Privacy Policy 

This privacy policy applies to Arcos Hydraulik’s processing of personal data in our external contacts. This applies to those who visit our website, represent customers or suppliers to us, apply for a job or are otherwise in contact with us in any way.  In this policy, we want to inform you about how we process personal data about you and what rights you have.

We want you to be sure that Arcos Hydraulik always strives to process your personal data correctly and protect the personal data that you provide to us or that we otherwise receive about you.

Responsibility for personal data and contact details

The data controller for the processing of your personal data is Arcos Hydraulik AB, Teknikergatan 5, 781 70 Borlänge.

For questions about the privacy policy or our processing of personal data, you can reach us by phone: 0243-820 75 or via e-mail e-mail@arcos.se.
Other contacts can be found under “Contacts” on our website.

Contact details for IMY:
The Swedish Authority for Privacy Protection
Box 8114
104 20 Stockholm
Phone: 08-657 61 00
Email:imy@imy.se

Processing of personal data 

Personal data is all information relating to an identified or identifiable natural person, such as, name, address, telephone number and email address. When you provide your personal data to Arcos Hydraulik, you should feel secure. We strive for the processing of personal data to always take place in accordance with the provisions of the Swedish privacy protection legislation, which includes the General Data Protection Regulation (EU) 2016/679 (“GDPR”).

Our processing of personal data

Here we describe how we process your personal data. We have divided up information for each purpose so that you can easily find processing that concerns you.

The purpose of the processing Categories of personal data, as well as where they come from  Legal basis for the processing according to the GDPR Receivers See section (Technical protection and receivers) for general receivers When we delete your data

Customers

Processing of personal data for sole trader or contact person for customers who are legal entities;

  • To register you or your employer as a customer and to administer the customer relationship according to our agreement including invoicing,
  • To communicate with you through various channels, including providing customer service.
Name, e-mail, phone number, professional title.In the case of a sole trader, personal identification numbers are also processed. If you are a sole trader, the processing is based on our agreement with you (Article 6(1)(b) GDPR).If you are a contact person for our customer, then the processing is based on our legitimate interest (Article 6(1)(f) GDPR) in fulfilling and safeguarding rights and obligations in the customer relationship with your employer. Information may be shared within the group to Arcos Hydraulic Oy. Your personal data is saved as long as the business relationship continues and thereafter for the time required or permitted according to the legislation and practice in force at any given time.

Supplier

Processing of personal data for sole trader or contact person for suppliers who are legal entities;

  • To register you or your employer as a supplier and to administer the business relationship according to our agreements including invoicing,
  • To communicate with you via various channels.

Name, e-mail, phone number, professional title.

In the case of a sole trader, personal identification numbers are also processed.

If you are a sole trader, the processing is based on our agreement with you (Article 6(1)(b) GDPR).

If you are a contact person for our supplier, then the processing is based on our legitimate interest (Article 6(1)(f) GDPR) in fulfilling and safeguarding rights and obligations in the business relationship with your employer.

 

Information may be shared within the group to Arcos Hydraulic Oy. Your personal data is saved as long as the business relationship continues and thereafter for the time required or permitted according to the legislation and practice in force at any given time.

Website visitors

In connection with visits, we set cookies.

  • Functional cookies: Make the website work,
  • Marketing: To be able to provide you with customised marketing based on your visit to our website.
  • Analysis: To be able to analyse when our website is visited, which pages are visited, for how long and the visitor’s behaviour during the visit.
IP address, geographic area, device information and which pages are visited.

We rely on a balancing of interests in providing you with a functioning website (Article 6(1)(fa) GDPR) for the use of strictly necessary cookies.

The processing of your personal data that takes place with the help of analytical or marketing cookies occurs, where applicable, with the support of consent (Article 6(1)(a) GDPR).

You can change the settings for or withdraw your consent at any time.

You can read about our use of cookies and which cookies we use from third parties in our Cookie Policy which you can find [here]. You can read about our use of cookies in our Cookie Policy, which you can find [here].

Job seeker

To process job applications if you apply for an advertised position with us or if you submit a spontaneous application.

The processing includes the documents you send to us, information from reference persons, recruitment companies, information from other people who have tipped us off about you or companies that help us with various forms of personality and competence tests, notes from interviews, in addition to any work samples and tests.

Application specific service: We rely on the legal basis of legitimate interest (Article 6(1)(f) GDPR).

Spontaneous application: We rely on consent (Article 6(1)(a) GDPR).

You can withdraw your consent at any time.

Your personal data is saved for as long as the recruitment for a specific position is ongoing and a further two years with reference to the Discrimination Act, so that we have the opportunity to show the grounds on which the employment decision was made.

Spontaneous applications are saved for three years from the time you gave consent.

Social Media

The purpose is to spread information about our business and our products to existing customers and to potential new customers.

We process the personal data we publish in our social media channels (LinkedIn). In addition, the personal data provided when interacting with us is processed.

We rely on the legal basis of legitimate interest (Article 6(1)(f) GDPR).

 

The personal data is shared with the provider of the relevant social media platform. Your personal data that you provide in the form of interactions or comments where it appears that you as an individual are the sender will be kept until further notice or until you delete the interaction or comment yourself. Where applicable, we will remove unwanted comments on an ongoing basis.

Other processing

For processing;

  • In a case with a legal connection
  • To answer your questions and help you in other ways depending on your reason for contacting us,
  • To ensure your identity,
  • To communicate with you via various channels such as trade fairs and events, including providing customer service; or submitted a request or customer feedback, to send service-related messages, confirmations and updates

Name, address, personal identity number, telephone number,

email images and any additional information you provide us.

