Information about Stafsjö’s processing of personal data.
Stafsjö collect and use personal data in various parts of our operations. For us it is important that you are comfortable with the way we process it.
Personal data submitted to us is processed in line with General Data Protection Regulation (EU 2016/679; GDPR) and this personal data policy.
Personal data means all information that can be used to identify or linked to a specific individual. This can include name, phone number, address and e-mail address. The personal data may also vary depending on purpose for which it is collected and processed. In general, the processing includes data such as name, address, phone number and e-mail address.
The categories of personal data that may be processed in the context of a whistleblower case depend on what information is provided by the reporting person and on what information needs to be obtained from other people or sources of information, for example to investigate or verify the information provided by a reporting person.
- The following categories of personal data may be processed in the context of a whistleblower case:
- Contact details,
- Social security number / coordination number,
- Information on employment, e.g., position,
- Income information, including salary and other benefits, income from capital, and business activities,
- Information on assets and investments such as account numbers, bank account holdings, holdings of securities and real estate, etc.,
- Membership in a trade union,
- Sexual orientation (e.g., when reporting discrimination),
- Religious or philosophical beliefs (e.g., when reporting discrimination),
- Racial or ethnic origin (e.g., when reporting discrimination),
- Political opinions (e.g., when reporting on discrimination),
- Information on the sexual life of a natural person (e.g., when reporting harassment or abuse),
- Health information and
- suspected or established breaches of rules.
Given that the person responsible for personal data does not control what information is provided in the reporting channel, it is not certain that the above list is completely exhaustive.
How we collect personal data
We only collect personal data that is provided voluntarily. This can be submitted via e-mails, phone calls, meeting or other ways. We also collect personal data if you use web forms on this website or via KPMG AB’s web application for whistleblowing.
Stafsjö also collect data through our website using cookies that collect data from your browser. See www.stafsjo.com/cookies.
Purpose, legal basis and deletion
We process personal data in order to:
- Market our products and send relevant information directly to existing and potential customers or other stakeholders of significant importance to our business.
- Respond and/or fulfill an inquiry, quote or a contract. This can be both sales and purchasing related, and the personal data may be needed both before and after the inquiry, quote or contract.
- Process of job applications provided by the job applicants.
- Manage whistleblower cases.
The legal basis for this processing is legitimate interest in maintaining and fulfilling our obligations with the personal data holder. Your personal data will be deleted when it is no longer relevant for the purposes for which it was collected. Exceptions may be made to deletion if Stafsjö needs the data to comply with legal requirements or to protect Stafsjö’s legal interests.
You have the right to unsubscribe of your personal data used for to marketing related communication. Please send request to firstname.lastname@example.org and our communication will end.
Sharing of personal data
Your personal data will only be processed by limited number of people who need it for the described purpose.
Stafsjö does not sell, trade, or otherwise transfer your personal data to external parties with exception described below based on Stafsjö’s legitimate interests to maintain and fulfill our business and whistleblowing obligations with you. We only share personal data with these parties if they agree to keep your data confidential and handle it legally correct. Where your personal data requires transfer to countries outside the EU/EES, measures are taken to ensure a high level of security and confidentiality of your personal data.
- We may forward and share your personal data to Ebro Armaturen Gebr. Bröer GmbH and its subsidiaries (“Bröer group” which Stafsjö is a part of), or to authorized distributors so they can market and sell relevant products to you or respond to your questions.
- We may share personal data with suppliers we use for different services, primarily of our IT systems and the whistleblowing service, which is managed by KMPG AB.
- Your personal data may also be shared if it is required to do so by the police or any other authority requires so by law in order to protect Stafsjö’s legal interest or to detect, uncover and prevent fraud and other security and technical issues.
Protection and safety
Stafsjö takes the appropriate organizational and technical security measures to protect your personal data from unauthorized access, change and deletion. All data is stored in databases protected by access controls and by firewalls.
You have the right to access information about the personal data we hold on you. You have the right to correct incorrect data, restrict the usage of the data or object to certain types of processes and, in some case, also the right to delete the personal data.
You are welcome to contact us with request for changes, deletion or information regarding processing of your personal data. This must be done by e-mail or post signed by yourselves.
Contact to controller of the data
Stafsjö Valves AB
Störnings väg 3
SE-618 95 STAVSJÖ
Phone: +46 11 39 31 00