Privacy policy

Introduction

All processing of personal data carried out by Acetec AB (reg. no. 556787-6536) (hereinafter referred to as "Acetec", "we", or "us") is conducted in accordance with applicable data protection legislation (GDPR).

This information is intended to provide general information about the kinds of personal data processing for which Acetec is the personal data controller.

Contact Information

For questions or concerns regarding our personal data processing, please contact us at:

Email: info@acetec.se or via this page

Phone: 010 28 80 110

Address: Fabriksgatan 9, 942 36 Älvsbyn, Sweden

1. Accounts, Events, Customer administration, and Leads

1.1 Financial Statements and Annual Reports

Purpose: To comply with the bookkeeping act and corporate law.

Categories of personal data: Name, email address, social security number, phone number, salary details, vacation days, vacation liability lists, and benefits and terms and conditions.

Legal basis: The legal basis for processing is a legal obligation under bookkeeping act and corporate law.

Retention period: Personal data is collected and retained for seven (7) years after the end of the calendar year in which the fiscal year ended, in accordance with the bookkeeping act.

1.2 Events

Purpose: To manage and host events in the pursuit of creating new customer relationships.

Categories of personal data: Name, phone number, address, and email address.

Legal basis: The legal basis for processing is legitimate interest, with the legitimate interest being the establishment of new customer relationships.

Retention period: Personal data is collected and retained for seven (7) years after the end of the calendar year in which the fiscal year ended, in accordance with the bookkeeping act.

1.3 Client management and customer care

Acetec processes personal data to execute and manage assignments and fulfill contractual obligations with business partners.

Purpose: To manage customer care, contract management, and to increase sales.

Categories of personal data: Name, social security number, phone number, email address, and position within the company.

Legal basis: The legal basis for processing is necessary for the performance of a contract.

Retention period: Personal data is collected and retained for seven (7) years after the end of the calendar year in which the fiscal year ended, in accordance with the bookkeeping act.

1.4 Leads

Purpose: To get in touch with new potential customers.

Categories of personal data: Name, phone number, and email address.

Legal basis: The legal basis for processing is a legitimate interest, where the legitimate interest is to establish new customer relations.

Retention period: Data is collected upon contact and stored for 5 years after the initial contact.

2. Recruitment process

2.1 Recruitment via a recruitment agency

Purpose: To find a candidate with specialist expertise that matches our recruitment requirements and candidate profile.

Categories of personal data: Name, age, phone number, address, email address, CV (including ethnicity information due to language skills), social security number, and cover letter.

Legal basis: The legal basis for processing is a legitimate interest, where our legitimate interest is to assess which candidate best fits our candidate profile.

Retention period: Documents and records are retained during the recruitment process and deleted 24 months after the recruitment process has been concluded.

2.2 Job application

Purpose: To find the right candidate for the position that has been advertised with respect to the requirements set out in the candidate profile.

Categories of personal data: Name, age, phone number, address, email address, CV (including ethnicity information due to language skills), social security number, and cover letter.

Legal basis: The legal basis for processing is consent.

Retention period: Consent requests are sent annually to candidates after the recruitment process has been concluded (only applies to the Teamtailor function). Upon completion of recruitment, candidates' personal data is deleted after 24 months. Data stored in “Remarkable “ is deleted 1 month after the recruitment process has been concluded.

2.3 Interview process

Purpose: To find a suitable candidate for the intended role who reflects the requirements set out in our candidate profile.

Categories of personal data: Name, age, address, email address, CV (including ethnicity information due to language skills), cover letter, family situation, social security number, and name.

Legal basis: The legal basis for processing is a legitimate interest, where our legitimate interest is to assess which candidate best reflects the requirements set out in our candidate profile.

Retention period: Consent requests are sent annually to candidates after the recruitment process has been concluded (only applies to the Teamtailor function). Candidates' emails are deleted after 24 months. Data stored in Remarkable is deleted 1 month after the recruitment process has been concluded.

2.4 Test results connected to the recruitment process

Purpose: To find a suitable candidate for the intended role who meets the requirements set out in our candidate profile.

Categories of personal data: Identifiable personality traits and test results from the IQ-test, name, and email address.

Legal basis: The legal basis for processing is a legitimate interest, where our legitimate interest is to assess which candidate best reflects the requirements set out in our candidate profile.

Retention period: Personal data is deleted 24 months after the recruitment process has been concluded.

2.5 Credit check

Purpose: To find a suitable candidate for the intended role who meets the requirements set out in our candidate profile.

Categories of personal data: Name, address, and financial details.

Legal basis: The legal basis for processing is a legitimate interest, where our legitimate interest is to assess which candidate best reflects the requirements set out in our candidate profile.

Retention period: Data is deleted after the recruitment process has been concluded. If the candidate is not offered a position, the candidates’ personal information is deleted 24 months after the recruitment process has been concluded.

2.6 Obtaining references for job applicants

If a candidate has provided a reference during a recruitment process, we will collect said individuals’ personal data from the candidate to contact said person.

Purpose: To contact the specified reference who has previously worked with the applicant or can otherwise provide a statement about their competence, personality, and work experience (to obtain a reference) to find a candidate for the intended role who meets the requirements set out in our candidate profile.

