Byggelit´ s Privacy Policy
Why and for whom?
At Byggelit AB, corp. ID no. 556821-6740, ("Byggelit", "we", "us", "our"), we care about personal privacy. This means that we respect and protect your privacy and the right to control and transparency when processing your Personal Data.
This Privacy Policy ("the Policy") is applicable for the processing for which Byggelit is Data Controller. The policy provides an overall description of the purposes for which we need your personal data, the legal basis we rely on and the measures we take to protect personal data.
We also inform you of how you can exercise the rights you have linked to our processing of your personal data
The Policy provides information about our processing of personal data in cases where you communicate with us, buy our products or visit our website, byggelit.se.
Definitions
"Processing" of personal data is everything that can be done with personal data, e.g. storage, modification, reading, transmission, etc.
"Applicable law" is the legislation applicable to the processing of personal data including the General Data Protection Regulation (GDPR), supplementary national legislation, as well as practices, guidelines and recommendations issued by a national or European supervisory authority.
"Personal data" is any kind of information that can be linked to an identifiable, living person.
"Data Controller" is the company/organisation that decides for what purposes and in what way the personal data is to be processed and is thus also responsible for personal data being processed in accordance with Applicable law.
"Data Processor" is the company/organisation that processes personal data on behalf of the Data Controller and may therefore only process the personal data in accordance with the Data Controller´s instructions and Applicable legislation.
"Data subject" means the living, natural person whose personal data is processed.
"The product" is chipboard.
Byggelit´s personal data responsibility
The information in this Policy covers the personal data processing for which Byggelit is the Controller, i.e. the processing for which we determine the purpose (why processing is performed) and means (in which way, which personal data, for how long, etc.). The policy does not describe how we process personal data in the role of Processor - i.e. when we process personal data on behalf of our customers.
Personal data is processed because it is necessary in order to fulfil our agreements, assignments and delivery undertakings that we have with customers/suppliers. Byggelit Sverige AB processes personal data that is necessary to be able to conduct its business. For example, to be able to send goods, delivery notes, invoices and similar. Byggelit Sverige AB always processes personal data in accordance with current data protection regulations and never sells any personal data registers.
Byggelit´s personal data processing
We have a responsibility to describe and demonstrate how we fulfil the requirements that are imposed on us when we process your personal data. This section aims to provide you with an understanding of which types of personal data we process about you and for which purpose.
Data subject and storage time
The prospective recipients of this Policy are the following groups, whose personal data we store in accordance with the criteria below.
● Users of the Service
Users´ personal data will be stored during the period they use the Service, as well as to fulfil legal obligations such as dealing with alleged defects in the Service.
● Employees at potential customers
Employees´ personal data at potential customers will be stored during the period required to determine whether the potential customer wishes to enter into an agreement.
● Employees at existing customers
Personal data belonging to employees will be stored during the period required to provide the service, as well as to fulfil legal obligations such as dealing with alleged defects in the service.
Cookies
Personal data belonging to visitors to our website will be processed in accordance with our cookie policy.
Byggelit uses cookies and similar tracking technologies so that we can provide you with the absolutely optimum user experience. Further information on how we use cookies is available in our Cookie Policy (byggelit.se/cookie-policy).
Processing and purpose
The main purpose of the personal data processing that we perform is to provide, deliver and improve our services in relation to you. There are several different reasons why we may need to collect, manage and save your data.
We mainly process personal data for the following purposes:
● Contact and identification details to be able to confirm your identity, to verify your personal and contact details and to be able to communicate with you.
● Information on your usage of the service or product to improve your customer experience
● IP-address to perform customer analysis and for content on our site to be presented effectively to you and the device you use
● Consumption patterns to be able to provide you with specific offers
How do we gain access to your personal data?
We collect your personal data in a number of different ways. We mainly gain access to your personal data:
● By you providing your personal data to us
● By your employer providing your personal data to us
● Through social media, e.g. Facebook
● Through third-party analysis technology e.g. cookies
● Through our logs
● Through information created from data analysis
● From public sources such as authorities, SPAR etc.
Legal basis
In order for us to be able to process your personal data, it is required that we have so-called legal basis for each process. In our business, we process your personal data mainly on the following grounds:
Consent - Byggelit processes your personal data after we have obtained your consent for the processing. Information about the processing is always provided when we ask for consent.
Agreement - The processing is necessary in order to be able to fulfil obligations in an agreement between you and us or to prepare for entering into an agreement with the Data Subject.
