Our data protection policy
At Stockholmsmässan, we care about your personal privacy. We strive to maintain a high level of security in our work with data protection. This policy describes how we gather and use personal data and how we work to protect this data using both technological and organizational safeguards. “Personal data” refers to all types of data that can be linked to you as a living, natural person. The policy also describes your rights with regard to how we process your personal data and how you can exercise these rights.
Stockholmsmässan processes personal data in accordance with the General Data Protection Regulation (Regulation No. 2016/679 of the European Parliament and of the Council, also called “GDPR”).
Personal data controller
The personal data controller is Stockholmsmässan AB, CIN 556272-4491, at the address Mässvägen 1, 125 80 Stockholm, Sweden.
(For information about the processing of personal data for employees at Stockholmsmässan, please refer instead to Stockholmsmässan’s data protection policies for employees and consultants.)
Which personal data does Stockholmsmässan process?
The personal data we process depends on your relationship with us. We have described in the following table the most common categories of personal data that we process. We gather the information directly from you, from our partners and suppliers or from publicly available registers. This data may also be gathered via digital channels, for example when you visit one of our websites or use a mobile app.
Stockholmsmässan does not gather personal data from children. To buy tickets to our events, you must be at least 18 years old.
In some cases, we gather personal data from you, but the data refers to someone else. For example, if you buy a ticket to an event, you can sometimes purchase person-specific tickets to multiple people or register multiple people to activities during an event. If you are an exhibitor, you may also register in the same way the people who will be working at your stand or register several contact persons in your organization. In such situations, we assume that the person who provides us with the personal data of other people has their consent or in some other way has a valid reason for providing us with this information. We will inform concerned persons about our personal data processing policy during our first contact with them.
Your personal data can also be found in different types of data logs that are necessary for several of our digital systems to function properly. These logs refer to, for example, access to information, incoming and outgoing emails or telephone conversations.
We also occasionally document Stockholmsmässan’s events with photos, video recordings or audio recordings, and these may sometimes constitute personal data.
Please note that Stockholmsmässan does not gather any information about credit card payments. All payment information is handled by third-party suppliers, who are independent controllers for the processing.
Legal basis and purpose for processing personal data
Stockholmsmässan processes personal data for several different purposes. The primary purposes are so that we can
- Process orders, purchases, customer service matters and communication with visitors, exhibitors and organizers
- Document, evaluate, develop and market our operations
- Fulfill our commitments as partners and a member of society
- Stop fraud and prevent crime
Marketing mailings from us always offer the possibility of “opting out” of future similar mailings.
All processing of personal data that Stockholmsmässan carries out can be justified based on one or several of the following legal grounds:
Compliance with a legal obligation
Example: We need to process some personal data to fulfill the requirements set out in the Accounting Act.
Example: When you buy a ticket online to one of Stockholmsmässan’s events, we must obtain some personal data from you, so we can send you the ticket. If you are an exhibitor at an event, we must process your personal data to be able to deliver ordered services and invoice what you have ordered.
Example: If you are professionally active in a certain industry and Stockholmsmässan organizes an event in this industry, we may contact you to market the event. We believe that our interests as a company in marketing our events override your interests as a professional not to be subject to marketing. Contact us if you would like more information about the assessment we have made in this matter.
Example: When you subscribe to one of our newsletters or participate in one of our competitions, we ask if you consent to us processing your personal data. In cases where processing is justified only by consent, you may withdraw your consent at any time and request that we cease with the processing in question. Contact us if you would like to withdraw your consent.
With regard to photos, video recordings and audio recordings, Stockholmsmässan has a legitimate interest in documenting its operations. This means, for example, that general photos (“exhibition crowds” or “mingle shots”) may be used without every individual person in the picture being asked for consent. The right to use photos where individuals are in focus is regulated in a separate agreement with our professional contacts, for example exhibitors and partners. If you have not signed such an agreement with Stockholmsmässan, for example if you are a visitor to one of our events, we must ask for your consent at the time the photo is taken before we may use a photo where you are in focus. The same applies to video and audio recordings.
Storage periods and safeguards
To protect your personal data from loss, damage or unauthorized processing, Stockholmsmässan constantly works to maintain and improve a number of different safeguards. This applies to physical protection (for example of persons, IT infrastructure and buildings), information security (for example against infringement of IT systems, virus attacks and through back-ups) and organizational protection (for example that only those who need it in their daily work have access to your personal data).
We store your personal data as long as it is necessary to fulfill the purposes described above. The data is then erased or anonymized in a secure manner, so it can no longer be linked to you. Unless agreed otherwise, and if the law does not require us to keep the data longer, the storage periods set out below apply. If you would like us to terminate the storage of your personal data earlier than this, you may request that we do so. See the section entitled “Your rights”.
If you are in contact with us as part of your profession, for example as an exhibitor or a visitor to a trade fair or other event that is not open to the public, we will save your personal data for four years after your most recent activity. “Activity” refers to when you, for example, buy a ticket or register for a new event, participate in a competition, engage in a dialogue with us via email or by telephone or click on a link in one of our newsletters.
If you are in contact with us as a private individual, for example as a visitor to one of our events that is open to the public, we will save your personal data for two years after your most recent activity.
If we have not been in contact with you yet, for example because we are in the midst of planning an event together with an organization in which you are a member and you are thus a potential exhibitor, we will save your personal data for at the most one year from the date that we gathered the data.
Photos, video recordings and audio recordings
Recordings that document our operations will be saved for different periods of time depending on the purpose. If they are of future historical interest, we will save them as long as the technological lifetime allows.
