Blue-top-wave-1920

Lackeby Products AB, Privacy Policy

1. Background and purpose

Lackeby Products AB, 556562-7451, develops and manufactures market-leading products in water purification and heat recovery for municipal and industrial purification and recycling processes. Lackeby Products AB (also called “Lackeby”, “we” or “us”) protects your personal integrity and we comply with applicable data protection legislation. In this privacy policy we describe our processing and the rights you have when you or the company or organization you represent request or purchase our services and/or products, when you or the company or organization you represent provide us with your services and/or products, when you visit our website or are otherwise in contact with us. The policy has the following content:

  1. Background and purpose
  2. Processing of your personal data
  3. Your rights
  4. How do we get information about you?
  5. Who might we share your information with?
  6. Transfers to third countries
  7. How do we protect your personal data?
  8. Contact us

You can always contact us if you have questions about privacy and data protection issues by sending us an email at GDPR@lackeby.se.

Below we explain the “legitimate purposes” for which we collect your personal data and the legal basis on which we do so.

2.    Processing of your personal data

We may process your personal data in the following situations:

  1. Provision of our products and services:
  1. a) Contact person at companies that are our customers
  2. b) Demonstrated interest in our products or services
  3. c) Information security and prevention of misuse.
  1. Communication on products and services
  2. Development of products and services
  3. Marketing
  4. Visiting our websites
  1. a) Newsletter
  2. b) Safety and performance
  3. Contact via social media

Please note that we only process personal data that is necessary to fulfil the purposes and only for the time necessary to fulfil the purposes. The exact personal data we process about you depends on how you, as a customer or supplier to us, have come into contact with us and which of our services and/or products we provide to you or the company you represent, or which of your services and/or products you or the company you represent provide to us.

To enable Lackeby to fulfil the legal obligations arising from applicable law or to be able to protect our legal interest, we may save the personal data for a longer period of time than stated above. However, personal data is never saved longer than is necessary or statutory for the respective purpose.

In addition to the personal data you provide to us, or that we collect from you, we may also collect personal data from third parties. These third parties vary from time to time but include, among others, providers of address data from public registers.

When you are asked to provide personal data, you can choose not to do so. In the event that you choose not to provide the necessary information, this may result in us not being able to fulfil our obligations towards you.

Below you can read more about each purpose, the legal basis on which the processing for that purpose is based, the categories of personal data processed and the applicable retention period:

Provision of our products or services:

In order for us to provide our products and services to you, in many situations we need to process your personal data, specifically about you:

  • Is a contact person for one of our customers
  • are a customer and hire us to perform services for you
  • buy products from us
  • been in contact with our customer service/helpdesk

Customer – person who has purchased products or services from us

In order to fulfil requirements contained in the applicable product liability law, we may be obliged to contact you. The legal basis for the processing is therefore a legal obligation. We may process your personal data for as long as we or manufacturers are liable under applicable product liability law.

 

Customer for sales or services

If you have purchased products from us or we have performed a service, we will process your personal data to the extent necessary to enable us to:

  • Identify yourself as a customer,
  • fulfil and administer our contract with you for the supply of products and services
  • to handle complaints and claims,
  • otherwise to safeguard our rights and fulfil our obligations under our contract with you.

The data we may process are contact details (name, address, email address and telephone number), date of birth, personal identification number, history of services provided, etc.), details of your purchases and use of our products.

The processing operations described above are necessary for us to provide the product or service you have purchased. The legal basis for the processing is therefore the fulfilment of the contract with you.

We will process your personal data for as long as you are a customer and for 12 months thereafter.

Demonstrated interest in our products or services

In order for us to provide our products and services to you, we need to process your personal data in many situations, namely if you:

  • Have requested a quote for products or services directly from us or our partners or suppliers.
  • provided your information to us in connection with an event organized or attended by us or our suppliers.

The personal data we may process are the data you provide to us in connection with the contact, usually contact details (name, address, e-mail address and telephone number).

To enable us to market our products and services, we assume that our interest in processing your personal data outweighs your interest in not being subject to our processing. The legal basis for the processing is therefore legitimate interests.

