PRIVACY POLICY 

PURPOSE

We protect your privacy. You should feel safe when you entrust us with your personal data. We have therefore prepared this Policy. It is based on the General Data Protection Regulation (GDPR) and clarifies our efforts to safeguard your rights and your privacy. This Privacy Policy applies immediately to new customers and from 25 May 2018 to existing customers.

The purpose of the Policy is to inform you of how we process your personal data, what we use them for, who is allowed access to them and under what conditions and how you may exercise your rights.

BACKGROUND

We mainly process your personal data to meet our obligations to you and to pursue our legitimate interest for marketing purposes. Our starting point is that we will not process more data than is needed for each purpose, and we are always striving to use the least sensitive data.

We also need your personal data to provide you with good service, such as for marketing, follow-up and information. We may also need your personal data to comply with legislation and perform customer and market analyses.

WHAT CONSTITUTES PERSONAL DATA?

Personal data are any information that directly or indirectly relates to a natural person, who is currently alive. Images and sound recordings processed in a computer may for example constitute personal data, even if no names are mentioned. Encrypted data and other forms of electronic identities (such as IP numbers) constitute personal data if they can be linked to natural persons.

WHAT CONSTITUTES PROCESSING OF PERSONAL DATA?

Processing of personal data is any operation performed on personal data. Any operation performed on personal data constitutes processing, whether or not by automated means. Common processing includes collection, recording, organisation, storage, adaptation, dissemination, transfer and erasure.

WHO IS RESPONSIBLE FOR THE PERSONAL DATA WE COLLECT?

K-BYGG Sverige (corporate identity number 556087-7325), Box 376, 831 25 Östersund, Sweden, and each subsidiary of the group is a separate controller for such company’s processing of personal data. This is a list of all existing subsidiaries:

K-Bygg Byggarnas Partner (corporate identity number 556572-0231)

K-Bygg Kungälvs trä (corporate identity number 556045-4786)

Övik Låsteknik AB (corporate identity number 556622-1288)

 

THE FOLLOWING IS AN OVERVIEW OF THE VARIOUS SECTIONS OF THE POLICY:

1.                         WHAT PERSONAL DATA ARE WE PROCESSING?

2.                         WHAT ARE PERSONAL DATA USED FOR?

3.                         HOW ARE PERSONAL DATA COLLECTED?

4.                         FOR HOW LONG WILL THE PERSONAL DATA BE RETAINED?

5.                         TO WHOM WILL THE PERSONAL DATA BE DISCLOSED?

6.                         HOW ARE PERSONAL DATA PROTECTED?

7.                         YOUR RIGHTS

8.                         COOKIES

9.                         CONTACT DETAILS

When you enter into an agreement with us, you provide us with certain personal data. Below is a description of how we use, store and otherwise process your personal data and of your rights.

 

WHAT PERSONAL DATA ARE WE PROCESSING?

Customer data: Customer data includes data such as names, addresses, email addresses, telephone numbers and personal identity numbers.

We also process other information that you have provided us with in your contacts with us.

WHAT ARE PERSONAL DATA USED FOR?

1.                         The provision of products and services as part of the  company's operations

2.                         Compliance with a legal obligation

3.                         Other communication regarding products and services

4.                         The evaluation and development of products and services

5.                         Direct marketing

6.                         Recruitment/hiring

7.                         Information security

8.                         Compliance with legislation

According to the applicable General Data Protection Regulation, personal data may only be collected for “specified, explicit and legitimate purposes.” Personal data must not be further processed in a manner that is inconsistent with these purposes. The processing of personal data must also be supported by the General Data Protection Regulation; such support is referred to as a legal basis. Our processing is lawful only if at least one of the following applies:

The processing is necessary for the performance of our contract with you;

The processing is necessary for compliance with a legal obligation (that is, if we have a legal obligation to do something according to other legislation);

The processing is necessary for our legitimate interests and your interest of protection for your personal data does not override them (balancing of legitimate interests); or

In specific cases, once you have given your consent to the specific processing in question.

If we are to provide you with products and services, we need to process and manage your personal data. Below are examples of the purposes for which we process your personal data as well as the legal basis for doing so.

Certain processing may require consent as the legal basis. In such cases, we will obtain your consent to the processing in question before we begin the processing.

