Privacy policy

We care about your privacy regarding the information we have about you. In our privacy policy, you will find answers to what we use your data for and how we protect it. GS1 Sweden AB, org.nr 556667-6770 (“GS1”, “we”, “us”, and “our”), with postal address Box 1178, 111 91 Stockholm, and email address hr@gs1.se, values your personal privacy. We therefore strive to always protect your personal data in the best possible way and comply with all applicable laws and regulations for data protection. Through this privacy policy, we want to inform you about how your personal data is processed by us.

Data Controller

GS1 is the data controller for the processing of your personal data and is responsible for ensuring that such processing is carried out in accordance with applicable legislation.

Personal Data We Process About You

In your contact with GS1, you will provide certain information to us. GS1 processes, among other things, personal data in the form of name, address, email address, photos, and videos. In rare cases, personal data about health may be processed. For sole traders, personal identification numbers are also processed. GS1 may collect personal data from you in the form of IP addresses and user interactions through cookies. Read more about our use of cookies on gs1.se in our cookie policy.

Who Can Access Your Personal Data?

Your personal data will be processed by GS1. Additionally, your personal data may be shared with third parties who process personal data on our behalf, so-called data sub processors. This applies to our IT and system suppliers who may have access to your personal data on our behalf when they perform services for us. We may be required to disclose your personal data to authorities who then process your personal data on their own behalf. In these cases, the authority is the data controller for the processing of your personal data. When participating in reference group meetings, we may share your personal data that appears in meeting minutes with reference group members who did not attend the meeting.

Transfer of Your Personal Data to Third Countries

We and our suppliers and partners primarily process your personal data within the EU/EEA or in countries outside the EU/EEA where there is an adequacy decision from the EU, such as when personal data is transferred to the USA and the recipient has joined the EU-US Data Protection Framework. For transfers to countries outside the EU/EEA where there is no adequacy decision from the EU, other legal transfer mechanisms are used, such as the EU Commission’s standard contractual clauses in agreements with the recipient of the personal data.

Specific to individual Traders

If you are a sole trader and the business name includes your personal name, the following also applies. We share this information, as well as your company’s contact details, with certain selected recipients who process the personal data on their own behalf. This may include a bank that makes a payment or a reseller who uses the information we share with them to verify that the identification number your company uses is based on a valid GS1 license. Additionally, the information will be shared with third parties through services provided by GS1 or GS1’s global organization. In all cases, the personal data may be processed outside the EU/EEA, such as in the USA.

Transfer of individual Traders’ Personal Data to Third Countries

The transfer of your personal data to countries outside the EU/EEA primarily occurs to countries where there is an adequacy decision from the EU, such as when personal data is transferred to the USA and the recipient has joined the EU-US Data Protection Framework. The transfer of personal data to countries outside the EU/EEA where there is no adequacy decision from the EU is carried out in accordance with your explicit consent, which is obtained separately. In some cases of transfers to third countries, there may be no adequacy decision from the EU or appropriate safeguards for the transfer. There may be no supervisory authority and/or data processing principles and/or rights for the data subject in the recipient country. Despite this, we assess that a transfer can take place without risk, considering that the personal data constitutes information regarding your company.

Purpose and Legal Basis for Our Processing of Your Personal Data

GS1 bases the processing of your personal data on several legal grounds and for several purposes as described below.

Purpose	Legal Basis
To fulfil the statutory obligations that GS1 has under, for example, the Accounting Act (1999:1078) and tax legislation, which includes an obligation to keep a record of participants at representation.	Fulfilment of legal obligations.
To administer GS1’s courses, steering groups, and working groups.	Legitimate interest in administering GS1’s courses, steering groups, and working groups. For sensitive personal data processed in connection with the administration of courses, steering groups, and working groups (health data in the form of allergies, dietary preferences, and pregnancy), GS1 uses consent as the legal basis.
To market GS1 with films and photos from events, courses, and meetings, as well as the names of participants at events, courses, and meetings.	For marketing GS1, consent is used as the legal basis. This is obtained in connection with participants’ registrations for events, courses, and meetings.
To send newsletters.	For sending newsletters, consent is used as the legal basis. You can withdraw your consent at any time by clicking “unsubscribe” in newsletters you receive from us or by contacting us.
To administer GS1’s business relationships with customers, member companies, partners, and suppliers.	Legitimate interest in administering business relationships with customers, member companies, partners, and suppliers.
For performance of contracts with customers, member companies, partners, and suppliers.	Legitimate interestperformance of contracts with customers, member companies, partners, and suppliers if they are not sole traders. For performance of contracts with customers, member companies, partners, and suppliers who are sole traders, the legal basis is performance of contracts.
To communicate with customers, member companies, partners, suppliers, and stakeholders.	Legitimate interest in communicating with customers, member companies, partners, suppliers, and stakeholders.