If you have requested/received a quote, we will keep your personal data for six months from the date of your request. If you have provided your personal data in response to enquiries via the website or in connection with events, we will keep your data for 3 months from the time you provided it to us.

Customer service/helpdesk cases

If you contact our customer service/helpdesk, we need to be able to identify you as a customer. The information we may process is the information you provide to us in connection with the contact, such as contact details such as name, address, e-mail address and telephone number.

The processing described above is necessary for us to be able to provide information about the product or service you have purchased or to remedy errors. Our obligation to rectify errors may arise partly by contract and partly by law. The legal basis for processing can therefore be both the fulfilment of a contract or a legal obligation, depending on which obligation we are bound by.

If you have a case registered by our customer service, we will keep your data for the duration of the processing and for 3 months afterwards.

Information security and prevention of abuse

We process personal data in order to ensure the security of all our products and services, to detect or prevent various types of unlawful use or use that otherwise violates the terms of the services we provide. We also process this data to detect and prevent fraud. The data that may be processed for this purpose include, for example, IP addresses and information about your computer or mobile device.

The processing described above is a prerequisite for the provision of the services, therefore the legal basis is the fulfilment of a contract.

We will keep this data for 3 months.

Communication about products and services:

We may process personal data when we need to communicate with you to provide service information or updates on the products and services we contractually provide to you. We also process personal data when you contact our customer service.

We may also process personal data that we separately collect from you from time to time, for example if you have chosen to respond to a customer survey that we have sent you.

Our legitimate interests for this processing are to keep you as a customer informed about our products and services and their availability and to improve our products and services. In connection with such processing, we may use your contact details (name, email address, telephone number) and information about the products and services you use.

We will process your personal data for the above purposes for as long as you are a customer and for 12 months thereafter.

Development of products and services:

We process personal data to develop our business in the form of our products and services. For such purposes, we may compile statistics for analysis purposes.

Our legitimate interests for such processing are to optimize our products and services for our customers. In order to technically implement this, we may use contact details such as name, email address and telephone number. We will also process data about your computer or mobile device, such as version and model.

We will process your personal data for the above purposes for as long as you are a customer and for 12 months thereafter.

Marketing:

We process different types of personal data in order to market our products and services directly to you. For these purposes, we may communicate with you by, for example, letter, text message, telephone, email and through our websites.

In order for you to be able to unsubscribe from a particular email newsletter or similar communication, instructions will be provided in each communication on how to opt out of future communications.

Our legitimate interests for such processing are to promote our existing or new products or services. We may therefore use your contact details (name, address, telephone number and email address) and details of the products or services you use.

We will process your personal data for the above purposes for as long as you are a customer and for 12 months thereafter.

Visit our website:

When someone visits our website, www.lackeby.se, we use third party service(s) to collect information and details of visitor behavior patterns. We do this to find out the number of visitors to the different parts of the site. This information is processed without identifying anyone. We do not make any attempt to find out the identity of those who visit our website, nor do we allow the third party service to do so. If we wish to collect personally identifiable information via our website, we will inform you of this in advance. We will explain when we collect personal data and what we intend to do with it.

Use of cookies
You can read more about how we use cookies in our Cookie Policy.

Newsletter
We collect statistics on email opening to help us monitor and improve our newsletter. The data we may process is your name and email address.

If you are a customer, the legal basis for our mailing may be a weighing of interests. You may also have given your consent to receive newsletters in connection with an event or other contact with us or one of our partners or suppliers. Regardless of which legal basis our processing is based on, you have the right to decline further mailings at any time by notifying us.

Your email address is processed for the above purpose until you opt out of future mailings.

3.    Your rights

Under current data protection legislation, you have the right to be informed about when and how we process your personal data. You also have the right, in certain cases, to access your personal data or have it moved, corrected or deleted. You can read more about each right below.

Right of access

On one occasion per year, you have the right to receive information free of charge about the personal data we process about you (a so-called register extract). A request for such an extract must be made in writing and signed by you. Please note that we only disclose information that we know with certainty belongs to you. We may also not disclose information that violates the rights of another person. Please send such a request to GDPR@lackeby.se.