1. PROVISION OF PRODUCTS AND SERVICES

Purpose

We process your personal data to the extent required to identify you as our customer or user and allow us to perform under our agreement with you regarding the delivery of products and services. We also process your personal data for the administration and invoicing of products/services and to obtain credit reports, manage complaints, assist you in case of questions regarding products, services and agreements when you contact our customer services and otherwise safeguard our rights and meet our obligations under our agreement with you.

Legal basis: Performance under a contract

The processing described above is a condition for our provision of products and services. If we cannot perform such processing, we cannot provide you with products and services, but your payment obligation remains during the term of the agreement.

2. COMPLIANCE WITH A LEGAL OBLIGATION

Purpose

We process your personal data for compliance with the company’s legal obligations. This may involve the processing required to comply with the company’s legal obligations according to statutory obligations, judgments or decisions by authorities (such as the Swedish Accounting Act, the Swedish Act on Measures against Money Laundering and Terrorist Financing and the rules on product liability and product safety, which may require the preparation of communications and information to the general public and customers regarding product safety notices and product recalls in case of a defective or injurious product).

Legal basis: Compliance with a legal obligation

The processing described above is required by law. If the data are not provided, our legal obligations cannot be met, and we will therefore be forced to reject the purchase. Examples of processing that may be performed for this purpose is the storage of invoice documentation required to comply with our obligations under the Swedish Accounting Act.

3. OTHER COMMUNICATION REGARDING PRODUCTS AND SERVICES

Purpose

We process personal data in connection with other communications with you, such as to provide service information and updates to products and services. We also process personal data when we are in contact with your regarding our products and services.

From time to time, we may process personal data that was collected separately from you, such as if you chose to respond to a questionnaire that we sent you.

Legal basis: Legitimate interest

Our legitimate interest for such processing is to keep our customers informed of our products and services and their availability. It is also required for the training our employees and to improve our working methods so that we can offer you the best service possible. For this purpose, we may use your customer data, such as your name, customer number, email address and telephone number.

4. EVALUATION AND DEVELOPMENT OF PRODUCTS AND SERVICES

Purpose

We process data to evaluate, develop, optimise and manage our operations in the form of our product and services. For this purpose, we may also compile statistics due to our need of analyses.

Legal basis: Legitimate interest

Our legitimate interests for this processing are the optimisation and development our products and services. This may involve preparing documentation for improved flows of products and logistics, developing the range, developing of resource efficiency from an environmental and sustainability perspective, planning new facilities, preparing documentation for the improvement of IT systems to generally improve the security of the company and our visitors/customers.

5. DIRECT MARKETING

Purpose

We process various kinds of data so that we can market our products and services directly to you. For this purpose, we may communicate with you, for example by mail, text message, text messages with multimedia content, telephone and email and via our website. We may also compile statistics due to our need of analyses.

Legal basis: Legitimate interest

Our legitimate interest for this processing is the marketing of new or existing products and services. For this purpose, we may use customer data, such as name, customer number, email address and telephone number.

6. RECRUITMENT/HIRING

Purpose

We process personal data in connection with the recruitment and hiring of employees. In connection with applications, we receive data via email or regular mail, and these are stored during the recruitment/hiring process and for a period thereafter, in relation to other legislation.

Legal basis: Legitimate interest/compliance with a legal obligation

Our legitimate interests for this processing are the recruitment and hiring of employees for our operations. For this purpose, we may use personal data such as name, personal identity number, address, telephone number, references, etc.

7. INFORMATION SECURITY

Purpose

We process data to ensure the safety of all our products and services, to discover or prevent various kinds of unlawful use or use that is otherwise in breach of the terms and conditions of agreements and similar.

Legal basis: Performance under a contract (customer data)

The processing described above is a condition for our provision of products and services. If we cannot perform such processing, we cannot provide you with products and services, but your payment obligation remains during the term of the agreement.

8. COMPLIANCE WITH LEGISLATION

Purpose

We process personal data to meet our statutory obligations.

Legal basis: Legal obligations.

Processing that may be performed for this purpose include the storage of invoice documentation for compliance with our obligations under the Swedish Accounting Act.

HOW ARE PERSONAL DATA COLLECTED?

