At PulPac we need to collect and process personal data in order to conduct our business. This applies to the personal data of individuals both within and outside our organization. We value and respect the integrity of individuals very high, and it is important for us to make sure we collect and process personal data only for clear and legitimate purposes, and that we apply routines and safety measures in order protect the personal data and respect the integrity of individuals. We continuously strive to keep ourselves updated on the legal requirements applicable on our organization in order to align our continuous work on the protection of personal data with such requirements and best practice.
1 CONTROLLER OF PERSONAL DATA
PulPac AB, Swedish company reg. no. 559134-9500, having its principal place of business at Amalia Jönssons gata 16, 421 31 V. Frölunda, Sweden (in this policy referred to as “we”, “us” and similar) is the controller of and therefore responsible for the processing of the personal data described herein.
2 HOW WE COLLECT PERSONAL DATA
2.2 Primarily, the personal data we collect from you is such that you provide us with yourself, for example when contacting us or sending us e-mails. Sometimes, we also collect personal data such as contact information, details about your profession or title and similar, when you visit our facilities, when you attend meetings or when you engage in other business or marketing interactions with us. Secondarily, we may collect data from other sources, such as your employer, colleagues, or business partners, and also from publicly available and reliable sources such as social networks and contact information databases.
3 PERSONAL DATA WE PROCESS
The kind of and amount of personal data we collect, and process, often depends on the nature of our relationship we have with you. Also, our relationship with you also affects the purpose for which we process your personal data. The following is a list of the most common categories of personal data we may collect and process about you.
a) Contact information, such as name, email, postal address, social network details, phone number and similar kind of contact information.
b) Organizational data, such as information about the company you work at or represent, your title and place of work.
c) Contractual data, such as personal information included in agreements with us and the company you work at or represent.
d) Messages and documents, such as personal information included in e-mails, text messages, letters, and other documents (including attachments) that you provide or share with us.
e) Notes, such as memory notes taken during meetings, phone calls and video conferences.
g) Job applications documentation, such as personal letter, CV, and other information you provide us with when applying for work.
4 HOW WE USE PERSONAL DATA AND ON WHAT LEGAL GROUND
4.1 We process your personal data for the following purposes.
a) Communication. We process your personal data in order to communicate with you, including for the purposes described below.
b) Relationship management. We process your personal data to negotiate, enter, or maintain our commercial or business relationship with you and the company you represent. This includes use of your personal data for customer management purposes, such as responding to requests and inquiries. If you are a job applicant, we also process your personal data for evaluation and admission processes.
c) Business operations. We process your personal data in order to manage our daily business operations in accordance with lawful and fair business practices, such as providing you, and billing for, our services, calculation of taxes and required audits.
d) Website management. We process your personal data, typically limited to information about our browser and device you are using, in order to improve and optimize our website.
e) Protection of legitimate interests. We process your personal data, when necessary, in order to protect and exercise our legal rights or business interests, such as defend ourselves against claims from you or third parties.
f) Legal requirements. We process your personal data in order to comply with our legal obligations under laws, court rulings, authority decisions and similar. For example, in order to respond to lawful requests by public authorities.
4.2 We base our right to process your personal data primarily on our legitimate interests. As a business oriented company, we are dependent on maintaining good and sound relationships with all individuals that in one way or another are connected to our business, including existing and potential customers, partners, job applicants, public authorities, and others, and that usually also requires the process of personal data. In some cases, when we process your personal data for accounting, tax- and other legal purposes, we base our right to process your personal data on our legal obligation to do so.
4.3 If you are a job applicant, and we store your personal data after the admission period, we do so only if you have given us your consent thereto and only for a limited period.
5 ACCESS TO YOUR PERSONAL DATA
Your personal data may be shared with the following persons and entities.
a) Employees and consultants. These will have access to your personal data to the extent they reasonably need the information in order to provide and execute their services and assignments for us (this includes employees and consultants hired by our subsidiary companies).
b) Subsidiary companies. Your personal data may be shared with companies that are under our control, e.g., PulPac Applications AB, Swedish company reg. no. 559252-2246.
c) Service providers. Your personal data will be shared with our service providers that supply us with e.g., IT related services, such as e-mail, billing system, hosting, backup services and similar. Such service providers are only allowed to access and process your personal data on our behalf and in accordance with our instructions.
