Privacy Statement – Customer Relationships
1. Introduction
This privacy notice explains how we at Rejlers process your personal data (“data”) in relation to our current and potential customer relationships and outlines your rights regarding this data. As data controller, we are responsible for ensuring your data is processed legally. We want you to be informed and feel safe.
The processing of data related to marketing in current and potential customer relationships is described in the Marketing Privacy Notice.
2. What personal data do we process?
The data we may process for customer relationships includes:
• Contact and identification details, such as name, address, email address, phone number, organization, and job title;
• Marketing preferences;
• Communication data exchanged between you and us; and
• Other information relevant to the business relationship, such as and meeting attendance and insights.
3. How do we collect your personal data?
Personal data is primarily collected directly from the customer or its representative during a business relationship. We may also collect data from authorities, official registries and databases as well as other reliable external sources.
4. Why do we process your personal data?
We process your data only for reasons that are needed for maintaining effective business relationships, ensuring operational efficiency and complying with legal obligations. The following outlines the primary legal purposes for which we process data.
Contract: We process data to establish, manage, and fulfill product or service delivery contracts. This includes for example sales support, contract management, managing deliveries, monitoring performance, customer communication, handling payments, and otherwise maintaining the customer relationship. Data is also used for handling inquiries and customer requirements, resolving claims, managing incidents.
Legitimate Interest: We process data to market and develop our business, services, and manage customer communication and relationships. Additionally, we may use data to handle incidents and claims. We make sure that processing based on legitimate interest is fair and meets your reasonable expectations.
Legal Obligation: Local laws may require us to fulfill other legal obligations or disclose data to authorities. Additionally, accounting laws require us to keep records of our business activities.
Consent: We may process personal data based on your consent for specific purposes. You are not required to provide consent or personal data, and you can withdraw your consent at any time.
5. Who has access to your personal data?
We do not sell or disclose data to third parties without a legal basis. We may share data with trusted service providers who help us with tasks such as IT, marketing, and customer database management. We may also share your data with commercial partners such as sub-suppliers as needed for contractual reasons. These service providers and third parties only process your data according to our instructions and for the purposes mentioned in this privacy notice. We ensure that shared data is adequately protected and that recipients are bound by contracts with sufficient data protection terms.
Furthermore, our employees may have access to your data on a need-to-know basis to perform their job duties. We may share your data with our affiliates where they are involved in the delivery contract, or to support business operations, streamline processes, ensure consistency across the organization, or for other purposes mentioned in this notice.
Data may also be disclosed to authorities or other third parties if required by applicable law or enforceable official requests.
6. How long do we keep your personal data?
We keep your data only as long as necessary for its processing purpose or as required by applicable law, such as tax and accounting laws as well as statutes of limitations. Below is a list we apply as a guideline on how long we store your data:
| Data provided in the following contexts | Retention period |
|---|---|
| Contractual data | 10 years from expiry of last contractual obligation |
| Financial and accounting records | 7-10 years, depending on applicable tax and financial regulations |
| Legal and compliance data | For the duration of any relevant legal requirement plus an additional period to cover potential claims or disputes |
| Marketing and communication data | For the duration of your consent |
We may also keep your data longer if needed for legal reasons, such as claims, litigation, or internal investigations.
After this period, we delete or anonymize your data.
7. How do we protect your personal data?
We consider personal integrity a top priority and actively strive to keep your data safe. We take all reasonably expected technical and organizational measures to ensure that data is processed securely and protected from loss, accidental destruction, misuse, and unauthorized access or alteration in accordance with this privacy notice and the General Data Protection Regulation (GDPR), as well as other applicable legislation.
We protect our digital databases with firewalls, antivirus software, encrypted connections, and other standard security measures. Physical materials are stored in secure locations that unauthorized people do not have access to. Only our authorized employees who need to handle your data for their job can access, and they do so in accordance with our instructions.
We transfer your data to service providers outside the EU/EEA only when necessary for the technical and practical implementation of data processing, such as when a service provider operates outside these areas. In such cases, we make sure they have appropriate safeguards and data protection measures in place.
8. Your rights
According to data protection legislation, you as a data subject have the right to:
• Request information about how we process your data;
• Access your data;
• Request that your data is corrected, amended or updated;
• Request deletion of data or restriction of processing;
• Withdraw consent (if processing is based on consent); as well as
• Request your data in a machine-readable format and transfer it to another controller.
The applicability and extent of the above-mentioned rights are determined on a case-by-case basis in accordance with applicable data protection legislation. You can exercise these rights by contacting us (details in Section 9). We may need to verify your identity before processing your request.
Please note that if we comply with your request to withdraw consent or restrict or delete personal data, you may no longer be able to receive services that you previously received, ordered, or requested.
If you feel that the processing of your data is not done legally, you have the right to file a complaint with the supervisory authority as per the table below.
| Country | Competent authority | Contact details |
|---|---|---|
| Sweden | Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten) | imy@imy.se +46 (0)8 657 61 00 |
| Finland | Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto) | tietosuoja@om.fi +358 (0)29 566 6777 |
| Norway | Norwegian Data Protection Authority (Datatilsynet) | postkasse@datatilsynet.no +47 22 39 69 00 |
9. Contact information
For any questions or concerns about your data, please contact us as per below:
| Country | Contact details |
|---|---|
| Sweden | dataskyddsgruppen@rejlers.se +46 771 78 00 00 |
| Finland | tietosuoja@rejlers.fi +358 207 520 700 |
| Norway | kontakt@rejlers.no +47 22 33 66 33 |
10. Changes
We may at our sole discretion update this privacy notice occasionally. The latest version will always be available on our website. We’ll notify you of significant changes via email or by updating the notice on our site.