If you have any questions about how we store your data, please feel free to contact us.
Notice
All employees in the company are familiar with the company’s rules for handling and storing personal data. Violation of the rules can have devastating consequences for the company, which is why it is considered a significant breach of the terms of employment if these are not followed, which in serious cases can lead to dismissal from the company. All employees in the company declare that they have read, understood and intend to comply with the rules.
General
The company does not process sensitive personal information in its normal daily operations. An official DPO has not been appointed to comply with the rules for this function, but the practical tasks and responsibility for all procedures lie with the appointed DPO.
No employee in the company is permitted to store any kind of controversial or sensitive personal information on employees, former employees, customers, suppliers and contact persons. This includes, but is not limited to, religious affiliations, sexual preferences, political opinions, memberships of associations or organizations, on any media, private or owned by the company, as long as an employee is within the company’s area of responsibility.
Only employees of the company and data processors have access to the company’s personal data. Personal data may not be copied and removed from the company or its systems, stored on its own media, shared with outsiders without written consent from the DPO.
It is the duty of every employee to make the DPO aware of the presence of data that no longer has any practical significance or value and which should therefore no longer be stored in the company.
All personal data that is not on the systems described must be deleted, shredded, destroyed or otherwise made inaccessible immediately after they have been stored correctly. No account must be taken of the possibility that interested parties with criminal intent or experts with sufficient resources can recreate this information.
The company must under no circumstances exchange personal data with persons, companies or organizations that do not have a clearly documented need for the information and in cases where access is granted, all partners must have documented that they comply with the Personal Data Act through an updated and valid data processing agreement.
Deviations in the collection and storage of personal data
It requires special permission from the company’s DPO to store personal data that goes beyond; Name, address of the company where the contact person is employed, email address, direct telephone number, mobile phone number, technical areas of interest relevant to the company, and commercial interests.
In the event of a breach of security in the company, whether it is the company itself or one of the named data processors, it is the company’s responsibility to help secure all personal data. The company must, within 24 hours of starting, collect information that reveals what and the extent of which data is affected by the incident and the extent. The company begins to inform the affected persons within 72 hours. The company will then do what can be considered reasonable and timely to correct the cause of the security breach and ensure direct and objective communication with the affected individuals. The DPO will be the coordinator and responsible for ensuring that this part of the process proceeds in a timely manner.
Fill out the form and we will get back to you as soon as possible.
