Privacy policy
Konserthuset Stockholm is committed to ensuring that you feel secure whenever you visit our website or engage with our organisation. We take the proper and secure processing of your personal data very seriously. This policy explains how we handle your data and outlines your rights. We never sell your information to third parties.
Stockholms Konserthusstiftelse (referred to in this policy as “Konserthuset Stockholm”, “we” or “us”) is the data controller responsible for processing your personal data. We process your data in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”).
We encourage you to read this privacy policy in full, to ensure you fully understand how we handle your data when you contact us or interact with us in any way.
This privacy policy outlines how Konserthuset Stockholm collects and uses your personal data when you use our services, purchase our products, or otherwise interact with us — as a customer, member of the audience, participant in an activity, job applicant, website visitor, or simply someone with an interest in our work. It also describes your rights and how you may exercise them. If you have any questions about data protection or privacy, you are always welcome to contact us at: info@konserthuset.se
If you are employed by us or engaged as a performer or contractor, you will find information about how we process your personal data in our internal privacy policy.
Data Controller – Contact Details
The activities of Konserthuset Stockholm are run by Stockholms Konserthusstiftelse, organisation number 802001-8266, postal address Box 7083, SE-103 87 Stockholm, Sweden.
Questions regarding our processing of personal data can be sent by email to info@konserthuset.se, or by post to: Konserthuset Stockholm, Att: Personal Data, Box 7083, 103 87 Stockholm, Sweden.
What is Personal Data?
Personal data refers to any information that can be used to identify a natural person. This may include, for example, your name, date of birth, telephone number, email address or postal address. Personal data also includes electronic identifiers — such as an IP address — if they can be linked to an identifiable individual.
In some cases, behavioural data may also be considered personal data, such as your purchase history.
What Personal Data Do We Collect and Why?
As part of our operations, we may process personal data that you provide to us — for example, when you purchase tickets — or data that is generated as a direct result of your use of certain digital services.
Personal Data We Collect Directly From You
Below are the categories of personal data we may collect directly from you and process as part of our activities:
Categories of Personal Data
- Identity data. Such as name, age, date of birth, gender or nationality.
- Contact details. Such as address, telephone number and email address.
- Professional information. Such as the company or organisation you represent, or your job title.
- Experience-related information. Such as your CV, qualifications or academic transcripts.
- Submitted data. For example, data generated when you make selections on, or otherwise use, our website — including whether you have accepted our cookies, or any information you provide or enter on our website.
- Behavioural data. Such as information on how you interact with our website, including how you navigate and engage with its content.
- Purchase history. For example, details of tickets purchased from Konserthuset Stockholm, date of purchase, or booking number.
- Customer details. Such as customer ID number.
- Financial data: For example, card details or billing information.
- Device information and online identifiers. For example, information about your computer, phone or other device, including IP address, user ID, time zone, language settings or geolocation data.
- Your image in photo and/or video. For example, images taken of you during one of our concerts.
Personal Data We Collect From Third Parties or Public Sources
At times, we may collect your personal data from third parties (such as other companies) or from public sources, in order to supplement the information we already hold.
In such cases, we indicate this by referring to: “Categories of personal data obtained from third parties or public sources.” Below are the categories of personal data we collect in this way:
Categories of Personal Data
- Supplementary statistical data: For example, information relating to life stage, type of housing or purchasing power.
We may obtain this supplementary statistical data from Dun & Bradstreet Sweden AB.
Why We Process Personal Data
We process personal data for the following main purposes:
- Management of your customer account
- Ticket purchases and bookings
- Ordering of refreshments (pre-orders and intermission service)
- Bookkeeping
- Sending practical customer information
- Sending newsletters
- Digital and postal marketing communications
- Distribution of the magazine Lyssna
- Communication and interaction
- Information and public relations
- Management of event registrations and participation
- Recruitment and application processes
- Statistics and analysis
- Photography and video recording
- Establishment, exercise and defence of legal claims
- Security camera surveillance
- Customer surveys
To uphold your rights
We process your personal data in various ways. “Processing” refers to any operation or set of operations, such as collection, storage or transmission of data.
