AAK AB (publ.) is committed to protecting and respecting your privacy, and we will always aim to protect your personal data in an appropriate manner with adherence to applicable Data Protection Privacy Laws and this Privacy Notice.
Below, you will find information on what type of personal data we collect about you and how we process such data and your rights as an individual.
AAK AB has appointed a Personal Data Officer to ensure that we continuously handle your personal data in an open, accurate and legal manner. You can contact our personal data representative at DPO@aak.com.
What type of information we collect
AAK mainly collect and process personal data that you provided to us in connection with your business relations with AAK, such as your presence, name, title and contact details. If you attend an event organized by AAK, we might ask for your special dietary requests. Personal data may also from time-to-time be collected from publicly available sources, such as company websites, business publications, trade fairs and similar. If you become part of a videorecording in connection with your participation in our capital market days, we will inform you of the recordings being made and, in such case, provide information about how and when it is used and your rights connected thereto.
When you request to receive newsletters, marketing and promotional material, general information or wish to connect with us online, we may (depending on type of contact you request) collect e.g. the following personally identifiable information about you: contact details (e-mail, address, phone, professional title or role), company name and language preferences.
AAK also collects personal data which you voluntarily submit when applying for a job; name, contact details, CV’s, resumes and cover letters. We may also collect data through applications from a LinkedIn account and we may supplement such information from other public sources such as search-engines, registers and social media.
Why do we handle personal data and what legal basis do we use?
Personal data is processed in order for us to conduct our business operations and to maintain the relationship with our business contacts working with or for our partners, customers and suppliers. Personal data is also processed for direct marketing purposes, to send out press releases, financial reports, invitations to seminars and similar events.
When connecting with us by general contact requests, by registration as a recipient of our subscription services or to download or request marketing material from us, you will be asked to give your consent to our processing of your personal information for this purpose. Your consent can be withdrawn at any time by contacting firstname.lastname@example.org.
When connecting with us for business purposes, e.g. to attend an event organized by AAK, to develop our business relationship with you as a representative for our partners, customers and suppliers or to develop joint business interests, we process your personal data based on our legitimate interest. In this situation, we have undertaken a legitimate interest assessment, where the needs, expectations, rights and freedoms of all parties have been considered. Before relying on legitimate interest, we have made sure that our interests are compelling enough and will not cause any unwarranted harm. We have a strong interest in being able to conduct and maintain our business with you and the company or organization that you represent.
We might use your information for marketing and market research, such as if we think one of our products, services, or offers, or those of our third party partners may interest you and the business entity you represent. We or our partners may contact you by email, SMS, on the phone, post or through other means of communication approved by you. This processing is based on our legitimate interest to market our business, services and products. All of our marketing communications will include the option to unsubscribe from us contacting you again.
If you apply for a job on our online portal, we rely on our legitimate interest to process your application and the personal data you submit, and your consent to store your application data and to contact you for future job opportunities if you decide that is something you want after a job application procedure has been concluded.
Third parties and transfer of your personal data
We will not share your personal data with third parties except in the following circumstances;
(i) if we have obtained your consent to do so,
(ii) in order to comply with legal obligations or defending against legal claims,
(iii) we engage a partner who performs services on our behalf, or
(iv) it is otherwise permitted by law.
We might share your personal data with;
(i) other legal entities or suppliers we work with that provide certain services to AAK (including IT systems providers),
(ii) other subsidiaries within AAK AB group, and/or
(iii) any other entity that we are obligated by law, decision from public authorities or judgement to share your personal data with.
We generally only process your personal information within the EU/EEA. Should personal data be transferred outside EU/EEA, such transfers shall be in accordance with applicable Data Protection Laws and require the receiving entity, if located in a country outside EU/EEA, to have adequate levels of data protection and safeguards in place. We aim to only transfer and process personal data in countries where an adequacy decision has been made. This means that the legislative framework in the third country provides the same level of legal protection as a country within the EU/EEA. To learn more about countries with adequacy decision, please see the website of the Swedish Authority for Privacy Protection There may be occasions where we need to process personal data outside of such countries. In these instances, we have undertaken a privacy impact assessment and transfer impact assessment to identify appropriate additional measures to implement, prior to establishing data processing agreements including approved standard contractual clauses. In the event that the contractual and organizational measures are still inadequate, we will seek your consent to undertake the proposed processing.
How long do we store your personal data?
We retain your personal data in accordance with our obligations under applicable law. We only retain data for as long as it is relevant to initiate, maintain or administer our business relationship with you, the company or organization that you represent.
If your organization is a customer to AAK, we process your personal data to administer our business relationship and for direct marketing during the contract period and for twelve months thereafter. If your organization is not a customer to AAK, but we have connected for business in another way, e.g. at a conference, we process your personal data for up to three years thereafter if no other contact is had.
