Privacy Policy

You have the right to request answers as to whether SSG processes personal data about you and, if so, to gain access to the personal data that is processed and certain associated information. In connection with such a request, SSG also provides additional information about the processing, such as its purpose, categories of personal data processed, anticipated retention period, etc. If you wish to request an extract repeatedly, SSG may charge a fee to cover the administrative costs for this.

You have the right to request that your personal data at SSG be corrected if it is incorrect. SSG is obliged to correct your personal data without undue delay.

You have the right to request that your personal data be deleted, for example if the personal data is no longer needed to fulfil the purposes for which it was collected. If your personal data has been disclosed to another data controller, SSG will take reasonable steps to notify these parties of your request for deletion. If SSG is unable to delete your personal data for legal reasons, we will limit the processing of your personal data to only what is necessary to fulfil SSG's obligations.

You have the right to request that the processing of your personal data be restricted, which means that we ensure that we only process your personal data for certain specific purposes. SSG will restrict the processing in the following cases:

• If you claim that the personal data is not correct and SSG needs time to check the accuracy of the personal data.
• If SSG no longer needs the personal data, but you request that we continue to store it because you need it to pursue legal claims.
• If you object to processing carried out by SSG. In such cases, the processing will be limited until a balance has been struck between your grounds for objection and SSG's compelling legitimate grounds.
• If you believe that we should delete the personal data, but we are unable to do so for any reason.

You have the right to object to SSG's processing of your personal data in certain cases. SSG will then cease the processing unless we have compelling reasons to continue with it, or if the processing is necessary to safeguard SSG's legal claims.

In some cases, we may ask for your consent to process your personal data for certain specific purposes. You then have the right to withdraw your consent for further processing at any time. This means that we still have the right to use already collected personal data, as you have given your consent previously.

You have the right to receive and use your personal data elsewhere. As a data subject, you have the right to transfer personal data that you have provided to us to another data controller, if the processing is based on the legal grounds of performance of a contract or consent. This only applies to personal data provided by the data subject.

You have the right to object to SSG's use of your personal data for direct marketing purposes at any time. If you object to direct marketing, SSG will not process your personal data for such purposes thereafter. For example, you can unsubscribe from a mailing list at any time by unsubscribing via a link in the email.

If SSG were to use automated decision-making and the decision could have legal consequences or similarly significantly affect you, SSG must inform you of this, give you the opportunity to request a review of the automated decision and give you the opportunity to contest the decision.

If you wish to make a complaint about our processing of your personal data, we would like you to contact SSG in the first instance, so that we have an opportunity to help you.

You also have the right to lodge a complaint with a supervisory authority about SSG's processing of personal data. If you are dissatisfied with how we process your personal data, you can contact the Swedish Authority for Privacy Protection, +46 8 657 61 00, imy@imy.se, Box 8114, 104 20 Stockholm, or with the equivalent authority in your country of residence within the European Economic Area (EEA). 

SSG processes the personal data of those who use SSG's services and/or attend SSG's courses. We process your personal data to create user accounts, deliver and manage our services, provide courses, manage course certificates, provide customer service, share your personal data, and send you information. 

Detailed information about this type of data processing can be found here.
Purposes
SSG processes the personal data of users of SSG's digital services and/or course participants for the following purposes:

• To manage and administer your user account, provide you with the opportunity to log in and access the services.
• To provide the services that you or SSG's client companies have agreed upon, such as courses and training, online services, support and apps.
• To confirm your identity and provide secure services.
• To ensure compliance with our agreements and terms and conditions.
• To administer and provide Access cards.
• To share your personal data with third parties, such as industrial companies, training companies and application providers.
• To enable interaction with third parties on the services.
• To inform you about the services you use, other services from SSG and SSG as a company.
• To send you information about updates, support, and changes to our services.
• To administer customer agreements and manage customer relationships.
• To administer invoicing and payment of SSG's services.
• To provide customer service and technical support.
• To administer administrator privileges. 

Categories of personal data

We process the following categories of personal data:

• Basic Personal Data. Name, email address, phone number, company details.