Each time we process personal data, we must rely on a legal basis for doing so. Under this policy, we rely on four of the six legal bases available under the law:
You have explicitly given us permission to process your personal data. You may withdraw your consent at any time.
- Performance of a contract. This applies when we need certain data in order to fulfil a contract — for example, to deliver a ticket or send a product you have purchased.
- Legal obligation. In some cases, we are legally required to collect and store specific data. For example, we must comply with obligations under the Accounting Act and anti-discrimination legislation.
- Legitimate interest. This applies where it is considered reasonable for Konserthuset Stockholm to process personal data in order to operate its activities. This may include recruitment processes or communication with customers ahead of a concert visit. Where we rely on legitimate interest as a legal basis, we have carried out a so-called “balancing test” to assess whether our interest in processing your data for a specific purpose outweighs your interest in not having your data processed — and have concluded that it does.
Below you will find detailed information about how we process personal data for specific purposes.
1. Management of Your Customer Account
Categories of personal data: Identity data, contact details, financial data, customer details, purchase history, and where applicable, professional information.
Purpose: When you create a customer account with us, we process your personal data to manage and administer that account.
Legal basis: Performance of a contract.
Retention period: We retain your personal data for up to three years from your last login, in order to manage and administer your account.
If you would like your data to be deleted earlier, please contact our ticket office by email at biljett@konserthuset.se or by phone on 08-50 66 77 88. You may also request deletion of your personal data via your customer account.
2. Ticket Purchases and Bookings
Categories of personal data: Identity data, contact details, customer details, financial data, purchase history, and where applicable, professional information.
Purpose: We require this data to administer your purchase, such as delivering your ticket or managing changes to your booking.
Legal basis 1: Performance of a contract — we process your personal data in order to fulfil our agreement for ticket purchases and bookings.
Legal basis 2: Legal obligation — if we process your personal data in connection with handling complaints or claims, we rely on our legal obligations under applicable consumer protection laws.
Retention period: We retain your personal data for up to three years after the last concert date related to your booking, in order to manage any complaints or claims.
If you would like your data to be deleted earlier, please contact our ticket office by email at biljett@konserthuset.se or by phone on 08-50 66 77 88. You may also request deletion of personal data via your customer account.
3. Ordering of Refreshments (Pre-orders and Intermission Service)
Categories of personal data: Identity data, contact details, customer details, financial data, purchase history, and where applicable, professional information.
Purpose: To manage orders of food and beverages in connection with concert visits.
Legal basis 1: Performance of a contract – we process your personal data to fulfil the agreement regarding your food and drink orders in connection with your concert visit.
Legal basis 2: Legal obligation – if we process your personal data in connection with handling complaints or claims, we do so based on our legal obligations under applicable consumer protection legislation.
Retention period: We retain your personal data for up to three years after the most recent concert, in order to handle any complaints.
If you wish to have your data deleted earlier, please contact our ticket office by email at biljett@konserthuset.se or by phone at 08‑50 66 77 88. You may also request deletion via your customer account.
4. Bookkeeping
Categories of personal data: Identity data, contact details, financial data, customer details and purchase history.
Purpose: When you make a purchase from us, we may process your personal data in order to meet our legal obligations under the Swedish Accounting Act (1999:1078).
Legal basis: Legal obligation.
Retention period: We retain your personal data for the period necessary to complete our accounts, and for seven years following the end of the financial year in which the data was recorded.
5. Sending Practical Customer Information
Categories of personal data: Identity data, contact details, customer details and purchase history.
Purpose: We use personal data to send you information ahead of your concert visit, or to contact you in the event of significant changes to the programme or performing artists, or if a concert is cancelled. If you have purchased a concert subscription, we use your data to send you our magazine Lyssna and information about renewing your subscription for the coming season.
