Data Privacy Policy

This Data Privacy Policy governs the International Council of Swedish Industry’s (“NIR”) processing of personal data.

NIR processes personal data in a secure manner in accordance with the applicable data protection laws such as Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation / “GDPR”), as well as other applicable data protection laws and Swedish law.

NIR must comply with the competent supervisory authority’s decisions. The contact details of the competent supervisory authority can be found in Section 5 of this Privacy Policy. This Privacy Policy explains how NIR processes personal data with data subjects in contacts and collaborations with members, potential members, participants at events and activities, consultants, suppliers, grant providers and cooperation partners. It further describes how personal data will be processed, access rights to the personal data, and for what purposes the processing takes place. This Privacy Policy also sets out the legal basis for the processing of personal data, as well as rights as a data subject.

1. Purpose and legal ground

1.1         NIR acts as the data controller when processing personal data, which means NIR alone or jointly with others determines the purposes and means for the processing of personal data. Personal data means any information relating to an identified or identifiable natural person. Processing of personal data means, including but not limited to: collecting, registering, organising, structuring, storing and processing. Processing also means alteration, production, reading, listening, using and disclosing by transfer, disseminating, changing, removing as well as deletion.

1.2         NIR is responsible for ensuring that personal data is processed correctly and in accordance with applicable Swedish law and EU law. NIR collects and processes personal data in connection with visits, participation in NIR events or registration on NIR’s home page, through contact by telephone, email or letter, when registering for NIR’s newsletter, when submitting a review of NIR or its services and when personal data is provided by third parties. NIR may also ask data subjects to fill out forms that include personal data.

1.3         NIR processes personal data for the following purposes:

(i)      To administer and manage membership applications including but not limited to purchase, invoicing and payment. Also, to administer and manage contracts for consultants and suppliers. The legal ground for this is that the processing is necessary for the performance of an agreement or contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into an agreement or contract (Art. 6(1)(b) GDPR).

(ii)    To contact existing and potential members and cooperation partners by email, newsletters or letters to inform about NIR’s offers, events and services. The legal ground for this is that the processing is necessary and that NIR has a legitimate interest (Art. 6(1)(f) GDPR) that is not overridden by the fundamental interests and freedoms of the data subjects.

(iii)  To contact cooperation partners by email or letter to enter into a partnership/cooperation and/or in relation to administration and performance of existing agreements or contracts with cooperation partners. The legal ground for this is that the processing is necessary for the performance of an agreement or contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into an agreement or contract (Art. 6(1)(b) GDPR).

(iv)  To comply with legal obligations to report to authorities and cooperation partners, grant providers and/or consultants in relation to funding, paying taxes and other fees to the relevant Swedish authorities. The legal ground is that processing is necessary for compliance with a legal obligation to which the controller is subject (Art. 6(1)(c) GDPR).

(v)    To process personal data contained in emails received from potential members, suppliers and cooperation partners for the purpose of taking steps to enter into an agreement or contract (Art. 6(1)(b) GDPR) or for the purposes that NIR has a legitimate interest to process such personal data (Art. 6(1)(f) GDPR) that is not overridden by the fundamental interests and freedoms of the data subjects.

1.4         In the event NIR processes personal data based on a data subject’s consent (Art. 6(1)(a) GDPR), NIR will first submit information to the data subject before the consent is collected.

2.   Categories of personal data

2.1         Any personal data from data subjects will be collected and stored by NIR. Personal data may also be collected by NIR from other public sources and external partners from other countries. Personal data that may be processed by NIR includes:

(i)      email address, address, first and last name, name of employer, membership number, telephone number, payment details, IP address, picture, personal settings, etc.

(ii)    the use of cookie files stored on computer or telephone (or other digital device) for the purpose of identifying browser and to recognise settings and preferences. Data subjects have the right to refuse NIR’s processing of personal data through the use of cookie files.

(iii)  information collected during meetings, seminars, interviews, surveys and other communication with NIR.

2.2        NIR will only process personal data necessary for the specific purpose of the processing. NIR will process privacy sensitive information and sensitive personal data, including but not limited to banking information, food intolerances and medical certificate.

3. Processing and Transfer

3.1         Personal data will be stored in a database for the purposes described above. If NIR engages cooperation partners, NIR shall ensure that any personal data is afforded equivalent protection as prescribed in this Privacy Policy and in accordance with GDPR. NIR may also transfer personal data to others within NIR’s membership, coordinators, cooperation partners and grant providers, as well as third parties, including but not limited to suppliers, cloud service providers, consultants and authorities. NIR shall only transfer personal data provided it has a legal ground under GDPR to do so.

3.2         NIR may also transfer personal data to a third country, i.e. a country outside the EU/EEA, or to international organisations according to applicable laws and data regulations. NIR and third parties may be based anywhere in the world, which could include countries that may not offer the same legal protections for personal data as your country of residence. NIR will follow local data protection requirements and its internal global privacy standards and NIR will apply the necessary safeguards under the applicable law of the country transferring the data for such transfers.

