AB PJ Jonsson & Söner
Personal integrity is important for P.J. Jonsson & Söner. You must feel secure in how your personal data are processed by us and we always guarantee a high level of protection for your personal data.
Our starting point is that we should never process more personal data on you than necessary, and we always strive to use the least integrity sensitive data. We comply with the rules of the General Data Protection Regulation (GDPR) and other applicable legislation, and only process your personal data on legal grounds.
In our Integrity Policy, we explain how we collect and use your personal data and we also explain your rights and how you can apply them.
WHAT ARE PERSONAL DATA AND WHAT IS PROCESSING OF PERSONAL DATA?
All data that, directly or indirectly, can be traced to a physical person who is alive are personal data. This can be both e.g. names, email addresses and civil registration numbers, and photographs and user names in digital media.
Processing of personal data covers all actions that are done using personal data. This includes collecting, registering, reading, structuring, storing, processing, transferring and deleting data. Actions done outside IT systems can also be viewed as processing, such as when personal data are entered in registers that are stored in hard copy files.
RESPONSIBILITY FOR PERSONAL DATA
All processing of personal data is done in accordance with applicable legislation and P.J. Jonsson & Söner (Co. No: 556057-1654, Krossvägen 14, 894 41 Överhörnäs Tel: +46 (0)660 731 00, Email: firstname.lastname@example.org), is the data controller for all processing that is done.
When registering and using the P.J. Jonsson & Söner website to buy products and services, you as the user, are also responsible for the information you provide to us. If personal data are provided for a third party, you as the user, are responsible for ensuring this party has received information on the P.J. Jonsson & Söner Integrity Policy and has consented to such registration. P.J. Jonsson & Söner also reserves the right where necessary or if the law requires it, to notify a third party of our processing of their personal data.
WHAT PERSONAL DATA ARE PROCESSED?
The personal data that P.J. Jonsson & Söner processes and collects about you as a customer or a contact person at a customer, a supplier or contact person at a supplier or as a user of our website, when ordering products and services, are primarily:
- Name and civil registration number or other ID number
- Contact information, such as address, phone no., email
- Company affiliation
- Account information or other payment details
- IP address for information on how you use our website
We do not process any specifically sensitive personal data about you, which means that if we obtain such data we will quickly delete the data.
WHICH SOURCES DO WE OBTAIN PERSONAL DATA FROM?
Your personal data is collected when e.g. you enter your data in association with ordering products or services from us, you contact us about different matters or subscribe to newsletters. When the company you work for buys our services or if they are already a customer, we can collect data on you as an employee of the company.
Additional data can sometimes be processed and stored but only when you personally can be considered to have made such information public. Plus, it can be necessary for us to collect certain personal data from external sources for credit checks and address updates, for example.
USE OF PERSONAL DATA
We process your personal data in order to provide the services and products you have ordered. We will also process your personal data to manage and build our relationship with you and, where applicable, to manage the agreement with you or your employer.
Depending on which type of processing we perform, personal data processing can be based on different legal grounds:
- Order administration and service
When you order or ask service about a product or service from us, we need to register and manage correct information on you in our order processing system. In order to be able to give you as our customer fast and personal service, we also register and manage your personal data in a case management system. The legal grounds for processing are in accordance with our agreement with you or your employer.
- Invoicing and delivery
When we invoice and deliver the service or product you have ordered, we need to register and manage your personal data to be able to identify you. We store your data in a secure way. The legal grounds for processing are in accordance with our legal undertakings and legal requirements.
- Using our website
When you access our website, we can automatically retrieve information about your visits, what you do on the website and about your computer for the purpose of improving your user experience of our services. We sometimes link to other pages at third parties on our websites that have their own integrity regulations and which we cannot accept liability for. The legal grounds for processing is in accordance with balance of interests.
If you email us or send information to us in some other way, we collate this information. We move important or sensitive data to other systems and regularly delete emails that no longer need to be retained in our email archive. The legal grounds for this processing is in accordance with balance of interests.
HOW LONG DO WE SAVE YOUR PERSONAL DATA?
