Personal Data Policy

Personal Data Policy/Information for employees
Personal Data Policy Prepared 25/05/2018

WR Controls Sweden AB has adopted the following Personal Data Policy in its role of Data Controller for its employees' personal data.

This Personal Data Policy provides information about the collection, treatment, storage and sharing of personal data concerning individually identifiable employees. This includes current, previous and future employees regardless of the form of employment, such as agency workers. There may also be special handling templates and guidelines.

In addition to this Personal Data Policy, national statutes and ordinances in countries where the company operates its business may require that the processing of employees' personal data be performed in another way than the one given here. In such cases, subsidiaries and units are expected to act in accordance with the provisions that apply for their business in addition to this Personal Data Policy. Mandatory laws and ordinances in those places where the company operates the business must be followed at all times and take precedence in the case of any conflict or departure from this Personal Data Policy.

1. Personal data about employees that is processed by the company

The company may process the following personal data concerning the employees. The personal data might be collected during the recruitment process, at the start of employment and regularly during employment in the company.

Fundamental personal data: Name, date of birth/personal identity number, nationality, gender, work telephone number, address to workplace, home address, other private contact details, employment number, bank and account details, operating unit, organisational affiliation/unit, date of employment, date when employment ended, management role, level of employment, country of birth, preferred language, time employed in years, blue collar/white collar as well as, where needed, other fundamental personal data.

For agency workers: Employer, date when the company was engaged, date when the company's contract was ended, type of agreement.

For the performance of work and the planning of work: Immediate superior, the immediate superior's manager, name of position, department, division, business area, country, product line, region, location, education/competence, education level, work performance.

Staff management and other HR specific personal data: Weekly working hours, daily working hours, country organisation, contact information, next of kin, cost centre, position evaluation, job family, group of employees, monthly salary, salary development, salary grade, bonus programme, health information, rehabilitation, absence, manager, placement at the organisational level, profit unit, other identification number staff department, staff sub-department and, where this is necessary, other relevant data for staff management and HR specific personal data.

Communication: Personal data that is needed to give the employees access to the company's data systems and networks, including internet address, work e-mail, IP addresses and user name for logging in, but also other types of personal data that is logged during the use of data systems and networks.

2. The purpose of processing the employees' personal data

The company may collect and process the employees' personal data for, among other things, the following purposes. The list is not exhaustive but it is intended to provide a picture of the company's need to process the employees' personal data.

  • administration and management of the employment in the company, maintenance of staff register
  • internal labour management, planning and management of the workforce, the need for and access to various resources, project staffing and allocation of resources 
  • recruitment, competence development, career planning and development, evaluation and follow-up of work performance 
  • management of benefits, payment of salaries, remuneration, taxes and insurance • management of business trips, travel insurance, posting and other business travel 
  • providing employees access to the company's internal information systems and other resources, supporting safe, secure and efficient use of internal channels of information such as e-mail and other Internet or telephony-based services, guaranteeing that business-critical information and the company's other assets are secure and protected 
  • financial planning, reporting, preparation of budget and analysis 
  • health and work environment 
  • follow-up, application of internal policies and other provisions, protecting the company's property, physical as well as intellectual property rights, preventing fraud and other illegal activities 
  • handling other work-related disputes and complaints, e.g. compensation claims, acting in compliance with other relevant legal obligations that the company may have due to the employee's employment in the company

3. The legal grounds for the processing

The legal grounds for processing the personal data is the performance of the contract of employment. The legal grounds are also warranted by the company's obligation, as a consequence of legislation, collective agreements or other provisions, to process personal data in a given way, e.g. in relation to the Swedish Tax Agency or insurance companies or registration of working hours and more. The legal grounds can also be warranted because the company, after balancing the interests, has the right to perform the processing. In addition to this, the company may process personal data with the support of the employee's individual consent.

If the processing is required to perform an agreement or a legal obligation, the employee cannot object to the processing. If the processing is carried out based on a balance of interests, any objection to the processing is tested on an individual basis.

