GENERAL DATA PROTECTION REGULATION, (EU) 2016/679 “GDPR”
The policy explains how your personal data is collected and used in connection with your employment with Consat AB with subsidiaries, hereinafter referred to as Consat. It also describes your rights against us and how you can enforce your rights.
Consat, as your employer, is the data controller for how your personal data is processed in the context of your employment. You can always expect your personal data to be processed with the utmost consideration for your privacy.
You can contact us at any time if you have any questions about your personal data. Feel free to talk primarily with the GDPR manager or your nearest manager. You can also email us at GDPR@consat.se or call us at 031-340 00 00
Personal information collected about you
Consat can collect and process several different types of information about you during the employment period. For example, information such as your name, social security number, contact information, salary information, sick leave, communication, etc.
At the back of this policy you will find a summary of different types of information that we may collect about you. Note that the compilation is not exhaustive and that other personal data may also be processed. It is also not necessarily the case that all types of personal data will be processed in your particular case. This may depend, among other things, on your role and your tasks.
Some personal information may constitute sensitive information, such as information about illness, disability or union affiliation. This information will be processed with extra care and will only be collected if necessary. Sensitive personal information may be needed, for example, to pay you sick pay or to negotiate with your union.
We may also process contact information for persons you have specified as relatives, for example in the event of an emergency.
How we gather your personal information
Information you give to us. Most of the information Consat collects about you is received directly from you. You can always choose not to provide us certain information. However, some personal data is necessary in order for us to interact with our customers, suppliers or other partners for business purposes. Not providing such personal data might inhibit the managing and provision of services or products that you, or the company you represent, might expect from us.
Information we collect about you. Consat may also obtain personal data from your employer, or the company you represent. Personal data may also be collected and updated from publicly available sources and based on information received from authorities, contact information service providers and other similar reliable sources. Data updating of this kind is performed manually or by automated means.
How your information will be used
Consat processes your personal data for the purposes and based on the legal bases listed below. Please note that the examples listed under each purpose are not exhaustive, and may differ depending on the nature of our business relationship.
- To enter into and manage the business relationship. Your personal data will mainly be used to manage and take care of the business relationship between Consat, you and the company you represent. For example, we need to process personal data to fulfil our contractual and other promises and obligations to you and the company you represent. This also includes taking steps necessary prior to entering into a contract with you, or the company you represent. The legal basis for this processing is to fulfil our contractual obligations and to pursue other legitimate interests, for example our interest to enter into and fulfil agreements and to manage daily operations according to lawful and fair business practices. This is normally also in the interest of the company you represent.
- To promote and market our services. Your name and email address may be used to communicate our services to you. For example, for the purpose of sending you our periodic newsletters, information about our services, promotional and advertising material, invitations to events. The legal basis for this processing is to pursue legitimate interest, for example our interest to market our services, to nurture our business relations and to keep you informed about our business. If you no longer wish to receive such communication, you can follow the unsubscribe instructions contained in the email received by us or contact us on email@example.com
- To protect our legitimate business interests and legal rights. Where required by law or where we believe it is necessary to protect our legal rights, interests and the interests of others, we may use information about you in connection with legal claims, compliance, regulatory and audit functions.
- With your consent. We may also use information about you where you have given us permission to do so for a specific purpose not listed above. For example, with your permission we may publish personal testimonials or featured customer stories to promote our services. You have the right to withdraw your consent at any time. However, please note that this will not affect any processing that has already taken place.
How we share YOUR information
Consat aims to deliver great services and products that meets your needs and expectations. This means sharing information with trusted third parties.
- Employees and consultants. During the course of our business relationship, your personal data will inevitably be shared with our employees and consultants. However, we will restrict access to those of our employees and consultants who need it to perform their jobs.
- Group Companies. We may transfer information about you to other Consat group companies for purposes connected with our relationship with you and the company you represent.
- Netgroup Companies. Consat is a part owner of Netgroup Engineering AB and works in close collaboration with its network of technology companies www.netgroup.com. For the purpose of providing our services and to offer other affiliated services to you, we may share information about you with other companies in the Netgroup network.
- Suppliers and subcontractors. Your personal data may be transferred to or shared with third parties, in the ordinary course of business and to the extent required by the business relationship between Consat, you and the company you represent. For example, we may engage suppliers, subcontractors or other third parties to help provide products and services to you, or the company you represent.
We may also engage service providers that supply services to us which require the processing of personal data. For example, marketing agencies, database service providers, hosting and backup service providers, email service providers and others.
Please note that our suppliers and subcontractors are not authorised to use or disclose your personal data except as necessary to perform services on our behalf, or to comply with legal requirements.
- Legal obligations. Sometimes legal obligations may require us to share information about you, for example if required by law or legal process, or due to law enforcement agencies following an appropriate request.
- Business transfers. We may share or transfer your personal data in connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
Other parties. We may also share your personal information where you ask or permit us to, for example where we make a referral to another company. You may also be included in conversation together with other external parties, for example in emails.
Where we process your personal data
Consat always strives to process and store your data within the EU/EEA. However, your data may in certain situations be transferred to, and stored at, a destination outside of the EU/EEA territory.
Please note that privacy laws in countries outside of the EU/EEA may not be the same as, and in some cases may be less protective than, privacy laws in your country. Consat will however take all steps necessary to ensure that adequate safeguards (for example, EU standard Model Clauses and Privacy Shield) are in place to protect your personal information and to make sure it is treated securely. You can contact us for information about the applicable safeguards.
How long we keep your information
Consat keeps your personal data only as long as necessary to fulfil the purposes for which is was collected. How long this is depends on the type of information collected. We regularly review our need to keep data, taking into account applicable legislation.
Generally, we need to keep most of your personal data during our contractual or business relationship with you and the company you represent. Normally, we also need to keep your personal data for a period thereafter due to warranties or other claim periods related to a contract or order. Your data may also be stored for a longer period if required by applicable statutory retention periods, such as tax and accounting rules.
You have the right to request information about our processing of your personal data and request a copy of such personal data. You are also entitled to have incorrect data about you corrected and you may be entitled to have your personal data deleted, for example if the personal data is no longer necessary for the purpose it was collected. You also have right to object to processing based on legitimate interest and request that processing of your personal data should be limited. In certain situations, you also have the right to transfer your personal data to another controller.
Updating Your Personal Information
Consat is constantly trying to ensure that the information contained in our records is both accurate and current. If your personal information happens to change, please keep us informed of such changes.
10. How to contact us
Consat is the responsible entity (controller) for the processing of your personal data as described above. Consat is subject to Swedish data protection legislation, including the General Data Protection Regulation (GDPR).
Ögärdesvägen 19 A
433 30 Partille
Phone +46 31 340 00 00
- You have the right to lodge a complaint to the Swedish Supervisory Authority, Datainspektionen, if you believe that we have not complied with our obligations regarding your personal data.