Data protection within KAEFER AB
At KAEFER AB, we systematically work with personal data protection to ensure compliance with all regulations in the Data Protection Ordinance (GDPR). KAEFER AB protects personal integrity and always strives for a high level of data protection for the personal data processed by us. Following information describes how we at KAEFER AB work with data protection and your rights regarding your personal data as registered. It is important that you read the information and feel safe regarding how we handle your personal data. You are always welcome to contact us with any questions.
What counts as personal data and what is a processing of personal data?
Personal data are all kinds of information that can be directly or indirectly attributed to a physical person. For example, images and sound recordings, that are processed on a computer, can be personal data even if no names are mentioned. Encrypted data and different types of electronic identities (such as IP numbers) are personal data if they can be linked to a physical person.
Processing of personal data is any action taken with personal data, regardless of whether it is performed automated or not. Examples of common treatments are collection, registration, organization, structuring, storage, processing, transfer and deletion.
Who is responsible for the personal data we collect?
KAEFER AB is always ultimately responsible for the processing of employee’s personal data even if we disclose information to another party such as a payroll system. This means that the other party, e.g. The company owning our payroll system, which processes the tasks assigned to us, are our personal data assistant. Regardless of whether you are an assistant or ultimately responsible, you are responsible for handling the information safely and following the data protection regulation.
What are your rights as registered?
1.Right of access (so-called register extract)
We are always open and transparent about how we handle your personal data and if you want a deeper insight into what personal data we are processing, you may request access to the information The information is provided in the form of a register extract indicating purpose, categories of personal data, categories of recipients, storage periods, information about where the information has been collected and the existence of automated decision making1. If you make a request for access, we may need additional information to ensure the effective handling of your request and that the information is provided to the right person.
1Automated decision making in GDPR means that a machine makes decisions that have legal or similar effects on a person based on information about that person.
2.Right to rectification
If your personal data is incorrect, you can request them to be corrected. Within the stated purpose, you also have the right to supplement any incomplete personal data.
3.Right to restriction
You are entitled to request that our processing of your personal data be limited.
4.Right to object to certain types of treatment
You are always entitled to object to all processing of personal data based on a balance of interest.
5.Right of deletion
You may request the deletion of personal data we are processing about you if
- The information is no longer necessary for the purposes for which they have been collected or processed.
- You object to a balance of interest we have made based on legitimate interest and your objection weighs heavier than our legitimate interest.
- The personal data are processed illegally.
- The personal data must be deleted to comply with a legal obligation we are subject to.
Keep in mind that we may have the right to deny your request if there are legal obligations that prevent us from immediately deleting certain personal data. It may also be possible that processing of personal data is necessary for us to determine, enforce or defend legal claims. Should we be prevented from meeting a request for deletion, we will instead block personal data from being used for purposes other than the purpose that prevents the requested deletion.
How do we handle social security numbers?
We will only process social security number when it has a clearly motivated purpose, is necessary for secure identification or if there is any other reasonable reason. We will always minimize the use of social security number by using birth number instead when sufficient.
How are personal data protected?
We use IT systems such as SharePoint and OneDrive, so we can protect the privacy, integrity and access to personal data. Only those who need information about personal data to fulfill a specific purpose have access to them. Our mobile phones are protected by Microsoft Intune and can thus be emptied of any information in case it is stolen or lost. Our computers hard drives are encrypted which prevents unauthorized access. When logging into a company account, double identification is required. In addition to a password, a temporary code must also be entered which is sent to the employee’s mobile phone. We thus take special security measures to protect personal data against unauthorized treatment (such as unauthorized access, loss, destruction or damage).
How long do we save personal information?
We will only save personal data as long it is necessary for a specific purpose. For more specific information please see Right to access above.
How do you contact us easiest with questions about data protection?
Questions regarding GDPR are referred to the company's HR Partner. You will find current contact information on our website.
We may make changes to this information on data protection and you can always find the latest information at the bottom of our website.