4. The way the employees' personal data is protected and who has access to it

The company applies suitable technical and organisational security measures to protect personal data, including against loss, misuse and unauthorised access.

Only individuals within the company who, as part of their employment, need to process the personal data in accordance with the above purposes will have access to the data.

The company may provide personal data to personal data assistants, other companies in the Group or third parties as described below in accordance with applicable data protection laws.

  • To recipients in the Group to enable the global management of personal data for the above-named purposes.
  • To personal data assistants. The company may engage personal data assistants for business purposes as part of its normal business, such as, for example, outsourcing the handling of employees' salaries or IT operations. In such cases, the company will demand that such personal data controllers use suitable technical and organisational security measures to protect the employees' personal data and that the processing of the employees' personal data is done solely in accordance with the company's instructions.
  • To government agencies if the company has an obligation to do so or if the company needs to protect its own or a third party's rights. • To a third party in connection with sale or other transfer of part of the company's business.
  • To a third party in connection with an emergency where the health and safety of employees or other persons is endangered.
  • To a third party to safeguard the company's rights, e.g. in connection with labour legislation disputes.
  • To government agencies and/or employer organisations for wage statistics. Some recipients of the employees' personal data may be or may have operations in another country than the one where the employee's place of work is located, e.g. X-country or the USA. The data protection legislation can differ in such countries. The company will ensure that an adequate level of protection is maintained for the processing of personal data in each transfer of personal data.

5. Storage and deletion times of personal data

The company will process and store the employees' personal data for as long as is necessary in relation to the purposes for which the data was collected.

Some personal data will be deleted in connection with the end of employment. Other personal data will be stored for a longer time because there is a legal obligation for the company to keep the personal data, e.g. to prepare a certificate of employment or to confirm the correct tax deduction has been made or, alternatively, because the company needs the data to safeguard its rights. Step by step, as the possibilities of making claims against the company expire (limitation), the data will be deleted. The company may also need to save personal data that is connected with specific projects and, for this reason, may need to be saved during the time the project is underway.

Some personal data may be saved for a longer time, e.g. information about the time in employment is saved until the employee has reached retirement age according to the Swedish Employment Protection Act. Supporting information for payments for pension insurance policies may be saved as long as the employee is alive.

6. The employee's rights

The employee has the right, among other things, to obtain access to his or her personal data, demand correction of personal data, object to processing of personal data, demand that processing of personal data be limited or demand deletion of his or her personal data that is processed by the company in accordance with the rights that follow from the law on data protection. These rights may be restricted by other provisions in the data protection legislation or if such a demand would in inappropriate in an individual case, e.g. due to an ongoing investigation into inappropriate conduct.

The employee has the right to revoke consent that was given for some processing of personal data.

The employee may have the right to transfer his or her personal data to another Data Controller. This applies for personal data that the company processes on the grounds of the employee's consent or to fulfil an agreement with the employee. The data shall have been provided to the company in a structured, commonly used and machine readable format.

If an employee has questions about, or wants to assert such right, the Chief Financial Officer/ HR/ should be contacted.

Employees can obtain more information about the treatment of personal data from HR or their immediate superior or, alternatively, the company's Data Protection Officer. (state name/function).

Employees have the right to turn to Datainspektionen (Swedish Data Protection Authority) with complaints regarding the processing of their personal data.

7. Changes to the Personal Data Policy

The company can make changes to this Personal Data Policy. The most recent date for changes to the Personal Data Policy is set out at the top of the first page. If more far-reaching changes are made, the employees will be informed individually.

8. Contact details

WR Controls Sweden AB, corporate ID number: 556867-6083, with address: Stationsvägen 4, Timmele, SWEDEN, is the Data Controller for the processing of your personal data. This means that WR Controls Sweden AB is responsible for ensuring that your personal data is processed correctly and in compliance with the applicable data protection legislation.

For questions regarding the company's handling of personal data, contact the Data Protection Officer, who can be reached with the following contact details tel: +46 (0)321- 26630 or info@wrcontrols.eu