally required to preserve public records.
Our Data Protection Officers
The Swedish Tax Agency has three Data Protection Officers. Our Data Protection Officers fulfil a support and control function with regard to data protection matters within the Swedish Tax Agency.
The role of our Data Protection Officers
The role of our Data Protection Officers is to:
- keep others informed of data protection regulation
- advise on data protection
- advise on impact assessments
- ensure that the Swedish Tax Agency complies with data protection regulations
- serve as a point of contact for data subjects and supervisory authorities
Contact our Data Protection Officers
Do you have questions about how the Swedish Tax Agency processes your personal data, or about your rights as a data subject? If so, please email the Swedish Tax Agency’s Data Protection Officers or fill in our contact form.
Do not send sensitive information by email
If you email the Swedish Tax Agency, make sure you do not include any sensitive information – such as personal identity numbers – in your message. If you need to share sensitive information with our Data Protection Officers, please fill in the appropriate fields in our contact form. This ensures your communication with us is secure.
Fundamental provisions
Fundamental provisions regarding the processing of personal data are specified in the EU General Data Protection Regulation, and in Sweden’s the supplementary provisions to the Data Protection Act and the General Data Protection Regulation. The aim of these regulations is to protect the fundamental rights and freedoms of individuals – in particular their right to personal data protection.
- EU General Data Protection Regulation (EUR-Lex)
External link. - Act containing supplementary provisions to the EU General Data Protection Regulation (The Riksdag, in Swedish) External link.
- Supplementary provisions to the EU General Data Protection Regulation (The Riksdag, in Swedish) External link.
All public authorities and enterprises must comply with these regulations. There are also special provisions that regulate the Swedish Tax Agency’s processing of personal data in different contexts.
Special provisions
The special provisions that apply to the Swedish Tax Agency include additional rules about which data we can process when carrying out our various activities, for which purposes, and for how long we may store the data. Some of the provisions include rules about the processing of data relating to legal entities and deceased persons.
There are special provisions that apply to the Swedish Tax Agency in the areas of taxation and property taxation; population registration; registration of estate inventories; certain activities to combat crime; the Swedish state personal address register (SPAR); the marriage register; and the issuing of identity cards for people listed in the Swedish Population Register. You can find out more about how the Swedish Tax Agency processes your personal data in our different activities under “Processing of personal data by the Swedish Tax Agency during our different activities”.
Your rights under the EU General Data Protection Regulation
The EU General Data Protection Regulation gives you various rights as a data subject, which can be either unlimited or limited. An unlimited right is one you can exercise in full, exactly as specified in the EU General Data Protection Regulation. A limited right, however, is restricted by other Swedish legislation and cannot be exercised in full.
Under each heading, you can find out whether a specific right is unlimited or limited with regard to personal data processing by the Swedish Tax Agency. The Swedish Tax Agency is obliged to inform you of your rights – whether unlimited or limited.
The right of access to information
The right to information is one of your fundamental rights. You have the right to receive clear and straightforward information when we gather and process your personal data.
You have the right to receive information about our legal basis for processing your personal data, and the purpose of the processing. You also have the right to know the identity of the personal data processor and to request their contact details. In addition, you have the right to request the contact details of our Data Protection Officers. This is one of your unlimited rights as a data subject.
The right of access to your personal data
The right to access your data – which is also referred to as the right to register extracts – means that you have the right to information about your personal data processed by the Swedish Tax Agency processes, and how the data is used.
You can request an extract from the Swedish Tax Agency’s registers to find out about your personal data processed by the Swedish Tax Agency, and for what purpose we have processed the data. This is one of your unlimited rights as a data subject.
Right to rectification
The Swedish Tax Agency is responsible for ensuring that the personal data we process concerning you is accurate and up-to-date. The right to rectification means that if you find that data relating to you is incorrect, you can request a correction within a reasonably short time.
You also have the right to add relevant details if information about you is incomplete. This right only applies if the Swedish Tax Agency has registered inaccurate information about you.
Right to erasure
The right to erasure means you can request for your personal data to be erased in certain circumstances – for example, if the data is no longer necessary for the purpose for which it was gathered, or if the data has been processed unlawfully.
In many cases, the right to erasure is limited with regard to personal data processing within the Swedish Tax Agency’s operations, since we primarily process data in accordance with legislation and regulations.