We collect data when you become one of our customers and provide us with data. We also collect data when you communicate with us for other reasons, such as to obtain certain information or when you choose to respond to a questionnaire that we sent you or via our newsletter.

We obtain data from other sources, such as private and public registers, including Byggfakta and other partners

We collect information by using cookies on our websites, which cookies collect information from in and from your web browser.

FOR HOW LONG WILL THE PERSONAL DATA BE RETAINED?

We never retain personal data for longer than we need. The data we collect and the data that is generated when you purchase our products and services are processed for various purposes. They are also retained for varying periods, depending on what they are used for and our statutory obligations.

Unless otherwise stated below, we retain most of your customer data for as long as you remain a customer. Once the agreement between us has ended, they will be erased (or anonymised) according to defined weeding out procedures, except if we are obliged to retain them for longer (such as according to the Swedish Accounting Act).

We generally retain your customer data for the administration of invoices until the receivable is paid or becomes statute-barred and objections can no longer be made against the invoice. With regard to unpaid invoices, the data are retained until the invoice has been settled. Once the invoice has been paid, the data will be erased according to defined procedure for weeding out, except for the data that are required to comply with statutory obligations pursuant to the Swedish Accounting Act.

Information related to credit reports is erased according to the weeding out procedures that were defined when the information was obtained.

Matter history from support matters is erased according to the weeding out procedures that were defined when the contact was made.

To administer and make attractive offers and carry out market and customer analyses, data on your use of our products and services are retained according to defined weeding out procedures

The data we hold due to a legal obligation will be retained for a long as it is required according to the relevant legislation.

TO WHOM WILL THE PERSONAL DATA BE DISCLOSED?

Other companies in K-BYGG Sverige.

Suppliers and other processors who process personal data on our behalf

Authorities and rescue services

Others

Under certain circumstances, we may disclose your information to others, which circumstances are described in more detail below.

OTHER COMPANIES IN K-BYGG Sverige

As our group has group-wide functions, your personal data may be disclosed to other companies in the group. Such companies may also process your data to provide offers and other marketing related to products and services that may be of interest to you.

SUPPLIERS AND OTHER PROCESSORS WHO PROCESS PERSONAL DATA ON OUR BEHALF

We engage suppliers of various products and services. Such suppliers may be providers of technical platforms (outsourcing), market analysis companies, service and installation engineers, sales agents and resellers. We only disclose your information to such subcontractors if and to the extent it is absolutely necessary in the individual case.

AUTHORITIES AND RESCUE SERVICES

We disclose your personal data:

To law enforcement agencies, in accordance with law and authority decisions.

To the police and rescue services in connection with calls to the emergency number (in Sweden, SOS Alarm).

OTHERS

If you have given us your consent, we may also disclose your personal data to related companies and partners in other cases than those listed in the items above.

HOW ARE YOUR PERSONAL DATA PROTECTED?

We take appropriate technological and organisational security measures to ensure that information that is processed by us is protected from unauthorised access. Only those who are authorised and actually need to process your personal data so that we can meet our stated purposes have access to the information about you, and their handling of the information is strictly regulated.

YOUR RIGHTS

Access

Rectification

Erasure – the right to be “forgotten”

Restriction of processing

Objection

Data portability

You have the right to know what we do with your personal data, such as when, how and why your personal data are processed. Under certain circumstances, you also have the right to obtain your personal data or have them transferred, rectified, erased or blocked. Below is a list of your rights and how to exercise them.

RIGHT OF ACCESS

You are entitled to obtain information on what personal data we are processing that concern you (a register extract). The request for such an extract should be made in writing and be signed by you. You should ideally specify the categories of data that you want access to, such as customer data. If we cannot meet your request for any reason, we will provide you with a justification. Please note that we will only disclose such data that we know for certain belong to you. Send your request to the address below. Mark the envelope “Register extract”. In your request, please state which group company you are referring to. The companies are listed in the section “Who is responsible for the personal data we collect?”

K-BYGG Sverige

Kundrelationer

Box 376

831 25 Östersund

Sweden

The register extract will be sent to your address according to the Swedish Population Register.

 

RIGHT TO RECTIFICATION

We are responsible for ensuring that the personal data we process are accurate and up to date. If you notice that we hold inaccurate data about you, you have the right to request that we rectify such data. You also have the right to amend the data with any personal data that you consider are missing and that are relevant for the purpose for which we are processing your personal data.

