DATA PROTECTION POLICY

In the absence of any statement to the contrary below, H. Östberg AB (hereinafter referred to as “we”, “us”) is the Data Controller for the processing of your personal data under the present Data Protection Policy.

Our objective is for you to feel secure when providing us with personal data. We adopt technical and organisational measures in order to protect your personal data. We ensure that the processing of personal data is performed in accordance with the prevailing data protection legislation and our internal guidelines, policies and procedures for the handling of personal data.
This policy refers to: H. Östberg AB (company reg. no. 556301- 2201) Data Protection Officer: HR Manager, email: hr@ostberg.com

Why do we collect, store and process personal data?

We collect, store and process personal data in order to fulfil our agreements/relations with our customers, suppliers, employees and other stakeholders. We store the personal data for as long as we need them and while there is a legal basis to do so.
We process personal data to enable us to handle our relations; for example, to:

  • manage orders
  • deliver our products and services
  • provide the necessary, agreed services and relevant products
  • respond to enquiries
  • inform customers and suppliers about changes

We also process personal data in order to adapt, improve and develop our editorial and commercial services so as to provide added value for the individual. Through processing personal data, we can provide you with relevant information and recommendations.
We only utilise your personal data for purposes for which we have entered into an agreement, for which you have given your consent, which are necessary to allow us to manage our relationship, or which are required to safeguard another legitimate interest where your need for privacy is protected. Our collection, storage and, where appropriate, processing of your data may also be required on legislative grounds – in the context of bookkeeping/accounting, for instance.

What information do we collect?

You can provide us with information about yourself directly or indirectly in different ways. For example, you communicate information when you submit an enquiry about a product or service we sell, when you order products/services, when you ask to subscribe to our newsletter, when you interact with us via social media, or when you contact us by email, letter or phone.
The sources can be divided into two main categories, as explained below.

a. Information you submit to us:
This information may be:

  • Personal information and contact details – name, date of birth, civil registration number, invoicing and delivery address, email address, mobile phone number, etc.
  • Payment information – invoice information, etc.

b. Information about you that we register when you use our products and services
This information may be:

  • Personal information and contact details such as name, date of birth, civil registration number, invoicing and delivery address, email address, mobile phone number and your position at your company.
  • Information about products/services – details concerning the products or services you have purchased or expressed interest in buying.
  • Financial information – any credit agreements you may have, as well as information about debts or negative payment history, financial information.
  • Historical information – previous purchases, payment and credit history.
  • Device information – for example, your IP address, language settings, browser settings, time zone, operating system, platform and screen resolution.
  • Geographical information – your geographical location.
  • Time and date of communication/visits to our website.
  • Behaviour patterns on our website.

The information you provide us with, the information we collect about you, the information about products/services and the financial information we access are all data we require to enable us to enter into a contractual agreement with you, while the other types of information we collect are generally necessary for other purposes, as described above.

What do we do with the information?

We use the information to provide, execute and improve our services, products and information channels.

We use the information:

  • to confirm your identity and verify your personal data and contact details.
  • to complete our contractual undertakings with you.
  • to meet our obligations to our customers and suppliers, and to provide our customers and other stakeholders with information, products and services.
  • to ensure that the content is presented in an efficient manner for you and the device you are using.
  • to perform risk analysis, to prevent fraud and for risk management.
  • to comply with prevailing legislation and other legitimate interests.
  • to comply with prevailing legislation, such as laws concerning measures to combat money laundering, and accountancy legislation.

With whom do we share data?

In order to fulfil the purpose of our processing of your personal data as stated above, we commission certain service providers who process personal data on our instructions. These service providers may only process your personal data in accordance with the applicable legislation. They are responsible for adopting suitable technical and organisational security measures to protect your data.

Where appropriate, we may disclose your personal data to recipients other than those mentioned above, in order to comply with prevailing laws and regulations, to respond to a request or an order from an authorised court or authority, and in order to safeguard our legitimate interest in establishing, exercising and defending legal claims.
We will not sell the information we collect to third parties.

Storage and deletion

We will process your personal data for as long as the information is necessary (quarantine period) in order to fulfil the purposes described in the present Data Protection Policy. When your personal data are no longer relevant for the purposes for which they were collected, we will delete or anonymise the information. On the grounds of security and accounting requirements, we are obliged to retain certain information about payment transactions beyond the quarantine period. For reasons of security, we also retain the information you have submitted to us, over and above your login history, in order to investigate and prevent fraud and misuse.
We process data within the EU/EEA. We apply all reasonable legal, technological and organisational measures to ensure that the data are processed securely and with an adequate level of protection.

Your rights

You have the right to request information about the personal data about you that we process. If the information about you that we possess is incorrect, you may ask to have the information corrected, supplemented or erased. In order to have the data erased, you need to contact the Data Protection Officer.

In order to ensure that personal data are delivered to the right person, we may ask you to submit your request for access in writing or otherwise to confirm your identity. Pursuant to the General Data Protection Regulation (GDPR), information that is no longer necessary for the purpose for which it was stored must be erased. We store personal data in compliance with the prevailing legislation.
The following rights apply in addition to those stated above:

The right to object to any processing based on a balancing of interests
You have the right to object to any processing based on a balancing of interests. However, we may continue to process your data – even though you have objected to the processing – if we have a compelling, legitimate reason for the processing that outweighs the interest of your privacy.

Right to request restriction of processing
You also have the right, where stipulated by the prevailing data protection legislation, to request us to restrict the processing of your personal data. Please note, however, that if you ask us to restrict the processing of your personal data, this may result in our being unable to fulfil our obligations to you and/or your company during the period the processing is restricted.

Security

We work continuously to protect the privacy of our customers, suppliers and other stakeholders. Our security activities encompass work with IT infrastructure, staff training and the securing of facilities and equipment.
H. Östberg AB is to ensure that the information collected is not used contrary to the purpose for which it was collected, nor in contravention of the prevailing agreements and user terms and conditions. H. Östberg AB has therefore established procedures and measures designed to prevent unauthorised parties from gaining access to your personal data.

Annexes

For additional information, company employees can access the annex “Data Protection Policy – employees”

Changes to the Data Protection Policy

We reserve the right to make changes to our Data Protection Policy. The most recent version of the policy will always be published on our website: www.ostberg.com

The Data Protection Policy was updated most recently on 20 February 2023