Privacy Statement

Privacy Statement

Data Privacy Statement of Nynas AB, as of February 1st, 2021

Nynas AB and its subsidiaries thanks you for visiting our website and for your interest in our company. We take the protection and security of your personal data entrusted to us seriously and want you to feel safe and comfortable when visiting our website and using our offers.

It is important to us that you know which personal data is collected when you use our offers and services and how we use them afterwards.

This privacy statement explains how we do this.

Personal data comprises all information that can be linked direct or indirect or in any way used to identify a specific individual. This Privacy Statement set out the types of personal information that Nynas AB and its subsidiaries processes, it also contains information required to comply with data regulations.

Note that these guidelines never limit the rights under the GDPR or other legally binding provisions.

1 Definition

1.1 Personal data

‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

1.2 Processing

‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

1.3 Restriction of processing

‘Restriction of processing’ means the marking of stored personal data with the aim of limiting their processing in the future.

1.4 Profiling

‘Profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyses or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.

1.5 Pseudonymization

‘Pseudonymization’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

1.6 Filing system

‘Filing system’ means any structured set of personal data which are accessible according to specific criteria, whether centralized, decentralized or dispersed on a functional or geographical basis.

1.7 Controller

‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

1.8 Processor

‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

1.9 Recipient

‘Recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.

1.10 Third party

‘Third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

1.11 Consent

‘Consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

1.12 Personal data breach

‘Personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.

1.13 Main establishment

 ‘Main Establishment’ means:

  • as regards a controller with establishments in more than one Member State, the place of its central administration in the Union, unless the decisions on the purposes and means of the processing of personal data are taken in another establishment of the controller in the Union and the latter establishment has the power to have such decisions implemented, in which case the establishment having taken such decisions is to be considered to be the main establishment;
  • as regards a processor with establishments in more than one Member State, the place of its central administration in the Union, or, if the processor has no central administration in the Union, the establishment of the processor in the Union where the main processing activities in the context of the activities of an establishment of the processor take place to the extent that the processor is subject to specific obligations under this Regulation.

1.14 Representative

‘Representative’ means a natural or legal person established in the Union who, designated by the controller or processor in writing pursuant to Article 27, represents the controller or processor regarding their respective obligations under this Regulation.

1.15 Enterprise

‘Enterprise’ means a natural or legal person engaged in an economic activity, irrespective of its legal form, including partnerships or associations regularly engaged in an economic activity.

1.16 Group of undertakings

‘Group of undertakings’ means a controlling undertaking and its controlled undertakings.

1.17 Binding corporate rules

‘Binding corporate rules’ means personal data protection policies which are adhered to by a controller or processor established on the territory of a Member State for transfers or a set of transfers of personal data to a controller or processor in one or more third countries within a group of undertakings, or group of enterprises engaged in a joint economic activity.

1.18 Supervisory authority

‘Supervisory authority’ means an independent public authority which is established by a Member State pursuant to Article 51.

1.19 Supervisory authority concerned

‘Supervisory authority concerned’ means a supervisory authority which is concerned by the processing of personal data because:

  • the controller or processor is established on the territory of the Member State of that supervisory authority;
  • data subjects residing in the Member State of that supervisory authority are substantially affected or likely to be substantially affected by the processing; or
  • a complaint has been lodged with that supervisory authority;

1.20 Cross-border processing

‘Cross-border processing’ means either:

  • processing of personal data which takes place in the context of the activities of establishments in more than one Member State of a controller or processor in the Union where the controller or processor is established in more than one Member State; or
  • processing of personal data which takes place in the context of the activities of a single establishment of a controller or processor in the Union, but which substantially affects or is likely to substantially affect data subjects in more than one Member State.

1.21 Relevant and reasoned objection

‘Relevant and reasoned objection’ means an objection to a draft decision as to whether there is an infringement of this Regulation, or whether envisaged action in relation to the controller or processor complies with this Regulation, which clearly demonstrates the significance of the risks posed by the draft decision as regards the fundamental rights and freedoms of data subjects and, where applicable, the free flow of personal data within the Union.

2 Name and address of the data controller

2.1 Name and address of the data controller

Nynas AB is the responsible data controller of personal data provided to us. (unless another body is expressly named as the responsible body)

Nynas AB
Lindetorpsvägen 7
Stockholm, Sweden
+46-8-602 12 00
nynas.com

3 Contact for your data protection questions

3.1 Contact for your data protection questions

If you have questions related to Nynas AB's processing of your data, please contact our Data Protection Office.