We save your data for as long as necessary to satisfy the above purposes or as long as we are required by law to do so. We have developed data deletion procedures to ensure personal data are not stored for longer than necessary for the specific purpose intended. How long this storage time is can vary depending on the purpose of processing and how long the data are necessary for the purpose intended. After this, we delete or de-identify your data in a secure way such that it is no longer possible to connect the data to you. Certain data cannot, however, be deleted for legal reasons, such as accounting legislation that requires such data to be saved for at least seven years.
ACCESS TO PERSONAL DATA
The data you provide to P.J. Jonsson & Söner can be shared internally with different employees that manage issues concerning sales, finance and other administration. As P.J. Jonsson & Söner is part of the Metso Group, your personal data can also be shared with other companies within the group. Your personal data can also be shared with other business partners in order to satisfy the above named purposes or for statutory requirements, legal investigations or court rulings. In certain situations, it is also necessary for us to share personal data with a third party such as a public authority or lending institutes. Such parties are considered to be independent data controllers and the integrity policy of that organization applies for their personal data processing. When sharing with a third party that is not an independent data controller, we will always sign a data processor agreement to guarantee secure processing.
As P.J. Jonsson & Söner is part of a global group of companies, your personal data can come to be processed outside the EU/EEA but only in agreement with you as the registered person and in accordance with agreements with the customer or supplier. When personal data are processed outside the EU/EEA the level of security is guaranteed by e.g. a ruling by the EU Commissions that the country in question assures an adequate level of security or by the use of so-called appropriate safeguards. These include a Privacy Shield, the use of Binding Corporate Rules and various agreement solutions. Standardized model clauses for data transfer that have been adopted by the EU Commission, are also available at the EU Commission website.
We never forward, sell or exchange your personal data to or with third parties outside PJ Jonsson & Söner for marketing purposes.
PERSONAL DATA PROTECTION
P.J. Jonsson & Söner has taken necessary technological and organizational measures to protect your personal data from loss, manipulation and unauthorized access. By organizational measures, we mean processes and working methods where the starting point is that only persons within the organization that need personal data to perform their work-related duties, have access to such data.
Necessary technological security measures are security systems that have been developed with your integrity in focus and to protect against hacking, destruction or other changes that can entail a risk. We also regularly adapt our security measures in accordance with developments and advances within the technology area.
In accordance with applicable legislation, you have the right, at any time, to request information on the personal data we hold about you. If your personal data are incorrect, incomplete or irrelevant, you can request correction or deletion. In certain cases however, we cannot delete some of your data if there are statutory storage requirements, such as accounting rules, or when there are other legitimate reasons why data must be saved, such as unpaid debts.
You also have the right to limit the amount of personal data we process and the right to data portability (transfer of personal data to another data controller) for data you have personally submitted to us. Data portability is subject to such transfer being technically possible and can be done in an automated way. You can withdraw, at any time, your consent to letting us use data for marketing purposes or where the balance of interests is based on legal grounds.
If you have any questions about how P.J. Jonsson & Söner processes personal data, extracts from the register, correction of data or if you object to the purposes, please contact the P.J. Jonsson & Söner data controller in writing to P.J. Jonsson & Söner customer service, Krossvägen 14, 894 41 Överhörnäs, or by email to: email@example.com. You can also contact us by phone: +46 (0)660 731 00.
DATA PROTECTION AUTHORITY
Datainspektionen (the Swedish Data Protection Authority) is the data protection authority responsible for monitoring the application of legislation concerning data protection. If you think we have acted incorrectly, you have the right to contact Datainspektionen about issues and reports, for contact details, go to www.datainspektionen.se
However, certain services on our website can stop working if you block or delete cookies.
The P.J. Jonsson & Söner website can contain links to other websites over which we have no control. We are not liable for privacy protection or the content of these websites and purely provide these links to make it easier for our visitors to find more Information on specific subjects.
If you have any questions or objections, please contact us.
P.J. Jonsson & Söner
Co. No. 556057-1654
894 41 Överhörnäs
Telephone: +46 (0)660 731 00