Your privacy

We value your privacy

Under the European Union’s General Data Protection Regulation (“GDPR”) the rights and freedoms of the individuals are strengthen, and anyone using personal data is obligated to comply with, and act in accordance to, provisions and principles provided for in the regulation. You, the data subject, have a right to know about how and why we use your personal data.

In this statement we provide information about the general conditions under which we will process your personal data. You may read this statement in its stand-alone form, or as part of a more specific set of information having been provided to you by us.

Who’s in charge?

Aurobay Sweden AB ("we"/"us"/"our") is responsible for making sure that your personal data is kept secure and only used in the right way. As controller of your personal data, we will determine what data needs to be collected, and how it will be used, or as GDPR puts it: processed. Depending on the circumstances, we may need to process your data to support our business objectives, to enable the internal functions of our operations, or to comply with regulatory requirements.

How we treat your data?

GDPR allows us to use your data for various legitimate purposes. However, when doing so we will treat your data in accordance with a series of principles designed to protect and respect your personal integrity.

Fairness and lawfulness

We will use your data in a fair and lawful manner, limited to activities within the scope of our business. We strive to treat you and your data fairly, meaning that we are open about the ways in which your data will be processed, and strive to limit that processing as much as possible. We will not try to hide our processing activities or try to circumvent our obligations under GDPR. Whenever we need to use your data, we make sure that we have a legal basis for that use, e.g. that we are required by law or contract to process your data, or where the processing of your data is necessitated by other legitimate business interests.

Proportionality

We strive to limit our processing of your data as much as possible. This means that we only collect, use, and store data for as long as needed to achieve whatever purpose we are pursuing. When informing about these purposes, we strive to be specific and unambiguous, making sure that you can understand the reasons for why your data is needed.

Transparency

We believe in transparency. Whenever we process your data, we will inform you about this in accordance with GDPR. This information is provided in different ways depending on the circumstances. If you are an employee, consultant, supplier, or other key data subject category, related to us, you will be provided with, or linked to, a privacy notice at the beginning of your relationship with us. Moreover, you may be provided additional information on a regular basis containing details about specific processing purposes. Our ambition is that you at any point should be able to understand why and how we are using your data.

Security and integrity

Personal data can be sensitive. We implement both technical and organizational safeguards designed to make sure that your data is only shared with authorized parties, that it is factually correct, and that it is protected against unauthorized or unlawful disclosure. This may include only using sufficiently secure tools for storage and transfer of data, encrypting data when needed, or adopting and implementing procedures and practices regarding the collection, use, and distribution of data within our organization.

Why we need your data

Personal data is everywhere and is a necessity to do most things nowadays. Therefore, your data may be used for varying purposes depending of the circumstances. If you are working for us in any capacity, we usually need to use your data to administer your employment and/or assignment, to comply with various regulatory requirements, or otherwise to enable internal functions of our operations. Whenever you start your employment and/or assignment you are provided with detailed information about these different purposes. If you’re an external party we may need your data to facilitate communication and collaboration, or to deliver products and services. Specific information regarding these cases will be provided from time to time as well.

When we can use your data

In order to process your data, we must first make sure that we have the legal right to do so. GDPR defines the criteria for allowing this. If you have a contract with us, we may use data necessary for the performance of that contract. If you are employed by us we may rely on the contract in order to manage data related to your employment.

We may also process data necessary for us to comply with various legal obligations, i.e. health and safety regulations. Furthermore, we may process data necessary to pursue legitimate interests of our business, e.g. to enable various internal administrative or business-related functions. When relying on these interests we assess the privacy impact of using your data. This means that we process your data insofar as your rights and freedoms don’t override our interests.

In some cases, we may ask for you explicit consent to use your data. Whenever doing so, we make sure that you can give your consent in an informed and independent way. If you have consented to anything, you have the right to revoke that consent at a later stage, meaning that we may no longer use your data based on that consent.

The data we collect

The types of data we use differs widely depending on the circumstances. Most commonly, we use contact details such as names, emails, and similar information necessary to enable identification and communication. If you are working for us, we process additional types of necessary data such as data relating to salaries and compensation, work performance, and IT asset use. Sometimes you provide the data yourself, other times we receives the data from other sources. More specific information about the types of data collected are provided to you from time to time.

Sharing your data

Sometimes we need to share your data with other parties, e.g. to a supplier of ours, to another company in the same group as us, or to public authorities whenever required by law. We only share your data when so is needed, and when required we make sure that the receiving party is obligated to treat your data with the same care as we do.

International data sharing

We may at times need to transfer data outside the EU/EEA. This could be because we have suppliers or other partners established outside the EU/EEA, or when we need to share information with other companies in the same group as us. We will only transfer your data to countries which the EU has deemed having an adequate level of data protection, or where the transferred data can be otherwise protected using appropriate safeguards. Most commonly, these safeguards will consist of using the EU commission’s Standard Contractual Clauses.

Retention of data

We will only store your data for as long as is needed to achieve whatever purpose we’re pursuing. We strive to define retention periods for all data and implement procedures for making sure that data is not stored for unnecessarily long periods of time. Other times, our retention of your data will be determined on a case-by-case basis, taking into consideration the principle of data minimization.

Your rights

GDPR gives you, the data subject, several rights regarding your data. These include, as applicable, the right to access your personal data processed by us, the right to have incorrect data corrected, the right to have certain data deleted, the right to restrict the processing of data in certain circumstances, the right to object to the processing of data, as well as the right to data portability.

Contact us

If you have any questions or concerns regarding the way we process your personal data, or if you want to exercise any of your rights, please contact us, see the contact details below. If you feel we somehow have misused your data, you may contact the Swedish Authority for Privacy Protection (Integritetskyddsmyndigheten) to file a complaint. Visit their website for more information.

Contact details

Aurobay Sweden

Pumpgatan 1, 417 55 Gothenburg, Sweden