Information on how we handle personal data

Responsible organisation and contact information

Briab – Brand & Riskingenjörerna AB (“Briab”, “we”, “us”) is responsible for the personal information handled within the course of our activities. We care about our customers and your integrity and pledge to respect and protect your personal information in accordance with relevant laws and industry standards. We have compiled the following information to help you understand how we collect and use information about you. You are always welcome to contact us with any questions or concerns about how we handle your personal information.

Contact details: gdpr@briab.se

Information we collect

It is important to us that you know what information we collect about you and how it is collected. We collect personal information in the following ways:

You may provide us with your information either directly or indirectly through the use of our products and services as well as our website (briab2018.staging.wpengine.com hereafter “the website”).

Information that may be collected via these means includes: your name, company name, your contact details, billing information (if relevant) and any other information you provide us with. We also collect information in conjunction with any payments and transactions made, such as the payment method used, billing information, bank account number, etc., as relevant.

When you use our services, in addition to the information you provide as described above, we may collect the following information about you and your activities

• Information about which products/services you order from us.
• Information relating to your computer/mobile device: for example, IP address, device identifier, choice of web browser, language preferences, the server your device is logged in through and information about the operating system.
• Geolocation data.
• Information about how you interact with us and use our services. This can include, for example, information about response times on different pages, content and pages viewed, interest shown in specific content through downloading material, etc. All this information is collected for the purposes of learning more about what information interests you and to improve our products and services.

Purposes and legal basis for the handling of personal information

The information you provide to us, such as on which products and services you use and buy, as well as billing and payment information (as relevant), is normally required to enter an agreement with us.

In addition to the information above, we may ask for some other information that can help us improve your visit to our website and make our communication as effective as possible. This can include, for example, information to do with your personal or professional interests/preferences, where you live, etc. We will only collect such additional information to the extent that you provide it, i.e. only with your permission.

The personal information we collect is used in the following way

• To register you as a customer (when relevant).
• To share information, products or services with you that you request and order, as well as facilitate billing.
• To optimise your experience on our website and offer a better service, for example by adapting content to your specific needs and interests through Google Analytics, Facebook Pixel and AdWords. (Note that you can choose to turn off personalised recommendations and targeted advertising whenever you want.
• To manage job applications (when relevant).
• For marketing purposes. This can include market research activities or individual campaigns in the form of direct marketing. You can contact us at any time to request that your personal information no longer be used for direct marketing. You can do this by clicking on the link in our emails to unregister or contacting us directly via email at gdpr@briab.se.
• To communicate with you, including to offer customer service; send service messages such as notifications, confirmations and updates; and send campaign information on new products or services that we think will interest you. We will always ask for your consent before sending you advertising, if required by law. You can choose to stop receiving our marketing emails at any time.

We take your privacy seriously. When you subscribe to receive news emails from us, you can be sure that we will not share you email address with external actors or anyone else outside of Briab – Brand & Riskingenjörerna AB. You can choose to stop receiving emails from us at any time by clicking on the link to unregister in any of our emails.

How we share personal information

Briab – Brand & Riskingenjörerna AB will not share information about you with third parties without your consent, as long as it is not required by law or directly necessary for us to deliver or fulfill a product or service that you have requested or ordered from us.

Transfer to a third country

We ensure that we always handle your personal information within the EU/EEA. In the case that we or one of our suppliers or sub-contractors needs to transfer personal information to a country outside the EU/EEA, we promise to take all reasonable legal, technical and organisational measures to ensure that your personal information is handled securely and with a level of protection in line with or exceeding the requirements of the EU/EEA.

We will only transfer your personal information to a country, territory, or region in a third country that the EU Commission has ruled has a sufficient level of protection.

Erasure of personal information

We keep your personal information for one to three years depending on the information and system or as long as required by other legislation, such as, e.g., the Book-keeping Act, or agreements. This means that we delete billing information from our system if you no longer use our services or personal information if it is no longer required for the purposes it was collected. If we keep your personal information for other purposes that are not directly related to, e.g., the Book-keeping Act or other entered agreements, such as direct advertising, we never do so for longer than is directly necessary for the intended purposes or required by law.

Briab – Brand & Riskingenjörerna AB protects your personal information through technical as well as organisational security measures. This is to prevent unauthorised parties from accessing personal information and ensure that the information we have is correct.

