Personal data and preventing dangerous goods entering the EU

To prevent dangerous goods entering the EU when you order from a country outside the EU, this is how we process your personal data.

Why does Swedish Customs process your personal data?

To assess whether goods entering the EU might present a risk to health and safety, your personal data are processed by Swedish Customs and any other customs authorities in the EU, Norway, Switzerland and the United Kingdom (in respect of Northern Ireland) affected by the entry. If there is such a risk, the goods may not be taken aboard an aircraft/ship or allowed into the EU.

Your personal data are also processed to monitor, evaluate, develop and plan the customs authorities’ risk management.

Processing is carried out to fulfil a legal obligation regulated in the following customs legislation:

• articles 16.1, 46.3, 46.5, 47.2, 127, 128 and 129 of Regulation (EU) 952/2013 of 9 October 2013 of the European Parliament and of the Council laying down the Union Customs Code (UCC);
• article 182 of Commission Implementing Regulation (EU) 2015/2447 of 24 November 2015 laying down detailed rules for implementing certain provisions of the Union Customs Code as amended by Commission Implementing Regulation (EU) 2020/893 of 29 June 2020.

What types of personal data are processed and where do they come from?

When you bring in goods from a country outside the EU, details of the entry must be submitted to the relevant customs authorities in the EU, Norway, Switzerland and the United Kingdom (in respect of Northern Ireland). The personal data that have to be submitted are:

• the consignor’s name and contact details;
• recipient;
• other entities involved in transporting your goods;
• details of the goods and how they are entering.

These data may be submitted by you yourself, an entity responsible for carrying your goods, a customs agent or anyone else with a duty to provide said data.

Swedish Customs additionally processes data about various types of risks and risk assessments. These data may come from: Swedish Customs; customs authorities in other member states; the customs authorities in Norway, Switzerland and the United Kingdom; private entities involved in transport and import operations; public authorities with specialist knowledge in various areas; and, authorities involved in crime prevention and safety/security.

Who sees your personal data?

• Within Swedish Customs, access to the data is held by: employees involved in preventing dangerous goods entering the EU; and, employees, monitoring this activity. Data submitted about the entry of goods is also available to employees who examine declaration documents.

• Any entity that, via the European Commission’s central systems, supplies Swedish Customs with data about your bringing in of goods receives information (e.g. whether the goods may be loaded and if they have to be checked).
• Some of your data is received by the customs authorities in all member states affected by your bringing in of goods (e.g. the customs authority in the member state where the goods first enter the EU and the customs authority of the member state where the recipient is located).
• The customs authorities in Norway, Switzerland and the United Kingdom receive some of your personal data when they are affected by the entry.
• The European Commission receives your data when they are transmitted or stored. It may also receive them when monitoring and following up union-wide risk criteria.
• If, to assess a risk, Swedish Customs needs help from another authority with specialist knowledge in a certain area, your data may be submitted to said authority (e.g. the Swedish Medical Products Agency, the Swedish Board Of Agriculture and the Swedish Radiation Safety Authority). This is mirrored in other countries that are involved in the collaboration.
• If there is a suspicion of crime, Swedish Customs’ Law Enforcement Department may receive personal data.
• Data may also be submitted to other crime prevention authorities and authorities that, if crime is suspected, have the job of protecting Sweden, the EU or the other countries in the collaboration.

Transmission of data to countries outside the EU

Swedish Customs submits no personal data directly to countries outside the EU (instead, transmission is via the European Commission).

Founded on protocol 10 of the Agreement on the European Economic Area (EEA), Norway’s customs authority participates in this customs collaboration. Norway is an EEA country and is covered by the same data protection regulations as the EU countries.

Founded on the European Community and Swiss Confederation agreement on the facilitation of checks and formalities in connection with goods transport and safety-related measures by customs, Switzerland’s customs authority also takes part in this customs collaboration. A decision by the European Commission recognises that Switzerland has an adequate protection level for personal data processing.

In the United Kingdom, the customs authority participates in this collaboration in respect of Northern Ireland. This is founded on the agreement on the exit of the United Kingdom (Great Britain and Northern Ireland) from the European Union and the European Atomic Energy Community. In a transition period up until the end of 30 June 2021, the Unite Kingdom is to be assessed as maintaining the same level of data protection as the EU. The intention is that the European Commission shall review the conditions for taking decisions on adequate protection levels for personal data processing.

The EU-wide systems give data providers in countries outside the EU the opportunity to exchange information with the member countries’ customs authorities. This is via a special domain for economic operators who, in countries outside the EU, are involved in exporting goods to the EU.

What is the duration of personal data processing?

Swedish Customs deletes your data from the national systems no later than six years after the expiration of the calendar year in which Swedish Customs first handled the data or documents.

It has not yet been decided how long personal data will be processed in the EU-wide systems.

Who is in charge of processing the personal data?

Swedish Customs is the data controller for: the data processing it carries out within the customs authority; and, the processing that the European Commission carries out on Swedish Customs’ behalf within EU-wide systems.

Other customs authorities in the EU, Norway, Switzerland and the United Kingdom (in respect of Northern Ireland) are the data controllers for: the data processing they carry out within their national systems; and, the processing that the European Commission carries out on their behalves within EU-wide systems.

In providing the system enabling communication and storage of information between the customs authorities, the European Commission and entities declaring entry of goods, the European Commission is the data processor for the customs authorities.

In monitoring and following up union-wide risk criteria, the European Commission is joint data controller with the customs authorities.

Your rights

Right to request information

You are entitled to know which personal data concerning you are processed by Swedish Customs. You receive this information via a register extract that also contains some more in-depth information about the processing.

Within some of its operations, Swedish Customs may be legally unable to disclose data to you.

Correction, deletion or restriction of processing

If you consider that your personal data are incorrect or incomplete, you can request that the data be corrected or supplemented. You can also request restriction of processing.

If you consider that the personal data are not being processed in accordance with the relevant data protection rules, you are additionally entitled to request deletion of the data.

However, because of Sweden’s archive laws, Swedish Customs has extremely limited opportunity to delete data in public documents.

More information on your rights is available at the website of the Swedish Authority for Privacy Protection.

You can also contact Swedish Customs’ data protection officer.

Contact details for Swedish Customs

Email: tullverket@tullverket.se
Telephone: +46 771 520 520
Postal address: Tullverket, Box 27311, SE-102 54 Stockholm

Contact details for the data protection officer

Email: dataskyddsombud@tullverket.se

If you consider that Swedish Customs’ processing of your personal data is illegal, you can also submit a complaint to the Swedish Authority for Privacy Protection. Please do not hesitate to contact Swedish Customs first. We may be able to take corrective action based on your views.

Contact details for the Swedish Authority for Privacy Protection

Email address: imy@imy.se
Telephone: +46 8 657 61 00
Postal address: Integritetsskyddsmyndigheten, Box 8114, SE-104 20 Stockholm