Legal basis: Konserthuset Stockholm’s legitimate interest in being able to communicate with its customers.
Retention period: We retain your personal data for up to three years.
6. Sending Newsletters to Subscribers
Categories of personal data: Contact details and submitted data.
Purpose: If you have subscribed to our newsletter by submitting your contact details and selecting your areas of interest related to our activities via a form on our website, we may process your personal data in order to send you our digital newsletter. The newsletter includes information about upcoming concerts, special offers, and other news about Konserthuset Stockholm.
Legal basis: Konserthuset Stockholm’s legitimate interest in providing newsletters tailored to selected areas of interest to subscribers who have requested them.
Retention period: We retain your personal data until you choose to unsubscribe or object to receiving our communications — whichever occurs first.
You may unsubscribe at any time via the link at the bottom of each newsletter, by emailing biljett@konserthuset.se, or by calling 08‑50 66 77 88.
7. Digital and Postal Marketing Communications to Existing Customers of Konserthuset Stockholm
If you are an existing customer of Konserthuset Stockholm (i.e. you have made a purchase within the past three years) and have not opted out of marketing communications, we may process your personal data in order to send you digital and/or postal marketing materials. As part of this, we may also personalise the content of such marketing communications.
The information below explains in more detail how we process your personal data for targeted and personalised marketing to existing customers who have not opted out of receiving such communications.
A) Segmentation for Audience Targeting
Categories of personal data: Identity data, contact details, customer details, submitted data and purchase history.
Categories of personal data obtained from third parties or public sources: Supplementary statistical data from Dun & Bradstreet Sweden AB.
Purpose: To determine which content is relevant to you, we use the personal data you have provided as an existing customer, along with supplementary statistical data from Dun & Bradstreet Sweden AB, to build a profile about you. This means that the processing involves profiling, which you may object to at any time (see the section Right to Object). This profile is then used to assign you to a specific target group (segmentation group), which informs how we personalise our marketing communications.
Legal basis: Konserthuset Stockholm’s legitimate interest in providing relevant and personalised information and marketing to its existing customers.
Retention period: We retain your personal data for up to three years after your most recent purchase, unless you opt out of marketing communications before that time.
You may opt out at any time via the unsubscribe link in the marketing message, through your customer account, by emailing biljett@konserthuset.se, or by calling 08‑50 66 77 88.
B) Sending Newsletters and Other Marketing
Categories of personal data: Contact details and purchase history (applies to existing customers).
Purpose: If you are an existing customer and have not opted out of marketing communications, we may process your personal data — based on the segmentation described above — to send you our newsletter and other targeted and personalised postal or digital marketing messages. These communications may include information about upcoming concerts, offers and other news from Konserthuset Stockholm.
Legal basis: Konserthuset Stockholm’s legitimate interest in providing its newsletter and promoting its activities to existing customers.
Retention period: We retain your personal data for up to three years after your most recent purchase, unless you opt out of marketing communications before that time.
You may opt out at any time via the unsubscribe link in the marketing message, through your customer account, by emailing biljett@konserthuset.se, or by calling 08‑50 66 77 88.
8. Distribution of the Magazine Lyssna
Categories of personal data: Identity data and contact details.
Purpose: We process your personal data to send you the magazine Lyssna three times a year, either digitally or by post.
Legal basis 1: Performance of a contract – we send the magazine to individuals who hold a concert subscription or who have signed up for a free subscription.
Legal basis 2: Legitimate interest – if we wish to inform you about our activities based on your professional role, we rely on our legitimate interest in providing such information.
Retention period: We retain your personal data until you choose to cancel your subscription or object to receiving our communications.
You may unsubscribe or opt out at any time by contacting us at info@konserthuset.se or by calling 08‑786 02 00.
9. Communication and Interaction
Categories of personal data: Identity data, contact details, submitted data, and any other information you may provide in your communication with us.
