Policy – Processing of Personal Data in Accordance with the GDPR

Purpose

We at the Biototal Group are committed to protecting your privacy. The purpose of this policy is to inform you about how we process your personal data, what we use it for, who has access to it and under what conditions, and how you can exercise your rights. You should feel secure when you entrust us with your personal data. Our internal procedures are based on applicable data protection laws and clarify how we work to safeguard your rights and privacy.

Responsibility

This Privacy Policy applies to the Biototal Group, which includes the companies Biototal Norden AB, Biototal Förnyelsebar Växtnäring AB, Biototal Grön Resurs AB, Biototal Group AB, and MEWAB AB. One of these companies is the data controller for your personal data, which means that we are responsible for how your personal data is processed and for ensuring that your rights are protected.

The companies within the Biototal Group work closely together, which means that they sometimes act as data processors for one another—that is, they process personal data on behalf of another Biototal company. Data processing agreements are in place between the companies to ensure that your personal data is processed properly among them.

Background

The Biototal Group is committed to protecting your privacy and strives to ensure a high level of protection for your personal data. This Privacy Policy describes how we collect, process, and protect personal data in connection with our customer, supplier, and recruitment processes.

We process personal data only when there is a legal basis under the General Data Protection Regulation (GDPR) and limit the processing to the data necessary for the respective purposes. Our goal is always to process as little personal data as possible and to use the least privacy-sensitive data whenever possible

For customers and suppliers

We process personal data in order to fulfill our obligations to customers and suppliers, administer contracts, handle invoicing, provide support, and supply information about our services and our business.

Personal data may also be processed for the following purposes:

  • customer and market analyses,
  • follow-up on business relationships,
  • marketing,
  • compliance with legal obligations under the law.

The legal basis for the processing is primarily:

  • performance of contracts,
  • legal obligation,
  • and legitimate interest.

When we process personal data for marketing purposes, we do so based on our legitimate interest in providing information about our services and our business. You always have the right to object to processing for direct marketing purposes and can unsubscribe from such communications at any time.

For Job Seekers

We process personal data about job applicants in order to carry out recruitment processes and ensure that our organization has the necessary skills.

The personal data processed is:

  • information you provide yourself in your application, resume, or interview,
  • information provided by references,
  • as well as information that emerges from any tests or assessments conducted as part of the recruitment process.

Those who have access to the data are primarily HR managers, hiring managers, and any external recruitment agencies. When external vendors are used for recruitment, we ensure that data processing agreements are in place in accordance with the GDPR.

The legal basis for the processing is our legitimate interest in being able to assess candidates’ qualifications and suitability for employment.

If we wish to retain your application materials for future recruitment opportunities after the recruitment process has concluded, we will obtain your consent to do so.

Personal data related to recruitment is retained for a maximum of 26 months after the recruitment process has been completed, unless otherwise required by law or specific consent.

Guidelines

We process personal data only when we have a legal basis to do so. We have a legal basis if we have obtained your consent, if the processing is necessary for us to fulfill or prepare for a contract to which you are a party, or if the processing of your personal data is required for us to comply with a legal obligation. We may also process your personal data based on a balancing of interests, that is, to pursue our legitimate interests unless your interests outweigh ours and require the protection of your personal data. This gives us the right, for example, to send you direct marketing if we believe that the interest in receiving marketing about our products and services outweighs the need to protect the personal data required to send the direct marketing (such as a name and an email address).

The following are examples of the personal data we process:

  • Name
  • Address
  • Email address
  • Phone number
  • Personal Identification Number (if your Personal Identification Number is the same as your company's
  • (corporate identification number)
  • Billing information/information related to financial obligations
  • Information You Provide Voluntarily

When we organize or participate in events, we sometimes take photos and post them on our social media accounts. We try as much as possible not to post photos in which people can be identified unless we have obtained their consent beforehand. If we accidentally post a photo in which you appear in the background against your will, please contact us immediately, and we will remove the photo right away.

How do we access your personal information?

We process personal data only when there is a legal basis for such processing. You have the right to withdraw your consent at any time. We will then no longer process your personal data or collect new data, provided that this is not necessary to fulfill our obligations under a contract or by law. Please note that withdrawing your consent may mean that we cannot fulfill our obligations to you.

Personal data may be collected:

  • directly from you,
  • from the company where you are employed,
  • from public records,
  • through our website or by email,
  • when you contact us,
  • when you attend meetings, seminars, or events,
  • or in connection with recruitment.

How do we protect your personal information?

We take appropriate technical and organizational measures to ensure that personal data is processed securely and protected against unauthorized access, loss, destruction, alteration, or other unauthorized processing.

Access to personal data is limited to those employees and other individuals within the Biototal Group who need the data to perform their job duties.

We work continuously on IT security, internal procedures, and access controls to maintain an appropriate level of security and ensure that personal data is processed in accordance with applicable data protection laws.

When do we disclose personal information?

As a general rule, we do not disclose personal data to third parties except when:

  • it is necessary to fulfill contracts,
  • is required by law,
  • or when we engage suppliers and business partners who process personal data on our behalf.

In cases where personal data is shared with external parties, we ensure that the processing is carried out in a secure and lawful manner through data processing agreements or other appropriate safeguards.

How long do we retain personal data?

We retain personal data only for as long as necessary to fulfill the purposes of the processing or for as long as we are required by law to retain the data, for example, under the Accounting Act. When the personal data is no longer needed, it is securely deleted or anonymized.

What rights do you have?

As a registered user, you have the right to request, free of charge, information about what personal data we process about you through what is known as a data subject report. You also have the right to request the correction of inaccurate information, restriction of processing, to object to certain processing, and to request the erasure of your personal data. If you have given consent to the processing of personal data, you have the right to withdraw that consent at any time.

If you believe that we are processing your personal data in violation of applicable law, you have the right to file a complaint with the Data Protection Authority (IMY).

Contact

If you have any questions about our processing of personal data, please feel free to contact us.

Switchboard: 073-201 01 23

Email: info@biototal.se