Personal data policy


1. Data controller & contact details

1.1 Introduction

Fagerhult always protects your privacy and understands the importance of ensuring that we process your personal information in the correct way. Below you find information about why and how we collect personal data and how it is used and stored.

1.2 Data controller

Unless otherwise stated below, Fagerhults Belysning AB (556321-8659), (hereafter ”Fagerhult”, ”we”, ”us” or ”the company”) is the data controller for the processing of personal data in accordance with this personal data policy.

If you are in contact with any of our sales companies, that company is the data controller for its personal data processing. Information and contact details for each sales company can be found at https://www.fagerhult.com/Contact/.

1.3 To exercise any of your rights or in case of questions about data protection, please contact us or the relevant sales company directly

Fagerhults Belysning AB
556 80 Habo
Sweden
Telephone: +46 36 10 85 00
E-mail: info@fagerhult.se

If you have any comments on our processing or if you are not satisfied with our answers, you have the right under data protection legislation to submit any comments or complaints to the relevant supervisory authority (in Sweden it is the Swedish Authority for Privacy Protection “Integritetsskyddsmyndigheten” (IMY)).

Contact details to IMY:
Integritetsskyddsmyndigheten
Box 8114
104 20 Stockholm
Telephone: 08-657 61 00
E-mail: imy@imy.se

Additional information about the current data protection legislation can be found at www.imy.se/en/.

2. Your rights

As a data subject you have certain rights when we process your personal data.

Those rights originate from the General Data Protection Regulation (GDPR) and are stated below. To exercise any of your rights please contact us at info@fagerhult.se or the relevant sales company directly.

You also have the right to submit any comments or complaints to the relevant supervisory authority (in Sweden it is the Swedish Authority for Privacy Protection).

When you want to exercise any of your rights, we will handle your request and reply no later than within a month from receiving your request. The handling of your request can take up to three months depending on the volume of the request or its complexity. If so, we will notify you thereof. We will always reply to your request in writing.

Depending on what legal basis we support our processing on and for what purpose we process your personal data, there might be exceptions or limitations of your possibility of exercising your rights.

If your request is manifestly unfounded or unreasonable, especially if it is made recurrently, we will either charge you with a fine or refuse to meet your request. In such circumstances we will have to be able to prove that your request is manifestly unfounded or unreasonable.

2.1 Right to information

You have the right to be provided with information about how we process your personal data.

More information about the right to information you will find at IMY:s webpage.

2.2 Right to access

You have the right to obtain a confirmation from us as to whether personal data concerning you are being processed by us, and if so, gain access to the personal data and information about how we process the data (a register extract).

More information about the right to access you will find at IMY:s webpage.

2.3 Right to erasure (‘right to be forgotten’)

You have the right to obtain from us the erasure of personal data concerning you. By such request, we will erase personal data that are no longer necessary in relation to the purposes for which they were collected or otherwise processed. We will also erase your personal data if you withdraw your consent on which the processing is based. In some cases, we will not have the possibility to erase your personal data. That depends on if the personal data either still is necessary to process for the purpose they were collected for, or that our interest of continuing the processing outweighs your interest of getting them erased, or that we have a legal requirement of retaining them.

More information about the right to erasure (‘right to be forgotten’) you will find at IMY:s webpage.

2.4 Right to restriction of processing

You have the right to request that we restrict the processing of your personal data where one of the following applies:

a) you contest the accuracy of the personal data;

b) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;

c) we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims; or

d) you have objected to processing pursuant to Article 21(1) pending the verification whether our legitimate grounds override those of yours.

More information about the right to restriction of processing you will find at IMY:s webpage.

2.5 Right to data portability

You have the right to receive your personal data, which you have provided to us, in a structured, commonly used, and machine-readable format and have the right to transmit those data to another controller.

More information about the right to data portability you will find at IMY:s webpage.

2.6 Right to rectification

You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Considering the purposes of the processing, you have the right to have incomplete personal data completed.

More information about the right to rectification you will find at IMY:s webpage.

2.7 Right to object

You have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1) (legitimate interest), including profiling based on those provisions.

More information about the right to mot object you will find at IMY:s webpage.

2.8 Right to object to automated individual decision-making

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

More information about the right to object to automated individual decision-making you will find at IMY:s webpage.