For example, the Swedish Tax Agency processes your personal data when this is necessary to perform a task in the public interest, as part of our required activities as a public authority, or for archiving purposes. In these circumstances, legislation takes precedence and your right to erasure does not apply.
Right to limitation of processing
You have the right to require that the Swedish Tax Agency limits the processing of your personal data in certain circumstances. This means that certain data is tagged so that in future it may only be processed for certain limited purposes.
You may require limitation of processing, for example, if you consider your personal data to be incorrect and request for it to be corrected. In such cases, you can request limitation of processing while the Swedish Tax Agency investigates whether or not the data is correct.
This right differs from the right of erasure, since it relates to limiting the use of data rather than deleting it.
The Swedish Tax Agency will inform you when the limitation ends.
Right to data portability
You have the right to request for automatically processed personal data to be transferred from one personal data controller to another. This is known as the right to data portability.
This applies to the processing of personal data that you have provided to the data controller, which is carried out on the legal basis of consent or a contract. If technically possible, you have the right to request for the data to be transferred immediately.
The right to data portability is limited with regard to personal data processing by the Swedish Tax Agency, since in most cases we process data based on legal grounds other than consent or contracts.
Right to object
In some cases, you have the right to object to the processing of your personal data. The right to object is limited and does not apply to most of the Swedish Tax Agency’s activities.
A data subject cannot object to the processing of personal data in activities connected with taxation, the Population Register, SPAR, ID cards, the marriage register, and estate inventories.
Right to submit a complaint
If you think the Swedish Tax Agency has processed your personal data incorrectly, you have the right to submit a complaint to the Swedish Authority for Privacy Protection (“IMY”). You can find out more about this on IMY’s website.
Damages
If the Swedish Tax Agency has processed your personal data in breach of the EU General Data Protection Regulation, Sweden’s supplementary provisions to the Data Protection Act, or other provisions that supplement the General Data Protection Regulation, we may be liable to compensate you for damages and infringements resulting from incorrect processing of your personal data.
Information about how to claim damages from the Swedish Tax Agency is available on our website. You can also contact the Chancellor of Justice (“Justitiekanslern”) to submit a claim for damages. Information about this is available (in Swedish) on the Chancellor of Justice’s website.
Processing of personal data by the Swedish Tax Agency during our different activities
Find out more about how we process your personal data when carrying out our activities, in accordance with the special provisions applicable to the Swedish Tax Agency.
Under each heading, you can find out which data may be processed, the purposes for which data may be processed, and for how long the data may be stored. You can also find out about certain areas in which processing is governed by the fundamental provisions only.
Human resources management
As an employer, the Swedish Tax Agency processes personal data for human resources management purposes. For example, we need to process personal data when employees start or end their employment with us, and to manage salary payments.
There are no specific provisions for data processing in human resources management activities. There are various legal bases for personal data processing within HR.
For example, we can process our employees’ personal data when necessary to fulfil a legal obligation, to carry out a task of general interest, or as part of our responsibilities as a public authority.
User tests
The Swedish Tax Agency is committed to developing useful digital services that meet the needs of society. That’s why we invite individuals and businesses to take part in the development process.
The Swedish Tax Agency is the personal data controller responsible for personal data processing during user tests.
The legal basis for processing personal data in user tests is that the processing is necessary to perform a task of general interest. The purposes of processing are to contact those who have expressed an interest, and to conduct usability tests, workshops and interviews. The Swedish Tax Agency welcomes the involvement of individuals and businesses in the development process to make sure that our digital services are useful and accessible, and that they meet users’ needs.
We process the following personal data entered in our contact forms:
- name and business name (if applicable)
- telephone number
- email address
- the date on which you notify us of your interest in participating in our e-service development activities
If you notify us that you are interested in participating in the Swedish Tax Agency’s digital services development, your personal data will only be used to book and conduct interviews, workshops and usability tests. Your data will be processed by an appointed administrator at the Swedish Tax Agency to book relevant activities. The scope, format and timeframe for your participation will be specified at a later date.
The Swedish Tax Agency selects participants from the individuals and business owners who have expressed an interest in contributing to the development of a particular digital service. We then delete the personal data relating to those who are not selected. The participants’ personal data is deleted after the scheduled activities have been completed. The personal data is deleted when the development effort is completed, or one year after we receive the data at the latest.
