GDPR AND PERSONAL DATA
How Stamford AB processes your personal data.
Documents in the public domain
Stamford AB may need to collect, receive, or in some other way process your personal data. Stamford AB processes your personal data in compliance with the stipulations in the Data Protection Regulation (EU) 2016/679, as well as other governing legislation.
How have we obtained your personal data?
In the majority of cases you have personally provided us with personal data for us to deal with a matter on your behalf, although sometimes we could have received your personal data from a third party. If you have any questions about where your personal data has been obtained, please contact the personal data controller.
What is personal data?
Personal data is any form of information that can identify a living person.
What does personal data processing involve?
Personal data processing covers all the means employed to process personal data. This could take the form of collection, retention, deletion, dissemination, filing and copying.
Personal data controller
The personal data controller is responsible for your personal data being processed lawfully, securely, and in all respects correctly. If you have any questions about the processing of your personal data, please contact the personal data controller at firstname.lastname@example.org, Stamford AB, Matrosgränd 2, 652 16 Karlstad. You are entitled to receive a copy, free of charge, of your personal data that is processed by us.
Why do we process your personal data (purpose)?
If, for example, you submit an application to us, or if you require a service from us, we must be able to verify that you really are the person you say you are in order to deal with the matter at hand. We may also need information about you in order to be able to deal correctly with a particular matter, a request you may have made. We will not process your personal data if we do not have a good reason for doing so.
Why are we permitted to process your personal data (legal grounds)?
When you have an agreement with Stamford AB, processing your personal data is permitted in order to fulfil the agreement. One or more of the following requirements must be satisfied for us to process your personal data.
− The data subject has granted her/his consent that her/his personal data may be processed for one or more specific purposes.
− The processing is necessary to fulfil an agreement to which the data subject is a party, or to take action at the request of the data subject before such an agreement is entered into.
− The processing is necessary to discharge a legal obligation that rests with the personal data controller. − The processing is necessary to safeguard interests that are of fundamental importance to the data subject or to another physical person.
− The processing is necessary to perform a task that is of general interest or as part of the exercising of official duties by the personal data controller.
− The processing is necessary for purposes pertaining to the legitimate interests of the personal data controller or a third party, unless the data subject’s interests or fundamental rights and freedoms weigh more heavily and require that personal data is protected, particularly when the data subject is a child.
Who has access to your personal data?
The employees at Stamford AB who need to access your personal data in order to carry out their duties and deal with a particular matter or issue. It could be your contact person, an IT technician, a member of the administrative staff, or an external supplier. The party in question obviously depends on the nature of the matter.
Your personal data will not be processed outside the EU/EEA (third country).
How long will your personal data be retained?
Your personal data will be retained by Stamford AB until the purpose of the processing of the personal data has been fulfilled. The personal data will then be processed according to the rules applicable to Stamford AB relating to what are termed document management plans and erasure decisions. Contact the personal data controller for further information.
Your rights when personal data is processed by us
You can do the following:
− Request access to your personal data
− Request rectification or erasure of personal data or the imposition of a processing restriction − Object to processing of your personal data
− Request data portability
− At any time revoke any consent that may have been granted. If you revoke your consent, revocation becomes effective from the date on which revocation was made.
− File a complaint regarding our processing of your personal data with the Integrity Protection Authority If you want to exercise any of your rights concerning your personal data, please contact the personal data controller at email@example.com, Stamford AB, Matrosgränd 2, 652 16 Karlstad
It could be the case that we use automated decision-making. This means that a decision can be reached automatically based on the data you have furnished to us.
If your personal data is to be processed for any reason other than the original reason, you will be notified about this before the new processing commences.