Privacy policy

How are you affected as a customer?

Strömberg is a Personal Data Assistant (PuB) to its customers who are Personal Data Managers (PuA). PuA is responsible for establishing a Personal Data Assistant Agreement with PuB. PuA is also responsible for providing PuB with written instructions on the processing of personal data at PuB. The information for this can advantageously be retrieved from the register that PuA is obliged to maintain.

Can Strömberg help us with the Personal Data Assistant Agreement?

Yes, Strömberg has developed a template for Personal Data Assistant Agreements that we can use.

Can Strömberg help us with instructions for personal data processing?

Yes, with information from you as a customer who says what type of personal data is to be processed in different assignments, for what purpose, etc., Strömberg can formulate an instruction that follows the Data Protection Ordinance.

Do we pay anything extra for Strömberg to comply with the Data Protection Ordinance?

Technical and organizational conditions at Strömberg in order to be able to protect personal data in accordance with the Data Protection Ordinance, means no extra cost for you as a customer. Development of new functions, such as supplementation on websites, registers for consents, special thinning requests, etc., are charged according to the service agreement’s price list. For the part of the contract work and routine changes that follow responsibility for PuB according to the Data Protection Ordinance, no extra is charged.

In cases where Strömberg receives requests from customers to investigate issues, produce documentation for agreements, etc. which according to the Data Protection Ordinance is a responsibility for PuA, Strömberg charges according to the service agreement’s price list.

We will only use your personal information for the purposes for which you provided it and your personal information will not be used for marketing purposes. We do not use or share personal information in a way that is inconsistent with the original purpose for which it was collected, unless subsequent express consent has been obtained from you. You can withdraw your consent at any time, by contacting us via pul [a] strd.biz with reference to the consent in question.

Voluntary personal data only

As a visitor, you do not need to provide any personal information in order to use our website. Our website only collects personal data that is voluntarily provided by the visitor. This is about the personal information that you provide when you send a message to us via the e-mail function that we have on this website.

How does Strömberg handle personal data via e-mail?
In the first instance, we set up SFTP for each customer who has personal data to be transferred to Strömberg.
For those customers who do not have the opportunity to use SFTP, we have a solution that means that personal data via a password-protected link, can be provided and retrieved inside our protected IT environment.
Several customers use password-protected Secured Mail for the transfer of personal data to Strömberg.
For security reasons, Strömberg does not want to handle personal data via unencrypted emails, Dropbox or the like.
Children’s integrity

Strömberg protects personal integrity. Strömberg does not receive and process personal data on children under 16 years of age.

Legal requirements

The processing of your personal data may also take place in order for us to be able to fulfill obligations in accordance with law and regulations, for example current accounting.

Thinning of personal data

As PuB, Strömberg is responsible for processing and thinning out personal data from PuA in accordance with the current Personal Data Assistant Agreement and written instructions from PuA. To ensure this handling, Strömberg has a combination of automatic and manual regulations and routines in its products and processes, which follow each customer’s wishes for thinning.

If and when personal data is processed, Strömberg undertakes that the personal data is not retained for longer than is necessary with regard to the purposes of the processing.

Transfer of your personal data

It is only on a completely voluntary basis that visitors provide identifiable personal information to Strömberg. We may convey personal information provided to Strömberg’s companies in other countries, available only within the EU / EEA, for the purpose of being able to answer your inquiries and when necessary for the purpose for which such information was provided. Strömberg takes reasonable legal, technical and organizational measures to ensure that your personal data is handled securely and with an adequate level of protection.

Strömberg will never sell, publish or disclose personal information, which you state when you send a message to us via the e-mail function we have on this website, to any outside party without first notifying you and obtaining express permission and approval.

Control of data

Strömberg takes reasonable measures to check that personal data is relevant, correct, complete and current for the purposes for which it is to be used.

Does Strömberg have a Data Protection Officer (DPO)?

Strömberg mostly handles personal data in his capacity as PuB and in the form of name, address and e-mail, ie rarely sensitive personal data. The assessment at present is therefore that Strömberg does not need its own DPO. However, we have an internal Data Protection Representative, with the support of an external data protection lawyer.

Security protection

Strömberg has a well-developed IT support for security and alarms as well as well-developed processes and routines in the area of ​​information security. All this in order to best protect personal data from unauthorized access, alteration and destruction.

Strömberg has been quality certified according to ISO 9001 for a very long time. Since 2017, we have upgraded our management system according to the latest quality standard, ISO 9001: 2015. In recent years, we have expanded our quality management system to also include Information Security in accordance with ISO 27001.

Policy update

In the event of changes in law, ordinance or regulation regarding the processing of personal data or other changes, this policy may be revised. When this happens, a revised Personal Data Policy will be clearly published on Strömberg’s website, together with the date from when the new policy takes effect.

Employees’ responsibility to apply the policy

Strömberg’s employees are obliged to familiarize themselves with and follow the Personal Data Policy.

Communication, education and awareness

Strömberg continuously informs its employees in matters concerning the processing of personal data. Training is also regularly conducted in the subject of information security and personal data for all employees, in order to maintain a high level of awareness regarding the processing of personal data.

Supervision and compliance

We continuously monitor the quality and efficiency of our processing of personal data. Compliance with the policy is also monitored in Strömberg’s risk assessment program, which involves annual risk assessment of all processes, products, routines and systems.

• Right to access your data:
• You can request to receive a copy of the information you would like to know free of charge and verify the information we have about you.
• Right to correction:
  You can request correction at any time to correct incorrect or incomplete information about yourself.
• Right to be erased (”right to be forgotten”):
  You have the right to request deletion of your personal data in cases where the data is no longer necessary for the purpose for which it was collected. However, there may be legal obligations for Strömberg that prevent us from immediately deleting parts of your data. These obligations come from accounting and tax legislation, but also from consumer law legislation. What we do then is to block the data that we are obliged to save, from being able to be used for purposes other than fulfilling such legal obligations.
• Improper handling
  You are always welcome to report incidents that indicate a risk that Strömberg has not followed this personal data policy. The report can be submitted in person via e-mail, pul@strd.se, or anonymously as a letter to Strömberg’s personal data representative.If you believe that Strömberg violates PUL or other privacy legislation, you can contact the Swedish Datainspektion at www.datainspektionen.se.

The person responsible for personal data that you provide via this website is:
Strömberg Distribution AB
120 88 Stockholm
Sweden
Visiting address: Jonvägen 2-4
Tel: +46 8 779 96 00