1 Introduction
This Privacy Notice applies to the processing of your personal data if you are a customer or supplier (“you” or “your”). Nordtech Group is the controller for the processing of our personal data relating to you as a customer or supplier, which means that such legal entity is responsible for how such personal data are processed.
Nordtech Group (“The Company” or “Nordtech”), operates in Sweden and is committed to protecting the personal data of customers, suppliers and other stakeholders. This notice outlines the groups approach to data privacy and protection in compliance with the General Data Protection Regulation (GDPR) and the Swedish Data Protection Act, and other applicable national data protection laws.
If you have questions about the company’s personal data processing, please don’t hesitate to reach out to Nordtech at [email protected].
This notice outlines what personal data the company collects about you, why the data is collected and what it is used in relation to. Nordtech is to be viewed as the controller of personal data in this notice, if nothing else is implied.
Personal data refers to any information that relates to an identified or identifiable individual such as names, identification numbers, location data, or any other characteristic that can be used to identify a person.
1.1 Scope
This notice applies to all personal data processed by Nordtech, including but not limited to data collected through our business operations, websites, and third-party service providers. It covers data processing activities across all the business functions and geographies in which we operate.
2 Principles of Data Protection
Nordtech adheres to the following GDPR principles when processing personal data:
- Lawfulness, Fairness, and Transparency: We process data legally, fairly, and transparently.
- Purpose Limitation: Data is collected for specified, explicit, and legitimate purposes.
- Data Minimization: Only the necessary data is collected and processed.
- Accuracy: We ensure data is accurate and up to date.
- Storage Limitation: Data is retained only as long as necessary.
- Integrity and Confidentiality: Data is processed securely to prevent unauthorized access, loss, or damage.
3 Collection of Personal Data
Information that is collected from the data subject
The personal data that is collected directly from customers and suppliers:
- Browsing information: Data such as IP addresses, browser types, and device information may be collected to analyse website traffic and improve user experience.
- Account information: If customers or suppliers create accounts, personal data such as usernames, passwords, and account settings are collected to manage user accounts and provide access to services.
- Feedback and reviews: Data collected from customer feedback, reviews, or surveys submitted through the website to improve products and services.
- Communication Records: Information collected from emails, phone calls, or chat interactions with customer service representatives, including inquiries, complaints, and support requests.
- Contact Information: Personal data such as names, email addresses, phone numbers, and mailing addresses provided by customers and suppliers when they reach out to the company for support or inquiries.
Information that is collected from a third party about customers and suppliers:
- Public records: Data collected from publicly available records or databases.
- Referral sources: Information received from individuals or organizations that refer the data subject to the company.
- Third-party data providers: Information obtained from third-party data providers or market research firms that offer insights into customer behaviour, preferences, and demographics to enhance marketing strategies and service offerings.
Below are tables explaining what categories of personal data we collect, the purpose for processing and the legal basis.
4 Personal Data Collected During Website Visits
Nordtech collects personal data from customers and suppliers who visit our website. This information is essential for providing services and enhancing user experience.
Purposes of the processing of your personal data |
Personal data collected and processed |
Legal basis for the processing of your personal data |
For how long we process your personal data |
|---|---|---|---|
| To establish and manage relationships with customers and suppliers, ensuring effective communication and service delivery, for example by filling out forms. | Personal data related to name, company name, and contact details (email address, phone number). | The collection of identity information is based on the explicit consent of the data subject, as they voluntarily provide this information when filling out forms on our website. This consent is essential for us to process their personal data in accordance with their wishes. | Retained for as long as the individual maintains an active relationship with the company or until consent is withdrawn. If no longer needed, data will be deleted within 12 months of the last interaction. |
| To analyze website traffic, understand user behavior, and optimize the website for better user experience. | Personal data related to, for example, IP address, browser type, and pages visited. | The processing of browsing information is grounded in our legitimate interest as a business to gain insights into visitors’ behavior. This information enables us to enhance our website's functionality and tailor our offerings to better meet the needs of our users. | Retained for a maximum of 6 months, after which the data will be anonymized or deleted to ensure privacy. |
| To address customer inquiries, provide support, and gather feedback for service improvement. | Personal data, for example, customer inquiries, feedback, and support requests. | The processing of feedback and communication data is based on our legitimate interest in enhancing customer satisfaction and service quality. By addressing inquiries and gathering feedback, we can continually improve our services and respond effectively to customers’ needs. | Retained for a maximum of 1 month, after which the data will be anonymized or deleted to ensure privacy. |
Purposes of the processing of your personal data |
Personal data collected and processed |
Legal basis for the processing of your personal data |
For how long we process your personal data |
|---|---|---|---|
| To verify the candidate's identity and eligibility for employment. | Personal data in recruitment, such as names, date of birth, social security number. | The legal basis for processing identity information during the recruitment process is Article 6(1)(b) of the GDPR. This provision allows for the processing of personal data that is necessary for the performance of a contract. Specifically, by applying for a position, candidates acknowledge that they are entering into a potential employment contract with the Company. | We retain personal data for a period of 2 years to comply with legal requirements and to safeguard the Company’s interests in the event of a legal dispute. This retention period allows us to fulfill our obligations under applicable laws and to ensure that we have the necessary information available should any legal proceedings arise. CVs and cover letters will be kept for a period of 6 months, talent pool profiles for a period of 24 months, and interview assessments for a period of 6 months. |
