PERSONAL DATA
PROCESSING POLICY

PURPOSE

Sörling AB and its subsidiary companies, hereinafter referred to as Sörling, cares about privacy. Our counterparties should be able to feel comfortable in disclosing their personal data to us. This policy is based on applicable data protection legislation (GDPR) and clarifies how we work to protect rights, obligations, and privacy. The purpose of the policy is to ensure counterparties know how Sörling processes personal data, what the personal data are used for, who is allowed to access the personal data and under what circumstances, and how counterparties can exercise their rights.

 

BACKGROUND

Sörling processes personal data to enable the company to comply with its obligations. Our starting point is that we will not process more personal data than needed to fulfil our objective. The company endeavours, at all times, to minimise the use of sensitive personal data. Personal data may be needed to provide good service in relation to follow-ups, analysis, and information, and when communicating with customers and suppliers. Personal data may also be needed to comply with legislative and regulatory requirements. Counterparties have the right to oppose the use by the company of personal data for direct marketing purposes. Any use by Sörling of personal data in its operations for the purposes of direct marketing is contingent upon the counterparty being informed and giving their consent.

 

GUIDELINES

Sörling only processes personal data when there are legal, objective, or commercial grounds for so doing. Sörling does not process personal data except as needed to comply with statutory or contractual obligations. See below for examples of the personal data that we process:

 

NON-SENSITIVE DATA:

Name
Address
Phone number
Email address
Title
Data voluntarily registered by the counterparty themselves
Content published by counterparties, known as user-generated content

 

SENSITIVE DATA:

Salary data
CV in connection with job applications
Trade union affiliation (employees)
Civic ID numbers (employees, Board Members, and the CEO)
Account numbers and other bank details (employees)
Employment number
Username
Hours worked, absences, etc..
Photos

Sörling shall obtain consent before processing personal data. Counterparties consent to personal data processing by accepting the company’s Personal Data Processing Policy or when signing a contract of employment.

Counterparties may revoke their consent at any time. Sörling will then no longer process any existing personal data or collect new personal data, provided that it is not required to comply with statutory obligations.

Sörling gains access to personal data in a variety of ways, including:

  • Data provided directly to the company
  • Data registered when visiting the company’s website
  • Data obtained from public registers
  • Data obtained when a counterparty engages one of our employees
  • Data obtained when a counterparty communicates with the company, applies for a job, visits us, or is otherwise in contact with the company.

When Sörling collects personal data, the counterparty must be informed of how the company obtained the personal data, how the data will be used, the counterparty’s rights under data protection legislation, and how the counterparty may exercise said rights. Counterparties will also be told who is responsible for the personal data processing and how the company can be contacted in the event of any questions or questions about what personal data is held, or any other enquiry in relation to personal data.

 

SECURITY

Sörling has put routines and methodologies in place to ensure that personal data is processed securely. The starting point is that only employees and other individuals within the organisation who need the personal data to carry out their jobs may have access to such personal data.

Higher data security standards, entailing a higher level of protection for an individual’s personal data, apply to sensitive personal data.

Security systems have been developed with the focus on the individual’s privacy and provide a very high level of protection against data security breaches and other changes that may pose a risk to an individual’s privacy.

Sörling works with IT security to ensure that personal data are processed securely and are protected.

We do not transfer personal data except as expressly stated in this policy.

Sörling does not disclose sensitive personal data to third parties unless consent has been given or where it is obliged to do so in order to comply with statutory and contractual obligations. Confidentiality undertakings between the parties exist in cases where the company discloses sensitive personal data to third parties.

 

LIABILITY

It is incumbent upon the company management of every subsidiary company to ensure implementation of and compliance with this policy, and to maintain a list of personal data. The companies are responsible for the ways in which personal data is processed, and for ensuring that rights and obligations are protected and that lists are kept up to date. Every company must appoint a Data Protection Officer.