3. The personal data collected, our use, and the legal basis

Here we inform you of how we process your personal data. The information is divided into different sections for you to easily find what is relevant for you.

3.1 Clients

Fagerhult collects data on representatives regarding existing and potential clients on a voluntary basis. We will process personal data in our CRM/ERP system, in order to build relationships, conduct sales and implement customised direct marketing.

This information is later used to contact you to inform you about new features on our website, to inform you about the company's products and services, and to enable us to provide effective and personalised client support. Examples of areas where the stored information is used:

• To ask you to participate, on a voluntary basis, in surveys relating to products, services, news and client meetings.
• To offer you content, services, instructions, and a personalised experience based on personal information, such as preferred language, post code, country and other content or other preferences set by client.
• To offer you free newsletters, updates, and targeted information.

The personal data being processed is name, telephone number, e-mail address, and when applicable your professional position and your employer. The processing of the personal data connected to your profession is based on our legitimate business interest.

3.2 Suppliers

Fagerhult also processes data about you that represents existing or potential suppliers. This information is processed to create or administer existing business relationships. The personal data being processed is name, telephone number, e-mail address, and your professional position and your employer.

The legal basis for our processing of personal data is our legitimate interest.

3.3 Visitors to Fagerhult’s website

Fagerhult has designed its online services to inform users about new product and services, to market products and to make documentation and programs readily available. The personal data that we collect is used as support for the development of the company’s websites, products, and services. We also use cookies on our webpages. Cookies are small text files with information stored on your computer or other device when you visit a website, that are used to improve the user experience and for optimising the website. The use of some cookies is required for our website to function properly, while others are used to give you a pleasant experience, such as remembering which documents you have in a document collection (functional cookies). Analytical and marketing cookies are used to obtain statistics and visitor pattern information for our websites so that we can adapt marketing. The information collected with cookies also contains the IP-number in your computer.

Our use regarding non-necessary cookies is based on the legal basis consent. You can change your cookie settings at any time if you wish to provide or withdraw consent for functional, analytical or marketing cookies. For further information about our use of cookie, see our Cookie policy.

3.4 Subscriber to our newsletter

When you subscribe to our newsletter we collect your name and email addresses, which we then use solely to administer the mailings of these newsletters. The legal basis for our processing of personal data that you provide when registering for newsletters is consent. You have the right to at any time withdraw your consent by unsubscribing from our mailing list. There is an opt-out link at the bottom of each newsletter.

3.5 Fagerhult in social media

On Fagerhult’s social media accounts you will find, among other things, news, inspiration, and job vacancies.

The staff with the main responsibility for administering, moderating, and publishing on our Fagerhult accounts are:

• Marketing managers for each region
• Fagerhult’s marketing department
• Fagerhult’s HR department, also in collaboration with our partner Jobylon
• Contacts for the sales companies in each region

By social media we refer to, for example:

• Facebook
• Instagram
• Youtube/Vimeo
• LinkedIn
• Twitter
• blogs and discussion forums

On those social media pages, you can ask questions about our products, retailers, and different offices on these pages. Please refrain from posting offensive or insulting content.

Questions will be responded to weekdays during office hours (8:00-17:00), as soon as possible.

We reserve the right to remove offensive, prejudiced and racist posts and comments.

When you interact with or contact us by social media, information is always transferred to a third party (i.e., the company or organisation that is running the social media you are using). For more information, see section 4 below.

The use of social media can also result in your personal data being transferred to a third party based in a third country (the US). For more information, see section 6 below.

3.6 Other processing of personal data (contact forms, events & webinars (Zoom)

By other contact, such as via the contact form on our webpage, we collect name, e-mail address and, if you choose to share it, telephone number, company name, and other information you choose to share with us. This enables us to provide you with relevant information and to answer your potential questions.

By registration to and administration of events we collect participant information such as name, e-mail address telephone number, company name, title, fields of interest and in some cases information about age and payment. We can also process special categories of personal data about your food preferences.

By registration to and administration of webinars (via Zoom) we collect participant information such as name, e-mail address, country and organisation.

The legal basis for our processing of your personal data that you provide by filling out forms on the website to contact us and to register for our events or webinars, is our legitimate interest in communicating with you and answering your questions.

