POSAB privacy policy

Contact details of the data controller
Categories of personal data
Our processing of personal data
Your rights
How we protect your personal data
Questions and complaints

Contact details of the data controller

PO Söderberg & Partner AB (org. nr. 556659–9964)

Söderberg & Partners (att: Data protection officer)
Box 7785
103 96 Stockholm

If you have been contacted by us for marketing purposes, we act as the data processor of one of our partners listed in the table below. We therefore ask you to contact the relevant company for more information about the processing.

Document

Categories of personal data

Contact information – Information used to contact you, such as your email address and phone number.

Cookies – A small text file with information about your settings and preferences that is saved in your browser when you visit the website.

Employment information – Information related to your employment, such as your professional position and the employer you represent.

Identity data – Data used to identify you, such as your name and date of birth.

Social security number – Information such as social security number and coordination number (if applicable) used to securely identify you. In some cases, we use national ID number and passport number, when necessary.

Our processing of personal data

Our processing of personal data depends on the relationship you have with us. You can read more about how we process your personal data by clicking on the respective heading below.

When conducting marketing activities directed at you, such as telemarketing or newsletter distribution, we act as data processor on behalf of one of our partners. Accordingly, you are advised to review the privacy policies of each respective partner, accessible via the links provided below, for a comprehensive understanding of how your personal data will be processed by those entities.

Söderberg & Partners Insurance Consulting AB

Söderberg & Partners Wealth Management AB

Söderberg & Partners Löner AB

Söderberg & Partners Förmåner AB

Söderberg & Partners Wealth Services AB

Rebel Elhandel AB

Söderberg & Partners Bolån AB

Cookies

Our websites and applications use cookies. A cookie is a small text file with information about your settings and preferences that is saved in your browser when you visit the website. When we use cookies, we process information about your IP address, your browsing habits and your visit history. You can read more about the specific cookies and their use here.

To initiate and facilitate contractual negotiations with the entity you represent, we are required to process certain personal data. This data processing is necessary for taking preliminary steps prior to entering into a contract and to streamline communication with the entity you represent.

What personal data do we process?

We process employment information, identity data such as your name, and contact information.

Is the data required or is it voluntary?

It is voluntary to provide the information we process about you.

From which sources to we obtain your personal data?
The data is obtained directly from you or from the entity you represent.

For what purposes do we process your personal data?

Conclusion of contract

We process your identity data, contact information, and employment information for the purposes of undertaking pre-contractual measures and executing a contract with the entity you represent.

Contractual performance and ongoing communication

We process your identity data, contact information, and employment information for the purposes of fulfilling the obligations arising from the contractual relationship with the entity you represent, and to maintain ongoing contact with you and provide updates regarding our services.

On what legal basis do we process your personal data?

We have a legitimate interest in processing your personal data for the purposes of managing and fulfilling our contractual obligations with client companies.

Who are the recipients of your personal data?

To facilitate the administration of customer agreements, we may disclose customer information to third-party service providers responsible for the secure storage and management of contractual and communication records. Furthermore, customer contact information may be shared with selected business partners for legitimate marketing purposes, subject to the express consent of the data subject. Further details regarding marketing activities and the right to object are outlined in the sections processing in relation to marketing and the Right to Object.

Transfer to third countries

Our processing primarily occurs within Sweden or the EU/EEA. In limited cases, we may utilize suppliers or subcontractors located outside the EU/EEA (so-called “third countries”), such as in the USA or the UK. These situations may arise in exigent circumstances requiring crisis management or support, where necessary expertise is unavailable within the EU/EEA. In such instances, we undertake strict measures to ensure compliance with the data protection requirements outlined in Article 46 of the General Data Protection Regulation (GDPR). These measures include verifying that the recipient country possesses an adequate level of data protection, as determined by the European Commission, or through the EU Commission’s Standard Contractual Clauses (SCC), and employing supplementary safeguards such as encryption and data minimization techniques. You can read more about which countries have been deemed to offer an adequate level of data protection, along with further information on the topic, here. Further information about the European Commission’s SCC is available here..

How long is your personal data stored? 

We retain and process your personal data for as long as is reasonably necessary to fulfill the purposes for which it was collected. This may include retention periods required by applicable laws and regulations. Where a contractual relationship exists between us and the entity you represent, we will retain the contract and all related documentation for a period of ten (10) years following the termination of the contractual relationship, in order to comply with legal and contractual obligations and to defend ourselves against any potential claims arising from the contract.

Automated decision-making

We do not perform automated decision-making based on your personal data.

Your rights

What rights do I have and how do I exercise them?

Pursuant to the provisions of GDPR, individuals whose personal data is processed by us possess certain rights. If you are uncertain of whether we process your personal data, you have the right to obtain information as to whether we do or not. For more information about your rights and how to exercise them, see the list below.

