Data Privacy Policy

This Data Privacy Policy governs the International Council of Swedish Industry’s (“NIR”) processing of personal data.

NIR processes personal data in a secure manner in accordance with the applicable data protection laws such as Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation / “GDPR”), as well as other applicable data protection laws and Swedish law.

NIR must comply with the competent supervisory authority’s decisions. The contact details of the competent supervisory authority can be found in Section 5 of this Privacy Policy. This Privacy Policy explains how NIR processes personal data with data subjects in contacts and collaborations with members, potential members, participants at events and activities, consultants, suppliers, grant providers and cooperation partners. It further describes how personal data will be processed, access rights to the personal data, and for what purposes the processing takes place. This Privacy Policy also sets out the legal basis for the processing of personal data, as well as rights as a data subject.

1. Purpose and legal ground

1.1         NIR acts as the data controller when processing personal data, which means NIR alone or jointly with others determines the purposes and means for the processing of personal data. Personal data means any information relating to an identified or identifiable natural person. Processing of personal data means, including but not limited to: collecting, registering, organising, structuring, storing and processing. Processing also means alteration, production, reading, listening, using and disclosing by transfer, disseminating, changing, removing as well as deletion.

1.2         NIR is responsible for ensuring that personal data is processed correctly and in accordance with applicable Swedish law and EU law. NIR collects and processes personal data in connection with visits, participation in NIR events or registration on NIR’s home page, through contact by telephone, email or letter, when registering for NIR’s newsletter, when submitting a review of NIR or its services and when personal data is provided by third parties. NIR may also ask data subjects to fill out forms that include personal data.

1.3         NIR processes personal data for the following purposes:

(i)      To administer and manage membership applications including but not limited to purchase, invoicing and payment. Also, to administer and manage contracts for consultants and suppliers. The legal ground for this is that the processing is necessary for the performance of an agreement or contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into an agreement or contract (Art. 6(1)(b) GDPR).

(ii)    To contact existing and potential members and cooperation partners by email, newsletters or letters to inform about NIR’s offers, events and services. The legal ground for this is that the processing is necessary and that NIR has a legitimate interest (Art. 6(1)(f) GDPR) that is not overridden by the fundamental interests and freedoms of the data subjects.

(iii)  To contact cooperation partners by email or letter to enter into a partnership/cooperation and/or in relation to administration and performance of existing agreements or contracts with cooperation partners. The legal ground for this is that the processing is necessary for the performance of an agreement or contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into an agreement or contract (Art. 6(1)(b) GDPR).

(iv)  To comply with legal obligations to report to authorities and cooperation partners, grant providers and/or consultants in relation to funding, paying taxes and other fees to the relevant Swedish authorities. The legal ground is that processing is necessary for compliance with a legal obligation to which the controller is subject (Art. 6(1)(c) GDPR).

(v)    To process personal data contained in emails received from potential members, suppliers and cooperation partners for the purpose of taking steps to enter into an agreement or contract (Art. 6(1)(b) GDPR) or for the purposes that NIR has a legitimate interest to process such personal data (Art. 6(1)(f) GDPR) that is not overridden by the fundamental interests and freedoms of the data subjects.

1.4         In the event NIR processes personal data based on a data subject’s consent (Art. 6(1)(a) GDPR), NIR will first submit information to the data subject before the consent is collected.

2.   Categories of personal data

2.1         Any personal data from data subjects will be collected and stored by NIR. Personal data may also be collected by NIR from other public sources and external partners from other countries. Personal data that may be processed by NIR includes:

(i)      email address, address, first and last name, name of employer, membership number, telephone number, payment details, IP address, picture, personal settings, etc.

(ii)    the use of cookie files stored on computer or telephone (or other digital device) for the purpose of identifying browser and to recognise settings and preferences. Data subjects have the right to refuse NIR’s processing of personal data through the use of cookie files.

(iii)  information collected during meetings, seminars, interviews, surveys and other communication with NIR.

