WHO IS RESPONSIBLE FOR THE PROCESSING OF YOUR PERSONAL DATA?
NC Nordic Care AB
Ydrevägen 23, Tranås, Sweden
Data: information which is stored electronically on a computer or in certain paper-based filing systems.
Data subject: an individual on whom any personal data is held by an organisation. All data subjects have legal rights in relation to their personal data.
Personal data: data relating to a living individual who can be identified from that data; can be factual (e.g. name, address, date of birth, email address)
Data controller: the person who determines the purposes for which, and the manner in which, any personal data is processed.
Personal data: identified as covering information on, opinions about, and intentions towards individuals, referred to in this policy as “data subjects”.
Sensitive personal data: includes such information as ethnicity, political opinions, religious beliefs, membership of trades unions, physical or mental health, sexual life, marital status, commission or alleged commission of an offence.
Processing: any use of personal data, including its destruction.
Any relevant filing system: any store of data from which personal information can be extracted. It does not have to contain the individual’s name and does not have to be held electronically.
WHAT PERSONAL DATA DO WE COLLECT AND WHERE FROM?
We only collect your personal data to the extent necessary in order to fulfil certain purposes, which are set out below. We collect your personal data when you, inter alia, send us a request for quotation, place an order for any of our products or services, when you subscribe to our newsletter or when you apply for employment at Kinnarps. Furthermore, we collect your personal data when you voluntarily fill out customer surveys or contact forms, provide us with feedback and when you contact our customer service.
The types of personal data that we collect may include the following:
• Name, position, language and contact information including email address, mobile number and address;
• job application documents, such as your resume and cover letter;
• purchase history;
• delivery information, billing information and payment information; and
• other information which you may provide to us in connection with, inter alia, correspondence with our customer service.
We may collect your personal data from the following sources:
• NC´s website, e.g. when you place an order, subscribe to our newsletter, register and download information or when you contact us using our contact forms;
• when you contact us by email or by phone;
• through contracts, invoices or other business contacts, if you are a representative of any of our business partners;
• from third parties (as regards different address providers); and
• through certain activities, such as fairs and events.
• Recruitment activity
WHY DO WE COLLECT AND PROCESS YOUR PERSONAL DATA?
We collect and process your personal data for the purposes and based on the legal grounds set out below:
Purpose of processing
- Managing your orders and purchase returns
Communicating delivery notes or information regarding delivery issues
Executing recruitment processes
Performance of contract
|Sending general information and targeted messages|
- Sending invitations to events
- Sending quotations
- Replying to questions by email or via customer service
Sending customer surveys
Sometimes we might need your consent in order to be able to process your personal data, e.g. with respect to subscription of our newsletter. In these situations you will be provided with information about this and you will also get the possibility to accept or decline that your personal data is processed in the described way.
You may withdraw your consent at any time by contacting us using the contact information above. Such withdrawal may be made in whole or in part. If you do not wish to receive newsletters from us you may, in addition to using the contact information above, withdraw your consent by clicking a link in the relevant email.
TRANSFER OF PERSONAL DATA
Your personal data may be transferred to third parties who act as NC´s data processors, so that we can carry out our obligations in relation to you as a customer or a representative of a customer. These companies provide, inter alia, data support, email and cloud storage services, analytic services and delivery services with respect to the products ordered. We do not disclose and we do not sell personal data to third parties for any other purposes.
• the receiving country ensures an adequate level of protection;
• NC has collected your consent prior to the transfer;
• the applicable data protection laws provide legal grounds for the transfer;
• an agreement including certain standard contractual clauses issued by the European Commission (2010/87/EU) have been entered into between NC and the recipient, without any conflicting changes or amendments;
• the recipient has adopted binding corporate rules for the processing which have been approved by the relevant supervisory authority and the recipient of the personal data in the third country is bound by these rules; or
• for transfers to the U.S.A., the recipient has self-certified to the EU-U.S. Privacy Shield Principles under the EU-U.S. Privacy Shield Framework and registered on the Privacy Shield List managed by the U.S. Department of Commerce.
HOW DO WE PROTECT YOUR PERSONAL DATA?
NC is continuously working to ensure an adequate organisational and technical level of security in relation to the processing of personal data which fulfils the conditions set out in applicable data protection laws.
FOR HOW LONG IS YOUR PERSONAL DATA RETAINED?
Your personal data will never be stored for longer than what is necessary to fulfil the purposes stated above, or than what is permitted by applicable law. Your personal data will be processed by us during the time periods set out below, and thereafter erased.
• Representatives of companies: Your personal data is saved for as long as you are listed as the contact person for a company with which NC has business relations.
• Communication: If you are in contact with NC, e.g. by email, your personal data is saved for as long as it is necessary to fulfil the purpose of the correspondence.
• Employment applicants: NC will save your job application documents, including your resume and cover letter, during the recruitment process and for two years thereafter, in order to defend potential legal claims.
• Legal obligation: Kinnarps saves any documentation that constitutes accounting information in accordance with applicable accounting legislation.
• Consent: Where we process your personal data based on your consent, we will only save your personal data for as long as we have your consent to do so.
WHAT RIGHTS DO YOU HAVE?
The GDPR provides the following rights for individuals:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling.
• You have the right of access to the personal data regarding you that we process. Consequently, you may request information regarding what personal data we have retained about you, the purposes of the processing of this personal data and information regarding from where the personal data has been collected.
• Should your personal data be inaccurate or incomplete, you may request rectification of the relevant personal data.
• In certain situations, you have the right to have your personal data erased, e.g. if the processing of your personal data is no longer necessary in relation to the purposes for which they were collected.
• In certain situations, you have the right to request that NC processing of your personal data be restricted, e.g. if you have objected to any processing carried out based on Kinnarps’ legitimate interests. The processing of your personal data may also be restricted for the period of time during which it is verified whether the legitimate grounds of Kinnarps override yours, i.e. your interests, rights and freedoms.
• You have the right to withdraw or alter the consents that you have given to us at any time.
• You may, in certain situations, request that your personal data be transmitted in an electronic format, in some cases to another data controller (data portability).
Should you want to exercise any of your rights, you are welcome to contact us by using the contact information above. For the protection of your privacy and your personal data, we will require that you identify yourself in connection with our assistance. If you, for the purpose of exercising the above-mentioned rights, choose to contact us by mail, we kindly ask that you include a copy of your ID and ensure that the letter is signed. If you choose to contact us by email, please include a scanned copy of your ID and signature.
You may at any time file a complaint with the Managing Director, Ashley Hayward or firstname.lastname@example.org if you believe that NC processing of your personal data is not carried out in accordance with applicable laws. Alternatively the contact details for the Information Commissioners Office is:
Information Commissioner’s Office
Tel: 0303 123 1113 (local rate) or 01625 545 745
According to the Information Commission Office, a personal data breach means “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. This includes breaches that are the result of both accidental and deliberate causes. It also means that a breach is more than just about losing personal data.
Personal data breaches can include:
• access by an unauthorised third party;
• deliberate or accidental action (or inaction) by a controller or processor;
• sending personal data to an incorrect recipient;
• computing devices containing personal data being lost or stolen;
• alteration of personal data without permission; and
• loss of availability of personal data.
If a breach has been identified or suspected please alert Kinnarps. If a device has been stolen or lost that could result in a data breach please inform the IT Manager immediately. Personal data breaches need to be recorded and reported to the Information Commission Office by Kinnarps within a strict timeframe of 72 hours where possible.
If the changes concern processing of personal data that we carry out based on your consent, we will give you the opportunity to once again give your consent to the processing on the new terms presented.