Personal data processing policy

Established on 23 April 2019, for Sterisol AB.

Purpose

This policy is based on the applicable data protection legislation and clarifies how we work to safeguard your rights and privacy. We protect your privacy. You should feel secure when entrusting us with your personal data.

Background

For customers and suppliers, we require personal data such as name, phone number and email address to maintain business relationships, to fulfil our legal and contractual obligations, to safeguard rights, for conducting customer and market analyses, and for marketing and follow-up purposes.

Guidelines

Which personal data do we process?

We only process personal data when we have legal grounds, in order to carry out legal and contractual obligations, or with your consent.

What are legal grounds?

Consent: The registered individual has said yes to the processing of their personal data.

Contract: The registered individual has a contract or will enter into a contract with the data controller.

Weighing of interests: The data controller may process personal data without consent from the registered individual if the data controller’s interests outweigh the registered individual’s, and if processing is necessary for the relevant purpose.

Legal obligation: There are laws or rules stipulating that the data controller must process the personal data in their activities.

Fundamental interest: The data controller must process personal data to protect a registered individual who cannot provide consent.

How do we access your personal data?

We access your personal data through personal contact, telephone, contract, email, or when you have chosen to identify yourself via social media, such as Facebook and LinkedIn. Information collected through cookies contains no personal data, but it is used to establish the visitor’s (IP address) patterns when using our web services at www.sterisol.se. IP addresses are saved in our databases for marketing purposes.

In some cases we process your personal data based on our legitimate interest. If you have questions or want to know more about how we weigh these interests, you are welcome to contact us.

 

What are the rights of registered individuals?

At any time, you may revoke your consent or not follow us on social media. You have the right to object to our use of your personal data for direct marketing purposes. You have the right to access information and the right to correct, erase, and limit its processing, as well as the right to submit complaints to the Swedish Data Protection Authority. The first time we collect personal data about you, you will receive more information about this, and how to oppose.

Remember that revoking your consent may mean that we cannot fulfil obligations we have made to you.

What information do we provide to you?

When we collect your personal data for the first time, we will inform you about how we obtained your personal data, what we will use them for, your rights according to the Swedish Data Protection Authority and how to exercise them. You will also be informed of who is responsible for processing the personal data and how you can contact us if you have questions or need to submit a request or inquiry pertaining to your personal data and/or rights.

Are your personal data securely processed?

We draw up procedures and methods to ensure your personal data are securely processed. Our starting point is that only employees and others in the organisation who require the personal data in order to do their jobs shall have access to them. Because the company has outsourced services (IT operations, e-invoice services, archives), the company has established data processor agreements with these companies.

When do we give out your personal data?

Our starting point is to not give out your personal data to third parties unless necessary for fulfilling our legal or contractual obligations. In cases when the company provides a third party with your personal data, or when a third party has access to your personal data, a data processor agreement is drawn up and we ensure the personal data are processed securely.

How long are your personal data saved?

Personal data are saved as long as we have a business relationship or as long as the company has any legal or contractual obligations to do so. If processing is based on consent, then personal data are processed until consent is revoked, or for a shorter period if consent is for a limited period of time.

Responsibility

Sterisol AB is the personal data controller, which means we are responsible for how your personal data are processed and for ensuring that your rights are protected.

 

Contact us

If you have a complaint, questions pertaining to your personal data, or other questions, please contact the company’s HR department. Sterisol AB, Box 149, 592 23 Vadstena.