Purpose: If you contact us or interact with us in any way – via phone, email, social media, or other channels – we may process your personal data for the purpose of communicating and interacting with you.
Legal basis: Konserthuset Stockholm’s legitimate interest in being able to communicate and interact with you.
Retention period: We process your personal data for the duration of the ongoing correspondence and for one year after the last contact between us.
10. Information and Public Relations
Categories of personal data: Identity data, contact details and professional information.
Purpose: We process your data in order to send communications to media representatives and other stakeholders regarding Konserthuset Stockholm’s activities and organisational news.
Legal basis: Legitimate interest – Konserthuset Stockholm has a legitimate interest in presenting its activities and relevant information to media, industry contacts and others.
Retention period: We process your personal data until you notify us that you no longer wish to receive such communications, or until we update our records based on our internal checks.
You may unsubscribe at any time via the link at the bottom of the press release, or by contacting us at info@konserthuset.se or by calling 08‑786 02 00.
11. Event and Activity Registrations
Categories of personal data: Identity data, contact details and submitted data.
Purpose: When you register for an activity or event, we may process your personal data in order to manage your participation – for example, to send confirmation, information or an invoice.
Legal basis: Performance of a contract – we need to process your data in order to fulfil the agreement regarding your participation.
Retention period: We retain registration data for up to one year after the activity or event has taken place.
12. Handling of Applications
Categories of personal data: Identity data, contact details, professional information, experience-related information, submitted data, and any additional information you provide during your contact with us.
Purpose: When you apply for an audition or other recruitment process, we process your personal data in order to manage your application. For instance, we need to contact you by email to send an invitation to the audition or interview, and to communicate with any references.
Legal basis 1: Legitimate interest – Konserthuset Stockholm has a legitimate interest in administering and managing applications.
Legal basis 2: Legal obligation – we are required to process your data in accordance with the Swedish Discrimination Act (2008:567).
Retention period: We retain your personal data for two years after the recruitment process has concluded, to fulfil our obligations under the Discrimination Act.
13. Statistics and Analysis of Our Operations
Categories of personal data: Purchase history, identity data and contact details.
Purpose: To understand and develop our operations, we may process your personal data for the purpose of compiling and analysing statistics, such as data related to ticket purchases or sales.
Legal basis: Legitimate interest – Konserthuset Stockholm has a legitimate interest in analysing and improving its operations.
Retention period: We retain your personal data for up to three years.
14. Statistics and Analysis of Our Website
Categories of personal data: Purchase history, submitted data, device information and online identifiers.
Purpose: To help us improve our operations, we may manually or through cookies and similar tracking technologies process your personal data to compile and analyse statistics, such as website usage or ticket purchases.
Legal basis: Consent – as obtained via your selections in our cookie banner.
Retention period: We retain your personal data for one year, or until you withdraw your consent.
You may withdraw your consent at any time by emailing us at info@konserthuset.se. If you provided your consent via our cookie banner, you can also withdraw it by following the instructions in our cookie policy.
15. Photography and Video Recording
Categories of personal data: Your image in photographs and/or video.
Purpose: We may record or photograph our concerts for informational or press purposes. In addition, we are tasked with making some concerts available in digital format for those unable to attend in person (primarily via our own streaming service, Konserthuset Play). We also document our operations and archive such material for cultural heritage purposes and future research. External parties may also record or document concerts. Our images and videos are typically not searchable by name, but if you are attending an event at Konserthuset Stockholm, you may appear in photo or video in a way that makes you identifiable. You consent to this by accepting our terms and conditions at the time of ticket purchase. No additional consent is collected from the audience prior to publication or distribution.
Legal basis 1: Legitimate interest – Konserthuset Stockholm has a legitimate interest in making its activities accessible to a wider audience and in documenting and archiving for cultural purposes.
Legal basis 2: Performance of a contract – by accepting our terms and conditions when purchasing tickets, you agree that you may appear in visual material as described above.