Your rights

Right of access
You have the right to receive information from us on how we handle your personal information, and as relevant in the following cases:

• the purposes for which we use your personal information
• what categories of personal information we use
• what personal information we transfer to third parties (recipients or categories of recipients) if relevant
• how long your personal information is stored and the erasure criteria we use
• your rights (the right to deletion, rectification, and restriction of processing of your information, the right to data portability, the right of objection to the use of your data, and the right to appeal to the supervisory authority)
• from which sources we collect your personal information (in the case that we collect it from sources other than directly from you)
• if your personal information is used for automatic decision making and what it means for you

If you have a question about your personal information and/or wish to request a complete copy of the data we have stored on you, please contact us: gdpr@briab.se. Your request will be processed as soon as possible and at the latest within 30 days. There is no cost associated with requesting and receiving a copy of your data. However, if you request several copies we reserve the right to charge a reasonable administration fee. If you make your request electronically, you will also receive a copy of your data in electronic form. This is dependent on the type of information being provided.

Right to rectification

We are keen to ensure that all personal information that we store is correct. However, if you discover that despite this we have incomplete or incorrect personal information stored about you in our registers, we request that you contact us so we can correct, complete or remove the information.

Right to erasure

• You have the right to request the erasure of your personal information under certain conditions:
• When your personal information is no longer needed for the purpose(s) for which it was collected
• If you withdraw your consent, i.e. you no longer consent to the use of your personal data (provided that your consent is the sole legal basis for the use of the data)
• If the information is being used for marketing purposes
• When your right to personal privacy supersedes our legitimate interest to continue handling personal information about you (provided that legitimate interest is the sole legal basis for the use of the data)
• If we have handled your personal information in a way that is inconsistent with relevant legislation
• If your personal information has been used to offer so-called information-based services to a minor

We will always erase personal information if required by law. See also the above section of the erasure of personal information.

If we are unable to accommodate your request for erasure, we will inform you of this decision and explain why. If you still wish to proceed with your attempt to have your information erased, you have the option of lodging a complaint with the Swedish Authority for Privacy Protection or taking your claim to court.

Right to restriction of processing

You have the right to the restriction of the processing of your personal data under certain conditions:

• For a period following an objection to the handling of or a request to correct your information during which we check that your information is correct.
• If your information has been handled illegally and rather than have it deleted you request that its use be restricted
• When your information is no longer required for its originally intended purpose(s) but needs to be retained for the purposes of establishing, asserting, or defending a legal claim.

In the case that we restrict the handling of your personal information in accordance with the above, we will continue to store the information but not use it other than (i) with your consent, (ii) to establish, assert or defend legal claims, (iii) to protect the rights of another physical or legal person, or (iv) in a case of legitimate public interest.

Right to data portability

When we handle your personal information in an automated way, either on the rightful grounds of you have given your consent or in the course of fulfilling an agreement, you have the right to a copy of the personal information you have provided to us in a structured, commonly used and machine-readable format – referred to as data portability.

Right to object

If you object to the handling of your personal information, including any profiling, for the purposes of legitimate interest, we will cease the handling of the information if we are unable to provide a justifiable reason to continue. We may continue to handle your personal information if it is required for the purposes of establishing, asserting, or defending legal claims.

When personal information is being handled for the purposes of direct marketing, we will immediately cease the handling upon your request.

Questions and complaints

We hope this information is useful for you and contributes to your understanding of why and how we handle your personal information. If you have any questions about how we handle your personal information, don’t hesitate to contact us: gdpr@briab.se. You also have the right to file a complaint with the supervisory authority with regard to how we handle your information.

The information in this text was last updated on 19/03/2020.

Dina rättigheter

Rätt till registerutdrag

Du har rätt att få information från oss om huruvida vi behandlar dina personuppgifter, och om så är fallet har du även rätt att få information om:

• syftet med att vi behandlar dina personuppgifter
• vilka kategorier av personuppgifter vi behandlar
• vilka personuppgifter vi lämnar ut till tredjepart (mottagare eller kategorier av mottagare) om det är aktuellt
• hur länge dina personuppgifter sparas och vilka gallringskriterier vi utgår ifrån
• dina rättigheter (rätten till radering, rättelse och begränsning av dina uppgifter, rätten till dataportabilitet, rätten att invända mot behandling och rätten att klaga till tillsynsmyndigheten).
• från vilka källor vi hämtar dina personuppgifter (i de fall vi hämtar dem någon annanstans ifrån än direkt från dig)
• ifall dina personuppgifter används för automatiskt beslutsfattande och vilka konsekvenser detta kan få för dig

Om du vill begära ut information om dina personuppgifter och/eller få ett samlat registerutdrag med de uppgifter som vi har registrerade om dig, kontakta oss: gdpr@briab.se. Din begäran kommer att behandlas så snart som möjligt, senast inom 30 dagar. Det kostar ingenting att begära och få ut ett registerutdrag. Om du däremot vill begära ut flera kopior förbehåller vi oss rätten att ta ut en rimlig administrationsavgift. När du skickar in din begäran elektroniskt, kommer du också att få registerutdraget tillbaka i digital form. Detta sker beroende på typen av uppgifter i registerutdraget.

