Sweco Data Privacy
At Sweco we respect the privacy of individuals and recognize the importance of the personal data entrusted to us by our customers, our employees and other parties. It is our responsibility to -in a relevant and proper manner- process and protect all personal data compliant with the applicable privacy legislation.
In short, the general principles for protecting personal data within Sweco are:
- We are transparent on how we comply with the applicable privacy legislation
- We limit the collection and processing of personal data
- We process (sensitive) personal data only if the processing has a clear legal ground
- We register details about individuals limited to achieving the purpose of the processing
- We inform individuals which personal data we collect and how these data will be used
- We treat personal data as strictly confidential and take appropriate technical and organizational security measures to protect personal data against loss or unlawful processing
- We keep personal data only for as long as necessary to fulfil the purposes for which it was collected or local law requires
- If our processing of personal data is likely to pose a high risk to individuals’ rights and freedoms, we will perform a data protection impact assessment and, if necessary, take appropriate security measures
- Our systems and processes support personal data protection. We document that our systems and processes work as intended.
- Where we outsource processing of personal data we impose contractual obligations to protect these data.
Data privacy notice
In this Privacy Notice we set out what personal data we collect and use, for what purposes and to whom your personal data may be disclosed by us in the context of our relation. Further, this Privacy Notice includes information regarding your rights with respect to the processing of your personal data. From time to time, we may need to change this Privacy Notice. The most recent version of this Privacy Notice is available on our website. We will inform you on important changes to this Notice via a notification on our website.
Whose personal data do we collect?
We collect your personal data because you are our customer or other valued relation.
How do we collect your personal data?
We may collect your personal data:
- directly from you, such as when entering into a contract with us as customer or (sub)consultant, visiting our website, subscribing to our communications, registering for an event, applying for a job
- from other sources, such as business partners;
- via cookies (please see the Sweco Cooky statement for more information),
- from publicly available sources.
On what grounds do we collect your personal data?
Legal grounds for processing of your personal data are:
- performance of a contract, such as providing our services to our customer;
- compliance with legal and regulatory obligations, such as paying taxes;
- consent, such as signing up for subscribing to our communications or registering for one of our events;
- Sweco’s legitimate interest such as being able to conduct its business, but only if Sweco’s interest clearly exceeds your right to privacy;
Why do we collect your personal data?
We collect your personal data for the following purposes:
- providing our services;
- marketing and business development activities, such as invites to our events, newsletters and for other marketing communications;
- generating statistics on the use of our website and/or to analyze and improve our website;
- Compliance with legal and regulatory obligations including business partner and client due diligence and screening against publicly available sanctions lists.
What personal data do we collect?
Personal data that we process may include:
- basic information, such as your first and last name (including name prefix or title), the company or organization you work for, your title or position;
- contact details, such as your e-mail address, postal address and phone number(s);
- financial information, such as bank account number;
- information related to the device you use to visit our website, such as an anonymised IP address and information related to your visit to our website;
- information you provide us for of attending events or meetings, such as access and dietary requirements;
- personal data provided to us by or on behalf of our customers or generated by us when performing our services to our customers;
- any other personal data relating to you which you may provide us or that we may obtain in relation to the purposes and based on grounds set out above.
With whom do we share your personal data?
We may share your personal data with other companies within the Sweco Group for processing your personal data in accordance with the purposes. Personal data may also be shared with Sweco’s trusted partners, such as event hosting organizations, researchers to achieve the purposes. We will ensure that appropriate contractual safeguards are implemented to ensure protection of your personal data when disclosing it to a third party.
In case personal data is being transferred outside EU/EEA, appropriate measures will be taken to ensure protection of your personal data.
How long do we store your personal data?
Where personal data is no longer necessary for the fulfilment of the purposes, we will cease to process these. We shall however continue the processing of personal data if laws or regulations to which we are to adhere require us to continue the processing.
How do we protect your personal data?
We use a variety of appropriate technical and organizational measures to help protecting your personal data consistent with applicable data protection laws.
What are your rights and how can you exercise them?
You have the right to:
- information about and access to your personal data;
- rectify your personal data;
- erasure of your personal data (‘right to be forgotten’);
- restriction of processing of your personal data;
- object to the processing of your personal data;
- receive your personal data in a structured, commonly used and machine-readable format and, where technically feasible, to have your personal data transmitted to another organization;
- lodge a complaint with your local Data Protection Authority.
To exercise your rights, please send an e-mail to: email@example.com. There may be circumstances that restrict your rights, particularly if processing your personal data is required to meet our legal or regulatory obligations.
If you have any questions or comments in relation to this Data Privacy Statement or the processing of your personal data by Sweco, please send an e-mail to: firstname.lastname@example.org
Box 340 44
SE-100 26 Stockholm