Site policy GDPR
GDPR – Data protection at STAC
The General Data Protection Regulation (GDPR) is an EU legislation across the whole EU/EEA which applies from 25 May 2018. It replaces other national data protection laws with a set of rules that are better suited to our digital information society. This means among other things that as a private individual you have more rights and the opportunity for better control over personal data that you disclose.
As a result of GDPR, we in KAMIC Group have introduced an integrity policy with guidelines that govern the entire business.
Our processing of personal data
STAC AB (“Stacab”), corporate identity number 556764-3027 with address Sjövägen 8, 746 31, Bålsta, Sweden and its subsidiaries, is the data controller for the processing of your personal data.
Potential business contacts
We process your personal data when you contact us or when you have asked us to contact you. The purpose of our processing is to help you with questions regarding our company, or regarding our services and products. This processing is carried out on the basis of a legitimate interest. Our legitimate interest is to assist future business contacts and other interested parties by answering questions and provide information.
We may also process your personal data for the purpose of direct marketing that is relevant for you as a professional. This processing is carried out on the basis of a legitimate interest. Our legitimate interest is to inform potential customers about such services and products that might be of interest for them and thereby support our future businesses. This processing may include sending newsletters, information about our courses, seminars and other events, and other direct marketing activities. We always offer you the possibility to unsubscribe to our direct marketing
When you are using our website we may process personal data in the form of your IP address by using Cookies
Who may get access to your personal data?
Your personal data may be shared with a small number of external parties who process your personal data on our behalf, i.e. personal data processors. Our data processors are for instance our IT and system providers. We have entered personal data processor agreements with all external parties processing personal data on our behalf in order to ensure that the data is processed in accordance with the applicable data protection legislation.
Due to legal obligations, we may also transfer your personal data to recipients other than personal data processors, for instance certain public authorities. These recipients are independent data controllers when processing personal data.
Transfers of personal data to third countries or international organisations
We and our personal data processors, as a general rule, only process your personal data within the EU/EEA. In cases where personal data are processed outside the EU/EEA, there is either a decision from the European Commission that the relevant third country ensures an adequate level of protection, or appropriate safeguards, e.g. standard data protection clauses, binding corporate rules, or Privacy Shield, to ensure that your rights and integrity are protected.
How do we protect your personal data?
We, and in relevant cases the personal data processors that are working on our behalf, have taken several security measures to protect the personal data that is being processed. We have firewalls and anti-virus software to protect and prevent unauthorised access to our networks and systems. Our employees have strict instructions to process all personal data in accordance with applicable laws and regulations. Only a limited number of employees have access to the systems where personal data are being stored and passwords and usernames are required to access these systems.
How long do we keep your personal data?
We do not process your personal data for a longer period than is allowed by applicable law, regulation, case law or authority decision.
Personal data that we process in order to fulfil our agreement with you are normally processed for the period that it is necessary for us to be able to fulfil all our obligations towards you. To comply with legal obligation or if we have the right to do so on the basis of a legitimate interest, we may keep your personal data for a longer period in accordance with what is stated below.
Any information concerning payments where processing is required in accordance with the Swedish Accounting Act is being processed as stipulated by law for seven years. (Different retention periods may apply in different countries, according to national legislation.) We may also process some information regarding your purchase in accordance with applicable legislation for purchase of goods and services and consumer protection.
Personal data that is processed on the basis of a legitimate interest with the purpose to perform direct marketing activities may be processed for a period of up to 24 months after our last business contact or until you notify us that you do not wish to receive our marketing communications anymore. Any personal data that is processed on the basis of a consent is being processed until you withdraw your consent.
In accordance with applicable data protection regulation, you have the right of access to the personal data we process about you, and the right to request rectification of your personal data. In certain circumstances, you are entitled to request the erasure or restriction of your personal data or object towards our processing of your personal data. Furthermore, you are entitled to receive the personal data concerning you in a structured, commonly used format.
You have the right to fully or partially withdraw any given consent regarding the processing of personal data at any time. You also have the right to object to the processing of your personal data for direct marketing purposes.
If you have any complaints regarding our processing of your personal data you have the right to lodge a complaint to the applicable national Data Protection Authority (in Sweden, The Swedish Data Protection Authority, Datainspektionen, www.datainspektionen.se).
If you wish to exercise your rights in accordance with what is stated above or otherwise wish to contact us regarding our processing of your personal data you may contact us by e-mail firstname.lastname@example.org or mail to: