Personal data processing policy
Sörling-Ilsbo AB, including its subsidiaries, hereinafter referred to as Sörling, cares about your privacy. We want our customers, employees and partners (counterparties) to feel comfortable about disclosing their personal data to us.
This policy is based on applicable data protection legislation (GDPR) and explains how we protect rights, obligations and privacy.
The purpose of the policy is to inform counterparties about how Sörling processes personal data, what the personal data are used for, who is authorised to access personal data and under what circumstances, and how counterparties can exercise their rights.
Sörling processes personal data to enable us to comply with our obligations. We aim not to process more personal data than needed for the purpose. The company strives to minimise the use of sensitive data.
Personal data may be needed to provide a good service in relation to follow-up, analysis and information and in communications with counterparties. Personal data are also needed to comply with laws and regulations.
Counterparties have a right to object to the company’s use of personal data for purpose of direct marketing. If Sörling intends to use personal data in our business for purposes of direct marketing, we must notify the counterparty and obtain their consent.
Sörling only processes personal data where there are legal, objective or commercial grounds. Sörling does not process personal data except as needed to comply with statutory or contractual obligations. Examples of personal data that we process include:
Data registered by the counterparties on a voluntary basis
Content published by the counterparties, so-called user-generated content
Sensitive data: Salary data
CV in connection with job application
Trade union affiliation (employees)
Personal identity number (employees, board members and CEO)
Account number and other bank details (employees)
Worked hours, absence etc.
Sörling must obtain consent prior to personal data processing. The counterparty consents to the processing by accepting the company’s personal data processing policy or signing an Employment Contract.
The consent may be revoked at any time. Sörling will then stop processing existing and collecting new personal data, provided that it is no longer required to comply with statutory obligations.
Sörling obtains personal data in various ways, including the following:
Data provided directly to the company
Data registered when visiting the company’s website
Data obtained from public registers
Data obtained when a counterparty hires one of our employees
Data obtained in communications with the company, job applications, visits or other contact with us
When Sörling collects personal data, the counterparty must be informed about how the company obtained the personal data, how the data will be used, the counterparty’s rights according to data protection legislation and how the counterparty may exercise these. The counterparty will also be informed about who is in responsible for the personal data processing and how the company can be contacted in case of questions or a personal data request or other personal data inquiry.
Sörling har routines and working methods to ensure the secure handling of personal data. Generally, only employees and other individuals within the organisation who need the personal data to carry out their job may have access to such personal data.
Higher data security standards apply to sensitive personal data, entailing a higher protection for the personal data of individuals.
Security systems are developed with a focus on individual privacy and provide a very high level of protection against infringements and other changes that may give rise to a risk in relation to individual privacy.
Sörling works with IT security to ensure that personal data are securely handled and protected.
We do not transfer personal data except as expressly stated in this policy.
Sörling does not disclose sensitive personal data to third parties except subject to consent or if it is necessary to comply with statutory and contractual obligations. In cases where the company discloses sensitive personal data to third parties, confidentiality applies between the parties.
The company management in each subsidiary must ensure implementation and compliance with this policy and keep a list of personal data. The companies are responsible for how personal data is processed and for ensuring that rights and obligations are protected and that the list is up-to-date.
There must be a Data Protection Officer at each subsidiary.