1. Sellukem AB cares about individual privacy and protecting the personal data processed by the company according to applicable data protection legislation.
2. This Privacy Notice contains information on how and why we collect, process and share personal data provided to or collected by us when various people e.g., customers, suppliers, business partners, consultants, employees or visitors, have contact with us or otherwise appear in conjunction with our business operations. The Notice also contain information about the rights that data subjects have in relation to us as controller and our contact details, see at the bottom of the Notice.
Collection and Processing of Personal Data
3. Much of our communication takes place via face to face or online meetings, telephone, electronic messages and email, which essentially always entail processing of personal data since in those cases personal data that can be attributed to individuals are provided to us.
4. We collect the personal data provided to us in conjunction with our business engagements or that is otherwise processed when the operations are being prepared or administered. We mainly collect personal data direct from the individuals concerned, but during business engagements we sometimes receive information about individuals involved that does not come direct from them. Sometimes, we supplement the personal data by obtaining information from other sources, e.g., search results using generally available search engines and records. Collection of personal data and processing thereof also takes place in our contacts with e.g., customers, suppliers, other external parties and employees.
5. The personal data we process may consist of e.g., contact details, identification details like e.g., passport details and date of birth/ID number, device- and geographic information, pictures, sound- and image recordings and invoicing information. In specific engagements, the personal data may also comprise other information relevant to the engagement.
Purpose of our Processing of Personal Data
6. We process personal data in conjunction with engagements so we can meet our commitments and safeguard our customers’ interests and to perform administration in conjunction with our engagements. Personal Data is furthermore processed for the purpose of meeting the requirements to which we are subject by law e.g., according to chemicals, accounting- and tax law. Personal Data may also be processed to handle and administer our relations with employees, suppliers and other external parties and for marketing analysis, business-, marketing- and methodology- development and risk administration.
Legal Basis for Personal Data Processing
7. The legal basis for processing personal data is one of the following.
a. Contracts: to perform, administer and handle our contracts with employees, customers and suppliers including other contracts.
b. Legitimate Interest: when we consider that ours or third parties’ legitimate interest of the personal data processing is necessary and overrides the data subject’s fundamental rights and freedoms e.g., our legitimate interest in conducting our business and performing our business engagements.
c. Legal Obligation: e.g., to perform our legal obligations under laws relating to chemicals, accounting, tax and other laws.
d. Consent: e.g., if the data subject has given its consent to the data processing.
How do we Share Personal Data?
8. We have taken appropriate technical and organisational security measures to protect the personal data we process from unauthorised access and loss, among others. Personal data may be transferred to countries outside the EU/EEA but only for the purposes and on the legal basis set forth in Sections 6-7 above. Transfers of this type only take place according to applicable data protection laws to ensure the personal data remain protected with an adequate level of protection corresponding to and at the level of the protection offered within the EU/EEA.
9. We will not divulge personal data to anyone outside the company, except where:
a. it has been agreed between us and the person whose personal data we process,
b. it is necessary within the scope of a given engagement so we can safeguard our customers’ or business partners rights and interests,
c. it is necessary to perform a statutory obligation, comply with a decision of a public authority or a court of law,
d. we engage an external provider or business partner who performs services on our behalf, who may only however process personal data in accordance with our instructions and may not use personal data for their own purposes, or
e. it is otherwise permitted under applicable law.
How Long do we Save Personal Data?
10. We save personal for as long as necessary given the purpose of the processing, unless the data may or must be saved for a longer period under applicable law.
Rights of the Data Subject
11. In our capacity as controller of the processing of personal data described above, we are responsible for ensuring that the personal data are processed correctly and in accordance with current data protection legislation.
12. Data subjects have the right:
a. to know what personal data we process about them,
b. to receive the personal data they have provided in machine-readable form and to transmit them to another controller,
c. to request that we rectify inaccurate or incomplete personal data about them,
d. to request that we erase their personal data e.g., if the data are no longer needed for the purpose or if consent is withdrawn,
e. to object to specific processing of personal data, and
f. to request that processing of the personal data be restricted,
Note that restriction or erasure of personal data may result in that we no longer can perform our obligations.
13. If you have any questions or complaints about the way we process personal data or wish to request exercise of rights as described above, please contact us by email at firstname.lastname@example.org or by telephone or post at the number or to the address set forth at the bottom of the Notice. Data subjects are also entitled to submit objections about or complaints regarding the way we process personal data to the Swedish Authority for Private Protection, which is the supervisory authority for our processing of personal data.