If we process your personal data due to your participation in an event organized by AAK, we will delete your personal data for that purpose one month after the event has passed, if we are not obligated by law to keep records of your personal data for a longer period of time.
You may at any time unsubscribe from services you have requested from us, including our subscription services and/or receiving marketing material, and withdraw your consent. If you unsubscribe, your details will no longer be saved for this purpose.
Personal data processed for recruitment purposes will be processed and stored until the position is closed and up to six months after or as long as is necessary or permitted from a legal perspective based on our legitimate interest in handling your application. Data stored for future job opportunities is subject to your consent and stored up to 3 years for this purpose. You may at any time withdraw your consent for this purpose, in which case we will delete the personal data in question.
Your Rights related to our processing of your personal data
You have a number of rights given by applicable personal data legislation. These are as follows:
· Right to access: You have the right to ask us for copies of your personal information that we process about you. Through this copy, you will be able to understand which of your personal data we have and process. The right to access is applicable when a record contains information where an individual can be identified, and the information is about them. This means that records that are accessible to you will have the personal data about other people redacted where appropriate, in order to protect their right to privacy. Your personal data will be redacted if someone else requests access to a record containing your personal data. Legislation provides other exemptions that may be applicable such as records where legal privilege needs to be observed or there is an obligation of confidentiality in specific circumstances.
Right to rectification: If you believe that the personal data we currently hold or process about you is incorrect or inadequate, you are entitled to request your data to be corrected or supplemented. Any request to rectify your personal data will also be transferred and actioned by any processor with whom your personal data has been shared. This process is managed by us and will not require any additional action from you for your right to be exercised in full.
· Right to erasure: Under certain circumstances you may also have the right to request that your personal data is deleted. AAK will erase your personal data after such a request if the information is no longer necessary to fulfil the purpose of processing the information or if you retract your consent. AAK is obliged to keep some personal data due to legal obligations despite a request for erasure. As such, AAK may not be able to delete every record that is processed about you. This will be explained where relevant. Any request to be forgotten will also be managed by AAK with any processor that is processing your personal data on our behalf.
· Right to restriction of processing: You have the right to ask us to restrict the processing of your personal data in certain circumstances such as if they are not relevant to fulfill our legal obligations.
· Right to objection: You have the right to object to having your personal data processed. The right can be invoked when the legal basis is our legitimate interest of processing your information, including profiling, e.g. when AAK process your personal data for marketing or for a job application. If an objection is made, AAK must show compelling legitimate interests to continue processing personal data for that specific purpose.
· Right to data portability: Under certain conditions you have the right to ask that we transfer the information you gave us to another organization, or to you. This enables you to transfer it in a machine-readable format to another recipient. The right to data portability applies to personal data that is processed based on your consent (for instance direct marketing efforts) or to perform a contract. It applies only to such personal data that you have provided AAK with yourself.
· Right to withdraw consent: You have the right to withdraw consent where this is the lawful basis established for the processing of your personal data i.e. when collected for certain marketing activities.
Please note, that these rights are not absolute, and we may have a right to deny your request where we have a compelling interest to do so.
Before responding to a request, we have a legitimate interest to ensure the authenticity of your request and identity. If we require further information to verify your identity, we will inform you after the request has been made.
Your personal data will not be subject to automated decision-making.
If you believe we processed your personal information in violation of applicable Data Protection laws, please raise your concerns with us. You may also file a complaint with the Swedish Authority for Privacy Protection, Integritetsskyddsmyndigheten (IMY), who is the relevant supervising authority. You may contact IMY at email@example.com. Further instructions can be found on the Swedish Authority for Privacy Protection website, www.imy.se.
If this isn’t also your local data protection authority, you can contact your local data protection authority who will advise as to how best to proceed. In some instances, such as within the EEA, you can report to your local data protection authority and have no additional need to communicate with IMY.
Please note, that there is always a risk of disclosing personal data, regardless if it is disclosed personally, by phone or over the internet, and that no technology system can be completely protected from intrusion. However, AKK always makes every effort to take appropriate technical measures to prevent and minimize the risks of unauthorized use, access to, improper use or corruption of your personal data.
This information is subject to regular review and AAK reserves the right to revise the content of this information from time to time. If any notable changes are made, that may affect the processing of your personal data, we will inform you of the change.
If any part herein is inconsistent with applicable law, not applicable or for some reason cannot be maintained, other parts will not be affected in any way.
If you have any questions or comments about the content of this information or if you want to rely on any of your rights as described above, you are welcome to contact us at firstname.lastname@example.org or contact our appointed DPO directly at DPO@aak.com.