Disclaimer E-mail Signature
Disclaimer E-mail Signature
Data protection information for business partners, suppliers and communication partners
As part of the business relationship between you and a company of the Sunds Fibertech Group, your personal data will be collected. This collection can take place directly from you or through the information provided by third parties. With the following information, we would like to give you an overview of the processing that takes place as well as your rights:
Who is responsible for data processing and who can I contact?
Responsible within the scope of the GDPR is exclusively the respective company of the group of companies with which you are in contact and which processes your data.
Contact details of the data protection officer
Sunds Fibertech AB
Terminalvägen 16, SE-861 36 Timrå, Sweden
Tel +46 76 804 90 01
www.sundsfibertech.com
Mrs Emma Eklund
emma.eklund@sundsfibertech.com
If you have any questions about the processing that is taking place, complaints about processing that is taking place or for the implementation of data subject rights, please contact the data protection officer directly.
Rights of affected parties
Under the conditions of the statutory provisions of the General Data Protection Regulation (GDPR), you have the following rights as a data subject:
- Objection in accordance with Art. 21 GDPR to the processing of your personal data, insofar as this is carried out on the basis of Art. 6 para. 1 lit. e, f GDPR and there are reasons for this arising from your particular situation or the objection is directed against direct advertising. The right to object does not exist if overriding, compelling legitimate grounds for the processing can be demonstrated or the processing is for the establishment, exercise or defense of legal claims. If the right to object does not exist for individual processing operations, this is indicated there.
- Information in accordance with Art. 15 GDPR about your stored personal data in the form of meaningful information on the details of the processing as well as a copy of your data;
- Correction in accordance with Art. 16 GDPR of incorrect or incomplete data stored by us;
- Deletion in accordance with Art. 17 GDPR of the data stored by us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
- Restriction of processing in accordance with Art. 18 GDPR if the accuracy of the data is contested, the processing is unlawful, we no longer need the data and you oppose their erasure because you require them for the establishment, exercise or defense of legal claims or you have objected to processing in accordance with Art. 21 GDPR.
- Data transferability in accordance with Art. 20 GDPR, insofar as you have provided us with personal data on the basis of consent in accordance with Art. 6 para. 1 lit. a GDPR or on the basis of a contract in accordance with Art. 6 para. 1 lit. b GDPR and this data has been processed by us using automated procedures. You will receive your data in a structured, commonly used and machine-readable format or we will transmit the data directly to another controller if this is technically feasible.
- Revocation in accordance with Art. 7 para. 3 GDPR of your given consent with effect for the future.
- Complaint in accordance with Art. 77 GDPR to a supervisory authority if you believe that the processing of your personal data violates the GDPR. As a rule, you can contact the supervisory authority of your usual place of residence, your place of work or our company headquarters.
Processing in the context of establishing contact and communication
Type and scope of processing
When you contact or communicate with us, we collect data in order to assign and process your request. We only collect the personal data necessary to answer your request, such as
- Personal master data (salutation, title, first and last names)
- Communication data (telephone, fax or e-mail address)
- Product interest
- Information from your inquiry
The provision of further personal data such as mobile phone numbers, addresses etc. is voluntary and is used for the purpose of facilitating contact. There are no negative consequences associated with the non-provision of data. However, failure to provide this data may result in communications being made more difficult or delayed.
Alternatively, it is possible to contact us via the e-mail addresses provided. In this case, the user’s personal data transmitted with the e-mail will be stored.
Purpose and legal basis
When contacting or communicating and for further processing, the user’s details are processed for processing the request and processing on the basis of Art. 6 para. 1 lit. b GDPR. If we contact you, we process the data on the basis of our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR or Section 7 para. 3 UWG. You can object to the processing at any time.
Storage duration
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data sent by email, this is the case when the respective conversation with the user has ended. The conversation is deemed to have ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.
If the contact is made in connection with the conclusion of a contract, the data may be stored until the limitation period for claims against the controller expires or if the documents no longer need to be retained due to legal obligations.