Categories of personal data: Personal data collected about the reference is the reference's name, phone number, email address, and position within said company. Personal data collected about the candidate includes information about their qualities, experience(s), and any absence from the previous workspace that was not previously sanctioned.

Legal basis: The legal basis for processing is a legitimate interest. Our legitimate interest is to assess which candidate best meets the requirements set out in our candidate profile by contacting the candidate's references with the aim of obtaining a statement about the relevant candidate.

Retention period: After the recruitment process has concluded the personal data is deleted after a 24-month period.

3. Social Media

3.1 Social Media

Purpose: To inform followers regarding new hires.

Categories of personal data: Name, email address, phone number, position, and picture.

Legal basis: The legal basis for processing is a legitimate interest, where our legitimate interest is to market the company and introduce new employees for followers on the company’s social media outlets.

Retention period: Personal data is collected at the start of employment, retained during employment, and deleted immediately upon termination of employment.

4. Who do we share your personal data with?

Your personal data is generally only processed by us; however, some data processing could include our subprocessor (e.g accountants and IT-system providers) and therefor personal data is shared with them – but only to the extent necessary and limited to the purpose for our processing. Acetec ensures that all processing carried out by a subprocessor is controlled by a data processing agreement, or equivalent arrangement as well as warranting that said subcontractors comply with all requirements set forth by data protection legislation.

5. Transfer of your personal data outside the EU/EEA

In cases where Acetec uses or intends to engage with subcontractors or partners established outside the EU/EEA area, we are responsible for ensuring that these actors guarantee a level of security equivalent to that which is maintained within the EU and EEA.

To ensure adequate protection of your personal data when data is transferred to countries outside the EU/EEA in the absence of an adequacy decision from the European Commission, Acetec, where applicable, has entered into agreements with each recipient of personal data containing standard contractual clauses adopted and approved by the European Commission, including but not limited to the standard clauses decided by the Commission Decision (EU) 2021/914.

Additionally, Acetec takes further protective measures, such as pseudonymization, IP anonymization, and encryption when the level of protection in the recipient country is not considered equivalent to that within the EU/EEA.

6. Your rights as a data subject

If we process your personal data, you have the right to exercise your rights as listed below. You can exercise your rights under the GDPR free of charge by contacting us directly. When we receive such a request, we may need to verify your identity with appropriate security measures to prevent unauthorized access to your personal data. We will respond to your request without undue delay, but no later than one (1) month after receiving your request. You have the right to exercise the following:

a) Right of access

You have the right to request access to and receive information regarding our processing of your personal data. This information is provided to you through an extract from our records. The information provided should be easy to understand and will be disclosed free of charge in an electronic format.

b) Right to rectification

You have the right to request the rectification of your personal data if it is incomplete or otherwise incorrect.

c) Right to erasure (right to be forgotten)

You have the right in certain cases to request that your data be deleted. This right is extended to situations where:

• The data is no longer needed for the purposes for which it was initially processed,
• The processing of your personal data is used for targeted marketing and you object to your data being processed for this purpose,
• You object to processing based on legitimate interest and our legitimate interesting in processing your personal data does not outweigh your interests and fundamental rights,
• The personal data has been or is being processed in an unlawful manner, or
• Erasure is required to comply with a legal obligation.

If Acetec needs the personal data to fulfill an agreement with you or to adhere to a legal obligation, we will not delete the requested data.

d) Right to restriction

You have the right to request that we temporarily restrict the processing of your personal data. Restriction of personal data may be relevant in the following examples:

• During the time it takes us to verify the accuracy of your data,
• During the time it takes us to assess whether our legitimate interest in processing outweighs your interests and fundamental rights,
• If you need the data to establish, exercise, or defend legal claims,
• If the processing is unlawful, but you prefer restriction over deletion of your personal data.

e) Right to object

You have the right to object to the processing of personal data that is based on our legitimate interest. If you raise such an objection, Acetec will review your objection and make an overall assessment weighing our legitimate interest(s) against your rights and interests related to the processing of personal data.

f) Right to data portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format for the processing of personal data that is based on the legal basis of consent or a contract and that you have provided to us. You also have the right to request that we transfer your personal data directly to another data controller.

Withdrawal of consent

If we process your personal data following the legal basis of consent, you have the right to withdraw your consent at any time by contacting us. The right to withdraw your consent can be done in a partial or complete manner, with the result being that we are obliged to partially or completely suspend the processing of your personal data for which consent was given. If you wish to stop receiving adds or marketing information from us, you can contact us at your leisure and inform us of your decision.

7. Your right to complain and contact information for the Swedish data protection authority (Integritetsskyddsmyndigheten IMY)

If you at any point have any questions regarding our processing of your personal data, please reach out to us with said questions and we will do our best to assist you with answering them as well other useful information at your request. If you are dissatisfied with how Acetec processes your personal data or handles your rights, you are welcome to contact us. You also have the right to lodge a complaint with the Swedish data protection authority Integritetsskyddsmyndigheten (IMY). A link to their website can be found here.

8. Changes to the privacy policy

We reserve the right to amend this policy as we deem necessary, any changes will be published on our website.

9. Iteration/version

Iteration 24/9-2024