4. Who has access to the information?

The information provided to Fagerhult will be used by Fagerhult or Fagerhult’s representatives and shared within the Fagerhult Group. In addition, the personal data may be transferred to authorities according to requirements by law, to our partners and system suppliers for inter alia marketing, economic and IT services. If we by such transfer, transfer personal data to some entity which processes your personal data on behalf of Fagerhult (personal data processor), instructions will be left regarding how the receiving party shall process the data and how to maintain confidentiality. If the receiving party is considered as an independent controller, the personal data policy of the independent controller will apply.

Security

We acknowledge the privilege of having you as a client, or in other ways being entitled to process your personal data, and we are firmly committed to safeguarding your personal information. We use secure connections with SSL to protect information when it is transferred from internet browsers to Fagerhult. We also use internal security measures to limit access to databases containing identifiable personal data.

Social media

When you interact with or contact us via social media, such as Facebook or Instagram, information and personal data is always transferred to a third party (i.e. the company/organisation running the social medium you are using).

The use of social media may also lead to your personal data being transferred to a third party located outside the EU/EEA (the US). For more information, see section 6 below.

5. Storing and erasure

The personal data is not stored longer than the purpose allows us depending on the matter, for instance questions about specific products or complaints. If you are an employee of one of our clients or suppliers your personal data is stored as long as for instance our client- or supplier relations with your employer remains and after that the time required or allowed according to applicable law and customs. If your employment with our client or supplier ends, we will erase your personal data when we are informed by you or your employer. Otherwise, your personal data will be erased in accordance with our retention and destruction policy. If your personal data is found as a reference in invoices and similar documents, it will be retained for seven years in accordance with the Swedish Accounting Act (Bokföringslagen (1999:1078)).

Regarding our events and webinars, we will retain your personal data up to 12 months after the event or webinar has taken place in order to follow up the participation, evaluate the content, interact with existing or potential clients and suppliers and plan future events and webinars. We erase payment information and other data we assess as sensitive 14 days after the event has taken place. Potential information about food preferences and allergies we erase two days after the event has been held.

6. Transfer of personal data outside the EU/EEA

Fagerhult and our personal data processors strive not to transfer data to a country or company located outside the EU/EEA (a third country). However, we use third party cookies on our webpage. The use of third-party cookies can lead to your personal data being transferred to a third party located in a third country (e.g., the US). You have the possibility to limit the use of cookies and you can find more information about this in our Cookie policy.

Even if we strive for processing your personal data in the EU/EEA, the personal data might, in some cases be transferred to a third country when for instance a contracted IT supplier needs to process the personal data outside the EU/EEA to provide its’ service (e.g., through an affiliate in the US).

If personal data is transferred to a third country, Fagerhult will always ensure that appropriate safeguards are in place to ensure the secure processing of your personal data. Such appropriate safeguards include, but are not limited to, ensuring:

- that the European Commission has decided that the country outside of the EU/EEA to which your personal data are transferred has an adequate level of protection, which corresponds to the level of protection afforded by the GDPR, or

- that we enter into the European Commission’s standard contractual clauses (SCCs) with the recipient of the personal data outside the EU/EEA. When the transfer of personal data to a third country supported with the SCCs, we assess whether there are laws in the recipient country that affects the protection of your personal data. Where necessary, we take technical and organisational measures so that the protection of your personal data remains during the transfer to the relevant country outside the EU/EEA. Due to for instance American security regulations there is still some risk that American agencies, in order to fight crimes or protect national security, may access the personal data transferred to the US despite our technical and organisational measures taken.

Please contact us for more information about potential transfers to third countries and to request a copy of our security measures. You find our contact details in section  1.3 above.

7. Changes to this personal data policy

We reserve the right of amending this personal data policy if deemed necessary when we change the processing of personal data, and for meeting new requirements by law, interpretations of law, technical requirements or to restore problems or malfunctions. However, when the processing of personal data is regulated in binding agreements with a client the contractual provisions are valid until they have been changed if they are not incompatible with law or other binding provision. If we make major changes to our processing of personal data, you will be notified personally. The latest version of this personal data policy is always available on our webpage.

 

This page has been updated 2022-11-30 (18:00)

­