On this day, 25th May 2018, the following policy (“Personal Data Policy”) has been established for the HSE Solutions AB.
We care about your privacy. You should feel safe and secure when you trust us with your personal data. Therefore, we have created this policy. It is based on existing personal data legislation and clarifies how we work to protect your rights and your privacy.
Personal data means all types of information that can directly or indirectly be attributed to a living real person (“Personal data”).
The purpose of this policy is that you should know how we process your personal data, what we use it for, who may use it, in what circumstances and what your rights are.
If you have a question that is not answered here please get in touch with us. You can find information about how to contact us under “Contact details” below.
We primarily process your personal data in order to fulfil our obligations to you. We do not process more personal data than is required to meet those purposes (information about what purposes we handle personal data for is under the section “What we use personal data for” below) and we always strive to use the least sensitive personal data.
We also need your personal data to provide a good service, for example for marketing, follow-up and information. We may also require your personal data to fulfil legislation and to carry out customer and market analyses.
You have the right to oppose us processing your personal data. When we gather personal data about you for the first time you will receive more information about it and how you can exercise your rights.
What personal data do we process?
We only process personal data when we have legal grounds for processing it. We do not process personal data in cases other than when it is required to fulfil contractual and/or legal obligations if we have not had your stated consent. The following are examples of the personal data that we process:
Sensitive personal data is information that reveals race or ethnic origin, political opinions, religious or philosophical beliefs or union membership, and personal data that refers to health or sex life (below “Sensitive Personal data”). Information about health could be sick leave, pregnancy and doctor’s appointments. Depending on what information you choose to share with us we can process Sensitive Personal data.
Most personal data that we process is based on a contract and/or legal requirements. In those cases where we need to, we try as much as possible to obtain your consent before we start to process your personal data. We do this by allowing you to fill in specific consent clauses in cases where the process requires consent.
You can withdraw your consent at any time. We will then no longer process the personal data that was covered by your consent or retrieve new personal data, on the condition that it is not required to complete our legal or contractual obligations. Remember that withdrawing your consent may mean that we cannot meet our obligations to you. We also have access to your personal data in the following way:
We will process the personal data we collect for the following purposes;
Personal data that is processed with the purpose of marketing our systems, products and services, including the function and content of our systems, products and services are processed based on our legitimate interests to market our operations and our systems, products and services, including the function and content of our systems, products and services.
We save your personal data for as long as you use our systems, products and services and for twelve (12) months after you have stopped using our systems, products and services. If you request it we will permanently erase your personal data. We are obliged by Swedish law to retain certain personal data for longer than a twelve (12) month period.
If we cannot process your personal data we cannot provide you with our systems, products and services. Your privacy is very important to us and we will handle the personal data that you share with us with great care and in line with “best practice”, the Personal Data Policy and applicable legislation and regulations.
Without your consent we will not divulge your personal data to anyone other than so stated in the Personal Data Policy.
When we collect your personal data for the first time we will inform you how we obtained your personal data, what we will use it for, what rights you have under the General Data Protection Regulations and how you can exercise these. You will also be informed who is responsible for personal data processing and how you can contact us if you have questions or need to submit a request or inquiry that refers to your data and/or rights.
We follow routines and work processes so that your personal data is handled in a safe way. The starting point is that only employees and other persons within the organisation that need personal data to carry out their work tasks shall have access to them.
Regarding sensitive personal data we have introduced special authorisation checks, which means greater protection for your personal data. Our security system is developed with a focus on your privacy and protects to a high degree against hacking, interference and other changes that could compromise your privacy.
We take all appropriate technical organisational safety measures that are required to protect personal data against unauthorised access, modification or interference. There is however always a risk in submitting personal data via digital channels as it is not possible to completely prevent technology systems from being hacked. We do not transfer personal data in other cases than those specifically stated in this policy.
Beyond what is stated in the Personal Data Policy we will not share the personal data you supply to us with any third parties.
We will not share the personal data you supply to us with any third parties other than (i) when there is a specific agreement between you and us, (ii) when it is necessary to defend your rights, (iii) if it results from legal obligation, authority’s decision or court decision or (iv) if we appoint an independent supplier for services in connection with our systems, products and services our for-marketing purposes. These suppliers can handle personal data and sometimes requires limited access to personal data that is collected via our systems, products and services. We always strive to limit such access to personal data and only share information that is necessary for the suppliers to do their work and provide their services. We also require that these suppliers (i) protect your personal data in accordance with the Personal Data Policy and (ii) do not use or divulge your personal data in any other way than that provides us with the agreed products or services.
If you request it, we will permanently erase your personal data that is processed with the purpose of marketing our systems, products and services, including functions and contents of our systems, products and services. We may transfer personal data to a third country (a country outside the EU/EES). In those cases where we choose to use suppliers outside the EU/EES, for example, cloud service providers or sub-contractors that provide support services, we will in such cases take all reasonable legal, technical and organisational measures to ensure that your personal data is processed safely and with an adequate level of security.
Your personal data will not be stored for longer than is necessary with reference to the purpose of the processing and we will otherwise erase personal data in a way that follows applicable legislation.
Once per calendar year you have the right, cost-free, to request information of what personal data we process about you and also to have any incorrect information corrected. If you wish to know whether we process personal data about you, you can send a written and signed request to us (see “Contact details” section below).
Our digital channels may contain links to other websites provided by other companies. This Personal Data Policy does not apply to these web sites. You should therefore check the Personal Data Policy of each website before submitting any personal data.
We collect information using technology such as cookies, beacons and local storage (for example on your web browser or device). In the Personal Data Policy we use the term “Cookies” for all technology, including data and text paragraphs, that we store in your web browser or device.
A Cookie is a small text file that is stored on your computer, telephone or other device when you visit a website. Cookies can, for example, help us to recognise you the next time you visit our website, but also allow us to offer a more secure and reliable service.
Most web browsers allow you to choose how to manage Cookies. You can set the web browser to refuse to accept Cookies, or to remove certain Cookies.
If you choose to block Cookies parts of the functionality in our systems, products and/or services will be degraded or disappear.
We take all appropriate technical organisational safety measures that are required to protect personal data against unauthorised access, modification or interference. There is however always a risk in submitting personal data via digital channels as it is not possible to completely prevent technology systems from being hacked.
HSE Solutions AB are personal data controllers, which means that we are responsible for how your personal data is processed and that your rights are maintained.
In case of breach of security relating to Personal Data, for example a computer hacking or an accidental loss of Personal Data, we are obligated to document the breach of security and report it to the inspection authority within 72 hours. We may also need to inform you, for example if there is a risk for identity theft or fraud.
Should we need to make changes to the Personal Data Policy we will inform you of this and inform you of the content in the new conditions that you approve.
If an authorised court finds any stipulation in the Personal Data Policy invalid, this shall lead to the reasonable adjustment of the stipulation in question. Other stipulations will remain in full force and effect.
Personal Data Policy is governed by and interpreted in accordance with English law, without application of rule for conflict of laws.
Disputes or requirements that arise regarding or in conjunction with the Personal Data Policy, or the breach, termination or invalidity of these conditions must be finally determined by English courts.
For more information relating to the current legislation, our responsibility when processing the Personal Data and your rights as a data subject, please visit the inspection authority’s homepage.
If you have any questions regarding the Personal Data Policy or have any other questions regarding our processing, please contact us on:
HSE Solutions AB, org.no. 559369-7781