How we process your personal data
Your privacy is important to us!
Saint-Gobain Sweden AB (hereafter referred to as SGS) collects and uses personal data from those who interact with us as customers/suppliers or via our website. Naturally, it is of the utmost importance to us to prevent unauthorised access to the personal information that we collect. This Personal Data Policy provides information on how we collect and process your personal data, as well as your rights as a registered party.
What is personal data?
Personal data is any information (or set of information) that relates to an identified living individual (also referred to as a registered party). Examples include an individual’s name, personal identity number, etc.
How do we collect and use your personal data?
If you are visiting our website, we may ask for your personal data when you fill out a form to become a customer, for example, or when you download catalogues or any other information from us. We may also share this information with a third party, such as our subcontractors/installers, if you, for example, order an item that will be delivered to or installed for you.
What type of information do we collect?
When you become a customer/retailer for SGS, subscribe to one of your newsletters or, for example, download on of our product catalogues, we may collect the following:
• First and last name
• Telephone number
• E-mail address
• Personal identity number (for sole traders, the company registration number is the same as the individual's Personal identity number)
• How you are using our website and other digital channels (the web pages you visit, which search words you use)
• Buying habits and purchase history
We collect first-hand personal data from you as a customer, but there are times when we may collect data about you from other sources. This applies especially in the following two situations:
• When it is necessary to maintain a good filing system, we will update address information from central address sources such as SPAR (Statens personadressregister)
• When we collect your contact information from external databases to be able to offer you relevant and attractive offers and news.
What do we use the information for?
Identification and contact
We use your personal data in order to identify you as a customer or as a contracting party to sign a valid contract.
Your personal data is also used to contact you with information about deliveries, orders, price announcements and offers based on previous purchases, and to send you our newsletter.
The data is also used for communication purposes and to answer requests via our customer service either by phone or other digital channels, and to handle compensation claims.
• Newsletter recipient – legitimate interest
• Registered customers/suppliers – fulfilment of contract
When making a purchase/placing an order
Your personal data is used to deliver an ordered/purchased product or service (including information about your order and notification of delivery). If your purchase also includes installation carried out by a third party, we will forward your contact information to the third party so that they may contact you.
Your personal data is also used to process your payments (which includes checking payment history and credit information obtained from credit information companies).
Contract of sale
Information, contests and events
By collectings personal data, we can keep you up to date on our latest products, services, and upcoming campaigns/discounts. If you do not want to receive this information, you may unsubscribe at any time. We may also use this information to convey important messages about purchases and changes in our terms and policies to you.
If you take part in a competition, an event or similar campaign, we may use your information for the purpose of managing the campaign.
• Registered and non-registered customers – legitimate interest
• Newsletter recipient and website visitors – legitimate interest
We also use personal data to create, develop, produce, deliver, and improve our products and services, our content, and our marketing.
This is made possible by analysing the personal data that SGS collects for the same purpose, for example how you use our website and other digital channels and which search words you use). Based on these analyses, we can make our services more user-friendly, e.g. by simplifying the user interface and by improving the goods and logistic flow,
as well as the selection, e.g. by forecasting purchases, stock, and deliveries.
Security and legal obligations
We also process personal data for the purpose of meeting security standards for all of our services, and to prevent loss of data and fraud. Personal data may, for example, be used to investigate breach attempts. Read more about security in the section “How is your personal data protected?”.
Personal data is also collected and processed in order to meet legal obligations, such as regulatory requirements, verdicts, and agency decisions. These obligations may concern matters such as product liability and product safety or bookkeeping.
• Compliance with a legal obligation – if any
• Legitimate interest
With whom do we share the information?
Subcontractors (referred to as “processors”)
In order to deliver goods and services to you, we share your information with our subcontractors and companies within our group of undertakings. Our processors have to sign a written contract, by which they ensure that the personal data is processed in a secure manner and undertake to comply with our instructions and security requirements, as well as limitations and requirements concerning the transference of personal data. Some of our subcontractors may have parts of their business located in a third country; i.e. countries outside of Sweden or the EU/EEA. If we transfer your personal data to a subcontractor in a third country in order to provide a service/product for you, we take appropriate security measures and ensure that the information transferred to our subcontractors is processed in accordance
with GDPR by, among other things, adhering to the European Commission’s standard agreement for protection of personal data.
We may make some information available for those of our collaborators who offer services and products in collaboration with us, for example those who help SGS with marketing.
We are obliged to, by legislation and by agency decisions, to pass on personal data to, for example, the Swedish Tax Agency.
If you have given your consent, we may in addition to the purposes stated above transfer personal data to other enterprises, organisations, and individuals.
For how long do we store the information?