Data processing during video conferences
Type and scope of processing
When using video conferencing tools, we process different types of personal data, which are collected by the respective video conferencing provider to provide the service. Among other things, the following data is processed:
- User details (user name, e-mail address)
- Meeting metadata (IP address, ISP information, electronic ID, topic or description)
- Dial-in information with telephones (phone number, country name, start and end time)
Optional information include:
- User details (image and sound, profile picture)
- Other (shared screen content, camera position, information on the immediate surroundings
- Optional recordings (MP4 file of all video, audio and presentation recordings,
- M4A file of all audio recordings, text file of the online meeting chat)
You may have the option of using the chat, question or survey functions in an “online meeting”. In this respect, the text entries you make are processed in order to display them in the “online meeting” and, if necessary, to log them. In order to enable the display of video and the playback of audio, the data from the microphone of your end device and from any video camera of the end device will be processed accordingly for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time via the “Zoom” applications. In order to participate in an “online meeting” or enter the “meeting room”, you must at least provide information about your name.
Purpose and legal basis
Insofar as personal data of employees of the affiliated companies are processed, Art. 6 para. 1 lit. b GDPR is the legal basis for data processing. If, in connection with the use of services, personal data is not required for the establishment, implementation or termination of the employment relationship, but is nevertheless an elementary component in the use of services, Art. 6 para. 1 lit. f GDPR is the legal basis for data processing. In these cases, our interest lies in the effective conduct of “online meetings”.
Otherwise, the legal basis for data processing when conducting “online meetings” is Art. 6 para. 1 lit. b GDPR, insofar as the meetings are conducted within the framework of contractual relationships. If there is no contractual relationship, the legal basis is Art. 6 para. 1 lit. f GDPR. Here too, we have an interest in the effective conduct of “online meetings”. If data is processed when online meetings are held outside the EU or the EEA, it will only be transferred to service providers who have implemented measures in accordance with Art. 46 GDPR.
Storage duration
We only store the data for as long as it is required for the respective purpose. As part of the technical and organizational measures implemented, we have configured the storage periods so that the processed data is deleted after a maximum of 12 months. If we process your data to fulfill contracts, we store some of this data for as long as it is required to fulfill the contracts.
Forwarding of data to affiliated companies
Type and scope of processing
For the provision of our services and for the processing of contracts, we may commission affiliated companies of the Sunds Fibertech to fulfill these services. The following information may be passed on:
- Company information
- Personal master data (salutation, title, first name and surname)
- Communication information (telephone or e-mail address)
- Contract information (project periods or service overviews)
Purpose and legal basis
To process contracts, we process the data on the basis of Art. 6 para. 1 lit. b GDPR and Art. 6 para. 1 lit. f GDPR. The transfer takes place for the fulfillment of planning, production or delivery services. You can object to processing on the basis of Art. 6 para. 1 lit. f GDPR at any time without giving reasons.
Storage duration
We store the data for as long as it is required for the protection, enforcement or defense of claims. Depending on the scope of the project, data may be stored for up to 30 years.
Forwarding data to offices and authorities
Type and scope of processing
We process personal data that we receive from our customers and business partners as part of our business relationship. In addition, we process – to the extent necessary for the provision of our services – personal data that we legitimately obtain from publicly accessible sources (e.g. commercial and association registers, press, Internet) or that are legitimately transmitted to us by other companies or authorities. Data is transferred to authorities exclusively within the framework of legal regulations. Depending on the context, the processed data may include:
- Personal master data (e.g. name, address, date of birth)
- Communication data (e.g. telephone number, e-mail address)
- Financial data (e.g. account number, tax information)
- Other categories that are required by law
The data is transmitted in electronic form and can be stored in the authorities’ databases.
Purpose and legal basis
Your personal data is processed on the basis of the legal provisions of the GDPR and the BDSG. Data is transmitted to authorities primarily to fulfill a legal obligation pursuant to Art. 6 para. 1 lit. c GDPR in conjunction with the respective national laws or on the basis of a legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. A legitimate interest may be, for example, the detection of criminal offenses, the guarantee of network and information security or the enforcement of legal claims.
Storage duration
The storage period for personal data is based on the statutory retention periods. After expiry of the periods, the corresponding data is routinely deleted, provided that it is no longer required for contract fulfillment or contract initiation and/or we have no legitimate interest in further storage.
Conducting credit and creditworthiness checks
Type and scope of processing
To check creditworthiness and credit standing, we transmit company information to credit agencies or request information from them before concluding a contract with customers. In doing so, we transmit or receive basic company information:
- Company information
- Period of time
- Project information
- Credit ratings and credit limits
- Classification of the credit agency
Purpose and legal basis
Depending on the scope of the project, we process your data on the basis of the economic legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR or in individual cases on the basis of Art. 6 para. 1 lit. b GDPR for the processing of contractual or pre-contractual measures.