Providing your personal data is, in some cases, a requirement necessary to enter into an agreement between your company and us. You are not obliged to provide the personal data. If you do not provide your personal data to us, we will not be able to fulfil our agreement or meet our obligations in relation to your company.

How Long Do We Keep Your Personal Data?

We never process your personal data for longer than is permitted under applicable law, regulation, practice, or authority decision. Personal data that we process based on legitimate interest as the legal basis is processed only as long as this legitimate interest remains. Personal data that we process for performance of contracts with your company is as a main rule processed for the time necessary to administer the contractual relationship, exercise our rights, and fulfil our obligations in relation to your company as our customer. To comply with legal requirements, we may retain your personal data for as long as necessary to fulfil our legal obligations. For example, certain data must be retained for seven years under the Swedish Bookkeeping Act.

Your Rights

In accordance with applicable data protection legislation, you have the right to access information about the personal data we process about you, including the purposes of the processing, recipients of your personal data, storage period for the personal data, and information about transfers of your personal data to third countries. You also have the right to request the rectification of your personal data if it is incorrect, and in some cases, complete incomplete personal data.

Under certain conditions, you also have the right to request the erasure or restriction of your personal data or object to our processing. The right to erasure applies, for example, if the processing of the personal data is no longer necessary for the purposes for which the personal data was collected, if you withdraw a consent you have given and no other legal basis for the processing exists, or if the personal data is processed unlawfully. In some cases, you do not have the right to erasure even if the above circumstances exist. This applies, for example, when the processing is necessary for GS1 to fulfil legal obligations or for GS1 to assert or defend legal claims. The right to restrict GS1’s processing of your personal data is relevant, for example, during the time GS1 investigates whether personal data is correct after you have disputed the accuracy of the personal data, the processing is unlawful, or if you object to GS1’s balancing of interests regarding the processing of your personal data and await an assessment on whether GS1’s interests override yours.

The right to object to GS1’s processing of your personal data applies, among other things, if GS1 can no longer demonstrate compelling legitimate interests that override yours. When we base the processing of your personal data on your consent or on the legal basis for performance of contracts, you have, under certain conditions, the right to obtain the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format and have the right to transfer this to another data controller. When technically possible, you have the right to have the personal data transferred directly from GS1 to another data controller.

You have the right to withdraw a given consent for the processing of personal data at any time with effect from the time the withdrawal is made. You also have the right to object to the processing of your personal data for direct marketing at any time.

If you have any complaints regarding our processing of your personal data, you have the right to lodge a complaint with the Swedish Authority for Privacy Protection or another competent supervisory authority that oversees companies’ processing of personal data.

Contact us

If you want to use your rights as described above or otherwise want to contact us regarding our processing of your personal data, you can contact us

Name	wp-wpml_current_language
Function	Saves your language settings to display the website in the correct language.
Duration of Storage	24 hours
Name	_icl_current_language
Function	Saves your language settings to display the website in the correct language.
Duration of Storage	24 hours

Name	VISITOR_INFO1 _LIVE
Function	Third-party cookie from YouTube that saves your preferences when playing YouTube videos and is used to detect and solve issues with the integration of YouTube.
Duration of Storage	6 months
Name	YSC
Function	Third-party cookie from YouTube that ensures that requests related to the playback of YouTube videos are made by you and not by anyone else. This cookie prevents malicious sites from acting on your behalf without your knowledge.
Duration of Storage	Deleted when you close your browser (session cookie).
Name	skin
Function	Third-party cookie from Vimeo used to analyze user behavior in relation to Vimeo videos.
Duration of Storage	2 years
Name	_utmt_player
Function	Third-party cookie from Vimeo that stores and tracks audience reach for Vimeo videos.
Duration of Storage	10 minutes

Guides

Standards

Services

Industries

About us

Customer Service

Insights and news

Privacy Policy