Hoppa till innehållet
ap7 logo

Privacy Policy

(Valid from May 25, 2018, last updated on January 24, 2023)

This policy applies in situations where the Seventh AP Fund (”AP7”), org. no. 802406-2302, processes personal data as the data controller.

This personal data policy applies to specific web pages on www.ap7.se, hereinafter referred to as the ”Website,” but also includes the processing of personal data related to contact persons of contractual partners and other collaborators, as well as in connection with recruitment. AP7 only collects personal data that is necessary, relevant, and not excessive for the purposes for which they are intended.

In normal cases, we process your personal data when you do any of the following on our website. If you are a contact person for our contractual partners, suppliers, and other collaborators, we process your personal data when we communicate with you.

Below, we describe how we collect personal data, categories of personal data, purposes, and legal grounds for the processing of personal data, any transfer of personal data to third parties, and storage periods.

Collection and Processing of Personal Data

Apply for job openings or express your interest in employment with us

Information about possible job openings is advertised on the website. When you click on the link for more information and instructions on how to apply, you will be redirected to our recruitment partners. This means that AP7 does not directly collect personal data in this regard, and the processing of personal data is therefore subject to the personal data policy of our recruitment partners.

In cases where our recruitment partners present candidates to us, AP7 processes the data during the recruitment process. AP7 processes personal data for the purpose of managing current or future recruitment needs. Personal data is mainly processed to receive and evaluate applications, contact applicants, and store applications. The legal basis for the processing of personal data is to fulfill the upcoming employment contract or to take action at the request of applicants before such a contract is concluded. Typical personal data in this context may include name, address, email, photo, phone number, and resume.

AP7 may process personal data about the final candidate for the purpose of conducting reasonable background checks before appointing the current position. Background checks are only conducted for the appointment of senior executives and employees involved in asset management.

The processing is considered necessary to fulfill AP7’s trust mission. The legal basis for the processing of personal data is to perform a task in the public interest. The final candidate is informed that a background check will be conducted and needs to provide their consent. AP7 hires an external provider for background checks and provides the candidate’s name and personal identification number to the provider for this purpose. Personal data related to the candidate who is hired is subject to AP7’s internal rules for the processing of personal data as an employee of AP7 and is stored in accordance with applicable rules. Application documents for candidates who have been presented but have not progressed are stored for two years after the employment decision has become legally binding and then deleted.

Spontaneous applications, i.e., applications that do not relate to a specific job vacancy, are deleted immediately after review or, alternatively, after contact has been made with the person who submitted the application. The legal basis for this processing is a balance of interests.

In some cases, AP7 may recruit certain simpler positions through our website. In these cases, HR department and certain managers involved in the hiring process process the data. The personal data processed in the application mainly consists of name, email, phone number, and personal identification number. The legal basis for the processing is the performance of a task carried out in the public interest. If you are hired, your application documents are archived. If you are not hired, your personal data will be deleted within two years after your last applied position. In case of an appeal process regarding the recruitment case, your personal data will be deleted only after the appeal process has been completed.

As a state authority, AP7 is subject to the principle of public access to official records. This means that if someone requests copies of your application documents, we are obliged to provide them. However, this does not apply to information covered by confidentiality.

Submit bids in our procurement processes

The website contains information about current procurements and how to submit bids for them. When bidders click on the procurement link, they are redirected to AP7 or the procurement consultant engaged by AP7. In cases where bids are submitted to AP7 through a procurement consultant, AP7 begins processing personal data only when the procurement consultant presents the bids to AP7. Submitted bids may contain personal data such as name, address, email, and phone number. AP7 processes personal data for the purpose of managing and evaluating bids received through public procurement processes. Personal data is primarily processed to receive and assess bids, contact bidders, and store bids. The legal basis for the processing of personal data is to perform a task of public interest, i.e., the processing is necessary for AP7 to perform its duties as a state authority under the Public Procurement Act. All bids are registered and, as a general rule, public documents and are thus accessible to the public. The winning bid is registered and retained in accordance with applicable rules. Bids that do not proceed in the procurement process are registered and stored for four years, after which they are deleted.

Communicate via our contact form on the website

The website features a contact form where messages can be submitted. The personal data provided in this form are name and email. We suggest that you minimize the personal data you provide to AP7 and avoid providing sensitive personal data when communicating with us; only provide what is necessary for your inquiry. AP7 processes your personal data only to respond to your inquiry and for the purpose of fulfilling its communication mission as a state authority. The legal basis for the processing is to perform a task of public interest, i.e., the service obligation that AP7 has as a state authority. Incoming messages are deleted after processing. No personal data is stored longer than necessary to handle your inquiry.

Social Media

On Twitter, AP7 is responsible only for any personal data that the authority itself publishes, not for personal data that others submit. On Facebook and Youtube, AP7 is jointly responsible with the provider for any personal data that is published, including personal data published by others.

Subscription to blog posts

In order for you to subscribe to AP7’s blog and receive notifications from us, we need to process your personal data, in this case, your email address. The purpose of processing personal data is to be able to provide subscription services and to fulfill AP7’s communication mission as a state authority. The legal basis for the processing of personal data is to perform a task of public interest, i.e., the service obligation that AP7 has as a state authority. Personal data is deleted when the subscription ends.

