It also describes your rights in respect of us and how you can exercise your rights. You can always contact us if you have any questions on privacy and data protection by sending an email to us at firstname.lastname@example.org.
To be able to offer you and the company you represent SSG’s services, we need to process your personal data as outlined below. This is done with the greatest possible consideration for your privacy.
The one who determines the purposes and means of the processing of personal data shall be the data controller for such processing. The one who processes personal data on behalf of a data controller shall be a data processor. In order to determine when SSG holds the respective role according to applicable data protection legislation, SSG has reviewed the personal data processing performed within the framework of SSG's services and thoroughly investigated how the purposes and means are determined for each personal data processing.
SSG provides a variety of services, including online training and courses, entry and identification services, contract templates and security standards. The services provided by SSG complement each other, the services can be used individually or as complete solutions. The services are not provided to a customer isolated from other customers, although personal data is kept confidential. SSG's infrastructure of services enable all connected customers to SSG (industries, contractors, consulting firms, etc.) to, for example, carry out training programs and use SSG Access entry cards for access to the facilities where permission is granted. The processing is not done based on the instructions of an individual customer, SSG has pre-determined the purposes to be achieved with SSG's services and how these are to be achieved (the means).
SSG is a data processor in accordance with applicable data protection legislation for the data processing performed by SSG, on behalf of the customer who is also the data controller, to provide SSG's services SSG Access High Personnel Journal and SSG On Site. The data processing performed by SSG as a data controller is governed by the Data Processing Agreement, entered into by and between SSG and the customer who is also the data controller. As a data processor, SSG will process personal data only in accordance with the data processor’s written instruction and the Data Processing Agreement entered into between SSG and the data controller.
SSG processes personal data for the following purposes on the basis of the following legal ground:
SSG may also use your personal data to communicate relevant information concerning agreed or related services and to perform customer satisfaction surveys in respect of our services (e.g., when you have contacted SSG service support). This contact may take place via electronic communication channels, over the phone or by post. If you do not wish to receive such communication, you are welcome to send an email to email@example.com.
We will not communicate with end-users for marketing purposes unless they have requested to receive such marketing from us. Administrators of SSG’s customers may receive information and marketing relating to SSG and the services we provide.
SSG has a legitimate commercial interest in providing its services to its customers. SSG considers that there is a relevant and appropriate relationship between SSG and you (the registered data subjects). The registered data subjects are mainly affiliated with SSG’s customer companies. Registered users usually interact directly with SSG within the framework of SSG's services. SSG believes that the registered data subjects may reasonably expect SSG to process their personal data when SSG is providing its services. SSG only performs personal data processing that data subjects reasonably can expect. Therefore, SSG considers that SSG can perform the personal data processing as described above based on the legal basis of legitimate interest.
You may directly or indirectly give us information about yourself in a number of different ways, such as when you register on our website or are registered in our systems as a user by an administrator. This information may include:
The processing of personal ID number is motivated with regards to the importance of safe identification and the correct person has carried out that participation in SSG courses and online courses.
When you use our services, we simply collect information required in order to maintain our agreements (such as when you enter a plant via an access gate). The following are examples of the kind of information that we store:
Information that you provide to us, such as information about the services and your use of them, is generally considered necessary in order to conclude a contractual relationship with us.
SSG processes personal data in order to provide SSG’s services. As part of providing the services, SSG may share your personal information with selected third parties. SSG only transfers personal data to third parties if necessary to fulfill a legal obligation or when it is necessary to provide the services or manage SSG’s business.
If you are an SSG Entre customer, order a SSG Access keycard, or participate in a course or online course, we will submit your personal data to Areff AB. Areff AB is a subcontractor that manufactures the SSG Access keycards, i.e. the keycards issued to allow workers to access various plants.
For some industrial plants, we have agreements where we share personal data in order to guarantee accessibility. In these cases, we share personal data regarding contractors who are approved to access the industrial plant in question. The personal data is shared with the respective industrial plant only to the extent necessary to allow entry to the respective industrial plant via the SSG Access keycard. The respective industrial plant is the data controller for its processing of personal data.
All IT operations are provided by B3 Consulting Group AB, and we have undertaken all reasonable legal, technical and organizational measures to ensure that your personal data is handled securely and with an adequate level of protection.
SSG’s services are hosted by Microsoft within the EU/EEA.
SSG may submit necessary information to authorities such as the police, the Swedish Tax Agency or other authorities if we are obliged to do so by law, or if you have granted your approval for us to do this.
Contact us at firstname.lastname@example.org for a complete overview of our processing operations in relation to the services that you use.
We will not sell your personal data to third parties unless we have your permission to do so.
All handling of your data by SSG takes place within the EU/EEA. However, SSG may process personal data outside the EU/EEA if necessary. If personal data is transferred to any country outside the EU/EEA, SSG will undertake action to ensure that this personal data continues to be protected, as well as taking the measures required to legally transfer personal data to countries outside the EU/EEA.
If a data subject has participated in a conference, webinar, event or other similar activity and the data subject does not have any other relationship with SSG, as described above, the information is saved for a maximum of 12 months after the activity has been completed. If the data subject has agreed to receive information about future conferences, webinars, events and other similar activities, the data subject’s email address will be kept as long as SSG sends out such information, unless the data subject unsubscribes.
Regardless of what has been stated in the paragraph above, SSG may store personal data for a longer time period if necessary to comply with legal requirements, such as for accounting purposes, or protect SSG’s legal interests, e.g. if legal proceedings are in progress.
You have a number of rights as a data subject in relation to SSG. Applicable privacy laws govern these rights. If you wish to exercise any of your rights, please contact SSG's Data Protection Officer via the contact details listed below. It is free of charge for you to exercise your rights. However, if your request would be clearly unfounded or unreasonable, SSG may charge an administrative fee to handle your request.
SSG will respond to requests relating as soon as possible, and always within one month from the date when SSG received the request. If your request is complicated or if a large number of requests have been submitted, SSG has the right to extend the time by another two months. You will be notified by SSG in such case.
You have the right to request a confirmation on whether SSG processes personal data relating to you, and, if personal data is processed by SSG, to receive a free copy of the personal data that is processed. If you wish to request extracts on repeated occasions, SSG will charge you an administrative fee. When a request is submitted, SSG will also submit further information about the processing operation, such as its purpose, personal data categories that are processed, anticipated storage time, etc.
If your personal data held by SSG is incorrect, you have the right to request that this data is corrected. SSG is obliged to correct your personal data without unnecessary delay.
You have the right to have your personal data deleted from SSG’s systems if the personal data is no longer needed to fulfil the purpose for which it was collected.
If your personal data has been submitted to a third party, SSG will take reasonable action to notify these parties of your request for data deletion.
If SSG is unable to delete your data for legal reasons, we will restrict the processing of your data to only include whatever is required to fulfil SSG’s legal obligations.
You have the right to request restriction of the processing of your personal data, which means that we will ensure that we only process your personal data for certain specific purposes. SSG will restrict processing in the following cases:
You have the right to object to SSG’s processing of your personal data in certain cases, e.g. in respect of research or training activities. In this case, SSG will stop processing the data unless we have compelling reasons to continue doing so, or if processing is required in order to deal with SSG’s legal claims.
You have the right to file a complaint to a supervisory authority regarding SSG's personal data processing. If you are dissatisfied with how we process your personal data, please contact the Swedish Authority for Privacy Protection (IMY), +46 8 657 61 00, email@example.com, box 8114, 104 20 Stockholm, or the equivalent authority in your EU-country of residence.
SSG has appointed a Data Protection Officer to manage all enquiries relating to data protection and personal data. SSG’s Data Protection Officer and/or SSG as a data controller can be contacted by phoning +46 (0)60 14 15 10 or sending an email to firstname.lastname@example.org.