Here we provide information on the general aspects that apply for all processing of personal data at Holmen.
In addition, a more specific description is provided for the categories marketing, contractual parties and business relations, forest owners, job applicants and also employees (see all below) in which the purpose of processing your personal data, the legal basis and the erasure of data varies.
The type of data processed
Personal data means all information that can be used in any way to identify or be linked to a specific individual. The personal data we process may vary depending on the purpose for which it is processed. In largely all cases, however, it covers contact details, such as name, address, phone number and e-mail address.
Where the registered person is our contractual party we also process matter related information and data necessary to manage payments. In some cases information regarding the data subject's customer and/or supplier segment is processed. We may also process property related data.
How we collect personal data
We collect personal data that is provided voluntarily by the data subject. This may occur in contact in the form of meetings, e-mail, phone calls or in other ways. We also collect data if you use our web forms and through our websites using cookies that collect data on and from your browser, see further at www.holmen.com/cookies.
Data may also be added and updated with information from publicly accessible sources, such as public registers, e.g. the SPAR register of persons resident in Sweden and the Real Property Register (Fastighetsregistret). In some cases, information is purchased from companies that compile registers.
Purpose, legal basis and erasure
The purpose of processing is always to be stated and is crucial to several aspects; for determining the legal basis for processing, but also for assessing which data is to be processed, who is authorised to access data and when data is to be erased. The purposes for which we process your personal data, the legal basis on which we do this, and how long we retain your data for are described separately for the various relationships that the Holmen Group has with you as a data subject, see the menu on the left.
Your personal data will be erased when it is no longer relevant for the purposes for which it was collected. Exceptions may be made to erasure if Holmen needs the data to comply with statutory requirements or to protect Holmen's legal interests.
Protection and safety
Holmen takes the appropriate organisational and technical security measures to protect your personal data from unauthorised access, change and erasure. All data is stored in databases protected by authorisation and access controls and by firewalls. Internal documents set out how personal data is to be processed. The safeguards are examined and tested regularly.
Holmen-companies that are data controllers
Depending on which business operation a data processing of your personal data is assignable to, the responsibility may rest with different companies within the Group. Decisive for the responsibility is which company or companies that choose the purpose of processing data and the way in which the data is to be processed as data controllers. In numerous cases there is a joint responsibility for Holmen-companies, why these companies have entered into an arrangement in respect of protecting personal data. Holmen has a joint managament for issues relating to processing pf personal data, see below.
Sharing of personal data
The Holmen-group has several Group-wide functions and your personal data may be shared with other companies within the Group. Your personal data will only be processed by a limited number of people with specific authoritisation who need the data for the purposes described.
The data may also be shared with suppliers that we use for different services. This mainly refers to suppliers we use to conduct operation and maintenance of our IT systems. We only share your data with external suppliers if, and to the extent, necessary. Where we hire others to process personal data on our behalf (data processors), we enter into agreements to ensure that your personal data is processed securely and legally.
If Holmen's processing of your personal data means that personal data is transferred to countries outside the EU/EEA, measures are put in place to ensure a high level of security and legal processing.
Holmen may share your personal data to the police or another authority if required to do so by law or by the decision of a authority, in order to protect Holmen's legal interests or to investigate, uncover or prevent fraud, other crime or security problems.
You have the right to be given information on the personal data we process about you. You have the right to correct incorrect data and, in some cases, the right to have your data erased. You can request limits on the data processed and you can object to certain types of processing. In respect of personal data you provided yourself, you may be entitled to demand that his data is transferred from one data controller to another.
A request for information about which of your personal data we hold must be made in writing and be signed by you. Please specify the categories of data to which you want access or your relationship with Holmen, such as customer contact, job applicant or forest owner. We may need to request additional documentation and information to establish the identity of the person making the request.
You are welcome to contact us with any inquiries, requests for information or objections regarding processing of personal data you may have. may be made by post or by e-mail. you may have. Contact details are set forth below. Your matter will be swiftly passed on to the right part of the Group.
Who to contact
Communication regarding our processing of personal data is to be made to:
Box 5407, 114 84 Stockholm, Sweden
phone: +46 8 666 21 00
Holmen in UK
In UK, Holmen has local management of GDPR matters and communication is to be made to:
CA14 1JX Workington Cumbria
phone: +44 1900 601000
Holmen in Germany
In Germany, Holmen has a designated data protection office (DPO) that can be contacted:
Stefan Köster, www.koester-eConsulting.com
phone: +49 (172) 515 78 34
You always have the right to make a complaint regarding the processing of personal data to the relevant supervisory authority. As a data subject you can choose which country’s supervisory authority you wish to contact.