| To facilitate communication regarding the application status and arranging interviews. | Personal data related to communication. | The legal basis for processing identity information during the recruitment process is Article 6(1)(b) of the GDPR. This provision allows for the processing of personal data that is necessary for the performance of a contract. Specifically, by applying for a position, candidates acknowledge that they are entering into a potential employment contract with the Company. | We retain personal data for a period of 2 years to comply with legal requirements and to safeguard the Company’s interests in the event of a legal dispute. This retention period allows us to fulfill our obligations under applicable laws and to ensure that we have the necessary information available should any legal proceedings arise. |
| To conduct background checks to ensure the safety and integrity of the workplace. | Personal information related to background checks, such as criminal history, social media, driving records, and reference checking. | The legal basis for conducting background checks is legitimate interest. The group aims to ensure a safe and secure workplace. By verifying the qualifications and background of candidates, the Company aims to protect its employees, clients, and overall business integrity. This process helps mitigate risks associated with hiring and fosters a trustworthy environment for all stakeholders. | We retain personal data for a period of 2 years to comply with legal requirements and to safeguard the Company’s interests in the event of a legal dispute. This retention period allows us to fulfill our obligations under applicable laws and to ensure that we have the necessary information available should any legal proceedings arise. |
Recipient |
Purpose |
Legal basis for processing |
|---|---|---|
| National authority | We share your personal data with authorities if we have a legal obligation to do so, or to establish, assert, or defend legal claims, or to cooperate with authorities. | The legal basis is to fulfil a legal obligation. |
7 Data Subject Rights
As a customer and supplier, you have the following rights regarding the personal data that Nordtech processes about you, in accordance with the GDPR.
Right to access their data
you have the right to obtain confirmation as to whether personal data concerning you is being processed, and if so, to access the data and receive information about the processing.
Right to rectification of inaccurate data
you have the right to request correction of inaccurate or incomplete personal data concerning you.
Right to erasure (“Right to be forgotten”)
In certain cases (e.g if the data is no longer necessary or if you withdraw your consent) you may request that your personal data be deleted. Note that this right does not apply when processing is required to comply with a legal obligation to defend legal claims. For more information, please contact [email protected].
Right to restriction of processing
you may request that we limit the processing of your personal data under certain circumstances (e.g. if the data’s accuracy is contested or the processing is unlawful).
Right to data portability
Where processing is based on consent or contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.
Right to object to processing
you have the right to object to processing that is based on legitimate interest or for direct marketing purposes. If you object, we will stop processing unless we can demonstrate compelling legitimate grounds.
Right to withdraw consent
If processing is based on your consent (e.g. publication of your photo on the company website), you can withdraw that consent at any time. This does not affect the lawfulness of processing based on consent before its withdrawal.
Right not to be subjected to automated decision-making, including profiling
you have the right not to be subject to a decision based solely on automated processing, including profiling, if it produces legal effects or significantly affects you.
Right to lodge a complaint with a Supervisory Authority
If you believe that your personal data is being processed in violation of the GDPR, you have the right to file a complaint with the relevant supervisory authority.
Country |
Supervisory authority |
Contact/link |
|---|---|---|
| Sweden | Integritetsskyddsmyndigheten (IMY) | https://www.imy.se/ |
8 Data Security Measures
Nordtech implements appropriate technical and organizational measures to protect personal data, including:
- Role-based access controls and multi-factor authentication.
- Encryption of data in transit and at rest.
- Regular security audits, penetration testing, and risk assessments.
Comprehensive data breach detection and response procedures.
9 Data Transfer
Personal data may be transferred to third parties within the European Economic Area (EEA) and, where necessary, outside the EEA, ensuring adequate safeguards such as:
- Standard contractual clauses approved by the European Commission.
- Binding corporate rules.
- Certification under the EU-U.S. Data Privacy Framework (where applicable).
- Ensuring that third parties implement equivalent data protection measures.
These are the countries to which data transfers may occur:
- USA
If you would like to receive further information about transfers to countries outside the EU/EEA, or if you would like to receive a copy of the safeguard we have used, please reach out to [email protected].
10 Third-party Processors
All third-party vendors managing personal data on our behalf are required to adhere to the requirements in this notice and implement appropriate security measures. Contracts with third parties include specific data protection obligations and audit rights. Nordtech has processing agreements stipulating requirements for data protection with all third-party processors.
11 Data Breach Management
In the event of a data breach, Nordtech will:
- Assess the impact and take immediate corrective actions.
- Notify affected individuals and relevant authorities within 72 hours where required.
- Document the incident and response measures for audit and review purposes.
12 Retention
12.1 Website Data
Data Type |
Retention Period |
|---|---|
| IP address | 6 months |
| Contact form data | 12 months |
12.2 Recruitment Data
Data Type |
Retention Period |
|---|---|
| CVs, cover letters | 6 months |
| Talent pool profiles | 24 months (with consent) |
| Interview assessments | 6 months |
13 Links to Other Websites
Our Service may contain links to other websites that are not operated by Us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit.
We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.
14 Contact Us
If you have any questions about this Privacy Notice, you can contact us:
- By email: [email protected]
- By visiting this page on our website: https://www.nordtechgroup.com/kontakt