Depending on the services you use, the following additional personal data may be processed:

• Identification Data. Social security number/identification number, date of birth, copy of driver's license/passport, data for secure identification/eID, authorization via Single Sign-On (SSO).
• Contact information. Postal address.
• Profile details. Photo, language, nationality.
• Course assignments. Personal data regarding the courses and training you have completed and eligibility at specific facilities.
• Qualifications and permits. Course results, certificates, permits, authorizations, and photo or other documentation regarding qualifications and permits uploaded to the services. In exceptional cases, uploaded documentation may also contain health information (e.g. glasses requirements).
• Payment details. Billing address, payment method, payment details.
• Location information. Location data, information about entry and exit at facilities.
• Purchase history. Documentation of purchases in SSG's web shop, which documents you have the right to download or which services you have the right to use.
• Technical data. Device type, IP address, language setting, login attempts, logs, and user history.
• Correspondence. Personal information contained in correspondence, emails, messages, and other interactions on the services.
• Information about courses and validity. Personal data regarding courses and validity periods of courses that you have passed.
• Administrator privileges. Permissions to be an administrator for the client company.
   

Sources
The personal data is collected directly from you, generated by your use of the services and obtained from the following third parties: companies you are associated with in the services, customer companies, application providers, certification bodies, training companies, other third parties connected to the services, authorities and publicly available sources.
Legal basis for the processing
In order for us to be able to fulfil our agreement with you, namely SSG's general terms and conditions for end users and your account registration. If we do not have an agreement with you, the legal basis is instead SSG's legitimate interest.

If uploaded certificates/documents contain health data or other sensitive personal data, they will be processed on the basis of your consent.
Categories of recipients

When using the services, personal data may be shared with customer companies, application providers, certification bodies, training companies, and other third parties connected to the services.

See also the general information on recipients, where additional categories of recipients are shown.

Retention

The personal data is stored as long as you have an active user account or valid courses/certificates:

• Your user account is active for two years from the last login. 
• Course information/certificates are valid for the time stated on the certificate.

When you no longer have an active user account or valid courses/certificates, your personal data will be deleted.

Invited new users will be deleted if they have not logged in within three months of the invitation.

SSG processes the personal data of those who participate in SSG's conferences, events, events and other similar activities. We process your personal data to plan, carry out and follow up on our conferences and other similar activities, as well as to hold training courses and webinars. 

Detailed information about this type of data processing can be found here.
Purposes
SSG processes the personal data of participant in SSG's conferences, events, events and other similar activities for the following purposes:

• To plan and execute events and conferences.
• To invite you as a potential participant/speaker.
• To promote upcoming events and conferences.
• To send booking confirmation, communicate with you before a booked event and manage participant lists.
• To send course certificates or certificates of participation.
• To enable networking between participants.
• To provide customer service.
• To record webinars and conferences.
• To follow up and evaluate completed events.
• To document events, live presentations, manage digital participation and associated chat.
• To photograph and film events and participants.
• To publish information, images and videos from events in SSG's channels.

Categories of personal data

We process the following categories of personal data:

• Basic Personal Data. Name, email address, company details, title.

Depending on the course/training, the following additional personal data may be processed:

• Identification Data. Personal identity number, coordination number.
• Contact information. Phone number, postal address, billing address.
• Photo and video. Photo and video from events.
• Merits. Training results, certificates, certificates of participation.
• Payment details. Billing address, payment method, payment details.
• Dietary preferences. Dietary preferences, if applicable.
• Agreements and documentation. Personal data in agreements, meeting minutes and other relevant documentation.
• Correspondence. Personal data in correspondence, emails and messages. 

Sources 

The personal data is collected directly from you and obtained from third parties. Personal data is obtained from the company you represent and publicly available sources.
Legal basis for the processing
The personal data required to complete the conference, event, webinar or training course: in order for us to be able to fulfil our agreement with you for the provision of the event/training. If we do not have an agreement with you and for information about upcoming events and photos/videos, the legal basis is instead SSG's legitimate interest.
Categories of recipients
Personal data is shared with the client company you represent and partner companies that assist SSG in organising the event/training, such as providers of premises and catering.

Basic personal data may be shared with other event participants/course participants.

Photos and video recordings from events may be shared and published, for example on SSG's website and in other digital channels.

See also the general information on recipients, where additional categories of recipients are shown.
Retention

Personal data collected for a specific event is stored until the event is completed and payment is received, and for two years thereafter. If a new event is booked during the storage period, the personal data will be processed for the upcoming event. In this case, the storage period will be extended as for the first event. 

In order to be able to invite to future events, basic personal data is stored until further notice, unless you request to be deregistered or if SSG stops sending such information. 

SSG processes the personal data of those who participate in SSG's committees, networks, working groups and other similar activities. We process your personal data to plan, carry out and follow up on activities for our committees, networks and workshops. 

Detailed information about this type of data processing can be found here.
Purposes
SSG processes the personal data of participants in SSG's committees, networks, workshops and other similar activities for the following purposes:

• To organise and administer different types of committees, networks and working groups.
• To send out information about upcoming activities.
• To document meetings, follow up on discussion points, drive development and coordinate interests within the focus area.
• To provide customer service.
• To follow up and evaluate completed activities.

Categories of personal data

We process the following categories of personal data:

• Basic Personal Data. Name, email address, company details, location.

Depending on the activity, the following additional personal data may be processed:

• Contact information. Telephone number, postal address.
• Photo and video. Photo and video.
• Payment details. Billing address, payment method, payment details.
• Dietary preferences. Dietary preferences, if applicable.
• Protocols and documentation. Personal data contained in opinions, documentation, minutes of meetings and positions.
• Agreements and documentation. Personal data in agreements and other relevant documentation.
• Correspondence. Personal data in correspondence, emails and messages.

Sources
The personal data is collected directly from you and obtained from third parties. Personal data is obtained from the company you represent and publicly available sources.
Legal basis for the processing
The legal basis for the processing of personal data is SSG's legitimate interest.
Categories of recipients
Basic personal data may be shared with other parties participating in the committee, network or working group. Protocols and documentation can be shared with client companies.

Photos and videos from activities may be published, for example on SSG's website and in other digital channels.

See also the general information on recipients, where additional categories of recipients are outlined.
Retention

Personal data is stored as long as the committee/network/workshops remains, and you are a participant. In the event of dissolution or if you leave, personal data will be deleted within one year. 

Personal data in protocols and documentation is stored for archiving purposes.

In order to be able to invite future committees, networks and working groups, basic personal data is stored until further notice, unless you request to be deregistered or if SSG stops sending such information. 

SSG processes the personal data of those who are or represent a customer of SSG. We process your personal data in order to administer ongoing contractual relationships, provide services, evaluate and follow up on the contractual relationship and otherwise manage the parties' cooperation. 

Detailed information about this type of data processing can be found here.
Purposes
SSG processes the personal data of representative of customer companies for the following purposes:

• To inform about and sell SSG's services.
• To negotiate, conclude and follow up on agreements.
• To onboard and set up the services.
• To provide contracted services, ancillary services and other commitments.
• To provide administrator accounts to the customer.
• To review quality, follow up on deliveries and fulfillment of agreements, and to evaluate the customer relationship.
• To manage the fulfillment of the agreement and administer the relationship between the parties.
• To provide customer service and technical support.
• To invoice and charge for services in accordance with relevant agreement.
• To communicate with the customer, document meetings, follow up on discussion points and develop collaboration.
• To follow up and evaluate completed activities.
• To enable integrations in the services between the Customer and third parties, such as industrial companies, training companies and application providers; 
• To provide information about the services the customer uses, other services from SSG and SSG as a company.
• To invite to activities, events and meetings. 

Categories of personal data
We process the following categories of personal data:

• Basic personal data: Name, email address, company details, title.

Depending on the activity, the following additional personal data may be processed:

• Contact information. Telephone number, postal address.
• Payment details. Billing address, payment method, payment details.
• Agreements and documentation. Personal data in agreements, meeting minutes and other documents.
• Correspondence. Personal data in correspondence, emails and messages.

Sources
The personal data is collected directly from you and obtained from third parties. Personal data is collected from the company you are associated with, and publicly available sources.
Legal basis for the processing
If you represent a legal entity, the legal basis is SSG's legitimate interest. If you represent a sole proprietorship or yourself, the legal basis is our agreement with you.
Categories of recipients
The personal data is shared with the company or organisation you represent.

See also the general information on recipients, where additional categories of recipients are shown.

Retention
Personal data is stored for as long as there is a business relationship between SSG and the customer you represent, and for one year thereafter. If you cease to be a contact person, your personal data will be deleted as soon as possible, however, personal data in documentation and agreements may remain until these are renegotiated or terminated.

SSG processes the personal data of those who are or represent a supplier, consultant or partner of SSG. We process your personal data in order to administer ongoing contractual relationships, purchase goods and services, evaluate and follow up on the contractual relationship and otherwise manage the different parties' cooperation. 

Detailed information about this type of data processing can be found here.
Purposes
SSG processes the personal data of representatives of a supplier, consultant or partner for the following purposes:

• To procure, evaluate, order and purchase goods and services.
• To negotiate, conclude and follow up on agreements.
• To quality review, ensure correct deliveries and fulfillment of agreements, and to evaluate safety requirements.
• To manage the fulfillment of the agreement and administer the relationship between the parties.
• To supervise consultants.
• To pay for goods and services.
• To communicate, document meetings, follow up on discussion points and develop cooperation.
• To obtain customer service and technical support.
• To follow up and evaluate completed activities. 

Categories of personal data
We process the following categories of personal data:

• Basic Personal Data. Name, email address, company details, title.

Depending on the activity, the following additional personal data may be processed:

• Contact information. Telephone number, postal address.
• Payment details. Billing address, payment method, payment details.
• Agreements and documentation. Personal data in agreements, meeting minutes and other relevant documentation.
• Correspondence. Personal data in correspondence, emails and messages. 

Sources
The personal data is collected directly from you and obtained from third parties. Personal data is obtained from the company you represent and publicly available sources.
Legal basis for the processing
If you represent a legal entity, the legal basis is SSG's legitimate interest. If you represent a sole proprietorship or yourself, the legal basis is our agreement with you.
Categories of recipients
The personal data is shared with the company or organisation you represent.

See also the general information on recipients, where additional categories of recipients are shown.
Retention
Personal data is stored for as long as there is an active business relationship between SSG and the supplier, consultant or partner you represent, and for one year thereafter. If you cease to be a contact person, your personal data will be deleted as soon as possible, however, personal data in documentation and agreements may remain until these are renegotiated or terminated.

SSG processes the personal data of those who apply for a job or assignment at SSG. We process your personal data in order to manage recruitment processes, evaluate applications and contact those who have shown interest in working at SSG. We also process personal data about the reference persons provided by candidates.

Detailed information about this type of data processing can be found here.
Purposes
SSG processes the personal data of those who apply for a job or assignment at SSG for the following purposes:

• To administer recruitment processes, including obtaining CVs, cover letters and other documents of relevance, conducting job interviews and evaluating candidates.
• To contact reference persons.
• To conduct, document, evaluate and follow up on interviews.
• To conduct tests.
• To conduct background checks for risk positions.
• To offer candidates jobs and conclude contracts.
• To market SSG as an employer at trade fairs and career fairs and to collect personal data from relevant candidates on these occasions.
• To send out emails to candidates, publish advertisements and inform and interact in digital channels.
• To retain the personal data of interesting candidates for future recruitments. 

Categories of personal data
We process the following categories of personal data:

• Basic personal data: Name, e-mail address, social security number/identification number, telephone number, postal address.
• Merits and grades. CV, educational results, academic qualifications, certificates, permits, authorizations.
• Personal letter. Content of the personal letter.
• Salary claim. Salary and remuneration information.
• Data from reference persons. Personal data provided by the reference person you provide to us.
• Correspondence. Personal data in correspondence, emails and messages.
• Agreements and documentation. Personal data in agreements, meeting notes and other relevant documents.
• Test results. Test results from completed tests during the recruitment process.
• Data from publicly available sources. Personal data contained in public sources and social media such as LinkedIn, search engines and public records. 

Sources 

The personal data is collected directly from you and obtained from third parties. Personal data is collected from recruitment agencies, companies that carry out background checks (for risk positions) and aptitude tests, reference persons and publicly available sources. 

Legal basis for the processing 

The legal basis for the processing at the initial stage of the recruitment process and general processing of candidates' and reference persons' personal data is SSG's legitimate interest. 

In the final stage of a recruitment process, the legal basis for processing candidates' personal data is that the processing is necessary to take steps before a possible employment contract is concluded.

In order to save the personal data of relevant candidates for future recruitment processes after the process has been completed, the legal basis is consent.

Categories of recipients
Personal data is shared, where applicable, with recruitment companies, companies that carry out background checks and aptitude tests, and reference persons.

See also the general information on recipients, where additional categories of recipients are shown.

Retention

Your personal data will be stored during the recruitment process for two years thereafter. Personal data of interested candidates may be stored thereafter and until further notice for as long as the candidate has given his/her consent.

SSG processes personal data about individuals/company representatives who have shown an interest in SSG's services or whom we consider to have a relevant profile for SSG's services as well as all of the categories above (e.g. users and customer representatives). We process your personal data in order to market SSG and SSG's services. 

Detailed information about this type of data processing can be found here.
Purposes
SSG processes personal data about persons/company representatives who have shown an interest in SSG's services or who we consider to have an interesting profile for SSG's services and about all categories in this Privacy Policy above for the following purposes:

• To inform about and market SSG and sell our services.
• To contact potential customers, partners and others for marketing purposes.
• To communicate with you about the services that you or your company uses, such as information about updates and changes.
• To send out information about news and updates.

Categories of personal data
We process the following categories of personal data.

• Basic personal data: Name, email address, telephone number, company details.

Depending on the activity, the following additional personal data may be processed.

• Correspondence. Personal data in correspondence, emails and messages that are not linked to an existing contractual relationship between SSG and a customer/supplier/partner.
• Interactions with SSG. Information about interaction with SSG in digital channels, request to be contacted or information about shown interest in SSG and/or the services.

Sources

The personal data is collected directly from you and obtained from third parties. Personal data is collected from the company you are associated with and publicly available sources such as LinkedIn.

Legal basis for the processing

SSG processes personal data on the legal basis of legitimate interest, as the processing is necessary to satisfy our legitimate interest in communicating with you, marketing our services and making relevant offers.

Categories of recipients
See the general information about recipients, where categories of recipients are stated.

Retention
See information on retention periods under each relevant category above (e.g. under customer representative or user of SSG's services). In the case of marketing without other interaction with SSG as described above, the personal data will be stored for as long as SSG sends out marketing information and it is deemed relevant to you, provided that you do not object to future marketing.

If necessary, SSG processes personal data in order to handle and respond to legal claims, e.g. in the event of a dispute, legal process or sanction from a public authority, to carry out or be subject to audits, for other legal proceedings and to otherwise safeguard SSG's rights (including employees, representatives and other individuals otherwise connected to SSG).

Detailed information about this type of data processing can be found here.

Purposes

SSG processes personal data to handle disputes and claims, reviews and other legal proceedings for the following purposes:

• To investigate, analyse and manage legal claims.
• To communicate and negotiate.
• To defend SSG (including employees, representatives and other persons connected to SSG) in court, arbitration, government proceedings and other proceedings. 
• To send out information about disputes and claims.
• To participate in merger and acquisition processes if SSG would be subject to the sale of all or part of its business.
• To carry out research of companies that SSG may be interested in acquiring.

Categories of personal data
We process all categories of personal data collected by SSG that are necessary to handle and respond to the legal requirement. In addition, additional categories of personal data may be collected that are necessary to handle a specific dispute, process, or other claim.

In some cases, SSG may collect and process special categories of personal data and personal data relating to violations of law, but only if the processing is necessary for the establishment, exercise or defence of legal claims.

Sources

The personal data is collected directly from you and obtained from third parties, such as client companies, publicly available sources, companies that have information relevant to the dispute, courts, advisors, the opposing party and witnesses, and companies that are potential buyers/sellers in merger and acquisition processes.

Legal basis for the processing

SSG processes the personal data on the legal basis of legitimate interest, as the processing is necessary to defend SSG and its interests against legal claims and claims.

Categories of recipients

See the general information about recipients, where categories of recipients are stated.

Retention

The personal data is retained for as long as it is necessary to fulfil the purpose, mainly as long as a dispute or claim has not been finally settled.