Retention period: We retain your personal data for as long as necessary to fulfil our archival and cultural obligations. For processing based on performance of a contract, the data is stored for the duration of the contract or for as long as required to meet Konserthuset Stockholm’s archival and cultural responsibilities.
16. Establishment, Exercise and Defence of Legal Claims
Categories of personal data: Identity data, customer details, contact details, financial data and purchase history.
Purpose: If Konserthuset Stockholm needs to establish, assert or defend its legal claims, we may process your personal data for these purposes.
Legal basis: Legitimate interest – Konserthuset Stockholm has a legitimate interest in processing personal data in order to establish, assert or defend its legal claims.
Retention period: We retain your personal data for as long as necessary in each individual case to establish, assert or defend legal claims – for example, in the event of a dispute. Once our legal claims have been satisfied, we will delete your personal data.
17. Security Camera Surveillance
Categories of personal data: Your image in photographs and/or video.
Purpose: When you are on the premises of Konserthuset Stockholm, your personal data may be processed via our security cameras, which are in place to prevent and investigate crime, ensure safety and prevent misconduct. Security cameras are located at the entrance to the public lift at street level, and at our reception/stage entrance at Hötorget 8 and nearby areas.
Legal basis: Legitimate interest – Konserthuset Stockholm has a legitimate interest in preventing and investigating crime, ensuring safety and preventing misconduct.
Retention period: We retain your personal data for seven days from the time of recording.
18. Customer Surveys
Categories of personal data: Identity data, contact details and submitted data.
Purpose: Konserthuset Stockholm may occasionally conduct customer surveys among current and former customers in order to improve its operations.
Legal basis: Legitimate interest – Konserthuset Stockholm has a legitimate interest in developing and enhancing its services.
Retention period: The duration of processing for this purpose is determined individually for each survey before it begins, and the retention period will be specified in connection with each survey. Konserthuset Stockholm will not process your data for this purpose for any longer than is justified by its legitimate interest.
19. Processing to Uphold Your Rights
Categories of personal data: All categories of personal data listed under each processing purpose above.
Purpose: In order to uphold your rights, Konserthuset Stockholm may also process your personal data specifically for this purpose. This means that in addition to the processing done for the original purpose stated in this privacy policy, we will retain the same data to enable the fulfilment of your rights.
Legal basis: This processing is based on Article 6.1(c) of the GDPR – Konserthuset Stockholm’s legal obligation to comply with the provisions of the GDPR.
Retention period: We retain your personal data for this purpose for as long as we retain the data for the original purpose.
About Cookies
When you visit our website, we process personal data through functional (necessary) cookies. If you consent to other optional cookies used for statistics and marketing purposes, we will also process personal data for these purposes. For more detailed information about both necessary and optional cookies, please refer to our cookie policy.
What Are Your Rights in Relation to Your Personal Data?
As a data subject, you have several rights under the General Data Protection Regulation (GDPR). These are briefly described below. You can find more detailed information about your rights on the Swedish Authority for Privacy Protection’s website (Integritetsskyddsmyndigheten, IMY) via the links provided under each section.
If you wish to exercise any of your rights, please contact us using the details listed at the beginning of this privacy policy.
Right to Information
You have the right to receive information about how we process your personal data. This is provided via this privacy policy at the time your personal data is collected, and the policy is always available on our website. You also have the right to be informed if a personal data breach occurs that is likely to result in a high risk to your rights and freedoms. In such a case, we will notify you directly by email.
Read more about your right to information (in Swedish):
https://www.imy.se/privatperson/dataskydd/dina-rattigheter/ratt-till-information/
Right of Access
You have the right to request confirmation as to whether Konserthuset Stockholm is processing your personal data. If we are, you have the right to receive information about the processing and access your data in the form of a free copy (a “data subject access request”) detailing the personal data held about you and how it is being used.
