GDPR - Data protection at Scanditron
The General Data Protection Regulation (GDPR) is new legislation across the whole EU/EEA which applies from 25 May 2018. It replaces current national data protection laws with a set of rules that are better suited to our digital information society. This means among other things that as a private individual you have more rights and the opportunity for better control over personal data that you disclose.
As a result of GDPR, we in KAMIC Group have produced a new integrity policy with guidelines that govern the entire business.
Scanditron’s policy for processing of personal data
Scanditron Sverige AB (“Scanditron"), corporate identity number 556447-9029 (VAT No. SE556447902901) ("we", "us" and "our"), with address P.O. Box 8064, SE-163 08 Spånga, Sweden, and its subsidiaries, is the data controller for the processing of your personal data.
Personal data we process
Your personal data has in most cases been collected either directly from you when in direct contact with Scanditron, or from your employer in connection with the business relationship between us and your employer. We may also collect personal data regarding you from other sources. The personal data we process are typically name and job title, and contact details such as email address, phone number and company address.
Purpose and lawful basis for processing your personal data
Business contacts (i.e. customers, suppliers, business partners)
When you contact us for business purposes we will process your personal data to provide the services and products according to the business agreement. This processing is carried out on the basis of fulfillment of our obligations according to the agreement with you.Your personal data will also be processed in relevant cases in accordance with the agreement for the purpose of handling orders, invoices, payment and administration of the contractual relationship, handling deliveries and for contact and communication.
If you have a business relationship with us, we also process your personal data on the basis of a balance of interests between your interests and our legitimate interest of being able to market our products and services. This processing may include sending newsletters, information about our seminars and other events, and other direct marketing activities. We always offer you the possibility to unsubscribe from our direct marketing.
When we process personal data concerning you as a business contact for bookkeeping purposes, e.g. invoicing or payment of services or products, we carry out this processing on the basis of legal obligations according to the Swedish Accounting Act (or the equivalent legislation in other countries).
We only process your national identification number in situations where it is necessary for the purposes of the processing or for positive identification, e.g. if you are a sole trader.
Potential business contacts
We process your personal data when you contact us or when you have asked us to contact you. The purpose of our processing is to help you with questions regarding our company, or regarding our services and products. This processing is carried out on the basis of a legitimate interest. Our legitimate interest is to assist future business contacts and other interested parties by answering questions and providing information.
We may also process your personal data for the purpose of direct marketing that is relevant for you as a professional. This processing is carried out on the basis of a legitimate interest. Our legitimate interest is to inform potential customers about such services and products that might be of interest for them and thereby support our future business. This processing may include sending newsletters, information about our seminars and other events, and other direct marketing activities. We always offer you the possibility to unsubscribe from our direct marketing.
When you use our website or web shop we may process personal data in the form of your IP address by using Cookies.
Who may get access to your personal data?
Your personal data may be shared with a small number of external parties who process your personal data on our behalf, i.e. personal data processors. Our data processors are for instance our IT and system providers. We have entered personal data processor agreements with all external parties who process personal data on our behalf in order to ensure that the data is processed in accordance with the applicable data protection legislation.
Due to legal obligations, we may also transfer your personal data to recipients other than personal data processors, for instance certain public authorities. These recipients are independent data controllers when processing personal data.
Transfer of personal data to third countries or international organisations
We and our personal data processors, as a general rule, only process your personal data within the EU/EEA. In cases where personal data is processed outside the EU/EEA, there is either a decision from the European Commission that the relevant third country ensures an adequate level of protection, or appropriate safeguards, e.g. standard data protection clauses, binding corporate rules, or Privacy Shield, to ensure that your rights and integrity are protected.
How do we protect your personal data?
We, and in relevant cases the personal data processors that are working on our behalf, have taken several security measures to protect the personal data that is being processed. We have firewalls and anti-virus software to protect and prevent unauthorised access to our networks and systems. Our employees have strict instructions to process all personal data in accordance with applicable laws and regulations. Only a limited number of employees have access to the systems where personal data is stored and passwords and usernames are required to access these systems.
How long do we keep your personal data?
We do not process your personal data for a longer period than is allowed by applicable law, regulation, case law or authority decision.
Personal data that we process in order to fulfil our agreements with you is normally processed for the period that it is necessary for us to be able to fulfil all our obligations towards you. To comply with legal obligations or if we have the right to do so on the basis of a legitimate interest, we may keep your personal data for a longer period in accordance with what is stated below.
Any information concerning payments where processing is required in accordance with the Swedish Accounting Act is retained as stipulated by law for seven years. (Different retention periods may apply in different countries, according to national legislation.) We may also process some information regarding your purchases in accordance with applicable legislation for purchase of goods and services and consumer protection.
Personal data that is processed on the basis of a legitimate interest with the purpose to perform direct marketing activities may be processed for a period of up to 24 months after our last business contact or until you notify us that you do not wish to receive our marketing communications any more. Any personal data that is processed on the basis of a consent is processed until you withdraw your consent.
In accordance with applicable data protection regulation, you have the right of access to the personal data we process about you, and the right to request rectification of your personal data. In certain circumstances, you are entitled to request the erasure or restriction of your personal data or object to our processing of your personal data. Furthermore, you are entitled to receive the personal data concerning you in a structured, commonly used format.
You have the right to fully or partially withdraw any given consent regarding the processing of personal data at any time. You also have the right to object to the processing of your personal data for direct marketing purposes.
If you have any complaints regarding our processing of your personal data you have the right to lodge a complaint to the applicable national Data Protection Authority (in Sweden, The Swedish Data Protection Authority, Datainspektionen, www.datainspektionen.se ).
If you wish to exercise your rights in accordance with what is stated above or otherwise wish to contact us regarding our processing of your personal data you may contact us by e-mail firstname.lastname@example.org or by letter to:
Scanditron Sverige AB, GDPR, P.O. Box 8064, SE-163 08 Spånga, Sweden