E-mail: [email protected]

You always have the right to make a complaint regarding the processing of personal data to the supervisory authority.

Contact of the supervisory authority: www.imy.se/kontakta-oss/

4 Information on the collection and processing of your data on our website

4.1 Collection and use of your data?

Personal data may be collected when visiting our website. Personal data may also be collected from other sources. If you decide to visit our website or make use of personalized services (e.g. by subscribing to a newsletter or by setting your personal preferences for webcast services), then you will be asked to submit the limited personal data which is necessary for us to provide that service or handle your query. This is completely voluntary.

If you ask us to send you newsletters, webcasts or other communications, we rely on your active consent in order to do so. You may opt out of receiving these communications at any time.

Nynas AB uses so-called cookies to ensure that functions and services at the website nynas.com shall function properly. For more information about cookies at Nynas AB's webpage, please see About Cookies.

4.2 Scope of processing

Nynas AB collects and uses personal user data only insofar as this is necessary for the provision of a functional online offer as well as our content and services.

Every time you are visit our website, our system automatically records the following data from the computer system of the accessing computer and saves it in log files (so-called log files):

  • Name of the file accessed
  • Date and time of access
  • Amount of data transferred
  • Notification of successful access
  • Browser type and version used
  • IP address of the user
  • Operating system of the user
  • Internet service provider of the user
  • Websites from which the user's system accesses our website
  • Websites that are accessed by the user's system via our website.

4.3 Purpose and legal ground for which the personal data is collected

Nynas AB collects personal data only for objectives supported by the applicable data protection regulation. The purpose can, for example, be to perform a service, such as mailing of newsletters requested or subscribed for by the person concerned. The legal ground to process personal data is considered in our business processes.

If you ask us to send you newsletters, webcasts or other communications, we rely on your active consent in order to do so. You may opt out of receiving these communications at any time.

Nynas AB does not process personal data for reasons that are incompatible with the original purpose.

4.4 Transfer of data to a third party

Since Nynas AB has several group-wide functions, the personal data can be shared with Nynas AB's subsidiaries.

Under certain circumstances, Nynas AB may also transfer personal data to collaboration partners, vendors or other third parties. Where service providers process personal data on Nynas AB behalf (data processors), agreements are entered to ensure that the personal data is processed securely and legally.

4.5 Transfer of data to third countries

Insofar as your personal data is transmitted to companies within the Nynas Group and / or to authorized third parties outside EU or EEA, we take appropriate organizational, contractual and legal measures to ensure that your personal data is exclusively processed for the purposes mentioned above. These measures aim to achieve an enough level of security considering the technical capabilities available.

4.6 Storage and deletion of your data

Nynas AB and its subsidiaries always processes personal data in an open, correct and respectful manner, and the kept personal data will be removed when it is no longer relevant for the purposes for which it was collected.

Personal data will be kept for the minimum amount of time that is required to fulfil the purposes for which the data was collected, including for satisfying any legal, accounting, or reporting requirements. This applies, for example, when an issue has been resolved or when a contractual relationship has been terminated, and the parties' balances have been finalized. However, some data may need to be retained thereafter, such as data used for statistics or as required under applicable laws, e.g. the bookkeeping act.

5 Cookies, social networks and webinars

5.1 Cookies

When you visit our website, you are informed about the use of cookies and your consent to the processing of the personal data used in this context is obtained.

For more information about cookies at Nynas AB's webpage, please see About Cookies.

5.2 Social networks

Social media cookies make it possible to establish a connection to your social networks and to share the content of our website within your networks.

Our website uses buttons for the social networks:

  • facebook, Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA
  • LinkedIn Ireland Attn: Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland
  • YouTube, LLC, 901 Cherry Ave., San Bruno CA 94066, USA

The buttons are marked with the logo of the respective social network. However, these are not the usual social plug-ns, but buttons with stored links. You need to activate the buttons separately by clicking on them. If these buttons are not clicked, no data is transmitted to the social networks. Only when you click the buttons and thereby declare your consent to communication with the servers of the social network will the buttons become active and the connection established.

After clicking, the button corresponds to a so-called share plug-n. Information about the visited page is made available to the social network, which you can share with your contacts on your social network. If you want to "share" the information, you must be logged in. If you are not logged in, you will land on the login page of the social network you clicked on and you are no longer on the pages of nynas.com. If you are logged in, the information is transmitted that you would like to recommend the respective article.