If the data have been rectified at your request, we will ensure that those to whom we have disclosed the data are informed. However, this does not apply if this would prove to be impossible or entail too onerous an effort. At your request, we will inform you of who we disclosed the rectification to.

RIGHT TO ERASURE

We will save your customer data for as long as you remain our customer. Once the agreement between us has ended, they will be erased (or anonymised) according to defined weeding out principles, except if we are obliged to retain them for longer (such as according to the Swedish Accounting Act).

As our customer, you always have the right to contact us to request that your personal data are erased. In the following cases, personal data must be erased:

If the personal data are no longer required for the purposes for which they were collected and processed;

If the processing is solely based on your consent, and you withdraw your consent;

If the processing is for direct marketing purposes, and you object to the processing of your personal data;

If you object to the processing of personal data that occurs after legitimate interests have been balanced and there are no legitimate interests that override your interest;

If personal data are not processed according to the rules;

If their erasure is required to meet a legal obligation.

RIGHT TO RESTRICTION OF PROCESSING

Enters into force as of 25 May 2018

Under certain circumstances, you have the right to request that our processing of your personal data be restricted. ‘Restricted’ means that your personal data will be marked so that in the future, they may only be processed for certain limited purposes.

The right to restriction applies if you consider that your personal data are inaccurate and have requested rectification. In such cases, you may also request that we restrict the processing of your personal data while the accuracy of your personal data is investigated.

RIGHT TO OBJECT

You have the right to object to the processing of your personal data that we carry out based on a balancing of legitimate interests. If so, you need to specify the processing to which you object. In the event of such an objection, we may only continue with the processing if we can demonstrate that our compelling legitimate interests to process your personal data override your interests.

If your personal data are processed for direct marketing, you always have the right to object to the processing at any time.

THE RIGHT TO DATA PORTABILITY

Enters into force as of 25 May 2018

If our right to process your personal data is based either on your consent or for our performance under an agreement with you, you have the right to request that personal data you have submitted to us be transferred to another controller (data portability). A condition for data portability is that the transfer is technically feasible and can be made by automated means.

HOW DO WE HANDLE PERSONAL IDENTITY NUMBERS?

We will only process your personal identity number if it is clear that this is justified considering the purpose, required for secure identification or if there are other noteworthy reasons. We always minimise the use of your personal identity number to the extent possible by, if possible, using your date of birth instead.

COMPLAINTS

If you consider that we process your personal data in breach of the applicable General Data Protection Regulation, you should notify us of this as quickly as possible. You may also turn directly to the Swedish Authority for Privacy Protection and lodge your complaint with them.

COOKIES

These are used to ensure that you see the most relevant information and get the best possible service when you visit our websites. A “cookie” is a small, simple text file that is saved in your computer. It helps us capture statistics on how our website is used and improve the readability of our site. If you do not want your computer to receive and store cookies, you can change the security settings in your web browser.

CONTACT DETAILS

Controller

Exercise your rights

Object to marketing

THE CONTROLLER AT K-BYGG Sverige

Every company in K-BYGG Sverige is a controller and responsible for the personal data processed by the various group companies. We determine the purpose of the processing and the manner in which it should be carried out. If you want to contact us regarding our processing of personal data, ask for the contact person on each location or contact us using the details below:

K-BYGG Sverige (the Parent Company’s corporate identity number: (556087-7325)

Kundrelationer

Box 376

831 25 Östersund

Sweden

Email: GDPR@k-bygg.se

The companies are listed in the section “Who is responsible for the personal data we collect?”

CONTACT US TO EXERCISE YOUR RIGHTS

If you want to exercise your rights, such as your right to rectification or erasure of personal data, request the processing to be restricted, exercise your right to object, data portability, withdraw your consent or lodge a complaint, please contact us according to the below:

K-BYGG Sverige

Kundrelationer

Box 376

831 25 Östersund

Sweden

Email: GDPR@k-bygg.se

For register extracts, see the section Right to access.

OBJECTION TO MARKETING

If you no longer want us to process your personal data for marketing purposes, notify this to Customer Services.

Email: e-handel@k-bygg.se

 

Updated on 20 June 2019