Personal data for security and safety purposes when bringing goods into the EU
When you bring in goods from a non-EU country, information on the import must be provided to the customs authorities of the EU, Norway, Switzerland and the United Kingdom for Northern Ireland.
The following personal data should be provided:
- Name and contact details of the consignor
- Consignee
- Other operators involved in the transport of your goods
- Details of the goods being imported and how they are being imported.
You, an operator responsible for transporting your goods, a customs agent or some other data controller, may provide the information.
In addition, Swedish Customs processes data on various types of risks and risk assessments. The data may come from Swedish Customs, customs authorities in other Member States, customs authorities in Norway, Switzerland and the United Kingdom, private operators involved in transport and import activities, authorities with specialised knowledge in different areas, and law enforcement and security agencies.
Why Swedish Customs processes your data
Swedish Customs and other customs authorities in the EU, Norway, Switzerland and the United Kingdom of Northern Ireland involved in the entry of your goods into the EU process your personal data to assess whether your goods may pose a risk to health and safety, and therefore may not be taken on board an aircraft or a ship, or allowed to enter the EU.
Your personal data is also processed to monitor, evaluate, develop and plan the customs authorities’ risk management activities.
Who will receive the personal data?
Within Swedish Customs, employees working to prevent dangerous goods from entering the EU, and those working to monitor these activities, will have access to the data. Information provided on the entry of the goods will also be made available to employees working with the examination of declaration documents.
Anyone who has provided information to the European Commission's central system about your entry will receive information, for example, whether the goods may be loaded and whether they are to be checked.
The customs authorities of all Member States affected by your import will receive your data, for example the customs authority of the Member State where the goods first enter the EU and the Member State where the consignee of the goods is located.
The customs authorities of Norway, Switzerland and the United Kingdom will receive your personal data when your entry concerns them.
The European Commission will receive your data when it transfers or stores it. The Commission may also access your data when monitoring and following up on common risk criteria.
If Swedish Customs needs the help of another authority with specialised knowledge in a particular area to assess a risk, your personal data may be disclosed to the authority that has the specific knowledge (for example, the Swedish Medical Products Agency, the Swedish Board of Agriculture and the Swedish Radiation Protection Authority). The same applies in other countries participating in this co-operation.
Swedish Customs' law enforcement departments may receive personal data if there is a suspicion of an offence.
Information may also be provided to other law enforcement authorities and authorities tasked with protecting Sweden, the EU or the cooperating countries if there is a suspicion of an offence.
Transfer of data to countries outside the EU
Swedish Customs does not provide personal data directly to countries outside the EU, but this can be done via the European Commission.
The Norwegian customs authority participates in this customs co-operation on the basis of Protocol 10 to the EEA Agreement (EEA = European Economic Area). Norway is an EEA country and is subject to the same data protection rules as the Member States.
The Swiss customs authority participates in this customs co-operation on the basis of the agreement between the European Community and the Swiss Confederation on the simplification of inspections and formalities in respect of the carriage of goods and on customs security measures. Switzerland has an adequate level of protection for the processing of personal data according to a decision of the European Commission.
The customs authority of the United Kingdom participates in this customs co-operation for Northern Ireland. This co-operation takes place under the Agreement on the withdrawal of the United Kingdom of Great Britain and Northern Ireland from the European Union and the European Atomic Energy Community. The United Kingdom is deemed to maintain the same level of data protection as the EU for a transitional period, until 30 June 2021 at the latest. The intention is for the European Commission to examine the conditions for taking an adequacy decision on the processing of personal data.
The EU common systems allow data providers in a non-EU country to exchange information with Member States' customs authorities via a dedicated domain designed for economic operators in a non-EU country involved in the export of goods to the EU.
Legal basis and purpose
The processing is carried out in order to fulfil a legal obligation governed by the following customs legislation:
Articles 16(1), 46(3) and (5), 47(2), 127, 128 and 129 of Regulation (EU) No 952/2013 of the European Parliament and of the Council of 9 October 2013 laying down the Union Customs Code, the Customs Code.
Article 182 of Commission Implementing Regulation (EU) 2015/2447 of 24 November 2015 laying down detailed rules for the implementation of certain provisions of the Customs Code, as amended by Commission Implementing Regulation (EU) 2020/893 of 29 June 2020.
Deletion
Swedish Customs will delete your data from the national systems no later than six years after the end of the calendar year in which the data or documents were first processed by Swedish Customs. Deletion is regulated in the Act (2001:185) on the processing of data in the activities of Swedish Customs, Chapter 2, Section 10.
It has not yet been decided how long personal data will be processed in the common EU systems.
Last updated: