Go to content
Alternate Text

Embassy of Sweden Nairobi, Kenya

Local time 6:22 AM

Processing of personal data

Data Protection Policy for Missions Abroad

What is personal data?

Personal data is any information that directly or indirectly relates to a living individual. Examples include: name, address, personal identification number, photographs, and video recordings.

Processing of personal data includes virtually any action taken with the data, such as collecting, registering, storing, combining, or printing.

Why do we process personal data?

Missions abroad are permitted to process personal data when necessary to carry out the assignments given by the Swedish Parliament and Government. Personal data is also processed when you, for example:

  • contact a mission abroad for information
  • request access to public documents
  • apply for a job
  • register for meetings or events
  • subscribe to a newsletter or other service
  • or otherwise interact with a mission abroad

Who is responsible?

Each mission abroad is the data controller for the processing of personal data carried out within its operations (unless otherwise prescribed). The data controller must ensure that all processing complies with applicable data protection legislation.

Legal grounds for processing

All processing of personal data must be based on a legal ground. For missions abroad, the most common legal grounds are that the processing is necessary:

  • to fulfil a contract or legal obligation
  • to perform a task carried out in the public interest or as part of the exercise of official authority
  • to protect vital interests of the data subject or another person
  • in some cases, based on the consent of the data subject

Records of processing

Each mission abroad must keep a record of all categories of processing activities. This ensures that all processing has a legal ground. The individual mission abroad is responsible for keeping the record up to date.

To access the record of processing activities, please contact the mission abroad or the Data Protection Officer for missions abroad.

Processing of different categories of data

  • Employees and contractors: Personal data may be processed when necessary to fulfil employment or contractual obligations.
  • Job applicants and interns: Data will only be used for recruitment purposes and statistical follow-up, and is accessible only to staff involved in the recruitment process.
  • Subscriptions, orders and events: Personal data provided for newsletters, information material or events will be stored only as long as needed to manage the subscription, order or event.

Retention of data

Personal data is deleted, anonymised, or otherwise processed only for as long as required by the stated purpose and relevant legal obligations.

Access to public documents

Missions abroad are public authorities. Messages sent to a mission become public documents and may be disclosed under the principle of public access to official documents, unless the information is classified as confidential.

Data processors

Some personal data may be shared with contractors or IT providers.

  • If the system is installed locally, only the mission’s staff can access the data.
  • If the system is provided by an external supplier or through a cloud service, the supplier acts as a data processor, processing the data on behalf of the mission abroad and in accordance with its instructions.

Security measures

Both technical and organisational measures are taken to protect information from unauthorised access, alteration, or destruction. All development of systems and services is carried out with respect for privacy and in compliance with data protection law.

Your rights

  • You have the right to have inaccurate or incomplete data corrected.
  • You may in certain cases request deletion of your personal data (“the right to be forgotten”). If legal obligations prevent immediate deletion, processing will cease for other purposes.
  • You may lodge complaints regarding the handling of your data directly with the mission abroad, the Data Protection Officer, or with the Swedish Authority for Privacy Protection (IMY).
  • You have the right to request, free of charge, an extract of the personal data held about you.

Requests for access must be made in writing and include your name, personal identity number, postal address, phone number, and email address (as used in communication with the mission). The extract will normally be sent to your stated postal address or, if applicable, your registered address in Sweden.

Contact

Contact the Embassy by e-mail: ambassaden.nairobi@gov.se

The Data Protection Officer for missions abroad can be reached by e-mail: ud.rs.gdpr@gov.se

Last updated 16 Sep 2025, 9.26 PM