We only store your personal data for as long as is necessary for the purpose of the processing of the information, and our legal obligations.
Customer information is stored for as long as your are a customer with SGS, and then for a maximum of 24 months after the contractual agreement has ended or after our last active communication. During the same time frame, we will use the information to communicate attractive offers about our services and products based on your needs. An exception from the above is, for example, information that has to be stored in accordance with current legislation, such as the Bookkeeping Act.
Supplier information is stored for as long as you are registered as a supplier to us, and after that
for a maximum of 24 months after the contractual agreement has ended or after our last active communication.
An exception from the above is, for example, information that has to be stored in accordance with current legislation, such as the Bookkeeping Act.
Cookies are, among other things, used for collecting information about your previous preferences, what links you have clicked on, and what web pages you have visited. Cookies are used to monitor traffic on our websites and to gather statistics.
What is a cookie?
A cookie is a small text-based file that is stored on your computer when you visit certain websites, and the cookie then provides the web server with information on your browsing behaviour. In your web browser settings, you may allow cookies to be stored on your computer when you visit all websites.
There are three types of cookies: persistent cookies, temporary cookies (so called session cookies), and third-party cookies. Persistent cookies are files that are stored on your computer for a longer period of time. Temporary cookies are files that are temporarily stored on your computer when you visit a website, but the cookies is then erased when you close your web browser. Third-party cookies originate from a website other than the one your are visiting, and their purpose is to gather statistics on the visitor’s activity on the net.
How do I turn off cookies?
You can turn off cookies in your web browser settings. The interface may differ depending on which web browser you are running, but generally there are options available via the settings or tools menu in your web browser.
How is your personal data protected?
We are concerned about the privacy of our customers/suppliers and we recognise the importance of being a controller and safeguarding the personal data that we collect and process. We continuously work on protecting your privacy, and we work on security matters on numerous levels, such as IT infrastructure, policies, guidelines, and buildings. We attach great importance to preventing unauthorised access to your personal information. The processing of your information is logged and continuously controlled. The following security measures, among other things, are put in place:
Limited access rights
Access to your personal data is only given to those who need them to perform their tasks. This reduces the number of persons who have access to the data and in turn the risk for wrongful processing.
Encryption of more sensitive information is used with widely acknowledged and secure encryption methods.
Firewalls and security solutions
SGS uses firewalls and other security solutions, such as antivirus software, to secure SGS’s IT environment from breaches and external threats.
Policies and guidelines
SGS has clearly communicated policies and guidelines on how persons who work within SGS shall process personal data. This contributes to a greater awareness about how to process
personal data in a secure manner.
Contracts with trusted suppliers
SGS only uses trusted and thoroughly tested IT-solutions and suppliers. The suppliers’ obligations towards SGS and the GDPR (General Data Protection Regulation) is strengthened through explicit contracts.
What rights do you have?
On the basis of the regulatory framework established in the GDPR, the registered party has the following rights:
• To correct your personal data if it is found to be incorrect
• To have your personal data erased if there are no legal reasons for SGS to store it, in accordance with, for example, the Bookkeeping Act.
• To object to or restrict how SGS is processing your personal data.
• To obtain access to you personal data in a structured format from SGS.
• To be notified in the event that your personal data hasended up in the wrong hands.
• To require that your personal data be transmitted in electronic form to another controller.
If you notice that something is wrong, want to obtain access to your data or have the data erased, please contact our Data Protection Officer (contact information available below).
Our contact information
Saint-Gobain Sweden, org. nr 556241-2592, with address Norra Malmvägen 76, 191 62 Sollentuna, Stockholms län, is the controller for the enterprise’s processing of personal data.
If you need to contact us in regards to data protection matters, please contact us at firstname.lastname@example.org
In accordance with the Data Protection Act, you have the right to file a complaint about the processing of your personal data to the Swedish Data Protection Authority (www.datainspektionen.se).
Unless otherwise stated, the intellectual property rights in the documents on the Website and in each element created for this Website are exclusively owned by Saint-Gobain Seden AB, BU Scanspac and/or the Saint-Gobain Group Entities, which grant no license or right other than the rights to visit and navigate on the Website.
The reproduction of all documents published on the Website (notably, the photographs, films and animations) is solely authorized for information purposes, and only for personal and private use, any reproduction and any use of copies made for other purposes being expressively prohibited, except with the prior written permission of Saint-Gobain Seden AB, BU Scanspac .
The corporate names, logos, products, brands and domain names mentioned on this Website are the sole property of Saint-Gobain Seden AB, BU Scanspac and/or the Saint-Gobain Group Entities, and shall not be used without the prior and written authorization from the company or entity concerned.