Rätten till rättelse

Vi är måna om att all personlig information som finns lagrad hos oss är korrekt. Om du skulle upptäcka att vi trots detta har ofullständiga eller felaktiga personuppgifter om dig i våra register ber vi att du meddelar oss detta så vi har möjlighet att korrigera, komplettera eller ta bort information.

Rätten till radering

Du har rätt att begära att vi raderar dina personuppgifter under vissa förutsättningar:

• När dina personuppgifter inte längre behövs för de(t) ändamål som uppgifterna samlades in för
• Om du tagit tillbaka ditt samtycke, dvs du inte längre samtycker till behandlingen (förutsatt att behandlingen grundar sig på ditt samtycke som enda rättsliga grund)
• Om uppgifterna används för marknadsföringsändamål
• När din rätt till personlig integritet väger tyngre än vårt berättigade intresse av att fortsätta behandla personuppgifter om dig (förutsatt att behandlingen grundar sig på berättigat intresse som rättslig grund)
• Om vi har behandlat dina personuppgifter på ett sätt som är oförenligt med gällande lagstiftning
• Om personuppgifterna har använts för att erbjuda så kallade informationssamhällets tjänster till ett barn

Vi kommer alltid att gallra och radera personuppgifter när det krävs enligt lag. Se även i avsnittet länge upp om gallring av personuppgifter.

Om vi inte kan tillmötesgå din begäran om att bli raderad, kommer vi att meddela dig detta beslut och informera om varför. Om du ändå vill gå vidare och försöka få dina uppgifter raderade kvarstår möjligheten för dig att lämna in klagomål till Datainspektionen eller gå vidare med ditt ärende till domstol.

Rätten till begränsning

Du har rätt att få behandling av dina personuppgifter begränsad under vissa omständigheter:

• Under en period medan vi kontrollerar att uppgifterna är korrekta efter att du har invänt mot behandlingen eller ifrågasatt uppgifternas korrekthet.
• Om behandlingen är olaglig, och du trots detta har motsatt dig att uppgifterna raderas och istället begärt att användningen av dem ska begränsas
• När vi inte längre behöver dina personuppgifter för det ursprungliga syftet, men de behöver finnas kvar för att du ska kunna fastställa, göra gällande eller försvara ett rättsligt anspråk.

Om vi begränsar behandlingen av dina personuppgifter enligt ovan kommer vi fortfarande lagra uppgifterna men inte använda den annat än (i) med ditt samtycke, (ii) för att fastställa, göra gällande eller försvara rättsliga anspråk, (iii) för att skydda någon annan fysisk eller juridisk persons rättigheter eller (iv) för skäl som rör ett viktigt allmänintresse.
Rätten till dataportabilitet

När vi behandlar dina personuppgifter på ett automatiserat sätt, antingen med ditt samtycke som rättslig grund eller för att uppfylla ett avtal, så har du rätt att själv få ut de personuppgifter som du har lämnat till oss i ett strukturerat, allmänt använt och maskinläsbart format – så kallad dataportabilitet.
Rätten att invända

Om du invänder mot behandlingen av dina personuppgifter, inklusive eventuell profilering, där ändamålet är berättigat intresse kommer vi att upphöra med behandlingen om vi inte kan visa på en faktisk berättigad anledning till att fortsätta. Vi kan också komma att fortsätta behandla dina personuppgifter om det är nödvändigt för att fastställa, göra gällande eller försvara rättsliga anspråk.

Om syftet med behandlingen är direktmarknadsföring kommer vi omedelbart att upphöra med den behandlingen om du begär detta.

Frågor och klagomål

Vi hoppas att den här informationen är användbar för dig och bidrar med förtydliganden när det gäller varför och hur vi behandlar dina personuppgifter. Om du har frågor om hur vi behandlar dina personuppgifter, tveka inte att ta kontakt med oss: gdpr@briab.se. Du har också rätt att lämna ett klagomål till tillsynsmyndigheten när det gäller hur vi behandlar dina uppgifter.

Denna informationstext uppdaterades senast den 2020-03-19.