To make sure that the register extract is not sent to the wrong person, we send it to your residential address. You also have the right to pick up the information at Lackeby, after being notified that the information has been compiled. To ensure that we deliver the register extract to the right person, you need to bring your identification. You have the right to access the register extract within 30 days of receiving your written request. If we are unable to fulfil your request for access to the data to which your request relates, we will provide a justification for this.

Right of rectification

We are primarily responsible for the accuracy of the personal data we process. If you inform us that the personal data you provided is no longer accurate, we will promptly correct, block or delete such personal data.

If data is rectified following your request, we must inform those with whom we have shared your information about the rectification. However, this does not apply if it would be impossible or excessively burdensome for us. Your right to information means that you have the right to know with whom we have shared your information.

The right to be forgotten

You have the right to contact us and request the erasure of your personal data. We are obliged to erase the data in the following cases:

  • If the data is no longer necessary for the purposes for which it was collected
  • Where processing is based on your consent and you withdraw your consent
  • If the processing is for direct marketing purposes and you object to the processing of the data
  • If the individual objects to the processing of personal data after a balancing of interests and there are no legitimate reasons that outweigh your interest
  • If the personal data has been processed unlawfully
  • If deletion is required to fulfil a legal obligation

If data is deleted following your request, we must inform those to whom we have disclosed data about the deletion. However, this does not apply if it would be impossible or excessively burdensome for us. You also have the right to request information about to whom data has been disclosed. If certain personal data cannot be deleted due to legal requirements, we will inform you of this and ensure that the personal data can only be used for the purpose of fulfilling such legal obligations and not for any other purpose.

The right to restriction

In some cases, you may have the right to request that the processing of your personal data be restricted. Restriction means that the data is marked in our systems so that it can only be processed for certain limited purposes in the future.

The right of restriction applies in the following cases:

  • that you believe that the personal data we hold about you is inaccurate and that you have requested rectification;
  • where the processing of your personal data does not comply with the applicable data protection rules, but you still do not want your personal data to be erased but rather restricted; and
  • where we no longer need your personal data for the purposes of our processing, but where we need them to establish, exercise or defend a legal claim.

When the restriction ends, you will be informed. If you have objected to the processing of your personal data, the use of your personal data may be restricted during the investigation. When restricting your personal data, we will only store your personal data and obtain your consent for further processing.

Right to data portability

In some cases, a person who has provided their personal data has the right to obtain and use their personal data elsewhere (data portability). The recipient of the personal data is obliged to facilitate such a transfer of personal data. A precondition for data portability is that the recipient processes the personal data on the basis of your consent or to fulfil a contract with you, and this only applies to personal data that you have provided yourself.

Right to object

You have the right to object to our processing of your personal data if the processing is based on our legitimate interest. In such cases, we will ask you to specify which processing you object to. If you object to any processing, we will only continue to process your personal data if we have legitimate interests regarding the processing and these outweigh your interests. We will also always inform you of this.

Right to withdraw consent

If you have given your consent to the processing of your personal data, you decide if and when you want to withdraw your consent to the processing of personal data to which you have voluntarily consented. You can do this by contacting us.

Complaints

If you believe that we are processing your personal data in breach of applicable data protection regulations, please notify us as soon as possible via GDPR@lackeby.se and we will get back to you as soon as possible. You can also contact the Swedish Data Protection Authority directly and submit your complaint. You can find their contact details at www.imy.se.

4.    How do we get information about you?

Information you share with us

We collect personal data from you in several different ways. For example, when you provide your information when requesting our services, requesting a quote or contacting our customer service/helpdesk. We may collect the following personal data from you:

  • Contact details (name, address, e-mail address and telephone number); and
  • data about your purchases and use of our products and services.

 

Sensitive information

We do not normally collect information relating to sensitive personal data (data concerning racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership and personal data concerning health or sex life). However, in connection with certain events where we provide refreshments, we may collect information about food allergies. This information is only saved until the event is completed.

5. Who might we share your information with?

Only those persons in our organization who need access to your personal data in order to perform their tasks will have access to your personal data.