By activating the button, the social network then receives, among other things also the information that and when you accessed the corresponding page of our website, also e.g. your IP address, information on the browser used and the language settings. If you click the button, your click will be transmitted to the social network and used in accordance with its data usage guidelines. The purpose and scope of the data collection and the further processing and use of the data by the respective social network as well as your related rights and setting options to protect your privacy can be found in the information:

  • on Facebook: http://www.facebook.com/about/privacy
  • at Google: http://www.google.com/intl/de/policies/privacy
  • at YouTube: http://www.youtube.com/t/privacy_at_youtube

5.3 Webinar with GoToWebinar

In order to be able to conduct webinars over the Internet, Nynas AB uses the software solution GoToWebinar from LogMeIn, Inc. 333 Summer Street, Boston, MA 02210 USA. LogMeIn, Inc. is the controller for the provision of this service and the associated data processing. LogMeIn's privacy policy can be found here: https://www.logmeininc.com/de/legal/privacy. For the implementation of the webinar, we transmit your registration or customer data to LogMeIn, Inc. Your data is processed based on your consent (Art. 6 Para. 1 lit. a GDPR). An encrypted connection is established between you and the webinar organizer for the implementation of the webinar. The webinars are recorded as required in order to make them available on our website for later retrieval. Questions and related answers asked by participants during the seminar are also recorded and played back when the webinar is accessed later. Statistical data is collected during and after the webinar is held. If you take part in a webinar, in addition to your registration data, we will receive information about the duration of participation, interest in the webinar, questions asked or answers given for the purpose of further customer service or to expand the user experience.

6 Data subject's rights

6.1 Right of access

The data subject is entitled to receive information about and to what extent her/his data is being processed. If such personal data is stored by Nynas AB or one of its subsidiaries, you may request information about which category of personal data is being processed, from where the data was collected, for which purpose the process takes place, which legal ground the processing covers, storage time and with whom the data is shared. Nynas AB will send an answer to the address where the person is being registered within a month from having received the request. Additional documentation and information may be requested to establish the identity of the person making the request.

6.2 Right to rectification

The data subject has the right to request rectification of her/his data that is being incorrect or being possessed in violation of applicable law.

6.3 Right to erasure

Nynas AB erases personal data when there is no legal ground for keeping it. Personal data can be erased if any of the following is true:

  • The processing is based solely on a withdrawn consent
  • The data is no longer required for the purposes for which they are being processed
  • The processing is being done for direct marketing, and the person opposes the processing of the personal data
  • The data is not processed under GDPR
  • The person opposes processing that takes place based on a balance of interests, and Nynas AB's legitimate interest does not outweigh the person's interest
  • Erasure is required to comply with a legal obligation

If data is erased upon request, Nynas AB undertakes to inform any third party with whom Nynas AB has shared the personal data.

6.4 Right to a restriction of processing

Processing of personal data may be restricted upon request by an affected person or upon initiative by the data controller. Restriction means that the personal data will be marked so that it, in the future, may only be processed for specific purposes.

Notification obligation regarding rectification or erasure of personal data or restriction of processing

Nynas AB will communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with GDPR to each recipient to whom the personal data has been disclosed unless this proves impossible or involves a disproportionate effort.

6.5 Right to portability

The data subject who has her/his data stored by Nynas AB is entitled to request her/his data in a generally used and machine-readable format, for example for transfer to another party.

6.6 Right to object

If Nynas AB processes personal data based on balancing of interests as a ground, it is possible to object to the processing. To do so, you must specify which processing the objection regards.

6.7 Right to compensation

It is possible to claim compensation, for example, if Nynas AB's processing of personal data violates the GDPR and has led to damages to the person in question. Claims can be made directly to Nynas AB.

7 Protection and safety

7.1 Protection and safety

Nynas AB takes the appropriate organizational and technical security measures to protect personal data from being lost, destroyed, manipulated or made available to unauthorized parties. The measures aim to achieve an enough level of security considering the technical capabilities available.

Nynas AB may share personal data with the police or other authority if required to do so by law or by the decision of authority to protect Nynas AB legal interests or to investigate or prevent fraud, crime or security issues.

8 Changes to the personal data provisions

8.1 Changes to the personal data provisions

If there are changes to the provisions of Nynas AB regarding the processing of personal data, it will be announced on this page. If the processing of personal data has been regulated in an agreement with the customer, the provisions of the agreement apply until they are changed.