2.2        NIR will only process personal data necessary for the specific purpose of the processing. NIR will process privacy sensitive information and sensitive personal data, including but not limited to banking information, food intolerances and medical certificate.

3. Processing and Transfer

3.1         Personal data will be stored in a database for the purposes described above. If NIR engages cooperation partners, NIR shall ensure that any personal data is afforded equivalent protection as prescribed in this Privacy Policy and in accordance with GDPR. NIR may also transfer personal data to others within NIR’s membership, coordinators, cooperation partners and grant providers, as well as third parties, including but not limited to suppliers, cloud service providers, consultants and authorities. NIR shall only transfer personal data provided it has a legal ground under GDPR to do so.

3.2         NIR may also transfer personal data to a third country, i.e. a country outside the EU/EEA, or to international organisations according to applicable laws and data regulations. NIR and third parties may be based anywhere in the world, which could include countries that may not offer the same legal protections for personal data as your country of residence. NIR will follow local data protection requirements and its internal global privacy standards and NIR will apply the necessary safeguards under the applicable law of the country transferring the data for such transfers.

3.3         Personal data will be stored during the time it is necessary for NIR to fulfil its obligations and for the purposes set out above. NIR will bring necessary measures to provide the personal data with protection against unauthorised access and loss thereof. The personal data will be, dependent on the purpose for which it is collected, archived, confidentially erased or anonymised in accordance with the rules of archiving when it is no longer necessary.

3.4         As personal data will be transferred over the internet, it is important to be aware of the associated risks. In the event a personal data incident incurs, it shall be notified to NIR as soon as possible and in any event within 24 hours of becoming aware of the incident. A personal data incident means a security incident that leads to an accidental or unlawful destruction, loss or alteration, unauthorised disclosure or unauthorised access to the personal data transferred, stored or otherwise processed.

3.5         When the data subject processes its own personal data, it acts as the data controller. It is therefore important to protect and update login information, protect devices such as the telephone and computer against viruses, etc., and comply with applicable law and data protection legislations. When entering free text responses, caution must be taken to avoid entering any integrity, sensitive or unnecessary personal data.

3.6         Subject to applicable data protection legislation, NIR shall not be liable for any damages arising from the processing of personal data. In any event, NIR shall not be liable for indirect damages.

4.  Rights of data subjects

4.1         Data subjects have the right to request information about NIR’s processing of personal data. If a request is made electronically, NIR shall provide the information in an electronically readable form which is structured and commonly used. Any request from data subjects shall be answered within a reasonable period of time by NIR.

4.2         NIR shall, upon request, provide information about the purpose of the processing, what personal data is being processed, recipients of the personal data and, if possible, for how long the personal data will be stored. Upon request, NIR shall also provide information about the possibility to request deletion, rectification or alteration of the personal data, as well as how to lodge a complaint to NIR or the competent supervisory authority. Furthermore, NIR shall upon request provide information about the origin of the personal data, the existence of profiling and automatic decision-making, and any transfers to third countries. If requested, NIR shall also provide the data subjects with a copy of the processed personal data.

4.3         Data subjects have the right to object to NIR’s processing of the personal data such as, for example, when processed in connection with direct marketing. Data subjects also have the right to request deletion, restriction and rectification of the personal data. If consent is withdrawn, or if the stored personal data is incorrect or irrelevant, NIR must delete, restrict or correct such personal data.

4.4         Data subjects have the right to transfer the personal data to another data controller (data portability), as well as to lodge a complaint regarding NIR’s processing of personal data. Complaints shall be submitted to NIR and/or the competent supervisory authority according to the contact details in section 5 below.

4.5         Please note that this Privacy Policy may be updated at any time. It was last updated on 25 April 2022. The latest updated version shall at all times be found on NIR’s website at: www.nir.se.