To provide some of our services, we engage selected third parties. The sharing of your personal data with such selected third parties is done for the same purposes and on the same legal grounds for which the personal data was collected and relied upon. We take technical and organizational security measures to ensure that your personal data is handled securely. We have listed the categories of recipients with whom your personal data may be shared:

Suppliers and subcontractors: We use third-party suppliers to manage parts of the business, such as companies that work with technical support, operation of IT systems and marketing. We may share personal data with these suppliers when they perform services on our behalf. When we use such suppliers, we enter into a data processing agreement with them and take other appropriate measures to ensure that your personal data is processed in a manner consistent with this information.

Banks and partners: We share your personal data with other independent data controllers such as banks and partners. These recipients independently manage and are responsible for the processing of your personal data.

Group companies: We may share your personal data with other group companies if it is necessary to fulfil the purposes set out in this information.

Social media: We use social media. When using social media, your personal data is collected and processed by these companies. See each company’s privacy policy for more information.

Public authorities: We will also disclose your personal data to public authorities, such as the Swedish Tax Agency, if required by law, public authority decision or court order or if we reasonably believe that the disclosure is necessary to protect our rights.

When sharing your personal data, we take technical and organizational measures to ensure that your personal data is handled in a safe and secure manner. Our selected third parties will only process your personal data in the manner and for the purposes set out in this privacy policy.

We will not sell your personal data to third parties without your prior authorization. We may transfer your personal data to a buyer/investor or potential buyer/investor in connection with a reorganization, sale or other transfer of all or part of our shares, assets or our business in general. Upon such transfer, we will take steps to ensure that the receiving party processes your personal data in a manner consistent with this privacy policy.

6. Transfers to third countries

As a general rule, we process your personal data within the EU/EEA. However, we may transfer your personal data to a country outside the EU/EEA if one of our suppliers or partners is located there. In such a third country, the GDPR does not apply. This means that you do not automatically have the same rights and protection for your personal data that the GDPR guarantees. The Company protects its personal data by either basing the transfer on the European Commission’s adequacy decision or by taking appropriate safeguards, such as entering into the European Commission’s standard contractual clauses combined with technical and organizational safeguards, to ensure that your personal data remains protected. You can read more about which countries are considered to have an adequate level of protection on the European Commission’s website here. More information on standard contractual clauses can be found here.

We carry out a risk assessment before a transfer takes place and we implement technical and organizational safeguards to ensure an adequate level of protection. We transfer as little personal data as possible and, if possible, anonymize the data before transfer. For more information on the safeguards we apply in each case, please contact us.

The following beneficiaries outside the EU/EEA are eligible:

Suppliers and subcontractors: We may share your personal data with suppliers and subcontractors outside the EU/EEA. This may include, for example, suppliers of IT services. Here we list our suppliers and subcontractors outside the EU/EEA.

Microsoft Office 365: By using the service, your personal data will be processed by the company Microsoft Corporation. When Microsoft receives your personal data, the personal data may be transferred to, for example, the United States. You can read more about Microsoft’s processing here and about their transfers to third countries here.

Social media: When you visit, appear on or otherwise use the Company’s social media channels, your personal data is also collected and processed by the company that owns the respective social media. When these companies receive your personal data via the Company’s channels, the personal data may be transferred to, for example, the US. Here we list the social media on which the Company has channels.

LinkedIn: By using the services, your personal data is processed by the company Microsoft Corporation. You can read more about Microsoft’s processing here and about their transfers to third countries here.

 YouTube: By using the service, your personal data is processed by Google LLC. You can read more about the processing of personal data and the transfer of the service to third countries here.

7. How do we protect your personal data?

To protect your privacy, detect, prevent and limit the risk of attacks, etc., Lackeby takes a range of technical and organizational information security measures. We also take measures to protect your personal data against unauthorized access, misuse, disclosure, alteration and destruction. We ensure that access to your personal data is granted only to personnel who need it for the fulfilment of their duties and that they observe confidentiality.

  1. Contact us

Lackeby Products AB is registered with the Swedish Companies Registration Office with organization number 556562-7451 and has its registered office at Torsåsgatan 5F, 392 39 Kalmar. Lackeby is responsible for the processing of your personal data as described above and complies with Swedish data protection legislation.

Lackeby has a designated person responsible for data protection issues. You can always ask your questions about our processing of your personal data at GDPR@lackeby.se.