If necessary, SSG processes personal data in order to comply with legal requirements and obligations, for example to fulfil accounting obligations and investigate whistleblowing reports.

Detailed information about this type of data processing can be found here.

Purposes

SSG processes personal data in order to comply with legal obligations for the following purposes:

• To record business transactions and comply with legal requirements for bookkeeping and accounting.
• To enable and follow up on whistleblowing.
• To fulfil the obligation to negotiate with unions.
• To comply with orders and requests from authorities.
• To report and provide information as required by law.
• To fulfil obligations under the General Data Protection Regulation, for example to provide an extract from the register to the person who requests it.
• To comply with other legal requirements and obligations.

Categories of personal data 

We process all categories of personal data collected by SSG that are necessary to comply with legal obligations. In addition, additional categories of personal data may be collected that are necessary to comply with a specific legal obligation.

In some cases, SSG may collect and process special categories of personal data and personal data relating to violations of law, but only if the processing is necessary for compliance with a legal obligation under law or regulation.

Sources

The personal data is collected directly from you and obtained from third parties, such as client companies, publicly available sources, authorities, courts, advisors and unions.

Legal basis for the processing

SSG processes the personal data on the legal basis for complying with a legal obligation.

Categories of recipients

See the general information about recipients, where categories of recipients are stated.

Retention

The personal data is retained for as long as it is necessary to comply with the respective legal obligation, for example for the time required to investigate and handle a whistleblower report and seven years for bookkeeping purposes.

SSG processes personal data regarding customer satisfaction, how SSG's services are used and how visitors navigate websites. SSG also processes personal data regarding the use of its services. 

Detailed information about this type of data processing can be found here.

Purposes

SSG processes personal data for business and product development, evaluation and follow-up for the following purposes:

• To analyze how the services are used, how visitors search for information in the services, and where visitors click.
• To obtain information from users and others about how they experience the function, appearance and smoothness of the services.
• To ask customers/users etc. about features and services they request.
• To send out and follow up on customer satisfaction surveys.

Categories of personal data

We process the following categories of personal data.

• Technical data: Visitor statistics, type of device, language, IP address, where and when the visitor clicks, and which pages the visitor visits.
• Mailings and surveys: Name, email address, company, answers to questions.
• Correspondence. Personal data in correspondence, emails and messages about business development and service development. 

Sources

The personal data is collected directly from you, generated by your use of the services, and obtained from service providers and cookies.

Legal basis for the processing

SSG processes personal data on the legal basis of legitimate interest, as the processing is necessary to satisfy our legitimate interest in business development, product development and to deliver the best possible services and user experiences. 

Categories of recipients

See the general information about recipients, where categories of recipients are stated.

Retention 

Personal data is stored for one month from the date of collection. Reports and analyses at an overall level that do not contain personal data are stored until further notice.

SSG processes personal data in order to use, manage, develop and protect SSG's IT services and systems, as well as for IT operations.

Detailed information about this type of data processing can be found here. 

Purposes

SSG processes personal data for the management of IT services, systems and operations for the following purposes:

• To implement services and systems that are necessary for SSG's operations and the provision of SSG's services.
• To implement, maintain, improve and test security in IT services and systems.
• To log, troubleshoot, and monitor services, systems, and operations.
• To detect intrusion attempts and protect against misuse/fraudulent use.
• To control access to personal data and store and encrypt sensitive data. 

Categories of personal data 

We process the following categories of personal data.

• Technical data. User-generated data, IP addresses, monitoring data, logs.
• Support. Name, email address, company details, personal data in the support case, information in tickets and description of errors.
• Correspondence. Personal data in correspondence, emails and messages. 

Sources 

The personal data is collected directly from you, generated when using the services and obtained from customer companies and service providers. 

Legal basis for the processing 

SSG processes personal data on the legal basis of legitimate interest, as the processing is necessary to satisfy our legitimate interest in maintaining a high level of security and to protect services and data. 

Categories of recipients 

See the general information about recipients, where categories of recipients are stated. 

Retention 

Personal data in support cases and logs is stored for as long as the case is ongoing and for one year thereafter. Other personal data is stored for up to one year from collection. Personal data relating to breaches and incidents is processed as set out in the subsection on handling legal disputes and claims.