d) Legal advisors, banks, and other suppliers. Your personal data may be shared with our legal advisors, accountants, banks, auditing firms, debt collection companies, transportation service providers and similar suppliers. In most cases, these will be regarded as the controller of the personal data we share with them.
e) Public authorities. Your personal data may be shared with legal authorities such as law enforcement agencies, regulatory agencies and other public and government authorities that legally require us to share personal data with them. Public authorities are themselves controllers of the personal data we share with them.
f) Business transfer. Your personal data may be transferred to or accessed by a third party in connection with a merger, sale of company assets, financing process or acquisition of all or a portion of our business to another company.
g) Other third parties. Your personal data may also be shared with third parties on your explicit or implicit permission. For example, in connection with a referral to another company or person. Your personal data may also be included in e-mail conversations with third parties.
6 TIME DURING WHICH WE STORE PERSONAL DATA
We do not store personal data longer than necessary. How long that is cannot at all times be decided beforehand and also depends on the context and the reason for our processing. In general, we store your personal data as long as we still have a legitimate business interest to do so. If we no longer need your personal data, we will either delete it or initiate processes to anonymize it.
a) Business relationships. Relevant personal data is stored for as long as we have an ongoing business relationship with you or your employer. Relevant personal data, such as contact information, may also be retained before we have established a formal business relationship and during such time that is motivated by the context of our communication with you. We may retain relevant personal data (such as messages and notes) even after the end of our business relationship, e.g., during any warranty or liability period.
b) Legal proceedings etc. Should a claim or legal proceeding be brough against us or by us, we may retain relevant personal data during such time that is necessary to protect our interests as related to such claim or legal proceeding.
c) Tax, accounting etc. We may retain relevant personal data (such as invoices and other accounting information) for as long as necessary in order to comply with our legal obligations.
d) Browser and device data. We retain browser and device data up to thirty (30) days after we have collected the information via our website.
e) Job applications. Although you were not hired this time, we might store your contact information and other relevant information for a time after you submitted your job application and after the end of the admission period (in the not so unlikely case that a new job opportunity might appear in the near future). However, any processing after the end of the admission period is dependent on your explicit consent thereto and limited to a maximum period of one (1) year.
7 WHERE WE STORE PERSONAL DATA
7.1 We only choose data processors (personuppgiftsbiträden) that are able to provide sufficient warranties that the personal data they process on our behalf is processed safely and in a way that does not violate the integrity of the individual. We strive to store all personal data within EU/EEA and to collaborate with service providers, including data processors, within EU/EEA. However, in certain cases your personal data will be transferred and processed outside of EU/EEA as well. For example, some of our service providers may on occasions process data outside EU/EEA. In case we process your personal data outside EU/EEA we will take measures to ensure that adequate safeguards are in place to protect your personal data.
7.2 Also remember that when we share personal data in accordance with Section 5 above, for example in connection with referrals or customary business transactions, the recipient may be located outside the EU/EEA. In such case we will no longer have control over how the recipients process your personal data.
8 ROUTINES AND SAFEGUARDS
8.1 We have and will continue to adapt and develop appropriate security measures and routines to protect personal data against unauthorized access.
8.2 We also strive to continuously educate our personnel in the handling and protection of personal data. This includes the implementation of routines and guidelines that aims to protect the interests and integrity of the data object in general.
9 YOUR RIGHTS
9.1 You have the right to object to our processing of your personal data based on our legitimate interest. You may contact us for more information regarding how we have balanced our interests against yours as the data object. This does not mean however that we will agree or that our legitimate interest to process your personal data should be limited.
9.2 You may request a copy of the personal data we process about you, together with information about how the personal data has been processed (i.e., collected, shared, transferred etc.).
9.3 You can request a transfer of your personal data to another data controller.
9.4 You can request that we delete the personal data we process about you. You can also request that we correct inaccurate or incomplete information about you.
9.5 You may request that the processing of your personal data shall be limited until inaccurate or incomplete information about you has been corrected or until your objection to our processing of your personal data has been managed.
9.6 You may at any time withdraw any consent regarding the processing of your personal data that you have provided.
10 WHERE TO RAISE CONCERNS
10.2 You may at all times raise concerns with the relevant supervisory authority, in Sweden that would be the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten).
We may update this policy at any time with the aim that the last updated version shall always reflect how we collect and process personal data. We will not send you any specific notifications in case of changes, so we encourage you to read this policy from time to time. The last updated version will always be available at our website.