Taxation
The Swedish Tax Agency processes your personal data in conducting taxation-related activities – for example, to determine the basis for taxation, decide on tax refunds, and assess the right to certain types of state support.
The Swedish Tax Agency can process personal data when conducting taxation-related activities in order to:
- establish the basis for and determine, account for, pay and refund taxes (all types of taxes that the Swedish Tax Agency manages) and contributions (including social security contributions, late payment penalty charges, tax surcharges and contributions to registered religious organisations)
- determine pensionable income
- administer property taxation and preparatory work for property taxation
- carry out audits and other analysis and control activities
- exercise supervision, suitability testing (for example, when assessing F-tax applications), permit checks and other similar control measures
- undertake administration:
- in accordance with Swedish legislation (2007:324) on the conduct of certain creditor duties by the Swedish Tax Agency
- relating to other liability matters with regard to somebody else’s taxes and charges,
- in accordance with Swedish legislation (2015:912) on the automatic exchange of financial account information, and Chapter 22b of the Tax Procedures Act
- in accordance with Swedish legislation (2017:182) on the automatic exchange of country-by-country reports in the field of taxation, and Chapter 33a of the Tax Procedures Act
- in accordance with Chapter 33b of the Tax Procedures Act,
- in accordance with Swedish legislation on short-time work allowance (2013:948) and reorientation support (2020:548)
- fulfil obligations regarding international commitments to which Sweden is bound
- administer notifications from employers regarding the employment of citizens of countries other than Sweden referred to in Swedish legislation (2013:644) on the right to salary and other compensation for work performed by a citizen of another country who is not entitled to reside in Sweden
- manage data relating to sick pay costs
- internal supervision, control, follow-up and planning relating to the Swedish Tax Agency’s activities
Data relating to taxation activities is used in carrying out the following activities, for example: prefilling and reviewing tax returns; determining taxes, contributions and pensionable income; issuing tax decisions (final tax details); selection, control and audit processes; property taxation; automatic exchange of taxation information; assessment of cases concerning the payment of reorientation support and short-time work allowance.
This data may also be processed in order to provide information needed for the statutory activities carried out by other public authorities, such as the Swedish Social Insurance Agency (“Försäkringskassan”), the Swedish Enforcement Authority (“Kronofogden”) and the Swedish Customs Service (“Tullverket”). These activities may include:
- establishing the basis for and determining, accounting for, paying and refunding taxes or fees (for example when the Swedish Tax Agency provides information to the Swedish Customs Service to enable the collection of taxes and duties)
- manage enforcement and recovery proceedings, and debt and corporate debt restructuring processes
- provide the basis for calculation, decision-making and control with regard to benefits, contributions and other support (for example, in order to assess housing benefit, maintenance allowances and study grants)
- calculate pensions
- exercise supervision and control, suitability and authorisation tests and other similar tests (such as the Swedish Customs Service’s checks regarding goods subject to excise duty)
- update and supplement property information in the registers of other public authorities
We may also disclose data processed during taxation-related activities to other recipients. For example, we often disclose data on determined incomes and taxes to municipalities and certain credit information companies.
Credit information companies can also obtain data relating to taxation; F-tax approval; property ownership; and registration for VAT and employer contributions. We also provide banks with information required for payments; registered religious organisations with data regarding fees; and employers or hiring companies with data needed to deduct preliminary tax.
Legislative provisions
- Legislation (2001:181) on the processing of personal data in the Swedish Tax Agency’s taxation activities; Swedish Constitutional Collection 2001:2001:181 to SFS 2022:169 (The Riksdag, in Swedish) External link.
- Regulation (2001:588) on the processing of personal data in the Swedish Tax Agency’s taxation activities; Swedish Constitutional Collection 2001:2001:588 to SFS 2022:868 (The Riksdag, in Swedish) External link.
Combating crime
The Swedish Tax Agency processes personal data in its activities to combat crime – for example, to investigate and prevent crimes specified in our list of offences. Our Tax Offences Unit is separate from the Swedish Tax Agency’s other operational areas. The list of tax offences can be found in Section 1 of the legislation (1997:1024) on the Swedish Tax Agency’s activities to combat crime.