SSG processes personal data in order to respond to inquiries, assist those who contact SSG, communicate internally, take necessary measures not covered by the other sections of this Privacy Policy and otherwise take necessary measures to safeguard SSG's operations, interests and objectives. 

Detailed information about this type of data processing can be found here. 

Purposes

SSG processes personal data to respond to inquiries, assist those who contact SSG, communicate internally, take necessary measures not covered by this Privacy Policy and otherwise take necessary measures to safeguard SSG's operations, interests and objectives for the following purposes:

• To take necessary action in response to requests.
• To follow up and handle cases and special situations.
• To communicate, inform and follow up where necessary and the processing is not covered by any other category in this Privacy Policy. 

Categories of personal data 

We process the following categories of personal data.

• Basic. Name, email address, company details.
• Case details. Personal data that is necessary to handle the case or request or otherwise fulfill the purpose of the specific case.
• Correspondence. Personal data in correspondence, emails and messages. 

Sources 

Personal data is collected directly from you who contact SSG or otherwise interact with SSG. In special cases, necessary personal data may be obtained from third parties and publicly available sources. 

Legal basis for the processing 

SSG processes the personal data on the legal basis of legitimate interest, as the processing is necessary to satisfy our legitimate interest in conducting SSG's business.  

Categories of recipients 

See the general information about recipients, where categories of recipients are stated. 

Retention 

Personal data is stored for as long as it is necessary to fulfil the purpose, mainly for as long as a case is ongoing.

SSG may share personal data with the following categories of recipients.

Customer companies and others who use SSG's services
Within the framework of providing the services, SSG may share your personal data with customer companies with which you have a connection, other customer companies with whom you interact through the services, as well as application providers and other affiliated companies that use SSG's services. Your personal data is shared, for example, when you enter a facility that uses SSG's services, when you confirm your eligibility or competence through SSG's services, when your personal data is included in a supplier assessment or when you log in via single sign-on (SSO).

For some customers, SSG has agreements in which SSG shares personal data to ensure availability. In these cases, we share personal data about the contractors who are approved for entry to the customer's specific industrial facility. The personal data is shared with the respective industrial facility only to the extent necessary to enable access to the respective industrial facility by reading the Access Card. Each facility is the data controller for its processing of personal data. 

SSG shares the personal data in order for SSG to fulfil its agreement with you. If we do not have a contract with you (for example, if the contract is with the company you represent), the legal basis is instead SSG's legitimate interest in providing its services.

Training providers, certification bodies, and other connected third-party services

SSG may share personal data with training providers, certification bodies and other suppliers of various services that are connected to SSG's services. SSG may, for example, share identification data to enable the acquisition of the user's certifications, training and qualifications for the user's compilation of competences. SSG may also share personal data about the user's skills. Each recipient is the data controller for its processing of personal data. 

SSG shares the personal data in order for SSG to fulfil its agreement with you. If we do not have a contract with you (for example, if the contract is with the company you represent), the legal basis is instead SSG's legitimate interest in providing its services.

Payment services

If you choose to pay for SSG's services via credit/debit card, we will disclose your card details and personal data to the payment service provider(s) that SSG engages. The payment service provider is the controller of its processing of personal data. SSG has a legitimate interest in SSG being able to charge for its services.

IT operations

SSG may share personal data with suppliers who provide IT operations services, hosting services and storage services for data. The suppliers mainly act as data processors for their processing of personal data and are therefore only allowed to process personal data in accordance with SSG's instructions.

IT services

SSG may share personal data with suppliers that provide software, online services (SaaS), system solutions such as CRM systems and case management systems, as well as other IT services. The suppliers mainly act as data processors for their processing of personal data and are therefore only allowed to process personal data in accordance with SSG's instructions.

Secure identification services

SSG may share personal data with providers of secure identification and eID services as well as login services in order to gain access to SSG's services.

Other services

SSG may share personal data with providers of analysis tools, website providers, email/SMS sending services, personalisation tools, event planning services, photo/video processing services, translation services, licensing services, text-to-speech services, geolocation services and customer satisfaction survey services. The suppliers mainly act as data processors for their processing of personal data and are therefore only allowed to process personal data in accordance with SSG's instructions.