Contact Persons of Contractual Partners, Suppliers, and Other Collaborators

In order for us to communicate with our contractual partners, suppliers, and other collaborators, we process personal data about contact persons. The purpose of processing personal data is to manage necessary contacts in contractual or supplier relationships, evaluate services, and manage other external contacts necessary for AP7’s activities as a state authority. The legal basis for the processing of personal data is to perform a task of public interest, i.e., the processing is necessary for AP7 to carry out its duties as a state authority. Typical personal data includes name, address, email, and phone number. Since AP7 is a state authority, we are obliged to follow the rules of the Archives Act. This means, among other things, that personal data in cases to be archived is stored in our business systems. According to archive rules, certain documents may be deleted after a certain period. This means that personal data in such documents is deleted when that time has elapsed. Deleting personal data that is no longer needed is called data minimization.

In exceptional cases, AP7 may access an employee’s email during their employment. This only happens if there are suspicions of irregularities or similar circumstances.

Transfer of Personal Data to Recipients

We transfer personal data to recipients such as operational and system providers only when it is necessary for the conduct of our operations or to fulfill a legal obligation. In normal cases, AP7 does not transfer personal data to a recipient in a country outside the EU/EEA area. However, should such a transfer be necessary for AP7 to fulfill its obligations, AP7 will ensure that your personal data continues to be protected and that the transfer takes place legally.

Public Records

The General Data Protection Regulation and the Data Protection Act do not apply to the extent that it would conflict with the freedom of the press and the freedom of expression guaranteed by the Constitution. AP7 is therefore allowed to disclose public records in accordance with the principle of public access to official records (Chapter 2 of the Freedom of the Press Act). However, this does not apply to electronic disclosure, and in such cases, the provisions of the General Data Protection Regulation and the Data Protection Act apply, such as via email or the internet. Personal data contained in public records may be disclosed to third parties.

Your Rights as a Data Subject

  • You have rights concerning the processing of your personal data. Such rights mean that you can:
  • Request that your personal data be corrected if they are insufficient, incomplete, or incorrect.
  • Object to certain processing of your personal data.
  • Request the erasure of your personal data.
  • Restrict the processing of your personal data.
  • Get information about whether your personal data is being processed by AP7, and if so, receive a copy of your personal data. Receive your personal data, provided by you in a machine-readable format, transferred to another service provider (data portability). This only applies to personal data processed automatically with your consent or to fulfill a contract.
  • Withdraw your consent for AP7 to process your personal data, to the extent that AP7 processes your personal data based on your consent.
  • Lodge a complaint regarding the processing of your personal data with the Swedish Data Protection Authority, www.imy.se, if you believe that the processing of your personal data violates your rights and interests under applicable law.

Data Protection Officer

AP7 has engaged Apriori Advokatbyrå AB as its data protection officer.

Contact Information

Data Controller: Seventh AP Fund Visiting Address: Vasagatan 16, 10th floor, 111 20 Stockholm Mailing Address: Box 100, 101 21 Stockholm Phone: 08-412 26 60 Email for data protection matters: dataskydd@ap7.se
Data Protection Officer:
Caroline Mitteregger, Apriori Advokatbyrå AB Email: caroline@apriorilaw.se
Phone:
08-403 777 10

If You Want to Complain

If you want to complain that our processing is in violation of the General Data Protection Regulation or other privacy legislation, you can contact the Swedish Data Protection Authority. Read more on the Swedish Data Protection Authority’s website.

About Cookies

This website uses so-called cookies. According to the Electronic Communications Act, which came into force on July 25, 2003, all visitors to a website with cookies should receive information about:

  • The website containing cookies
  • What these cookies are used for and their purposes
  • What data is stored in cookies
  • Which cookies we use and how long they are stored
  • If the information comes from or is disclosed to third parties
  • How cookies can be avoided

What Is a Cookie and What Is It Used For?

A cookie is a small text file that the website you visit saves on your computer. Cookies are used on many websites to provide visitors with various features. The information in the cookie can be used to track a user’s browsing.

There are three types of cookies. Permanent cookies are saved as small text files on your computer and are deleted on a predetermined date. They are used, for example, to store settings that the user makes between different visits to the website. Session cookies are stored in the browser’s memory (e.g., Internet Explorer) and are deleted when the browser is closed. They can be used, for example, to maintain a login when the user moves from one page to another. There are also cookies that collect statistics to measure the number of visitors. The statistics collected by this type of cookie are not related to personal data.

Which Cookies Do We Use?

Our website uses the web analytics service Google Analytics 4. Google Analytics 4 (GA4) differs from previous versions of Google Analytics (such as Google Universal Analytics).

When collecting data, Google Analytics 4 does not log or store IP addresses.

  • Analytics removes all IP addresses it collects from EU users before logging data through EU domains and servers.

Additionally, Analytics provides controls to:

  • Disable the collection of Google Signals data by region.
  • Disable the collection of detailed location and device data by region.

For more information, please refer to Google’s help pages.

See which cookies we use LÄNK

If You Do Not Want to Allow Cookies

If you want to delete or block cookies, you can configure this in the security settings of your browser. For settings for your specific browser, please refer to the browser’s help pages.

Cookie Settings LÄNK