1. Introduction
The Ahlsell Group care about protecting integrity and upholding a high level of security regarding handling of personal data in accordance with the EU/EEA General Data Protection Regulation (“GDPR”) and other legislations relevant for the protection of integrity and personal data.
The term personal data refers to information related to an individual or which can be used to identify an individual. For example, name, address, phone number, photographs, or personal identification numbers, but also health related data, religious or philosophical orientation, union memberships, etc.
2. Principles
- Ahlsell applies the following principles for the protection of personal data:
- Personal data shall be handled in a legal, fair, and transparent way.
- Personal data shall only be collected and processed for a specific, defined, and legal purpose.
- Only data that is relevant and necessary for the intended purpose may be collected and processed.
- Collected personal data shall be correct and kept up to date.
- Personal data shall not be stored longer than necessary for the intended purpose or in accordance with legal requirements.
- Protective measures shall be applied when handling personal data to ensure the security of the data.
3. Processing of personal data
Information about how Ahlsell are processing personal data is provided in privacy notices or user agreements covering the different services that Ahlsell provides, or based on how the individual is interacting with Ahlsell.
The information provided in each privacy notice is the following:
- What personal data has been collected, how was it collected, and how is it being used.
- Purpose with the collection of personal data, including legal ground for processing.
- Who has access to the personal data, is the data being transferred to a third party, and how long is the data stored.
- How is the personal data protected.
The user agreements or privacy notices contain information about processing of personal data in relation to:
- Information searches related to Ahlsell Group companies.
- Customers or prospective customers
- Sub providers and partners
- Job applicants
- Employees
4. Protection of personal data
Ahlsell has implemented protective measures to prevent unauthorized access, copying, change, erasure, or transfer of personal data, including mechanisms to verify that processing of personal data is performed in compliance with laws and regulations.
Ahlsell performs regular risk assessments of the processing of personal data to be able to ensure correct and secure processing.
5. Rights of the data subject
In accordance with the GDPR the data subject (individual) has the right to:
- Be informed about what type of personal data about their person is collected and how it is processed.
- Have access to their personal data.
- Have their personal data corrected or complemented.
- Have their personal data erased or to object to further processing.
- Withdraw consent for processing of personal data in the situation that the legal ground for processing is based on consent.
- Make a complaint regarding processing of their personal data either to Ahlsell or to the Swedish Authority for Privacy Protection (IMY) or other authorities.
6. Updates
This policy will be updated from time to time. All changes are applicable once published on this website.
7. Controller and contact information
Ahlsell AB, with organizational number 556882-8916, in the role of controller for personal data handled by the Ahlsell Group, are accountable for the processing and protection of personal data, and for verifying that the principles for protection of personal data are complied with by the Ahlsell Group, and by any third parties or partners handling personal data on behalf of Ahlsell. For questions regarding how Ahlsell is processing and protecting personal data please refer to datarequest@ahlsell.se.
This policy was updated May 23, 2023 and published August 29, 2023.