top of page

GDPR

Privacy Policy

1 Introduction

1.1 This Privacy Policy (the “Policy”) describes TBOX SWEDEN AB, reg. no. 559427-2105 (“TBox”, “we”, “us” or “our”), processes your personal data.

 

1.2 We are responsible for the processing of your personal data as described in this Policy in the capacity of data controller. If you would like to know more about our processing of your personal data, you are welcome to contact us.

 

1.3 It is important to us that you feel comfortable with how we process your personal data, and we therefore ask you to read through this Policy, which we may update from time to time. If we make changes to the Policy, the new version will apply from the time it is published on our website.

2The scope of this Policy

2.1 The Policy covers our processing of personal data collected in relation to your interactions with us, if you are a job applicant or a representative of our business partners and customers.

 

3 How we collect your personal data

3.1 The personal data we process relating to you is collected directly from you or from third party data sources. If you would like to know more about from which third parties we collect your personal data, you are welcome to contact us.

 

4 How we process your personal data

4.1 We only process your personal data to the extent permitted in accordance with applicable data protection legislation. This means that we need to have a legal basis for the purposes of our processing of your personal data, which in our context generally means one of the below legal bases. If you are acting on behalf of someone else, e.g., in the capacity of a representative of a company, our processing is carried out with reference to our legitimate interest balanced against your interests or fundamental rights or freedoms, where our legitimate interest is to conclude and perform the contract with the company you represent.

 

4.1.1. Performance of a contract: the processing is necessary in order for us to provide you with our services or otherwise perform a contract between us or the company you represent, or to take steps at your request prior to entering into a contract.

 

4.1.2 Performance of legal obligations: the processing is necessary to fulfil our legal obligations according to law or other statutes that we are subject to, or if we are subject to orders or decisions by courts or authorities, which require us to process your personal data.

 

4.1.3 Legitimate interests: the processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, if they are not overridden by your interests or fundamental rights or freedoms.

 

4.1.4 Consent: the processing is carried out with your prior consent, where we are responsible for clearly informing you of what processing you consent to and your right to withdraw your consent in relation to our continued processing.

4.2 Below, we explain more about the categories of personal data we process, for what purposes we process them and what legal bases we rely on when processing your personal data, including for how long we store your personal data.

4.2.1 Business relations

  • What we do and why: To maintain and develop our business relation with you or the company you represent, we will contact and communicate with you in the role as contact person of any of our existing or potential customers, partners, suppliers or business contacts in general.

  • The personal data that we process: Name, Contact details, such as email address, phone number, location, and address, professional title as well as information about the company you represent, and information which you provide to us when communicating with you.

  • Legal basis for the processing activity: Our legitimate interest to engage in, maintain and develop our business relation with you or the company you represent.

  • How we share and transfer your personal data: We share your personal data with our IT-suppliers within the EU/EEA.

  • Retention period: We process and keep your personal data while we have a business relation with you or the company you represent, however for a maximum of twenty-four (24) months from the time we last were in contact because of our business relation.

4.2.2 Contracts

  • What we do and why: To enter into or fulfil contracts between us or the company you represent.

  • The personal data that we process: Name, contact details, such as email address, phone number, location, and address, and professional title as well as information about the company you represent.

  • Legal basis for the processing activity: We need to process your personal data in order to fulfil our obligations in relation to the contract.

  • How we share and transfer your personal data: We share your personal data with our IT-suppliers within the EU/EEA.

  • Retention period: We process and store your personal data until the contract terminates and up to ten (10) years thereafter or for a period of time to fulfil legal obligations, for example according to the Accounting Act, whichever is longer.

4.2.3 Recruitment

  • What we do and why: Recruitment and employment process.

  • The personal data that we process: Name, contact details, such as email address, phone number, location, and address, personal data contained in CV, personal letter, letter of recommendations, diplomas, and information provided by references, and information provided by you during the recruitment process.

  • Legal basis for the processing activity: Our legitimate interest to make it possible for us to evaluate your qualifications and personal qualities in connection with decisions on recruitment.

  • How we share and transfer your personal data: We share your personal data with our IT-suppliers within the EU/EEA.

