Privacy Notice for customers and business partners
This data privacy notice gives information regarding ÅF’s collection, processing, storage and sharing of personal data belonging to persons working for actual or potential ÅF customers and other business partners.
1. Categories of personal data that are concerned
The personal data that may be collected include:
- Basic personal information, such as name, e-mail address, phone number, title or position;
- Company information, such as details on the company you work for, including financial information, and other business related information related to your or your company’s business interactions with ÅF, such as meetings, projects and assignments;
- Business opportunities, such as details on potential projects or assignments, including stakeholder information, market area(s) and competence area(s);
- IT access control data, i.e. data used if you access ÅF’s IT-systems and networks, such as IP address and any information required in order to establish and maintain a secure IT connection and to log access.
The information above may be collected in contacts with you directly or be provided to ÅF from its customers and business partners or be collected from public sources such as internet searches.
2. The purposes and legal basis of the processing activities
ÅF collects and processes personal data for legitimate business purposes, including entering into and performing business contracts with you, or the company you work for, or engaging with other business partners, marketing ÅF and its services and products, or as otherwise permitted or required by law.
The following are examples of business purposes pursued by ÅF:
- to deliver professional services and products, including contracting, project management, planning of work and allocation of resources;
- to conduct business planning and development, strategical reviews and statistical evaluation;
- to issue and process invoices and payments;
- to maintain a safe, secure and efficient use of internal information, ensure that business critical information and other assets are safe and protected;
- to maintain good health and safety practises;
- to investigate and prevent fraud, misconduct, infringements or other violations of legal rights and obligations;
- to manage disputes and complaints, i.e. compensation claims, and to ensure compliance with legal obligations that ÅF are otherwise subject to.
3. Routines for storage and erasure
ÅF will process and store personal data only for as long as is necessary for the purposes that applied when collecting the data and to comply with legal obligations, resolve disputes and enforce contracts. Personal data may thus, for example, be stored during the performance of a contract up until it has been concluded and the period of limitations has expired, i.e. claims for compensation can no longer be pursued.
4. With whom we may share personal data
Personal data may be shared between the companies of the ÅF group for the purposes described in this privacy notice. Personal data that is being processed electronically by ÅF will mainly be stored on servers located in EU/EEA. Because ÅF operates globally and has customers and projects worldwide, personal data may be transferred and processed by ÅF subsidiaries and trusted suppliers and business partners outside of EU/EEA.
Personal data may be shared third party service providers, who may process data on ÅF’s behalf, such as IT service providers, subconsultants, lawyers and other external professional advisors.
Personal data may be shared with ÅF’s customers where you are a business partner and be shared with ÅF’s business partners where you are a customer, and other third parties, to the extent it is required for ÅF’s fulfilment of any actual or potential contracts with you or if its required by law or pursuant to any order of court or other competent authority or tribunal or by any applicable stock exchange regulations.
Any international transfer of personal data that takes place will be subject to appropriate security measures and all reasonable steps to ensure that your personal data is protected and maintained in accordance with this Privacy Notice and applicable data privacy laws will be taken, including using ‘standard contractual clauses’ approved by the European Commission.
5. Your rights as a data subject
In accordance with applicable data protection legislation, subject to some conditions and exceptions, you have the following rights:
- The right to information about and access to your personal data, including the right to data portability;
- The right to have personal data corrected or updated;
- The right to erasure (‘The right to be forgotten’);
- The right to restriction of processing;
- The right to object to certain processing.
You may exercise the rights above by sending an email to firstname.lastname@example.org. To opt-out of commercial electronic news letters and marketing, you may always click on the unsubscribe link at the bottom of the message.
You have a right to lodge any complaints regarding ÅF’s compliance with data protection laws with the appropriate supervisory authority.
6. About us
ÅF Pöyry AB (publ), corp. no 556120-6474 with the Swedish Companies Registration Office and with registered address SE-169 99 Stockholm, Sweden is the ÅF group’s main data controller. In addition, subsidiaries of ÅF AB (publ) may also be data controllers and process personal data as described in this privacy notice. Your relationship with ÅF will determine which of our group companies has access to and processes your personal data, and which of our group companies are the data controller(s) responsible for your personal information.
If you have questions regarding the privacy and security of your personal data that is being processed by ÅF, and which companies within ÅF are data controllers, please send an email to email@example.com or contact our Data Privacy Manager at:
ÅF Pöyry AB (publ)
Att: Data Privacy Manager
SE-169 99 Stockholm, Sweden