Scope and purpose
This policy is applicable to the Processing Personal Data of customers in Gnotec AB and its subsidaries called ”Gnotec Group” or ”we”. The purpose of this policy is to provide our current, former and potential customers (jointly referred to as ”customers” or ”you”) with a general understanding of:
- The circumstances under which we collect and process your Personal Data
- The types of Personal Data we collect
- The reasons for collecting your Personal Data
- How we handle your Personal Data
- Distribution of responsibility for the Processing of Personal Data between various legal entities at Gnotec Group
- Contact details for requests for rectification of Personal Data or subject access requests.
- This policy is updated continuously to reflect the measures taken by Gnotec Group in relation to your Personal Data.
Data control at Gnotec Group
Gnotec Group (a Swedish legal entity with corporate registration number 556224-9036 is the data controller for developing and producing metal components to the automotive industry. Furthermore, Gnotec Group is data controller for handling personal data processed for monitoring the quality of the components and any potential safety recalls as well as meet regulatory requirements.
Principles of data processing
Any processing of personal data is based on the provisions of the European Parliament and the council (EU) 2016/679, 27th of April 2016 concerning protection of physical persons regarding processing of personal data.
Through contacting Gnotec Group by phone, email, website or other you will be registered. The register only contains the contact details you choose to leave and is used in administration in order to deliver world class products and services. We appreciate the trust you place in us when providing us with your personal data and consider your privacy an essential part of the services we offer.
Balance of interests
Where the Processing of your Personal Data is necessary for the pursuit of a legitimate interest, and where this interest outweighs the need to protect your privacy, we may process certain Personal Data without obtaining your express consent if so permitted by law. In certain other situations, we may also process your Personal Data without your consent if so required in accordance with applicable law.
Gnotec Group will only process personal data if it is adequate, relevant and necessary in relation to the purpose for which it has been gathered.
Transparency and security
Gnotec Group believes in being transparent about which personal data we process and for which purpose. To us it is also important to protect your personal data since one of Gnotec Groups core values is trust.
The company applies appropriate technical and organizational security measures to protect personal data against loss, abuse and unauthorized access.
It is Gnotec Groups’ policy to comply with the applicable laws, rules and regulations in each and every country where we operate. Where necessary, we will adjust our Processing of your Personal Data as described in this policy to ensure legal compliance. The Personal Data that Gnotec Groups’ collects about you will be used:
- To provide you with products and services, including to verify your eligibility for certain purchases and services as well as to offer you enhanced offers.
- To inform you of updates to, or changes in, our products and services, including but not limited to changes to our terms and conditions and policies;
- For development purposes: for example, to improve performance, quality and safety;
- To evaluate and improve our offerings to and communication with customers;
- To comply with legal requirements or requests from lawful authorities;
- To inform you about our products and services and identify those that may be of interest to you; to carry out market research; and for purposes of analysis and profiling (online and social included) done by ourselves and our chosen providers.
The following terms, used throughout this policy, have the meanings set out in Regulation (EU) 2016/679 on the protection of natural persons with regard to the Processing of Personal Data and on the free movement of such data.
- ”Data Controller” means a natural or legal person, public authority, institution or any other body which alone or jointly with others determines the purposes and means of the Processing of Personal Data.
- ”Data Processor” means a natural or legal person, public authority, institution or any other body which processes Personal Data on behalf of the Data Controller.
- ”Personal Data” means all information relating to an identified or identifiable physical person (”registered”). An identifiable physical person is a person who can be identified, directly or indirectly.
- ”Processing” means any operation or set of operations which is performed upon Personal Data or sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, limitation, erasure or destruction.
You may provide us with information about you in contact with Gnotec Group, for example through visiting our website. Such data (”customer provided Personal Data”) may include:
- Your contact information (name, address, telephone number, email address, etc.);
We will only retain your Personal Data for as long as it is necessary to fulfill the purposes outlined in this policy or the purposes of which you have otherwise been informed. If we have not received your consent for Processing, the data will only be retained to the extent we are permitted to do so by law.
To exercise your rights, e.g. to obtain information or access to Personal Data which we process, you must contact the Gnotec Groups’ unit responsible for Processing.
Data protection representative: firstname.lastname@example.org