Privacy Policy

Data Privacy Policy of Nynas AB, as of February 1st, 2021

Nynas is committed to protecting the privacy and security of personal data in compliance with the General Data Protection Regulation (GDPR) and Swedish data protection law (Lag (2018:218) med kompletterande bestämmelser till EU:s dataskyddsförordning). This Privacy Policy explains how we collect, process, store, and protect personal data in relation to employees, partners, contractors, and other individuals with whom we interact.

At Nynas, we respect the confidentiality and integrity of personal data and ensure that it is processed in a lawful, transparent, and secure manner. We will only process personal data for legitimate, specified purposes and in accordance with applicable data protection laws.

Data Controller

The data controller is Nynas AB (publ)(“Nynas”), and/or the local Nynas entity with whom you have a relationship.

Nynas’  website nynas.com is operated by Nynas AB (publ) which acts as the data controller for personal data collected through the website and as case, may be, the processes outlined below. Where personal data is processed by a local Nynas subsidiary, the local Nynas subsidiary is responsible for processing personal data in connection with local operations.

Purposes for Processing Personal Data

Nynas processes personal data for a variety of purposes. The main categories of personal data we process, and the purposes for which they are used, are described below.

We process personal data about employees, external consultants, business partners, and other individuals who interact with Nynas. This includes, but is not limited to, contact details, contract management, communications, recruitment, and other necessary business activities.

Personal data will only be processed when necessary for:

  • the legitimate interests of Nynas (e.g., managing business relationships, complying with our Code of Conduct),
  • the performance of a contract that Nynas is party to (e.g., employment contracts, service agreements),
  • compliance with legal obligations (e.g., tax laws, anti-money laundering regulations),
  • or when you have provided explicit consent (e.g., for receiving marketing communications or subscribing to newsletters). You have the right to withdraw your consent at any time.

Procurement, Sales and Business Relationships

We process personal data necessary for the performance of a contract, such as contracts with customers, suppliers, contractors, and service providers. This data may include contact details, customer information, information regarding the business relationship, human resources data, and contractual information. The legal basis for processing is:

  • the performance of a contract, or steps prior to entering into a contract,
  • Nynas's legitimate interest in managing these relationships effectively and in compliance with Nynas’ Code of Conduct
  • necessity to comply with legal obligations under relevant laws including anti-money laundering laws and trade compliance and sanctions laws and regulations.

Nynas’ whistleblower system

Nynas has established a Whistleblowing system for employees, contractors, and other third parties to report suspected violations of laws or the Nynas Code of Conduct. The processing may include a wide range of personal data, including special categories of data (e.g., sensitive data related to health or criminal offenses). The legal basis for processing is:

  • necessity to ensure compliance with legal obligations on whistleblowing, and
  • Nynas's legitimate interest in ensuring that business is conducted in line with Nynas’ Code of Conduct.

Sanctions Compliance Screening

Nynas conducts screening of third parties to comply with national and international sanctions regulations, anti-money laundering laws, and other relevant compliance measures. Personal data processed in this context may include contact details, job titles, and screening results. The legal basis for processing is:

  • Nynas's legitimate interest to ensure regulatory compliance and risk management,
  • Nynas's legitimate interest in ensuring that business is conducted in line with Nynas’ Code of Conduct, and
  • necessity to comply with legal obligations under relevant laws including anti-money laundering laws and trade compliance and sanctions laws and regulations

Communication Activities

Nynas may engage in various communication activities, both internally and externally, to keep stakeholders informed, conduct surveys, distribute newsletters, and manage interactions on social media. Personal data processed may include contact information and communication preferences. The legal basis for processing is:

  • Nynas's legitimate interest in maintaining business relationships and providing relevant information,
  • Consent, e.g. where you have subscribed to a newsletter, updates etc.
  • The performance of a contract.

Recruitment and Onboarding

Nynas processes personal data for recruitment and onboarding activities. This includes contact details, CVs, interview records, and any other recruitment-related data. The legal basis for processing is:

  • the performance of a contract, or steps prior to entering into a contract, or
  • your consent when you have provided information.

Security and Emergency

Nynas processes personal data to ensure security in the workplace and production, and compliance with laws and regulations such as the Swedish Protective Security Act (‘Säkerhetsskyddslagen’), including monitoring premises and access to premises (e.g., CCTV, visitor logs) and managing emergency situations. Personal data processed may include contact information, identification, your image, and emergency contact details. The legal basis for processing is the necessity of ensuring safety and compliance with legal obligations.

Information from third parties

Nynas may, to the extent permissible by law, collect and process information gathered from third parties, such as databases and screening tools, lists including sanctions, ultimate beneficial ownership, politically exposed persons status, and databases maintained by authorities including sanctions lists, ultimate beneficial ownership.

Categories of Personal

The personal data Nynas may collect and process include the following categories:

  • Contact Information: Names, addresses, phone numbers, email addresses, and job titles.
  • Recruitment Information: Applications, CVs, references, assessments, and background checks.
  • Human Resources Data: Work experience, dates of birth, identification documentation, bank account details, salaries, job titles, and union membership.
  • Communication Data: Marketing preferences, event participation details, feedback from surveys, and social media interactions.

Personal data may be collected through direct interactions, third-party providers, publicly available sources, or data provided by you.

Data Transfers outside of the EU/EEA

Nynas may transfer personal data to other companies within the Nynas Group, or to service-providers located outside the EU/EEA. Such transfers will ensure compliance with GDPR and Swedish data protection laws.

When transferring data to third-party processors outside the EU/EEA, we ensure that appropriate safeguards are in place.

Your Rights as a Data Subject

You have the following rights regarding your personal data:

  • Right to access: You can request a copy of the personal data we hold about you.
  • Right to rectification: You can request corrections to any inaccurate or incomplete data.
  • Right to erasure: You can request the deletion of your personal data under certain circumstances.
  • Right to restriction of processing: You can request a limitation on how your data is used.
  • Right to object: You can object to the processing of your personal data in certain situations, including direct marketing or profiling.
  • Right to data portability: You can request to receive your personal data in a structured, commonly used, and machine-readable format.
  • Right to withdraw consent: If you have provided consent for the processing of your personal data, you have the right to withdraw that consent at any time.

You will find more information about your rights on www.imy.se.

To exercise your rights, please contact dpo@nynas.com or use the request form for erasure.  You also have the right to lodge a complaint with the Swedish Data Protection Authority (‘Integritetsskyddsmyndigheten’)(www.imy.se) or the relevant data protection authority in your country if you believe your rights have been violated.

Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal obligations. If significant changes are made, we will provide notice on our website. Please review this policy periodically to stay informed about how we are protecting your personal data.

Links to External Websites Our website may contain links to third-party websites. We are not responsible for the privacy practices or the content of those websites. We encourage you to review the privacy policies of any third-party websites before providing them with any personal data.

Last updated: 2024-11-06