3.3         Personal data will be stored during the time it is necessary for NIR to fulfil its obligations and for the purposes set out above. NIR will bring necessary measures to provide the personal data with protection against unauthorised access and loss thereof. The personal data will be, dependent on the purpose for which it is collected, archived, confidentially erased or anonymised in accordance with the rules of archiving when it is no longer necessary.

3.4         As personal data will be transferred over the internet, it is important to be aware of the associated risks. In the event a personal data incident incurs, it shall be notified to NIR as soon as possible and in any event within 24 hours of becoming aware of the incident. A personal data incident means a security incident that leads to an accidental or unlawful destruction, loss or alteration, unauthorised disclosure or unauthorised access to the personal data transferred, stored or otherwise processed.

3.5         When the data subject processes its own personal data, it acts as the data controller. It is therefore important to protect and update login information, protect devices such as the telephone and computer against viruses, etc., and comply with applicable law and data protection legislations. When entering free text responses, caution must be taken to avoid entering any integrity, sensitive or unnecessary personal data.

3.6         Subject to applicable data protection legislation, NIR shall not be liable for any damages arising from the processing of personal data. In any event, NIR shall not be liable for indirect damages.

4.  Rights of data subjects

4.1         Data subjects have the right to request information about NIR’s processing of personal data. If a request is made electronically, NIR shall provide the information in an electronically readable form which is structured and commonly used. Any request from data subjects shall be answered within a reasonable period of time by NIR.

4.2         NIR shall, upon request, provide information about the purpose of the processing, what personal data is being processed, recipients of the personal data and, if possible, for how long the personal data will be stored. Upon request, NIR shall also provide information about the possibility to request deletion, rectification or alteration of the personal data, as well as how to lodge a complaint to NIR or the competent supervisory authority. Furthermore, NIR shall upon request provide information about the origin of the personal data, the existence of profiling and automatic decision-making, and any transfers to third countries. If requested, NIR shall also provide the data subjects with a copy of the processed personal data.

4.3         Data subjects have the right to object to NIR’s processing of the personal data such as, for example, when processed in connection with direct marketing. Data subjects also have the right to request deletion, restriction and rectification of the personal data. If consent is withdrawn, or if the stored personal data is incorrect or irrelevant, NIR must delete, restrict or correct such personal data.

4.4         Data subjects have the right to transfer the personal data to another data controller (data portability), as well as to lodge a complaint regarding NIR’s processing of personal data. Complaints shall be submitted to NIR and/or the competent supervisory authority according to the contact details in section 5 below.

4.5         Please note that this Privacy Policy may be updated at any time. It was last updated on 25 April 2022. The latest updated version shall at all times be found on NIR’s website at:

5           Contact Details

5.1         The contact details of the competent supervisory authority, Swedish Authority for Privacy Protection (sw. Integritetsskyddsmyndigheten / “IMY”) 202100-0050 is as follows: Box 8114, SE-104 20 Stockholm, Sweden. Imy can also be contacted by telephone, +46 (0)8-657 61 00, or by e-mail, For more information about the Swedish Authority for Privacy Protection, please visit

5.2         NIR is a data controller and NIR’s contact details are as follows:

The International Council of Swedish Industry (Näringslivets Internationella Råd, in Swedish), 802007-5290, with the address: Box 13009, SE-103 01 Stockholm, Sweden. NIR can also be contacted by telephone at +46 (0)8 783 0050, or by e-mail at



lack of enabling environment for social dialogue at the workplace level, despite the provision of legislative acts that protect and promote workplace cooperation is a reoccuring issue  in Kenya. To implement good policy there must be a fertil ground.

Therefore SWP developed the UP!  project. Together with Swedish companies as an entry point, and with unions i South africa and Kenya. 

In Kenya SWP created the SWP UP! Programme targeting skills development of the union Shop Stewards from 18 companies in the Automotive sector in Kenya during 2021. As a result, the Stewards were able to use their skills to build trust and cooperation with management in new ways to avoid conflicts. 

A second cohort of training, in close cooperation with union AUKMW, takes place in 2022.

The training allows shop stewards to step out of their daily routines and understand their role and the purpose of their union, understand the labour market context, the laws that regulate relationships and the business itself. But on a human level, many shop stewards also highlighted that they feel respected as human beings, and that they have developed the skills to engage with supervisors and management and experience respect in professional relations. The experiences had deeply impressed them and helped to project the vision of dialogue and mutual respect and their own potential as a means to change workplaces.

The intervention of the SWP programme had a direct effect at the workplaces, where shop stewards listed several cases where they had managed to intervene and secure results in dialogue with management, avert crises or find solutions based on opportunities and the communication skills obtained during the SWP training. For the Amalgamated Metal Workers Unions in Kenya, the shop stewards pointed to how the training had enabled them to design their own strategies at the workplace in relation to supervisors and staff, and to achieve many concrete results.

Based on this shop steward upskilling, I feel confident that as a union we now have change ambassadors that will grow the industry, protect, and promote decent work principles for both the employer and the employees represented. And that disputes will be dealt with at the workplace level by though consultative dialogue.

Rose Omamo

General Secretary
Amalgamated Union of Kenya Metal Workers