Integrity policy

C/O City is an association that runs issues related to urban ecosystem services, develops tools, methods and guidelines for urban ecosystem services, offers education, seminars and conferences as well as networking on these issues. We are party-politically and religiously independent and we conduct business throughout Sweden. C/O City is a non-profit association founded with companies, municipalities, universities and organizations as members, and their democratic influence is reflected in the activities we offer.

In order to conduct our business, we must collect and process personal data. The purpose of this policy is to explain what information we collect and how we use it, as well as what rights you have as a registered participant in our business.

Who is responsible for handling your data?

C/O City is responsible for processing personal data that you share with us and we are responsible for processing your personal data in accordance with the EU Data Protection Regulation GDPR (EU 2016/679).

C/O City is the ultimate organizer of all activities within C/O City, which means that we are also responsible for the processing of personal data collected in connection with activities carried out with one of our collaboration partners, for example with one of our member or partner organizations, if the notification goes through C/O City.

The same rules apply as for operations where only C/O City is the organizer. In order to conduct our business, we must collect and process personal data. The purpose of this policy is to explain what information we collect and how we use it, as well as what rights you have as a registered participant in our business.

Legal basis

The Data Protection Regulation provides that all processing of personal data must have a clear purpose and must rest on a legal basis. We can cooperate with the public sector and activities that are covered by municipal, county council or parliamentary decisions are considered a task of public interest.

When you sign up for a course/event with us, you enter into an agreement, which means that we can also process your personal data on the basis of the legal basis agreement.


C/O City processes personal data to administer membership of the association and for education, seminars, conferences and to communicate with registered participants. This treatment is done with the support of the legal basis agreement.

You are not required to provide personal information to C/O City. If you choose not to disclose your personal information, the result may be that you cannot participate in the business.

Regulatory requirements and requirements from donors

We save the data as long as you are a member and then as long as we are obliged to report e.g. support. We may share your information with the granting authority, insurance company or equivalent.

We also publish and archive certain personal data in discussion forums and other documentation from the association’s activities, until the association’s resolution.

What information do we collect about you?

We process and store information that you submit to us when you apply for membership for your organization (company, administration, municipality, county council, authority, association or other organization) or register for participation in activities, for example for a conference, a course or to participate in any of our events.

Registration can be done, for example, by pre-registering in our web forms, by phone or in connection with a business you attend. We may also retrieve data from other sources, e.g. publicly available personal registers such as SPAR, as well as registers used for credit assessment.

Our websites use cookies and similar techniques that collect information from your browser. When you visit or another C/O City-managed website, we process information about browser settings and technical information about your device, as well as user-generated data, such as clicks and visitor history.

What do we use the data for?

The information is used to enable us to fulfill our commitments to you, administer your course participation, provide you with good service and for direct marketing purposes linked to our business. The latter you can choose to resign at any time.

C/O City only processes sensitive personal data when this is necessary for the implementation of the business and when it is a prerequisite for contributions from the public sector. Below you will find an overview of what data we save and on what legal basis we do it.

Data storage

As a general rule, personal data is stored for the membership and purposes stated above during the fiscal year a registered participant in C/O City operations and for up to 24 months thereafter. Membership information will remain, but personal information will be deleted when not up to date.

However, C/O City may store certain personal data longer on decisions, requests or guidelines from the government or authority. For example, this may include requirements to be able to monitor, evaluate and quality-monitor C/O City’s operations for a certain period of time.

C/O City may also be required to store attendance lists and reports, which contain personal data for seven years according to the Accounting Act (1999: 1078). C/O City deletes or anonymises personal data that there is no longer any legal basis to process.

Who processes the data?

C/O City does not disclose your information to third parties except here in the policy mentioned. We also do not sell your information without your consent.

However, data is processed by so-called personal data assistants, companies with which C/O City collaborates with regard to IT operations, analysis, printing, distribution and marketing. However, these parties may not use information about you for any purpose other than to provide services they are hired for and solely on the terms stated by C/O City.

We may also be obliged, upon request by law or governmental decision, to disclose data that follows from the decision – for example to the police or other authority.

How do we protect your information?

The secure handling of your data is of great importance to us. We use appropriate physical, technical and administrative procedures to manage the data we collect securely. Particular attention is paid to information security to prevent, prevent and detect that data is being disseminated to outsiders or lost.

Access to personal data is only given to those who need it for their work tasks. Processing of data is logged and controlled systematically.

We are constantly working on combating spam and viruses.

Your rights 

Extraction from register

You can request a free copy of the register which shows what information we have saved about you. C/O City will respond to your request without undue delay, but within one month at the latest.

After we have secured your identity, the registry extract will be sent to your organization’s contact address.

The request for register extracts is submitted to C/O City, see contact details.

Correction and elimination

C/O City is responsible for ensuring that the data we process about you is accurate. If you find that your information is inaccurate, incomplete, irrelevant or has been collected on an unlawful basis, you may request that it be corrected or deleted.

However, we cannot delete your information if there is a statutory requirement for storage, such as the aforementioned accounting rules, or when there are other legitimate reasons why the data must be saved, such as unpaid debts, or that processing is necessary for the fulfillment of the agreement.

Such request is sent to C/O City, see contact details.

Data portability

You have the right to request that the information that concerns you and that you have submitted to us be transferred to another personal data controller (so-called data reporting). One condition is that the treatment can be automated and that it is technically possible.

Right to restrict processing of data

You can object at any time to the use of the information for direct marketing purposes. In general, you always have the right to object to treatment based on a balance of interests or consent.

Supervisory authority

The Swedish Data Protection Authority is responsible for monitoring the application of the GDPR Data Protection Regulation in Sweden. If you believe that C/O City is handling personal data incorrectly, you can file a complaint with the Data Inspectorate, see contact information below.


If you believe that data is being processed in violation of applicable regulations, you should report it to us as soon as possible. You can also file a complaint with the Data Inspectorate.

Contact The Swedish Data Protection Authority

Tel: +468-657 61 00


Adress: Datainspektionen, Box 8114, 104 20 Stockholm

Contact C/O City