Requests for access can be sent by email to info@konserthuset.se.
Konserthuset Stockholm reserves the right to verify the identity of the person making the request. If requests are made repeatedly, Konserthuset Stockholm may charge a reasonable administrative fee.
Read more about your right of access (in Swedish):
https://www.imy.se/privatperson/dataskydd/dina-rattigheter/ta-del-av-dina-personuppgifter/
Right to Rectification
You have the right to have inaccurate personal data corrected and to have incomplete data completed. This right applies to data collected from you, from third parties, or from public sources, as well as data created by Konserthuset Stockholm (such as profiling data). You may request corrections by emailing info@konserthuset.se.
Read more about your right to rectification (in Swedish):
https://www.imy.se/privatperson/dataskydd/dina-rattigheter/rattelse/
Right to Erasure (“Right to Be Forgotten”)
You have the right, in certain circumstances, to have your personal data erased without undue delay. This applies if:
- The data is no longer necessary for the purposes for which it was collected or otherwise processed;
- You withdraw your consent and there is no other legal ground for the processing;
- You object to the processing based on legitimate interest and there are no overriding legitimate grounds to continue;
- The data is processed for direct marketing and you object to the processing;
- The personal data has been unlawfully processed; or
- Erasure is required to comply with a legal obligation.
However, there may be circumstances that limit your right to erasure — for example, if continued processing is required to fulfil a legal obligation. In such cases, Konserthuset Stockholm is not obliged to delete the data.
Read more about your right to erasure (in Swedish):
https://www.imy.se/privatperson/dataskydd/dina-rattigheter/radering/
Right to Restriction of Processing
You have the right, in certain circumstances, to request that the processing of your personal data be restricted. This applies if:
You contest the accuracy of the personal data – processing may be restricted while we verify the data;
The processing is unlawful and you oppose erasure and request restriction instead;
Konserthuset Stockholm no longer needs the data for the original purpose, but you need it to establish, exercise or defend legal claims;
You have objected to processing based on legitimate interest, and processing is restricted while we assess whether our grounds override your interests.
If processing is restricted, Konserthuset Stockholm may only store the data, and otherwise process it only to establish, exercise or defend legal claims, to protect someone else's rights, or with your consent. If restriction is lifted, you will be informed beforehand.
Read more about your right to restriction (in Swedish):
https://www.imy.se/privatperson/dataskydd/dina-rattigheter/begransning/
Right to Data Portability
In certain cases, you have the right to receive the personal data you have provided to Konserthuset Stockholm in a structured, commonly used and machine-readable format, and to transmit this data to another controller without hindrance. This applies if the processing is carried out by automated means and is based on your consent or the performance of a contract, and if the transfer is technically feasible.
Read more about your right to data portability (in Swedish):
https://www.imy.se/privatperson/dataskydd/dina-rattigheter/flytta-dina-personuppgifter/
Right to Object
You have the right to object at any time to our processing of your personal data based on a legitimate interest. In such cases, continued processing requires that we demonstrate compelling legitimate grounds that override your interests, or that processing is necessary for the establishment, exercise or defence of legal claims.
You also have the right to object to profiling and other processing based on the customer relationship between you and Konserthuset Stockholm. You can request details of our balancing test by emailing info@konserthuset.se.
You always have the right to object to processing carried out for direct marketing purposes. If you do so, we will immediately stop processing your data for this purpose without carrying out a balancing test.
Read more about your right to object (in Swedish):
https://www.imy.se/privatperson/dataskydd/dina-rattigheter/att-gora-invandningar/
Right to Withdraw Consent
If your data is processed on the basis of consent, you have the right to withdraw that consent at any time. You can do this by emailing us at info@konserthuset.se. If you have given consent by accepting cookies via our cookie banner, you can withdraw it by adjusting your preferences according to our cookie policy.
