Privacy policy for suppliers
Who is a supplier?
You are a contact person of a supplier if the company that you work for provides goods and services to us.
Your personal data is collected from yourself, your employer or the company you work for or other external persons that share your information with us. In certain cases we may collect personal data about you from publically available sources, e.g. websites and social media platforms.
When and why we process your personal data?
We process your personal data for the following purposes:
Procurement of supplier
In connection with the procurement of a new supplier we process your personal data, e.g. to collect contact details to you as a contact person for the supplier prior to issuing a request for proposal (RFP), to collect documentation and to complete the procurement process.
Categories of personal data |
Legal basis |
|
Legitimate interest. The processing is necessary in order to satisfy our legitimate interest of carrying out procurement of suppliers. The processing of personal identification number is necessary having regard to the purpose of the processing. |
Storage period: Your personal is stored during the procurement process and for a period of ten (10) years thereafter in order to satisfy our legitimate interest of managing and defending legal claims and for such period thereafter which is necessary in order to manage the claim. |
Manage the supplier relationship
We process your personal data in order to manage the supplier relationship, e.g. to register your contact information in our supplier database, manage supplier invoices and to manage and archive supplier agreements.
Categories of personal data |
Legal basis |
|
Legitimate interest. The processing is necessary in order to satisfy our legitimate interest of managing supplier relationships. The processing of personal identification number is necessary having regarding to the purpose of |
Storage period: Your personal data is stored during such period that you are a contact person for the supplier and for ten (10) years thereafter in order to satisfy our legitimate interest of managing and defending legal claims and for such period thereafter which is necessary in order to manage the claim. Personal data in accounting material is stored for a period of seven (7) years calculated from the end of the calendar year when the relevant fiscal year ended in order to fulfill legal obligations (bookkeeping and accounting requirements under the Accounting Act (1999:1078)). |
Manage order of goods and services from supplier
In order to manage an order of goods and services from the company you work for, we process your personal data, e.g. to handle order confirmations and complaints.
Categories of personal data |
Legal basis |
|
Legitimate interest. The processing is necessary in order to satisfy our legitimate interest of managing orders from the supplier. |
Storage period: Your personal data is stored during such period that is necessary in order to manage the order and for ten (10) years thereafter in order to satisfy our legitimate interest of managing and defending legal claims and for such period thereafter which is necessary in order to manage the claim. Personal data in accounting material is stored for a period of seven (7) years |
Communication between employees and external persons in the service
We process your personal data as a contact person of a supplier in order to communicate with you, other employees and external persons in the service.
Categories of personal data |
Legal basis |
|
Legitimate interest. The processing is necessary in order to satisfy our legitimate interest of enabling communication between employees and external persons in the service. |
Storage period: Your personal data is stored for a period of ten (10) years calculated from the date of the last communication in the same conversation in order to satisfy our legitimate interest of managing and defending all types of legal claims. |
Evaluate and follow-up supplier relationships
We process, to the extent it is necessary, your personal data to evaluate and follow-up on our supplier relationships.
Categories of personal data |
Legal basis |
|
Legitimate interest. The processing is necessary in order to satisfy our legitimate interest of evaluating and to follow-up our supplier relationships. |
Storage period: Reports on an aggregated level which do not contain any personal data and statistics are stored until further notice or until they are deleted. |
Handle and defend legal claims
We process your personal data, to the extent it is necessary, to handle and defend legal claims, e.g. in case of a dispute or litigation.
Categories of personal data |
Laglig grund |
|
Legitimate interest. The processing is necessary in order to satisfy our legitimate interest of handling and defending legal claims. The processing of personal identification number is necessary having regard to the purpose of the processing. |
Storage period: Your personal data is stored for such a period that is necessary for this purpose. |
Fulfill legal obligations
We process your personal data in order to fulfil legal obligations, e.g. bookkeeping and accounting requirements and obligations under data protection regulations.
Categories of personal data |
Legal basis |
All categories of personal data that have been collected and which are necessary in order to fulfill each legal obligation. |
Legal obligation. The processing is necessary in order to fulfill our legal obligations. |
Storage period: Your personal data is stored for such period that is necessary in relation to each legal obligation. |
Manage and protect IT systems and services
In order to manage and protect our IT systems and services, e.g. upon logging, troubleshooting, backup, change and problem management in systems and in connection with potential IT incidents, we process, to the extent necessary, your personal data.
Categories of personal data |
Legal basis |
All categories of personal data stated above. |
Legitimate interest. The processing is necessary in order to satisfy our legitimate interest of managing and protecting our IT systems and services. The processing of personal identification number is necessary having regarding to the purpose of the processing. |
Storage period: Your personal data is stored during the same period that is stated in relation to each purpose of the processing of your personal data above. Personal data in logs are stored for troubleshooting and incident handling during a period of 13 months calculated from the date of the logging event. |
Recipients that we share your personal data with
Where necessary, we share your personal data with others. The recipient is the data controller for the processing of your personal data, unless we have stated otherwise.
We share your personal data with:
Service providers
In order to fulfil the purposes of the processing of your personal data, we share personal data with service providers that we have engaged. These service providers provide IT services to us (such as operation, technical support and maintenance of IT systems). The service providers may only process your personal data for these purposes and in accordance with our instructions and not for their own purposes. We are the data controller for the processing of personal data that the service providers carry out on our behalf.
Group companies
We share your personal data with group companies that provide services to us, e.g. IT services. We are the data controller for the processing of personal data that the group companies carry out on our behalf.
External persons
In connection with communication with external persons we share the personal data, that you yourself or others have provided, with the external persons.
Categories of personal data |
Legal basis for the transfer |
|
Legitimate interest. The processing is necessary in order to satisfy our legitimate interest of enabling communication between employees and external persons in the service. |
Other recipients
In certain cases we share, if necessary, your personal data with other recipients for certain purposes (e.g. to fulfill legal obligations and to handle and defend legal claims). Examples of recipients are external advisors, authorities, courts, the police and potential buyers or sellers of the company.
Recipient |
Purpose |
Legal basis for the transfer |
Public authorities |
We share necessary personal data with public authorities if we are obligated under law to disclose the information. |
Legal obligation. The processing is necessary in order to fulfill legal |
External advisors |
We share necessary information with external advisors, e.g. audit firms, and law firms if we are obligated under law to share the information or in order to manage and defend legal claims. |
Legal obligation and |
Courts, counterparties etc. |
In order to manage and defend legal claims we share personal data to other parties. |
Legitimate interest. The processing is necessary in order to satisfy our legitimate interest of managing and defending legal claims. |
Law enforcement authorities, e.g. police |
We share personal data with law enforcement authorities, e.g. the police if we are obligated under law to disclose information. |
Legal obligation. The |
Potential buyers and sellers |
We share personal data with potential buyers and sellers in case of an acquisition of the business or a merger. |
Legitimate interest. The processing is necessary in order to satisfy our legitimate interest of carrying out the acquisition or the merger. |
Information regarding categories of personal data
Please see the table below for further information regarding which categories of personal data that we process.
Category |
Examples of personal data |
Your communication |
Contents in your communication, e.g. e-mails |
Identity information |
Name and personal identification number |
Information regarding qualifications |
Education, work experience, courses, qualifications |
Contact details |
Address, telephone number, e-mail address |
Organisational information |
Title, position, employer |