We rely on the legal basis of legitimate interest (Article 6(1)(f) GDPR). Your personal data is saved as long as the business relationship continues and thereafter for the time required or permitted according to the legislation and practice in force at any given time.

How we use cookies 

We may process your personal data if you visit our website. If and in that case the personal data we process about you depends partly on what settings you have in your own browser and partly on what settings you made when you landed on our website. Our website uses cookies, which are small text files that collect different types of information about how you, as a visitor, use our website. You can read about our use of cookies and which cookies we use in our Cookie Policy which you can find here: [link].

 

Technical protection and receiver

Arcos Hydraulik applies appropriate technical and organisational security measures to protect personal data against e.g., loss, misuse and unauthorised access.

Only persons within the company who, in their employment, need to process the personal data in accordance with the purposes stated above will have access to them.

The company may disclose personal data to personal data processors, other companies within the group or third parties described below in accordance with applicable data protection laws.

 

Storage time

We process your personal data as long as the supplier or customer relationship remains and thereafter for the time required or permitted according to the legislation and practice in force at any given time. If your personal data is available as a reference in invoice documents, then it will be kept for seven years according to the Accounting Act.

We keep your data as long as necessary to fulfil our contractual obligations towards you and according to statutory storage periods for the respective purposes. It may also happen that the processing is necessary for us to establish, assert or defend legal claims.

 

Processing of personal data outside the EU/EEA

We and our personal data processor store personal data on servers located within the EU/EEA. Even if the personal data is stored within the EU/EEA, the personal data can, in some cases, be transferred to third countries when e.g., an IT supplier with whom we have entered into an agreement needs to process the data outside the EU/EEA in order to provide its service (e.g., through a group company in the USA).

If you are a customer with operations in a country outside the EU/EEA, then your personal data will also be processed in that country within the framework of that business relationship.

If personal data is transferred to a third country, we always take appropriate protective measures to best protect your personal data. Such appropriate protective measures may include:

  • that we ensure that the European Commission has decided that the country to which the personal data is transferred achieves an “adequate” level of protection that corresponds to the level of protection that the GDPR ensures.
  • that we enter into the EU Commission’s standard clauses with the recipient of the personal data in a third country. When personal data is transferred to third countries with the support of the European Commission’s standard contractual clauses, we assess whether there is legislation in the recipient country that affects the protection of your personal data. If required, we take special technical and organisational measures so that the protection of your data remains when it is transferred to the relevant country outside the EU/EEA.

However, due to US security legislation, there is a certain risk that US authorities, for the purpose of fighting crime or defending national security, may gain access to personal data that is transferred to the US despite us taking technical and organisational security measures.

You can contact us and request a copy of the safeguards. You will find our contact details in the introduction to this policy.

 

Your rights

As a registered user, you have certain rights. The rights are found in the data protection regulation and are shown below. When you want to exercise your rights, you are welcome to contact us, contact details can be found in the introduction to this policy.

When you exercise your rights, our starting point is to follow your request and get back to you, no later than within one month of you contacting us. Processing can take up to three months if the volume or complexity of the case requires it. If so, we will notify you.

The various rights you may have when we process personal data about you are described below.

You can find more information about your rights on IMY’s website: https://www.imy.se/privatperson/dataskydd/dina-rattigheter/.

 

Information

You have the right to receive information about how we process your personal data.

You can find more information about the right to information on IMY’s website.

 

Access to your personal data, register extracts

You have the right to request confirmation from us about how we process personal data concerning you, and in such case to request access to the personal data that we process about you, a so-called register extract.

 

Request to have your data deleted

You have the right to request to have your data deleted. Upon such a request, we delete data that is no longer necessary to process for the purpose for which the data was collected. We also delete your data if you withdraw your consent for a treatment. In some cases, we are unable to delete your personal data. In that case, it is because the data is either still necessary to process for the purpose that it was collected, that our interest in continuing to process the data outweighs your interest in having it deleted, or because we are required by law to retain it.

 

Request that processing be restricted under certain circumstances

You have the right to request that our processing of your personal data be restricted under certain circumstances.

The possibility of limitation applies if:

a) you dispute the accuracy of the personal data;

b) the processing is illegal and you object to the deletion of the data and instead request a limitation of their use;

c) we no longer need the data but you need the data to establish, assert or defend legal claims; or

d) you have objected to the processing according to Article 21.1 pending verification of whether our legitimate reasons outweigh your legitimate reasons.

 

Request the right to data portability

You have the right to request to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format and to have the right to transfer this data to another personal data controller.

 

Request correction of incorrect information

You have the right to request that the person in charge of personal data have incorrect personal data concerning you corrected without undue delay. Depending on the purpose of the processing, you also have the right to complete incomplete personal data.

 

Right to object to processing

You have, for reasons relating to your specific situation, the right to object at any time to the processing of personal data concerning you based on Article 6.1(f) of the Data Protection Regulation, legitimate interest. The right to object applies, among other things, to processing that involves profiling.

 

Right to object to decisions based solely on automated processing

You have the right not to be subject to a decision based solely on automated processing, including profiling, which has legal consequences for you or similarly significantly affects you.

 

Change of privacy policy

We reserve the right to make changes to this privacy policy to the extent that we consider them necessary based on the fact that we change our personal data processing and to meet new legal or technical requirements or to remedy problems or disturbances.