Processing personal data

Controller of personal data

Rejlers AB, company reg. no. 556349-8426, is the controller for the company’s processing of personal data.

Processor of personal data

Under certain circumstances, the controller may employ the services of a processor, i.e. a company that carries out processing on behalf of Rejlers. In the event that Rejlers employs the services of a processor, prior to any processing taking place Rejlers will ensure that an agreement is in place that regulates how your data is to be processed. 

Where do we process your personal data?

Rejlers strives to ensure that all processing of personal data takes place within the EU/EEA, and that Rejlers own IT system is entirely located in Sweden. 

In the event that personal data is to be processed outside the EU/EEA, Rejlers will take all necessary measures to ensure that this takes place with the same level of protection required by GDPR. Among other things, this means the use of standard EU clauses and recognised organisations, such as those who have joined the Privacy Shield Framework.

Security

Rejlers uses various security systems to protect the personal data we process, including antivirus protection, firewalls and information rights management to protect from unauthorised access. We also use encryption to protect particularly sensitive data. Rejlers works continuously to maintain and improve security in our IT environment.

For how long do we store your personal data?

Rejlers stores your personal data only for as long as is necessary for any given purpose. See specific storage periods under each purpose for further information.

What are your rights as the data subject?

Right to access (i.e. to receive a register extract)

Rejlers is always open and transparent about how we process your personal data. If you would like greater insight into what personal data we are processing about you, you can request access to your data in the form of a register extract at any time. When we receive such a request, we may need to ask you for further information to ensure the efficient processing of your request and that the extract is being provided to the correct person.

Right to rectification

You can request the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you also have the right to supplement incomplete personal data. 

Right to erasure (right to be forgotten)

You can request the erasure of your personal data under the following circumstances:

• The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
• You object to a balance of interests assessment made by us based on our own legitimate interest and your reason for objecting outweighs our legitimate interest.
• Your personal data must be erased for compliance with a legal obligation to which we are subject. 

Rejlers has the right to refuse your request if we are under a legal obligation that prevents us from immediately erasing your personal data. Such a legal obligation may relate to bookkeeping and accounting legislation or other mandatory legislation. It may also be the case that processing is necessary in order for us to establish, exercise or defend a legal claim. Should we be prevented from erasing your personal data as per your request, we will instead block the data in question from being used for purposes other than that which prevents us from carrying out the requested erasure. 

Right to restrict processing

You have the right to request restrictions on our processing of your personal data. If you have reason to believe that we are processing inaccurate personal data, you can request that processing be restricted for the period of time required for us to verify the accuracy of the personal data. If we no longer require your personal data for the stated purpose, but you require them in order to establish, exercise or defend a legal claim, you can request the restriction of Rejlers’ processing of the personal data. This means that you can request that we do not erase your data.

If you have objected to processing based on our legitimate interests, you can request that processing be restricted for the period of time required for us to assess whether Rejlers’ legitimate interests outweigh your interest in having your data erased. If processing has been restricted in accordance with any of the above circumstances, we are only permitted to process your personal data in order to establish, exercise or defend a legal claim, to protect someone else’s rights or with your consent.

Right to object to certain types of processing

You always retain the right to object to processing of personal data based on balance of interests or where your personal data has been used for direct marketing purposes. In order to continue processing your personal data after such an objection, we must demonstrate a compelling legitimate reason for the processing in question that outweighs your own interests, rights or personal freedoms. Otherwise, we may only process your personal data in order to establish, exercise or defend a legal claim.

Right to data portability

If our right to process your personal data is based on your consent or the fulfilment of an agreement with you, you have the right to request that the personal data concerning you, and that you have provided us with, be transferred to another controller. This is known as data portability. A precondition for data portability is that the transfer is technically possible and can be carried out by automated means.