GDPR at Optonova Sweden AB
GDPR at Optonova Sweden AB
The protection of your personal data is important to us. We are constantly working to improve our processing of your personal data.
In order to further ensure our continuous work on data protection issues, we have also chosen to have a data protection officer. You will find all our contact details under section 13.
1. Main concepts
Personal data is information that, individually or in combination with other information, can be used to identify, locate or contact a person. Examples of personal data are name, email address, phone number or IP address.
Processing of personal data means any kind of handling of personal data, for example, when we collect information about a customer in order to deliver a product. Under section 5 you can read about the purposes for which we may process your personal information.
The data controller is the company which determines what personal data shall be requested and what the purpose to this is. It is the data controller’s responsibility to ensure that the processing of your personal data is in accordance with applicable personal data regulation.
2. Optonova Sweden Sweden AB is responsible
Optonova Sweden AB is responsible for compliance with the obligations concerning the processing of your personal data at Optonova.
3. What types of data do we collect?
When you get in touch with us, e.g. via email, phone or visit our website, we process personal data. Depending on the situation we may ask for the following personal data:
- Email address
- Country and/ or region
- Phone number
- Which company you work for
- Job title
- Which industry you work in
- Website address of your company
- Other data that is featured in the communication
- Technical Data: The URL through which you can access our web pages, your IP address and user-type, browser type, language, and identification and operating system information.
4. Information from other sources
We may also process other data about you that you have previously provided to us. Based on publicly available information, we may also complete your registered data with us. If you are a customer to us, we may complete your data with additional contact information.
5. How do we use the data?
We always strive for only processing the personal information that is necessary to fulfill our commitments to you. In addition, personal data may also be used for certain limited purposes. (For recruitment purposes, see section 9.)
The information you provide is used for the following purposes:
- Communicate with you and respond to requests regarding: our products, service or support.
- Fulfill our commitments according to an agreement with you or in accordance with law
- Sales and marketing activities in the form of direct mail, which may also include product offers and other content that you may be interested in to give you a more personal experience (see section 6)
- Maintain a customer register
6. Newsletters and other direct marketing
As an example, when you are or become a customer to Optonova or have shown interest in our products, we may send you direct marketing to you via email. These will contain information about our products. Within the framework of GDPR, we are of the opinion that we have a legitimate interest in maintaining business relations and communicating with you about our products and operations. If you do not want to have any emails, you simply tell us that.
7. For how long is the data stored?
We process personal data for no longer then what is necessary to fulfil the purpose of its collection, then we delete the data.
If you have an active dialogue with us, your data is stored for 48 months from the latest interaction; then we will discard the data we have registered about you. An active dialogue is defined as having interacted with Optonova or representatives of Optonova by telephone, email, down loading materials on the website or registering via a form.
If you are a customer or licensee to us, we will save the data for seven years after the termination of the agreement in accordance with law, e.g. the Swedish Accounting Act.
We process your personal data for email newsletters or other direct mail until you terminate your subscription. Then we will delete the personal data.
When you are employed by a company that is a customer, partner or licensee to us, we process your data in order to fulfil our agreement and to give customer care. During active relationships with your company, we process your data until either i. you have terminated your employment at the company or ii. the company no longer has an active relationship with us. If a relationship with a customer, partner or licensee has ended, our storage and processing of your data will follow the same conditions as described in the previous two paragraphs. If you terminate your employment at the company, you are responsible for notifying us so that we can delete your information.
Please note that some information may be processed for longer than what is stated above if we are required to do so by law, by a governmental or court decision, due to a legal dispute or when there is a risk of the latter or similar.
8. Who has access to your personal data?
We constantly strive for that your personal data is only processed by those who need to. Generally, data will be available to persons within the company who work in the departments of marketing, finance and communication. In addition, data can be processed by other people at Optonova that you are in direct contact with.
9. Job application and recruitment
If you are applying to work with us, we may process further data about you:
- contact information (such as name, mailing address, email address and phone number),
- employment history and education,
- language skills and other work-related skills,
- social security number, national ID number or other government-issued ID number,
- birth date,
- citizenship and status regarding work permits,
- disability and health-related information,
- where relevant, results from drug tests, extract from the criminal records registry and other background checks,
- where relevant, results from personality tests,
- information about references and the information provided through these references, as well as
- other information that you may provide us, such as in your resume or application or other information regarding your qualifications for employment.
When the recruitment process is over, your personal information will be deleted unless you have given us your consent to keep it. However, some information may be processed further if we are required to do so by law, by a governmental or court decision, due to a legal dispute or when there is a risk of the latter or similar.
More information about how we process personal data in connection with recruitment may be given in connection with a specific recruitment process.
10. Shared information with our partners
We neither sell, rent, distribute or otherwise make your personal data available to third parties. However, we may share information with partners or suppliers for the purposes stated in this policy.
11. Security, storage and transfer
We use administrative, technical and physical security measures to protect the personal data you provide against accidental, illegal or unauthorized destruction, loss, modification, access, disclosure or use.
We may also need to allow our suppliers to access your personal data when they provide services to us, primarily to maintain and support our IT systems.
Any transfer of data outside the EU/ EEA is made in accordance with applicable data protection laws. If there is no other legitimate reason, our international transfers of personal data are based on the EU Commission's standard contractual clauses.
This transfer of data, made to servers in so-called third countries, lives up to the rules of secure data transfer under the GDPR in accordance with the Privacy Shield Frameworks, which has been developed between the EU and the United States. More information about the Privacy Shield Frameworks can be found on this page: https://www.privacyshield.gov
Personal data can also be stored via IT services through Google, Microsoft, or other IT services for different cloud-based solutions. Please note that these providers may locate their servers outside the EU/ EEA area and that Optonova cannot take responsibility for these IT providers. However, we always strive to have secure IT solutions, both for our and your safety.
12. You are entitled to know what data we have about you and request rectification or erasure
You are entitled to get information about what data we have about you in the form of a registry extract, which you can also get digitally. You may also request that we rectify incorrect data, erase information about you or, under certain circumstances, transfer your information to another data controller according to your demands ("data portability"). You may also object to the processing of certain personal data or request that the processing of your personal data is restricted. If you have given us your consent to the processing of personal data, you are also entitled to withdraw this. If you withdraw your consent, we will erase the information we have about you due to the consent. Please note that restriction or erasure of your personal data may affect the delivery of information within the customer relationship, as well as possibly affecting any ongoing contact with you.
If you wish to withdraw your consent, or request registry extracts, rectifications or erasure, please contact us via the email address we have provided in the contact details section below.
13. Contact information to Optonova Sweden AB
If you have questions about our processing or wish to get in touch with us to exercise your rights, please find our contact information below.
Optonova Sweden AB
172 54 Solna
Phone number: +46-8-705 25 00
Company registration number: 559015-6104
General Email address: firstname.lastname@example.org
For questions regarding processing of personal data or contact with Optonova Data Protection Officer: email@example.com
14. Updates to this data protection policy
15. Contact details of the Swedish Data Protection Authority
The responsible supervisory authority is the Swedish Data Protection Authority. You can contact the Swedish Data Protection Authority if you have questions about GDPR and its application or comments on Optonova´s process of personal data.
Email address: firstname.lastname@example.org