PRIVACY POLICY – KEMRISK SWEDEN AB
Kemrisk Sweden AB, corp. ID no. 556624-2854 (”KemRisk”, ”we”, ”us” and ”our”) is a consulting company that provides services concerning, inter alia, safety data sheets, chemical management systems, building product declarations, advice and other consulting services. In the course of our business activities we collect various types of information, including personal data, about the users of our services and the contact persons and representatives for the companies and organisations with which we have a relationship. We care about the privacy of all individuals and therefore wish to inform you about how we process your personal data and the rights you have. This policy is valid from 01/06/2020.
This Privacy Policy is directed at anyone who uses our customer portal My KemRisk, is a contact person at or represents one of our customers, suppliers, consultants or other partners, visits our website (www.kemrisk.se), is the recipient of KemRisk Info or marketing from us, communicates with us in some other way and/or represents a government agency, competent authority or some other public organisation.
You are always welcome to contact us if you have questions regarding our processing of your personal data, or if you wish to exercise any of your rights as a data subject. Our contact details are provided below.
This Privacy Policy contains information about:
KemRisk is the data controller in relation to the personal data we process about you in accordance with this Privacy Policy.
If you have questions regarding our processing of your personal data, or if you wish to exercise any of your rights as a data subject, you are welcome to contact us in one of the following ways:
Email: info@kemrisk.se
Telephone: +46 (0)13 36 89 40
Address:
KemRisk Sweden AB
Platensgatan 8
582 20 Linköping, Sweden
We process personal data about you which you provide to us when you interact with us in some way. We also collect certain personal data when you use our services or our website. In certain cases, we also obtain personal data about you from third parties, e.g. your employer or a company or organisation you represent.
The type of personal data we process about you varies depending on the purpose of the processing and our legal grounds for such processing. We only process the data which is necessary in relation to the purpose in question. Typical examples of such data include your name and your professional contact details, although we may also process other personal data contained in the data we process as part of our services, or (for example) IP addresses generated when you use our services or visit our website. In certain cases, we may process your personal ID number, e.g. if you encounter us in your role as a sole trader (in which case your personal ID number is also the corporate registration number for your business). We only process your personal ID number when it is clearly justified to do so given the purpose of the processing.
Your personal data is primarily processed by KemRisk. The following types of third parties may have access to certain parts of your personal data in accordance with the following.
If you would like to receive more information about how we share your personal data with third parties, you are welcome to contact us via the contact details provided above.
We always strive to process your personal data within the EU/EEA. However, in certain situations the data may be transferred to and processed by a third party in a country outside the EU/EEA. If personal data is processed outside the EU/EEA, such processing will either take place where the European Commission has decided that the third country in question ensures an adequate level of protection, or else it will be subject to appropriate safeguards to ensure the protection of your rights, in the form of standard contractual clauses, binding corporate rules or Privacy Shield. If you would like to receive more information about the safeguards we have undertaken or where these safeguards have been made available, please contact us via the contact details provided above.
As a data subject you have certain rights pursuant to data protection legislation. The following is a description of your rights as a data subject.
You have the right to receive a confirmation of the fact that we process your personal data. If we process your personal data, you also have the right to receive information about how we process your personal data and to receive a copy of the personal data we possess about you. You also have the right to obtain rectification of any inaccurate personal data concerning you and to have incomplete personal data completed.
If the processing is based on an assessment of legitimate interest, you have the right to object at any time to the processing of your personal data. However, if we are able to demonstrate legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing takes place for the establishment, exercise or defence of legal claims, we may continue to process your personal data even though you have objected to the processing.
Under certain circumstances you have the right to request erasure of your personal data. Such circumstances exist if, for example, the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed, or if you withdraw your consent on which the processing is based and there are no other legal grounds for the processing. You may also request that we restrict our processing of your personal data. Conditions for such restriction of processing exist if, for example, you contest the accuracy of the personal data, or the processing is unlawful and you oppose the erasure of the personal data and instead request that we restrict our processing of your personal data.
If the processing is based on your consent, you have the right to withdraw all or part of the consent you have provided to us regarding our processing of your personal data.
You also have the right to, at any time, object to the processing of your personal data for marketing purposes and, if applicable, profiling, such as newsletters and direct marketing.
In certain cases, you also have the right to receive your personal data from us in a structured, commonly used and machine-readable format. When technically feasible, and if the processing is based on your consent or on a contract and is carried out by automated means, you also have the right to have your personal data transmitted directly to another company (”data portability”). The right to data portability applies to personal data you have provided to us in a structured, commonly used and machine-readable format.
You always have the right to lodge a complaint with a competent supervisory authority. Your complaint should be lodged with the supervisory authority in the Member State within the EU/EEA where you have your habitual residence, where you work or where it is alleged that an infringement of applicable data protection laws and regulations has occurred. The competent supervisory authority in Sweden is the Swedish Data Protection Authority (Sw. Datainspektionen).
We may change this policy in a manner that could affect you and your rights. Changes to this policy may occur due to changes to applicable regulations or official practice, or because we have developed our services in such a way that adaptation is required in relation to new functions in the services and your rights to your data. If we have an ongoing contract with you, we will notify you of any such change by way of specific notification (via letter, email or in some other way) or within the framework of our services. Changed terms and conditions in relation to this policy will come into effect at the point in time specified by us on our website, in our notification to you or, if different, at the point in time specified in the amended policy.
We process personal data that we have received from you or have collected ourselves. Your personal data is processed in the manner described in the attached document.
As stated above, we process certain parts of your personal data based on an assessment of legitimate interest as the legal grounds for the processing. In assessing legitimate interest, we perform an analysis through which we assess whether our legitimate interest in performing the processing overrides your fundamental rights and your interest in not having your personal data processed. The tables above contain details of the legitimate interests we have assessed in this manner. You are welcome to contact us if you would like to receive more information about how we have performed these assessments.