  • Retention period: We need to retain your personal data after you have participated in a recruitment process to protect our rights under the Swedish Discrimination Act. We therefore save the information from the recruitment process for two (2) years after the application process is over.

5 Security measures

We have taken security measures to ensure that your personal data is handled in a safe way. For example, access to systems where personal data is stored is limited to our employees and service providers who require it in the course of their duties. Such parties are informed of the importance of maintaining security and confidentiality in relation to the personal data we process. We maintain appropriate safeguards and security standards to protect your personal data against unauthorized access, disclosure, or misuse. We also monitor our systems to discover vulnerabilities.

 

6 Where we process your personal data

We process your personal data within the EU or EEA.

 

7 Additional retention period

We may use personal data to handle any customer complaints or to defend and/or establish legal claims. We will generally process such personal data for ten (10) years from creation or for the time necessary to fulfil the purpose in the relevant case. This processing of your personal data is based on our legitimate interest of establishing and/or defending legal claims.

 

8 Your rights

You have rights in relation to us and our processing of your personal data. Below, you will find information about your rights and how you can exercise them. Please note that your rights apply to the extent that follows from applicable data protection legislation and that there may be exceptions to the rights.

 

We also ask you to note that we may need more information from you to confirm your identity before proceeding with your request to exercise your rights. To exercise your rights or request information about them, you are welcome to contact us.

8.1 Right of access

You have the right to obtain a confirmation as to whether we process your personal data. If that is the case, you also have the right to receive copies of the personal data concerning you that we process as well as additional information about the processing, such as for what purposes the processing occurs, relevant categories of personal data and the recipients of such personal data.

 

8.2 Right to rectification

You have the right to, without undue delay, have incorrect personal data about you rectified. You may also have the right to have incomplete personal data completed.

 

8.3 Right to erasure

You have the right to obtain that we erase your personal data without undue delay in the following circumstances:

  • The personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed;

  • Our processing is based on your consent, and you withdraw your consent to the relevant processing;

  • You object to the processing that we carry out based on a legitimate interest, and your objection overrides our or another party’s legitimate interest of the processing;

  • The processed personal data is unlawfully processed;

  • The processed personal data must be erased for our compliance with one or more legal obligations.

8.4 Right to restriction

You have the right to request that we restrict the processing of your personal data in the following circumstances:

  • You contest the accuracy of the personal data during a period enabling us to verify the accuracy of such data;

  • The processing is unlawful, and you oppose erasure of the personal data and request restriction instead;

  • The personal data is no longer needed for the purposes of the processing, but is necessary for you for the establishment, exercise or defence of legal claims;

  • You have objected to the processing of the personal data which we carry out based on a legitimate interest, pending the verification whether your objection overrides our or another party’s legitimate interest to continue with the processing.

 

8.5 Right to object

You have a right to object to our processing of your personal data when it is based on our or another party’s legitimate interest. If you object, we must demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms in order to be allowed to continue with our processing.

 

8.6 Right to data portability

If our processing of your personal data is based on the performance of a contract with you or your consent, you have the right to receive the personal data you have provided us relating to you in an electronic format. You also have the right to have the personal data transferred from us directly to another data controller, where technically feasible. We ask you to observe that this right to so called data portability does not cover personal data which we process manually.

 

8.7 Right to withdraw consent

If our processing of your personal data is based on your consent, you always have the right to withdraw your consent at any time. A withdrawal of your consent does not affect the lawfulness of the processing that took place based on the consent before your withdrawal.

9 Complaints with the supervisory authority

In Sweden, the Swedish Authority for Privacy Protection (Sw. Integritetsskyddsmyndigheten) is the authority responsible for supervising the application of current data protection legislation. If you believe that we process your personal data in a wrongful manner, we encourage you to contact us so that we can review your concerns. However, you may lodge a complaint with the Swedish Authority for Privacy Protection at any time.

 

10 Contact details

If you have any questions about the processing of your personal data or want to exercise any of your rights, please contact us at:

Email: info@t-box.se

TBox Sweden AB

Blasieholmsgatan 3

111 48 Stockholm

Sweden

Get in Touch

This is a Paragraph. Click on "Edit Text" or double click on the text box to start editing the content.

bottom of page