Transfer of personal data to others
Stockholmsmässan will never sell your data to a third party if we have not received your consent to do so. However, we may turn over your personal data to the following categories of recipients:
Example: Stockholmsmässan may turn over necessary information to authorities such as the Swedish Police or the Swedish Tax Agency if we are obligated to do so by law.
Another company in the Group
Example: If Stockholmsmässan forms a subsidiary for one of our events, this company may process your personal data. In the event personal data has been gathered in accordance with this data protection policy, a corresponding protection level also applies in the other company.
Another personal data controller (with Stockholmsmässan as partner)
Example: If Stockholmsmässan arranges an event in cooperation with another organization, for example a trade association, both Stockholmsmässan and the trade association will have access to your personal data. Both parties are then personal data controllers for their own processing of your personal data.
Another personal data controller (with Stockholmsmässan as personal data processor)
Example: If Stockholmsmässan arranges an event on behalf of another organization, Stockholmsmässan as the processor will process personal data on behalf of this organization. In this case, the other organization is the controller. Given such an arrangement, we will enter into a processor agreement that clearly specifies which personal data processing Stockholmsmässan may carry out and for how long.
Processor (with Stockholmsmässan as the controller)
Example: If Stockholmsmässan employs another organization to carry out certain services on its behalf – for example seminar bookings, ticket sales, transports, telemarketing or the operation of IT systems – this could mean either that the organization gathers personal data for us, or needs access to the personal data Stockholmsmässan has gathered. In this case, we are the controller and the other organization is the processor. We then enter into a processor agreement with the aim of ensuring that personal data is processed correctly and securely.
Exhibitors at trade fairs – lead track
At trade fairs and other events not open to the public, exhibitors at Stockholmsmässan can purchase a lead track service. If you visit a trade fair and agree to let an exhibitor scan your name tag, you consent to Stockholmsmässan giving out your registered personal data to the exhibitor in question.
Transfer of personal data to countries outside the EU/EEA
Stockholmsmässan’s basic principle is that we do not transfer personal data to organizations outside of the EU/EEA. The exception is operations conducted in a third country that is considered to have an adequate protection level in accordance with the European Commission’s decision under Article 45 of the GDPR.
If an exhibitor who has purchased the lead track service (this service is offered at certain trade fairs) comes from a country outside the EU/EEA, it is possible that the exhibitor will transfer scanned visitor information to its home country. If you are a visitor at a trade fair and you do not want this to happen, you should decline when such exhibitors ask if they can scan your name tag.
Links in Stockholmsmässan’s digital channels
There may be links in Stockholmsmässan’s digital channels (e.g. our websites) that lead to other digital channels which are governed by privacy protection rules other than those set out here. In these cases, Stockholmsmässan is not responsible for any data or processing of data in another organization’s digital channel.
According to GDPR, if you are listed in a register you have a number of rights vis-a-vis Stockholmsmässan. If you would like to exercise these rights, go to our website and fill out the form there:
You may also send a letter to:
Attn: Data Protection
125 80 Stockholm, Sweden
Regardless of whether you submit your request online or through a letter, we will respond within 30 days, calculated from the date that we were able to verify your identity. In order to protect you and your personal data, Stockholmsmässan will not turn over data to anyone whose identity has not been verified. If we, regardless of the reason, cannot fulfill your request, we will explain why.
For all rights listed below, if you so desire, you may request that we extend your request to our partners, if we have shared your personal data with any of them.
Right of access to your personal data
You are entitled to obtain confirmation as to whether Stockholmsmässan is processing your personal data and in such a case obtain a summary of the personal data in question. Most of Stockholmsmässan’s systems use email addresses as identifiers, and we will therefore normally deliver the copy of the data digitally to your email address.
Right to rectification
Stockholmsmässan strives to ensure that all data processed by us is accurate. If you discover inaccuracies in your data, you may request that we rectify the inaccurate data. We will then rectify the error.
Right to data portability
If you would like to receive your personal data from Stockholmsmässan in order to be able to use it elsewhere, you are entitled in some cases to receive the data in a structured, commonly used and machine-readable format and transmit it to another controller. However, this assumes that the transfer is technically feasible, that the other party accepts the formats we provide and that this can occur with reasonable effort on our part.
Given the limited volume of personal data that Stockholmsmässan processes, it will almost always be easier for you to provide the other party with your personal data. Please also note that this right is limited to data that is processed with your consent or to fulfill contractual obligations with you and that it only applies to the personal data you have submitted yourself.
Right to restriction of processing
If you would like Stockholmsmässan to process your personal data only for limited purposes, you can request a restriction of processing. This applies, for example, if you consider the information to be inaccurate, that our processing is unlawful, that we no longer need the data for the purpose of the processing, or when you have objected to processing on the grounds of legitimate interests pending the verification of whether our interest overrides your interest. We will then mark the data to ensure that it does not become subject to additional processing and cannot be changed.
Right to erasure (“right to be forgotten”)
If you would like us to cease all processing of your personal data, you may request erasure in some cases. We will then erase all data that can be linked to you as a person. When the erasure is completed, you will receive a confirmation via email, after which we will also delete the sent email.
Please note that an erasure means that we will remove all information about you, including information that you at one point requested to be forgotten. If you would like, we can instead keep your email address in one place, namely on the Forgotten list, with people who do not want to be in our systems at all. If, at some future point in time, we were to obtain your email address in some other way, for example from an organization in which you are a member, we will be able to immediately see that you do not wish to receive any mailings from Stockholmsmässan. There will therefore be no need for you to once again request erasure of your data.
If you think we have made a mistake
If you consider Stockholmsmässan’s processing of your personal data to be in conflict with applicable legislation, or that we have processed a request from you improperly when you wanted to exercise your rights in accordance with the above, you may report this to the Swedish Data Protection Authority (Privacy Protection Authority).