5           Contact Details

5.1         The contact details of the competent supervisory authority, Swedish Authority for Privacy Protection (sw. Integritetsskyddsmyndigheten / “IMY”) org.nr. 202100-0050 is as follows: Box 8114, SE-104 20 Stockholm, Sweden. Imy can also be contacted by telephone, +46 (0)8-657 61 00, or by e-mail, imy@imy.se. For more information about the Swedish Authority for Privacy Protection, please visit https://www.imy.se.

5.2         NIR is a data controller and NIR’s contact details are as follows:

The International Council of Swedish Industry (Näringslivets Internationella Råd, in Swedish), org.no. 802007-5290, with the address: Box 13009, SE-103 01 Stockholm, Sweden. NIR can also be contacted by telephone at +46 (0)8 783 0050, or by e-mail at privacy@nir.se

EXECUTIVE SUMMARY

This executive summary presents the findings from the study “Workplace Cooperation: Finding Practical Solutions in the Colombian Context,” conducted by the Fundación Ideas para la Paz (FIP). The study evaluates the added value of the Swedish Workplace Programme (SWP) dialogue and cooperation model within the Colombian labor market.

Throughout 2022, FIP dedicated efforts to thoroughly understand the SWP model, including its concept, foundations, implementation process, and contributions to the labor market. In 2023, FIP documented the experiences of three companies—SKF Latin Trade, Securitas, and Epiroc—that implemented the SWP model in practice. The study also included face-to-face workshops to gather feedback from various stakeholders including civil society, businesses, government, academia, and international cooperation. The findings suggest that the SWP model has the potential to strengthen labor relations, contribute to decent work, and resolve workplace conflicts in Colombia.

The case studies highlight the importance of collaboration between employers and workers to promote decent work and sustainable development in Colombia. They demonstrate that social dialogue facilitates worker participation in labor decision-making, enhances their representativeness, and promotes cooperation between employers and employees, thus improving labor relations and contributing to the well-being of both employees and companies.

The SWP model is particularly noted for improving workplace relationships and commitment to jointly finding solutions to challenges faced by workers and the company. It empowers workers, enhances leadership, and helps integrate business policies into daily practices, reducing the initial disconnect between management objectives and the day-to-day realities of workers. The study also highlights the model’s capacity to manage conflicts constructively, transforming the perception of conflict as an opportunity for improvement. Structured dialogues deepen understanding of the underlying causes of conflicts, fostering empathy and facilitating effective resolution. This promotes a culture of collaboration and a democratic approach to decision-making, building trust.

Additionally, the model is recognized for enabling workers to make decisions, identify challenges, and propose solutions that impact their well-being, and bridging gender gaps in the workplace. Its inclusive approach adapts to the unique needs and characteristics of each company, promoting a stronger and more diverse organizational culture. It also drives good work performance and productivity by involving workers in problem identification and resolution, as well as in implementing improvements and efficiently identifying ESG (Environmental, Social, and Governance) risks for companies.

The document identifies the SWP model’s added value in empowering direct interaction among labor stakeholders in Colombia, overcoming historical or cultural reservations, and contributing to the development of stronger labor relations and improved workplace environments in the country.

Challenges and opportunities of the model are also discussed. The study points out the importance of addressing value chain risks, particularly in a global context where corporate clients demand decent work processes and due diligence. It emphasizes the need to integrate SMEs into this process and use anchor companies as drivers of social dialogue throughout the value chain. The role of the state in social dialogue and the importance of highlighting the benefits of the model for adoption across various business sectors are discussed.

The opportunities of the model include raising awareness of human rights in the workplace in line with the United Nations Guiding Principles (UNGP), to strengthen due diligence, manage risks, promote long-term sustainability, and improve organizational culture. The document also underscores the importance of involving workers in change processes, leveraging their insights for continuous improvement of processes, and fostering innovation opportunities. Lastly, it suggests replicating the model in value chains to address work environment risks and gender biases, involving suppliers and contractors, and integrating the model into corporate policies to strengthen existing programs and transform organizational culture towards resource efficiency and effective participation of employers and workers.