Read more about consent as a legal basis and your right to withdraw it (in Swedish):
https://www.imy.se/verksamhet/dataskydd/det-har-galler-enligt-gdpr/rattslig-grund/samtycke/
Right to Lodge a Complaint
If you believe that Konserthuset Stockholm is processing your personal data in violation of the GDPR, you have the right to file a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY):
Website: https://www.imy.se
Phone: 08‑657 61 00
Email: imy@imy.se
Postal address: Box 8114, 104 20 Stockholm
Special Notes on Profiling and Automated Decision-Making
Profiling
Profiling refers to any form of automated processing of personal data used to evaluate certain personal aspects of an individual — for example, to analyse or predict a person’s economic situation, preferences, interests or behaviour.
Konserthuset Stockholm uses profiling for purposes such as personalised marketing.
If profiling is based on legitimate interest, you have the right to object to it at any time (as described above). In such cases, we may no longer process the data unless we can demonstrate compelling legitimate grounds that override your interests, rights and freedoms, or if it is necessary for the establishment, exercise or defence of legal claims.
Automated Decision-Making
As a data subject, you have the right not to be subject to a decision based solely on automated processing, including profiling, if such a decision would have legal effects on you or significantly affect you in another way.
You have the right to object to such processing. However, this right does not apply if the decision-making is necessary to enter into or perform a contract with you, or if you have given your explicit consent.
Read more about automated decision-making (in Swedish):
https://www.imy.se/privatperson/dataskydd/dina-rattigheter/automatiserade-beslut/
Who May Access Your Data?
As part of our operations, we work with various partners in order to provide the best possible service and develop our activities. In order for these partners to perform certain tasks on our behalf, we may need to share your personal data with them. However, they do not have any independent rights to your personal data beyond what is described in this policy.
Your data is only shared with trusted third parties, and Konserthuset Stockholm will never sell your personal data to anyone. Sharing is based on the same purposes and legal grounds as the original data collection.
When a service provider processes personal data on our behalf, we enter into a data processing agreement with them. This agreement ensures that the provider processes the data according to our instructions and complies with applicable data protection regulations. The purpose is to ensure your personal data is as secure with our suppliers as it is with us.
Categories of recipients include:
Suppliers and subcontractors – including IT service providers (e.g. software, data storage), ticketing or CRM systems, direct marketing tools, catering services, financial service providers, print and delivery services, analytics platforms, and recruitment firms.
May We Transfer Your Personal Data Outside the EU/EEA?
In certain cases, we may share your personal data with entities located in a country outside the EU/EEA, commonly referred to as a “third country”. In a third country, the General Data Protection Regulation (GDPR) does not apply, which may entail an increased risk from a privacy perspective, for example with regard to the possibility of authorities in the third country accessing your personal data, and your ability to exercise control over your data.
To protect your personal data and maintain an adequate level of protection, any such transfer is based either on a decision from the European Commission confirming an adequate level of protection, or on appropriate safeguards such as binding corporate rules approved by the relevant supervisory authority, or the European Commission’s standard contractual clauses, combined with organisational and technical safeguards.
If we transfer your personal data to the United States, the transfer may be based on the EU–US Data Privacy Framework, provided that the receiving US company is affiliated with and certified under the EU–US Data Privacy Framework. Otherwise, the transfer is based on one of the other transfer mechanisms set out in Chapter V of the GDPR.
You can read more about which countries are considered to provide an adequate level of protection on the European Commission’s website:
You can read more about which countries are considered to provide an adequate level of protection on the European Commission’s website:
https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en
You can read more about the standard contractual clauses on the European Commission’s website:
https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en
You can read about which US companies are affiliated with and certified under the EU–US Data Privacy Framework on the Data Privacy Framework Programme website:
https://www.dataprivacyframework.gov/list
We always conduct a risk assessment before transferring your personal data to a third country, and we take both technical and organisational protective measures to ensure an appropriate level of protection. We strive to transfer as little personal data as possible to countries outside the EU/EEA, and whenever possible in anonymised form.
