For information on how Stockholm Exergi processes your personal data according to the GDPR, click on the relevant heading below that applies to the capacity in which you have provided your personal data to Stockholm Exergi. Under ‘General information’ you will find information that is relevant to all categories.

Job applicants Suppliers/consultants Customers

Visitors Others Cookies

 

General information

Contact details

The personal data controller is Stockholm Exergi AB, corporate identity number 556016-9095, 115 77 Stockholm, customer service and switchboard number: +46 (0) 2031 3151. If you have questions or comments regarding our handling of personal data, please contact Stockholm Exergi’s Data Protection Officer Stefan Färnström at dataskydd@stockholmexergi.se.

If you feel that we have processed your personal data in ways that violate current legislation, you can contact the Swedish Data Protection Authority on +46 (0) 8657 6100 or imy@imy.se. You can also read more about Sweden’s personal data legislation on the Swedish Authority for Privacy Protection’s (IMY) website, imy.se

Your rights

As an individual, (hereinafter referred to as ‘the data subject’) whose personal data is processed by a personal data controller, you have various rights under Regulation (EU) 2016/679 of the European Parliament and of the Council (‘General Data Protection Regulation’). These rights are summarised below, with reference to the relevant article in the GDPR. For the complete wording, we refer you to the regulation itself, which, among other places, can be found on the IMY website (see address above).

Right of access/portability (Article 15)

The data subject shall have the right to receive confirmation as to whether personal data concerning him or her are being processed and, where that is the case, access to the personal data and the following information:

* the purposes of the processing

* the categories of personal data concerned

* third party recipients to whom the personal data have been disclosed

* how long the personal data will be stored or, if this is not possible, the criteria used to determine that period

* the right to request rectification/erasure/restriction of the personal data

* the right to lodge a complaint with IMY

* from where the personal data was collected (if not provided by the data subject him- or herself)

The data subject must receive a copy of their personal data that is being processed.

This information must be provided in writing, (for example in an email), unless the data subject requests that it be provided orally.

Right to rectification (Article 16)

Den registrerade har rätt att utan onödigt dröjsmål få felaktiga personuppgifter rättade.

Right to erasure (Article 17)

The data subject has the right to have their personal data deleted on request under certain conditions. This applies, for example, if the personal data is no longer necessary for the purposes for which it was collected or otherwise processed.

The personal data controller is also obliged to erase personal data if the data subject withdraws his or her consent and there is no other legal ground for the processing.

Right to restriction of processing (Article 18)

The data subject shall have the right to obtain from the controller restriction of processing of his or her personal data, for example, if the data subject contests the accuracy of the personal data. In such a case, restriction may become relevant for a period of time that gives the controller the opportunity to check that the personal data is accurate. Restriction means that the personal data is only processed for storage unless the data subject gives his or her consent to other processing.

Right to data portability (Article 20)

Under certain conditions, the data subject shall have the right to receive from the personal data controller their personal data in a structured, commonly used and machine-readable format and to have the right to transfer this data to another personal data controller.

Right to object (Article 21)

The data subject shall have the right to object, on grounds relating to his or her legitimate interests, at any time to the processing of personal data concerning him or her. If the data controller cannot demonstrate compelling legitimate grounds reasons for the processing that override the interests of the data subject, the personal data may no longer be processed.

Furthermore, the data subject further has the right to object at any time to the processing of personal data for the purposes of direct marketing.

Customers

Companies, housing associations and other organisations

The following information applies to representatives or contacts for associations, companies or any other organisation that is a customer of Stockholm Exergi. In addition to the information stated below, further details regarding some of services and products may be included in your individual agreement.

We collect and process your personal data in order to enter into and fulfil the contract between us and your organisation, which includes data processing for purposes relating to customer service, invoicing, operational information, information on updating terms and conditions, services and products, etc. Processing takes place based on a consideration of a balance of legitimate interests, where we have a legitimate interest in being able to satisfy these purposes.

We may also process personal data for marketing purposes, to conduct market analysis, compile statistics, or to evaluate, develop and provide information about our services and products. This processing also takes place with the support of a balance of legitimate interests, where we have a legitimate interest in being able to develop, improve and sell products and services and maintain good contact with customers. We use so-called tracking tools, and we may conduct targeted mailings regarding special offers, where a selection is based on which recipients have read and shown interest in information previously sent electronically, for example by clicking on links (profiling).

You have the right to object at any time to us processing your personal data for direct marketing purposes by contacting our customer service.

We may also disclose personal data to third parties if such an obligation is a legal requirement or if we have a legitimate interest in disclosing data for the purposes stated above. This may mean that we release data to companies that conduct processing on our behalf (so-called personal data processors), for example for invoicing or mailings. Furthermore, administrators at suppliers of the IT systems in which data is processed by us may have access to such data.

Personal data may be updated against public and private records to ensure that it is correct and up-to-date.