Storage duration
We retain this information for up to 3 years/months to protect our legitimate business interests. Implementation of sanctions list checks
Type and scope of processing
As part of mandatory sanctions list checks, we process personal data that is required to verify the identity of individuals or companies and to determine whether they are included on sanctions lists. The data processed may include:
- Personal master data (salutation, title, name and surname)
- Identification features (date of birth, place of birth, nationality)
- Affiliations or geographical information (addresses, company names and, if applicable, other identification data)
The data can come from internal sources, such as customer or supplier databases, or from external sources, such as publicly accessible sanctions lists.
Purpose and legal basis
The purpose of processing personal data in the context of sanctions list checks is to ensure compliance with legal obligations aimed at preventing or terminating business relationships with sanctioned persons or companies. The legal basis for the processing is the fulfillment of a legal obligation pursuant to Art. 6 para. 1 lit. c GDPR in conjunction with the relevant sanction laws and regulations, and, if applicable, the protection of legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR, such as the interest in preventing legal violations and safeguarding the company’s reputation.
Storage duration
The storage period of personal data in the context of sanctions list checks is based on the statutory retention periods and the requirements for documenting compliance with sanctions regulations. After expiry of the statutory retention periods, the data is routinely deleted, provided that no further legal obligations or legitimate interests require further storage.
Processing in the context of the establishment, exercise or defense of legal claims
Type and scope of processing
In the context of the assertion, exercise and defense of legal claims, we process personal data that is necessary for the assessment and enforcement of legal claims. The processed data may include:
- Personal master data (salutation, title, first and last name)
- Communication data (e-mail address, telephone number, contact details)
- Other data (contract data, documentation of facts, financial data and other data relevant to the legal assessment)
The data can come from internal sources, such as customer or employee databases, or from external sources, such as court files or correspondence with lawyers.
Purpose and legal basis
The purpose of processing personal data for the establishment, exercise or defense of legal claims is to protect and enforce the legal interests of the company or the data subject. The legal basis for the processing is the protection of legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR. The legitimate interest consists in the assertion, exercise or defense of legal claims. In certain cases, processing may also be necessary due to a legal obligation pursuant to Art. 6 para. 1 lit. c GDPR.
Storage duration
The storage period of personal data in the context of the assertion, exercise and defense of legal claims is based on the statutory retention periods and the requirements for the documentation of legal prosecution. After expiry of the statutory retention periods, the data is routinely deleted, provided that no further legal obligations or legitimate interests require further storage.
Processing for self-registration and participation in tenders
Type and scope of processing
As part of system or process adjustments, we process personal data that is required for the adjustment, improvement or maintenance of our systems and processes. The processed data may include:
- Personal master data (salutation, title, first and last name)
- Communication data (e-mail address, telephone number, contact details)
- Other information (user account data, contract data, technical data and other data stored as part of the systems and processes)
The data can originate from internal systems and databases and can be changed, anonymized, deleted or transferred to a new system as part of the adjustments.
Purpose and legal basis
The purpose of processing personal data in the context of system or process adjustments is to ensure and improve the efficiency, security and compliance of our systems and processes. The legal basis for the processing may be the fulfillment of a legal obligation pursuant to Art. 6 para. 1 lit. c GDPR if the adjustments are necessary to comply with legal requirements. Alternatively, the processing may be based on the protection of legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR if the adjustments are necessary to improve the systems and processes.
Storage duration
The storage period of personal data in the context of system or process adaptations depends on the requirements of the adaptation process and the statutory retention periods. Data that is no longer required for the adaptation is deleted or anonymized. Data that is transferred to a new system is subject to the retention periods that apply to the underlying main processing.
Identity check and data reconciliation
Type and scope of processing
We use artificial intelligence (AI) to support our supplier search. This involves processing relevant information about potential suppliers. This may include the following:
- Name of the company
- Contact details (address, telephone number, e-mail address)
- Type of company
- Product range
- Price information
- Historical order information
- Other relevant information to assess the suitability of the supplier
The AI automatically analyzes this data to identify and evaluate potential suppliers based on predefined criteria.
Purpose and legal basis
The purpose of this processing is to improve our supplier search and selection in order to make more efficient and effective business decisions. The legal basis for this is Article 6(1)(f) GDPR, namely processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
Storage duration
The personal data of potential suppliers is stored for as long as it is required to achieve the above-mentioned purpose. As a rule, this data is reviewed after completion of the supplier selection process and deleted if it is no longer required. In the event of a positive selection process, the data is stored in accordance with the statutory retention periods.