If you would like more information about the specific safeguards used by Konserthuset Stockholm in any individual case, please contact us by email at info@konserthuset.se.
Potential recipients outside the EU/EEA
Suppliers and subcontractors
In some cases, your personal data may be shared with suppliers and subcontractors located outside the EU/EEA. This may include providers of ticketing and CRM systems, digital communications platforms, and streaming services. The data may involve customer information within ticketing systems, CRM, digital communications, and video content, all necessary for operating Konserthuset Stockholm’s activities.
Social media platforms
When you contact or otherwise interact with Konserthuset Stockholm on social media platforms such as Facebook, Instagram, LinkedIn and YouTube, your personal data is also collected and processed by the companies behind these platforms.
When these companies receive your personal data, such data may be transferred to the United States. Below you will find which social media platforms we use, along with links for further information on how they process your personal data.
Facebook and Instagram
When using these services to contact or interact with us, your personal data is processed by Meta Platforms Ireland Ltd (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland), a subsidiary of Meta Platforms, Inc.
Meta Platforms, Inc. is based in the United States, a third country with an adequate level of protection according to the European Commission, provided the receiving US company is certified under the EU–US Data Privacy Framework (EU–US DPF).
At the time of this privacy policy's most recent update, Meta Platforms, Inc. is certified under the EU–US DPF, and all data transfers are thus based on the European Commission's adequacy decision.
Read Meta’s privacy policy:
https://www.facebook.com/privacy/policy/
When using this platform to contact or interact with us, your personal data is processed by LinkedIn Ireland Unlimited Company (Wilton Plaza, Wilton Place, Dublin 2, Ireland), a subsidiary of LinkedIn Corporation.
LinkedIn Corporation is based in the United States, a third country with an adequate level of protection according to the European Commission, provided that the receiving US company is certified under the EU–US Data Privacy Framework.
At the time of this privacy policy's most recent update, LinkedIn Corporation is certified under the EU–US DPF, and all data transfers are thus based on the European Commission’s adequacy decision. LinkedIn also states that it uses Standard Contractual Clauses (SCCs) in parallel.
More on SCCs:
https://www.linkedin.com/help/linkedin/answer/a1343190/
LinkedIn’s privacy policy:
https://www.linkedin.com/legal/privacy-policy/
YouTube
When using this platform to contact or interact with us, your personal data is processed by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland), a subsidiary of Google LLC.
Google LLC is based in the United States, a third country with an adequate level of protection according to the European Commission, provided that the receiving company in the US is certified under the EU–US Data Privacy Framework.
At the time of this privacy policy’s most recent update, Google LLC is certified under the EU–US DPF, and all third-country data transfers are thus based on the European Commission’s adequacy decision.
Read Google’s privacy policy here: https://policies.google.com/privacy?hl=en-GB
Links to Konserthuset Stockholm’s social media channels:
Facebook
facebook.com/KonserthusetStockholm
facebook.com/kungligafilharmonikerna
facebook.com/bluehousejazzorchestra
Instagram
instagram.com/konserthusetstockholm
instagram.com/kungligafilharmonikerna
LinkedIn
linkedin.com/company/konserthuset-stockholm-kungliga-filharmonikerna
YouTube
youtube.com/user/RoyalStockholmPhil
How Konserthuset Stockholm Protects Your Data
We take the protection of your personal data seriously and have implemented the technical and organisational measures we deem necessary to protect it from loss, misuse, unauthorised access, disclosure, alteration or destruction. We continuously improve our information security and combine organisational measures (such as policies, access controls and routines) with technical measures (such as security software and encrypted storage).
Changes to This Privacy Policy
We may update this privacy policy from time to time, for example due to changes in laws, directives or regulations governing the processing of personal data, or new legal precedents regarding the interpretation of such laws. The most recent version of the privacy policy is always available on our website: www.konserthuset.se
This policy was last updated on 8 September 2025.