Security providers

SSG may share personal data with suppliers of IT security systems and operational monitoring systems, security companies and providers of access control services. The suppliers are either data controllers or data processors to SSG, depending on the service provided. SSG has a legitimate interest in sharing personal data with security providers in order to maintain a high level of technical and organisational security.

Consultants

SSG may share personal data with consultants who are engaged by SSG to carry out certain work, for example for IT development. The supplier acts primarily as a data processor for its processing of personal data or, if the consultant is equivalent to an employee of SSG, under SSG's responsibility as data controller. The consultant may only process personal data in accordance with SSG's instructions.

Advisory services

SSG may disclose necessary information to external advisors, such as accounting firms, auditors, advisor firms and law firms, if we are required by law to do so, to handle or respond to legal claims, for compliance purposes or if it is necessary to safeguard the interests of SSG, a third party or a data subject. The advisor may act as a data controller or data processor, depending on the type of advisor engaged. The disclosures are made in order to comply with legal obligations or because SSG has a legitimate interest.

Social Media and Marketing

SSG may share personal data with suppliers of social media platforms such as LinkedIn and Meta, marketing agencies, media and web agencies, search engines, and marketing service providers. The provider may act as a joint controller or processor, depending on the services/tools provided. SSG has a legitimate interest in sharing personal data in order to be able to market SSG and SSG's services.

Administration and operations

SSG may share personal data with suppliers of administrative services, such as accounting services and recruitment services. Personal data may also be shared with providers of planning tools, printing and distribution services, as well as freight companies and mail handling services. The suppliers are either data controllers or data processors to SSG, depending on the service provided. SSG has a legal obligation to comply with accounting requirements and a legitimate interest in administering its operations in an appropriate manner.

Courts and arbitration institutes

SSG may provide information to courts and arbitration institutions if it is necessary to safeguard the interests of SSG, a third party or a data subject. Courts and arbitration institutions are generally data controllers. SSG has a legitimate interest in handling and responding to legal claims.

Authorities

SSG may disclose information to authorities such as the police, tax authorities or other authorities if we are required to do so by law or if it is otherwise necessary to safeguard the interests of SSG, a third party or a data subject. Authorities are data controllers. SSG has a legal obligation to comply with requests from public authorities or a legitimate interest in contributing to an ongoing criminal investigation, defending itself in official proceedings or otherwise complying with requests from public authorities.

Potential buyer/seller of business

SSG may transfer personal data to potential purchasers of SSG's business (in whole or in part) or in the event of a merger of businesses. SSG has a legitimate interest in managing its operations, including being able to be a part in mergers and acquisitions.

If you have questions about specific data processors or recipients, please contact SSG via the contact details provided at the end of this Privacy Policy. 

The person who determines the purposes and means of a particular processing of personal data must be the data controller for that processing. A part that processes personal data on behalf of a controller is a data processor. In order to determine when SSG holds each role under applicable data protection legislation, SSG has reviewed the personal data processing carried out within the framework of SSG's services and mapped out how the purposes and means of each personal data processing are determined.

SSG provides a variety of services, including training and courses, online services, supplier assessment services, contract template services and safety standards. The services provided by SSG complement each other, and the services can be used separately or as complete solutions. The services are not provided in isolation to each customer. SSG's range of services enables all connected customers of SSG (industries, contractors, consulting firms, etc.) to, for example, complete training and use SSG Access cards for access to the connected facilities. This is not done on the instructions of an individual customer, SSG has determined in advance what is to be achieved with SSG's services (the purposes) and how these are to be achieved (the means).

SSG is a data processor in accordance with applicable data protection legislation for the personal data processing carried out by SSG, on behalf of the customer responsible for the personal data, within the framework of the following functions:

• Personal data contained in local courses and courses with customer-specific content (but only regarding the customer's data) in SSG Entre and/or SSG Academy.
• The Project Staffing feature in SSG On Site.
• The Workflow function in SSG On Site.
• Personal data contained in information relating to industrial sites in SSG On Site.

The personal data processing that SSG performs as a data processor is governed by the data processing agreement that SSG has entered into with the respective customer in charge of personal data. As a data processor, SSG will only process personal data relating to the functions listed above in accordance with the instructions of the data controller and the data processing agreement entered into.