contact us

The General Data Protection Regulation (GDPR) applies throughout the EU and aims to create a uniform and equivalent level of protection of personal data so as not to hinder the free flow of data within Europe.

Seriline's GDPR Terms

We at Seriline started our internal GDPR work in early 2017 to best ensure compliance with the regulations. We treat your information with the utmost respect and of course, we do not sell it to third parties. As part of our work, we have reviewed our products, services and internal processes to meet the new requirements.

As a customer of Seriline, we need to sign a Data Processor agreement.



Pseudonymisation / Anonymisation

According to the General Data Protection Regulation, an individual has the right to delete if, among other things, the personal data are no longer necessary for the purposes for which they have been collected or if the data subject withdraws his consent. This can be eg be if an individual has terminated his employment. With the help of pseudonymisation (henceforth anonymisation), the data can no longer be derived from a specific individual. We only anonymize information at the request of our client, the company / organization that is Seriline's business partner. The individual must turn to his or her employer in order to claim the right to be forgotten. 


Automatic anonymization

We have the ability for each individual customer and product to determine when the data will be anonymised. Unless otherwise decided, we store the data for 3 years and 30 days to simplify any repetition order and retrieval of statistics etc. It is the parameters of the product that control which periodicity a card is anonymized. Date calculation can be after the expiration date or after the production date as some cards do not have an expiration date. The automated anonymization anonymizes personal information as well as photographs.


Personal Data Breach

If personal data for one or more individuals has been destroyed, got lost or got into wrong hands, a personal data breach has occurred. This is independent of whether the incident happened unintentionally or intentionally. If the incident is of a serious nature, this must be reported to the Swedish Authority for Privacy Protection within 72 hours. However, all incidents must be documented, whether they are reported or not.

Examples of incidents:

  • Someone has come across login information that allows access to systems that process personal data.
  • An email containing personal information is sent to the wrong recipient.
  • Computers containing personal data have been lost or stolen.
  • A computer has received malicious code that allows unauthorized access to personal data.

If you have any questions regarding our handling of personal data and if you wish to have Seriline's subordinate list sent to you, contact us at