The Swedish Tax Agency processes personal data in conducting its activities to combat crime. The special provisions include regulations on how we may process personal data during intelligence gathering and criminal investigation activities.
Legislative provisions
- Criminal Data Act (2018:1177) (The Riksdag, in Swedish) External link.
- Criminal Data Ordinance (2018:1202) (The Riksdag, in Swedish) External link.
- Legislation (2018:1696) on the Swedish Tax Agency’s processing of personal data in activities to combat crime (The Riksdag, in Swedish) External link.
- Ordinance (2018:1877) on the Swedish Tax Agency’s processing of personal data in activities to combat crime (The Riksdag, in Swedish) External link.
- Legislation (1997:1024) on the Swedish Tax Agency’s activities to combat crime (The Riksdag, in Swedish) External link.
Population registration
The Swedish Tax Agency processes personal data to carry out its population registration activities – for example, concerning people who are, or have been, registered in Sweden, and individuals who have been assigned coordination numbers. The purpose of the Swedish Population Register is to meet society’s needs for personal data on Sweden’s population.
The Swedish Tax Agency can process the following data in the Population Register database:
- personal identity number or coordination number
- names
- date and time of birth
- place of residence at time of birth
- place of birth
- address
- building, apartment number, city/town, district and population registration
- citizenship
- marital status
- spouse, children, parents, guardians and other individuals with whom the data subject is associated in the Population Register
- relationship to individuals including spouse, children or parents in connection with an adoption
- moving to Sweden from abroad
- deregistration in accordance with the Population Registration Act (1991:481)
- notification under the Swedish Elections Act (2005:837)
- burial
- personal identity number assigned in another Nordic country
- an individual’s right of residence
In the case of individuals who are employed by, or who serve, a foreign diplomatic mission or consulate, the Swedish Tax Agency may process information regarding the grounds for an individual being granted a personal identity number or coordination number, and the documents with which they have identified themselves. We may also process data relating to individuals who have been given coordination numbers if there is uncertainty about their true identity.
All personal data processing is carried out at the Swedish Tax Agency’s offices, where we register data based on documentation such as birth notifications, change of address notifications, notifications of a move to Sweden, and death certificates. Swedish Tax Agency offices can also disclose personal data in the form of population registration certificates, for example.
The Swedish Tax Agency provides information to other public authorities on a daily basis, including the Swedish Social Insurance Agency (“Försäkringskassan”), the Swedish Mapping, Cadastral and Land Registration Authority (“Lantmäteriet”), the Swedish Migration Agency (“Migrationsverket”), the Swedish Board of Student Aid (“Centrala studiestödsnämnden”) and the Swedish Transport Agency (“Transportstyrelsen”). We also provide municipal administrations, county councils and the Church of Sweden with information they require.
Legislative provisions
- Legislation (2001:182) on the Swedish Tax Agency’s processing of personal data in its population registration activities (The Riksdag, in Swedish) External link.
- Ordinance (2001:589) on the Swedish Tax Agency’s processing of personal data in its population registration activities (The Riksdag, in Swedish) External link.
- Population Registration Act (1991:481) (The Riksdag, in Swedish) External link.
- Swedish Elections Act (2005:837) (The Riksdag, in Swedish) External link.
Forms and email
The Swedish Tax Agency processes the personal data entered in our forms to make it easier for private individuals and businesses to ask us questions, to help us provide satisfactory answers to technical questions, and to facilitate registration for webinars.
The Swedish Tax Agency is the personal data controller, and is responsible for the processing of personal data in accordance with the applicable data protection regulations.
The legal bases for processing your personal data are to perform tasks of public interest and to carry out our responsibilities as a public authority. The Swedish Tax Agency wants to provide excellent service to private individuals and businesses – for example, by making it easier for them to ask questions about taxation, property ownership or population registration. We also need personal data in order to answer technical questions, and to facilitate your registration for webinars.
We process the following personal data in our contact forms:
- names
- telephone numbers
- email address
- IP address
If you wish to provide additional details relating to an ongoing case, you must also state your personal identity number.
The personal data you provide will be processed by Swedish Tax Agency case administrators who have the authority to answer your question or to initiate or supplement the details associated with a case.