We store your personal data for one year after a contract has expired, unless you inform us before then that you will no longer be the contact person/representative of the organisation you represent. Data is then removed from our systems. Invoices and other documentation that constitute accounting information and that in some cases may contain personal data are, however, saved for seven years in accordance with our obligations under the Swedish Accounting Act (1999:1078)

Private individuals

The following information applies to private individuals who are customers of Stockholm Exergi. In addition to the information stated below, further details regarding some of services and products may be included in your individual agreement.

We collect and process your personal data in order to enter into and fulfil the contract with you, which includes processing for purposes relating to customer service, invoicing, operational information, information on updating terms, services and products, etc.

We may also process personal data for marketing purposes, to conduct market analysis, compile statistics, or to evaluate, develop and provide information about our services and products. This processing also takes place based on a consideration of a balance of legitimate interests, where we have a legitimate interest in being able to develop, improve and sell products and services and maintain good contact with customers. We use so-called tracking tools, and we may conduct targeted mailings regarding special offers, where a selection is based on which recipients have read and shown interest in information previously sent electronically, for example by clicking on links (profiling).

You have the right to object at any time to us processing your personal data for direct marketing purposes by contacting our customer service.

We may also disclose personal data to third parties if such an obligation is a legal requirement or if we have a legitimate interest in disclosing data for the purposes stated above. This may mean that we release data to companies that conduct processing on our behalf (so-called personal data processors), for example for invoicing or mailings. Furthermore, administrators at suppliers of the IT systems in which data is processed by us may have access to such data. Personal data may also be provided to or obtained from credit reporting companies for the assessment of your financial circumstances to fulfil our contractual obligations.

Personal data may be updated against public and private records to ensure that it is correct and up-to-date.

We store your personal data for one year after a contract has expired, at which point they are removed from our systems. Invoices and other documentation that constitute accounting information and that in some cases may contain personal data are, however, saved for seven years in accordance with our obligations under the Swedish Accounting Act (1999:1078).

Suppliers and consultants

The following information applies to suppliers and consultants who work for Stockholm Exergi, either independently or as employees of a company. It also applies to those who are listed as a contact person in contracts between companies and Stockholm Exergi.

We process your personal data for the purposes of regular contact within the framework of our collaboration and to fulfil our commitments of our contractual obligations, such as invoice processing. Data processing takes place based on a consideration of a balance of legitimate interests, where we have a legitimate interest in being able to satisfy these purposes. If you conduct work for Stockholm Exergi as a private individual, processing is necessary in order to enter into and fulfil our contractual obligations to you.

Data is stored for up to one year after a collaboration ends and is then erased. Invoices and other documentation that constitute accounting information and that in some cases may contain personal data are, however, saved for seven years in accordance with our obligations under the Swedish Accounting Act (1999:1078).

For certain consultants who are current for assignments with us, we collect CVs and corresponding summaries of previous experience and qualifications. This data is deleted immediately after the completion of an assignment.

Data may be disclosed to or shared with other Stockholm Exergi contractors for the purposes stated above. Personal names may be disclosed to Stockholm Exergi’s partners if and to the extent necessary for review and verification of invoice documents, etc. Furthermore, suppliers of the systems in which data is processed by us may have access to such data.

Visitor

This information applies to you who provide us with personal data when visiting our head office or one of our facilities. In connection with the visit, you may provide your name and other contact details. We collect this information in order to have control over which people are in our premises, which is necessary for security reasons (e.g. from a fire safety point of view or if the premises need to be evacuated for some other reason).

Should any incident be discovered afterwards, it is also important for us to be able to go back and find out who was on site at the time in question. However, your data will be removed from our systems after three months. During the storage period, the data is available to our property manager. Even the administrator of the supplier of the system in which the personal data is provided can have access to it during the storage period.


Job applicants

The following information applies to all those who provide personal data to Stockholm Exergi in conjunction with applying for a position with us, either directly or via a recruiter or employment agency.

We process your personal data in order to carry out the recruitment process correctly and efficiently. In addition to information provided in application documents, this may include notes from interviews or information from people who provide references. Data processing takes place based on a consideration of a balance of legitimate interests, where we have a legitimate interest in being able to satisfy these purposes.

If a recruitment process does not result in employment, we store your application documents and other data as described above for two years from the date we receive them, unless you request that the data be deleted prior to the end of that period, at which point they are removed from our systems. During the storage period, the administrator of the supplier of the system in which the personal data is stored may have access to them.

Other

The following information applies to those who submit personal data to Stockholm Exergi and who do not belong to any of the categories: Customer, Supplier, Consultant, Job applicant, or Visitor. You may live in or operate a property that is affected by installation or repair work that we carry out and email us with questions relating to it, or you contact us with general questions about our business.

We process the personal data you provide in order to process your enquiry effectively, for example by ensuring such data is transmitted to the relevant person or persons with us. Data processing takes place based on a consideration of a balance of legitimate interests, where we have a legitimate interest in ensuring that incoming enquiries are processed appropriately and efficiently. Data may be disclosed to or shared with consultants and other external contractors if necessary for the purposes stated above. If your enquiry concerns a claim for damages or other compensation, data may also be disclosed to external agents, insurance brokers and insurance companies.

Your data is stored for up to one year following processing of an enquiry and then erased.

Updated October 19, 2020