You have the right to obtain confirmation of whether or not we process personal data about you. Where such processing is occurring, you have the right of access to your personal data (also referred to as “register extract”). This right encompasses the right to obtain, free of charge, a register extract containing information about the personal data being processed, the purposes for which the personal data is processed and the categories of personal data subject to the processing.

If you wish to receive a register extract, you can apply for this by submitting the application form available here.

You have the right to request that any inaccurate information about you is corrected and also require us to restrict our processing of your personal data while we investigate your request. Furthermore, you have the right to request the completion of any incomplete information we hold about you.

If you wish to request rectification, you can apply for this by submitting the application form available here.

Under certain conditions, you have the right to have the personal data we process about you erased. You have the right to have your personal data erased if one of the following applies:

the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed,
you withdraw your consent on which the processing is based,
you have objected to the processing based on a balance of interests and we are not considered to have a legitimate interest in continuing the processing that outweighs your interest,
the processing is for direct marketing purposes and you object to the processing,
the personal data has been unlawfully processed, or
the personal data must be erased for compliance with a legal obligation.

We are not always able to comply with a request for erasure. For instance, there may be legal requirements that require us to retain the personal data, or the processing of your personal data is necessary to fulfill a contractual obligation with you.

If you wish to request that your personal data is erased, you can apply for this by submitting the application form available here.

You have the right to request our processing of your personal data to be restricted. Restriction of processing can be required if one of the following applies:

the accuracy of the data is contested by you, you can request restricted processing while we verify the accuracy of the personal data
the processing is unlawful and you oppose the erasure of the personal data and request a restriction of use instead
you have objected to the processing that is based on the balance of interests used as legal ground for a certain purpose, you can request a restriction of processing while we investigate as to whether our legitimate interest override your legitimate interests
we as a controller no longer need the personal data for the purposes of the processing, but it is required by you for the establishment, exercise or defense of legal claims

Where processing has been restricted, we may only, with the exception of storage, process the personal data for the establishment, exercise or defense of legal claims, for the protection of rights of another person, or with your consent. Where processing has been restricted, we shall inform you before the restriction of processing is lifted.

If you wish to request that the processing of your personal data is restricted, you can apply for this by submitting the application form available here.

You have the right, at any time, to object to our processing of your personal data based on a balance of interests as legal basis (legitimate interests), including profiling. Continued processing of your personal data requires us to demonstrate a legitimate interest that overrides your legitimate interest regarding the processing in question. Otherwise, we may only process the personal data for the establishment, exercise or defense of legal claims.

You also have the right to object at any time to the processing of your personal data for direct marketing purposes, including profiling to the extent it is related to such direct marketing. Where you have objected to processing for direct marketing purposes, we may no longer process your data for such purposes.

If you wish to object to our use of your personal data, you can apply for this by submitting the application form available here.

Under certain conditions, you have the right to have your personal data transmitted in a structured, commonly used and machine-readable to another controller (so called “data portability”). This assumes the transfer is technically possible and can be carried out by automated means. The right to data portability applies to data you have provided to us and that the processing is based on consent or on a contract as legal ground.

If you wish to have data portability of your data, you can apply for this by submitting the application form available here.

How is your data protected

Söderberg & Partners maintains a robust information security program. This incorporates a range of measures designed to safeguard the confidentiality, integrity, and availability of personal data. These measures include the implementation of strong technical security controls, such as firewalls and intrusion detection systems. Further, we apply a robust access control mechanisms, ensuring that access to personal data is restricted to authorized personnel on a need-to-know basis. Finally, we implement stringent security requirements on suppliers who process data on our behalf.

Questions & Complaints

If you have any questions or concerns regarding the processing of personal data that are not addressed in this document, please contact your advisor, our switchboard (08-451 50 00), or email info@soderbergpartners.se.

We have appointed a Data Protection Officer to oversees compliance with applicable data protection regulation. The Data Protection Officer can be contacted at dataskyddsombudet@soderbergpartners.se.

If you believe that we are processing your personal data in a manner that is inconsistent with the Data Protection Regulation, you are encouraged to contact us through any of the communication channels listed above. If you believe that we violate the privacy legislation, you may also lodge a complaint with relevant supervisory authority. In Sweden, the competent supervisory authority is the Swedish Authority for Privacy Protection (IMY) which can be contacted at:

Webbplats: www.imy.se
Telefon: 08-657 61 00
E-post: imy@imy.se
Postadress: Box 8114, 104 20 Stockholm

POSAB privacy policy

Contact details of the data controller

Categories of personal data

Our processing of personal data

Marketing purposes

Contract management and collaboration

Your rights

Right of access

Right to rectification

Right to erasure (”Right to be forgotten”)

Right to restriction

Right to object

Right to Data Portability

How is your data protected

Questions & Complaints