Do not enter personal data in the free text field
If you have a general question for the Swedish Tax Agency, you only need to state your email address or telephone number – please do not enter any other personal information in the free text field. We will contact you if we need any further information to be able to answer your question.
All the details you email to us are public records and may be disclosed to another party on request.
Personal data processed for general questions is stored for a maximum of two years. For case administration, your personal data will be stored to the extent, and for the time period, required by law – for example, in accordance with the Swedish Archives Act.
Identity cards
The Swedish Tax Agency has a database containing information about ID cards issued to people listed in the Swedish Population Register. The Swedish Tax Agency processes the personal data in the database required to issue identity cards. We may also process personal data in this database when we disclose data in accordance with laws or regulations.
This database includes the following personal data categories:
- names
- personal identity number
- date and time of birth
- height
- gender
- date of ID card issue
- ID card number
- expiry date
- applicant’s signature
- copy of the photo on the individual’s ID card
Legislative provisions
SPAR
The Swedish Tax Agency processes your personal data in SPAR, the Swedish state’s personal address register. SPAR is a public register with details of everyone who is listed in the Swedish Population Register – regardless of citizenship. The register also includes some individuals with coordination numbers. The register is regulated by a special law. The Swedish Tax Agency has a special committee (the SPAR Board: “Sparnämnden”), which has decision-making powers in certain matters concerning SPAR.
The data contained in SPAR may only be processed for two purposes: control and selection.
An example of data processing for control purposes is when an organisation requests information to update its customer register with accurate data.
An example of selection is to enable organisations to obtain name and address data for purposes such as direct marketing and market research. Population samples can be selected according to parameters such as gender, age, location and income range.
The following categories of personal data are processed in SPAR:
- names
- personal identity number or coordination number
- date and time of birth
- address
- city/town and district of residence
- place of residence at time of birth
- Swedish citizenship
- spouse or guardian
- deregistration from the Swedish Population Register due to death (indicating the date of deregistration), or deregistration for other reasons
- the sum of determined earned income and income from capital, down to a minimum of SEK 0
- ownership of residential houses, or farm units with land comprising residential houses, and details of the municipality
- taxable value of residential houses
A special application procedure must be followed to obtain SPAR data from the Swedish Tax Agency. The data may be provided electronically in certain circumstances.
Legislative provisions
Marriage register and estate inventories
The Swedish Tax Agency is the personal data processor for the marriage register and the estate inventories register. The marriage register includes details of prenuptial agreements and gifts between spouses. The estate inventories register includes personal data relating to deceased persons, the names and addresses of those summoned to estate inventory proceedings, and assets and liabilities.
The Swedish Tax Agency processes personal data if necessary to manage the marriage register. We may also process personal data in the marriage register database when we disclose data in accordance with laws or regulations.
The marriage register includes information about:
- gifts between spouses
- division of property
- prenuptial agreements
- spouses’ names
- spouses’ personal identity numbers
- assets and liabilities
- information contained in divorce judgements
The Swedish Tax Agency also administers estate inventories and archives deceased persons estate notifications. We may process personal data if necessary when registering estate inventories. We may also process personal data when we disclose data in accordance with laws or regulations.
The estate inventories register includes personal data such as:
- details about deceased persons
- names and addresses of those who have been summoned to estate inventory proceedings
- assets and liabilities
- prenuptial agreements
- wills and gifts.
Legislative provisions
- Legislation (2015:898) on the Swedish Tax Agency’s processing of personal data in activities relating to the marriage register and estate inventories register (The Riksdag, in Swedish) External link.
- Legislation (2015:905) on the Swedish Tax Agency’s processing of personal data in activities relating to the marriage register and estate inventories register (The Riksdag, in Swedish) External link.
- Marriage Code (1987:230) (The Riksdag, in Swedish) External link.
- Inheritance Code (1958:637) (The Riksdag, in Swedish) External link.
Kontakta oss
Aktuellt
-
16,5 miljarder har betalats ut i elstöd till företag
Möjligheten för företag att söka elstöd stängde den 25 september. Totalt har 118...
-
Budgetpropositionen inlämnad till riksdagen
Regeringen överlämnade den 20 september sitt budgetförslag för 2024 till riksdag...
-
Varning för bluff-sms
Falska mejl, samtal och sms förekommer i olika varianter och de är särskilt vanl...
Tillsammans gör vi samhället möjligt