Legitimate interest - Byggelit may process personal data if we have assessed that a legitimate interest overrides the Data Subject´s protection of personal privacy, and if the processing is necessary for the purpose in question, e.g. direct marketing.
If you would like further information concerning the legal basis/bases on which we process your specific personal data, you are entitled at all times to request a so-called registry extract. Read more under "How you exercise your rights" below.
Your rights
It is you who decides on your personal data. We always strive to ensure that you can exercise your rights as efficiently and smoothly as possible.
Access - You always have the right to receive information about the processing of data that concerns you in a so-called registry extract. In this we clarify which personal data we have about you and why we need them and on what legal ground. We only provide information if we have been able to verify that it is actually you that is requesting the information.
Rectification - If you find that the personal data we process about you is incorrect, let us know and we will fix it.
Erasure - Do you want us to completely forget about you? You have the right to request deletion of your personal data when the processing is no longer necessary for the purpose for which it was collected. If we are required to retain your information under applicable law or a contract that we have entered into with you, we will ensure that it is processed only for the specific purpose set forth in such law or contract. We will thereafter erase the information as soon as possible.
Objections - Do you disagree with our assessment that a legitimate interest for processing your personal data overrides your interest in protecting your privacy? Don´t worry - in such a case, we will review our legitimate interest assessment and check that it is still valid. Of course, we add your objection to the balance and make a new assessment to see if we can still justify our processing of your personal data. If you object to direct marketing, we will immediately delete your personal information without making an assessment.
Restriction - You can also ask us to restrict our processing of your personal data:
● While we are processing a request from you about any of your other rights;
● If, instead of requesting erasure, you want us to limit the processing of personal data for a specific purpose.
For example, if you do not want us to send advertising to you in the future, we still need to save your name in order to know that we should not contact you.
● In cases where we no longer need the information in relation to the purpose for which it was collected, provided that you do not have an interest in retaining it to make a legal claim.
Data portability - We may provide you with the data that you have submitted to us or that we have received from you in connection with a contract that we have entered into with you. You will receive your information in a commonly used and machine-readable format that you can transfer to another personal data manager.
Withdraw consent - If you have given consent to one or several specific processing(s) of your personal data, you have the right to withdraw your consent at any time and thus ask us to terminate the processing immediately. Please note that you can only withdraw your consent for future processing of personal data and not for processing that has already taken place.
How you exercise your rights
If you would like further information about which personal data we process, call our switchboard on +46 642 444 00 and ask for the personal data manager.
Transfer of personal data
In order to run our business, we may need help from others who will process personal data on our behalf, so- called Processors. We endeavour to always process personal data within the EU/EES, but have Processors in the following countries outside the EU/EES
● USA, where we transfer personal data in compliance with the EU Commission´s standard contract clauses for third country transfers.
We have entered into Data Processing Agreements (DPA) with all our Processors. The PUB agreement regulates how the Personal Data Processor may process the personal data and which security measures are required for the processing of personal data.
We may also need to provide your personal data to certain designated authorities in order to fulfil obligations according to law or official decisions.
Our categories of Personal Data Processor
Below are categories of recipients that we may share your information with:
● Suppliers of marketing services, e.g. advertising agencies for production of campaigns or suppliers for help with dispatches by post or email.
● IT suppliers for, for example, business systems and case handling. In order to be able to perform our assignments and services, we store your data in our business system that administers our customers and contacts).
● Systems to conduct customer analysis and produce statistics in order to contribute to industry statistics, as well as to improve the customer experience.
Security
Byggelit has taken technical and organisational measures to ensure that your personal data is processed securely and protected from loss, abuse and unauthorised access. In the event that your personal data is shared with a Personal Data Processor, your personal data will receive equivalent protection.
Our security measures
Organisational security measures are measures that are implemented in work methods and routines within the organisation. Our organisational security measures are:
● Internal governance documents (policies/instructions)
● Login and password management
Technical security measures are measures implemented through technical solutions. Our technical security measures are:
● Secure network
● Regular inspection of security level
If we don´t keep our promises
If you feel that we are processing your personal data incorrectly, even after you have alerted us of this, you are always entitled to submit your complaint to the Swedish Authority for Privacy Protection.
Further information about our obligations and your rights can be found on the Swedish Authority for Privacy Protection´s website (https://www.imy.se/). You can also contact the authority at imy@imy.se.
Changes to this policy
We reserve the right to make changes to this Policy. In the event that the change affects our obligations or your rights, we will inform you about the changes in advance so that you are given the opportunity to take a position on the updated policy.
Contact
Contact us if you have questions about your rights or if you have any other questions about how we process your personal data: order@byggelit.se
