Personal Data Controller
Emballator Metal Group is a personal data controller and is thus responsible for the processing of your personal data. The personal data that we collect will only be used by us unless otherwise stated when you register or in the information that you receive after contacting us.
Emballator Metal Group has not appointed a Data Protection Officer, but if you have any questions about how we process personal data, please contact us via one of the addresses below.
Corporate registration number: 556122-5904
Postal address: Box 8, 523 21 Ulricehamn
Street address: Maskinvägen 14, SE-523 38 Ulricehamn
Phone: +46 (0)321-68 30 00
Protection of your personal data
We implement numerous technical and organisational measures to protect the personal data that we hold about you. We are continuously updating and testing our security technology to prevent any unauthorised access to our systems. Our employees can only access data on a need-to-know basis to be able to perform their duties and we provide our staff with training so that they understand the importance of confidentiality and how to ensure privacy and security of personal data.
How we collect and use (process) personal data
To enable us to provide you with our services, we process personal data in the following situations and for the following purposes. We do not hold personal data for any longer than we need.
For the provision of products and services
We process personal data to enable us to manage, deliver and charge for the products and services we provide as set out in the contract or agreement. We also process personal data to enable us to handle any claims or complaints. Lawful basis: performance of a contract.
Retention period: Under the provisions of the Swedish Accounting Act (Bokföringslagen), we are required to keep financial records for a period of seven (7) years for the purposes of accounting. Other personal data are retained for a period of three (3) years after the last time a purchase was made.
In our communications
We process personal data in connection with our communications with customers, suppliers and stakeholders, for instance, when we send you information or contact you about our products and services. We consider it very important that our contacts receive information about us, our products and services. Lawful basis: legitimate interest.
Retention period: Three (3) years following the last contact.
To ensure compliance with legislation
We process data for the purpose of compliance with our statutory obligations. Lawful basis: legal obligation
Retention period: As required by applicable laws.
When and how we share personal data with others
All personal data that we process are held by our IT operations providers, which are always based in EU/EES countries. We do not sell your personal data to any third parties and only share personal data with third parties to enable them to offer products and services to our customers. In those cases, personal data may only be used to provide products and services to our customers. When we share your personal data with a third party, we are responsible for the processing and a Data Processing Agreement is always drawn up containing the legally required provisions about how the personal data may be processed.
In certain circumstances, we have an obligation to disclose personal data when legally required to do so or in compliance with the instructions of a government authority. We may also be required to disclose personal data to protect our legal interests or to detect and prevent fraud.
The GDPR provides you with a number of rights in respect of how we process your personal data. If you wish to exercise your rights, please contact us via one of the above means. We always take care to ensure the accuracy of data and we will therefore correct, add, delete or de-identify personal data as required. If you feel that any data are inaccurate or misleading, you should contact us immediately. If you think we have been processing your personal data incorrectly in any way, you have the right to complain to the supervisory authority, which is the Swedish Data Protection Authority (Datainspektionen). You can find its contact details under the heading “Supervisory Authority”.
Right to be informed
You have the right to be informed, once a year at no cost, about which of your personal data we process. The information we provide will state what types of personal data we hold about you, our purposes for processing your data, if we have shared your personal data with any third party and, if so, with whom, the source of the personal data if they have not been obtained directly from you, and how long we intend to retain your personal data.
Right to rectification
If you think that we have inaccurate or misleading personal data about you, you may request that we rectify your data or complete them with personal data that are relevant to the processing. When we comply with a request for rectification, we also inform the companies with whom we have shared your personal data.
Right to erasure
In certain circumstances, you may request to have personal data that we hold about you erased, for instance, if the data are no longer necessary for the purpose for which they were originally collected. The right to erasure does not apply if the processing of personal data is necessary for the performance of our contract with you as a customer or supplier, or to comply with a legal obligation. When we erase personal data, we inform other companies with whom we have shared the data that the data must be erased.
Right to restrict processing
In certain circumstances, you have the right to request the restriction of your personal data, for instance, if the data are inaccurate and you have requested to have them rectified.
The contact details of the supervisory authority, the Swedish Data Protection Authority (Datainspektionen):
Phone: +46 (0)8-657 61 00
Fax: +46 (0)8-652 86 52
Postal address: Datainspektionen (Swedish Data Protection Authority), Box 8114, 104 20 Stockholm, Sweden