Wealth Management(3)
- Start SE
- About us
- Personal Data & Cookies
- Personal Data
- Wealth Management(3)
Contact details of the data controller
Söderberg & Partners Wealth Management AB (org. no. 556674–7456)
Söderberg & Partners
Box 7785
103 96 Stockholm
Categories of personal data
Call recording – Data in the form of recordings of your voice recorded during a telephone call between you and your advisor.
Contact information – Information used to contact you, such as your email address and phone number.
Cookies – A small text file with information about your settings and preferences that is saved in your browser when you visit the website.
Corporate involvement – Information about your involvement in companies, e.g. board assignments, shareholding in companies and what degree of involvement you have in the company (i.e. passive or active involvement).
Credit data - Data associated with a customer credit, such as the data provided during the credit assessment such as negative payment history and other financial information.
Employment information – Data related to your employment, such as position, employer and type of employment.
Family relationships – Information about your family relationships, e.g. about your marriage status, partner, number of children and other close persons.
Financial information – Information about your financial status, such as details of your income, any liabilities or assets. The data may also include account details, custody details and property information.
Identity data – Data used to identify you, such as your name and date of birth.
Insurance information – Information about your insurance, e.g. occupational pension, other personal insurance, or any life insurance.
PEP and money laundering control - Checks are made against lists of people who constitute so-called politically exposed persons (PEP) as well as other money laundering checks according to current regulations, these may include information such as name, date of birth, occupation and the reason why the person is on the list.
Social security number – Information such as social security number and coordination number (if applicable) used to securely identify you. In some cases, we use national ID number and passport number, when necessary.
Tax-related data – Data related to your tax, e.g. tax liability after calculation.
Our processing of personal data
Our processing of personal data depends on the relationship you have with us. You can read more about how we process your personal data by clicking on the respective heading below.
We provide two main services – investment advisory services and portfolio management. As support services and complements, we also provide e.g. insurance distribution, custody of financial instruments and funds as well as management of orders in financial instruments. Investment advice means that we obtain and assess detailed information about your knowledge and experience regarding financial instruments, your financial situation and your goal with your investment. Based on the customer information collected, we provide you with appropriate advice regarding investments and assist in carrying out and continuously following up the investments. In portfolio management, you leave the investment decisions to us, which means that we manage a portfolio that is suitable for you on a discretionary basis based on the information you have provided. If it is appropriate for you as a customer to invest in financial instruments within the framework of an insurance policy, we can also provide advice regarding insurance and assist in the signing of an insurance contract and associated services.
What categories of personal data are processed?
Employment information, family relationships, financial information, identity data, contact information, PEP and money laundering control, social security number and tax-related data. In some cases, we also process company engagement and insurance information.
Is the data required or is it voluntary?
Collecting information from you is required in order for us to perform investment services based on the laws and regulations which apply to our business.
From which sources do we collect your personal data?
We collect information from you or the company you represent and financial information from external custody companies, if you have given us a power of attorney to obtain the information. We also collect information from the Swedish National Personal Address Register (SPAR).
For what purposes do we process your personal data?
Advisory services
The purpose is to collect and process personal data when signing an agreement and when executing the contract so that we can perform our services in a safe and secure way according to the commitments we have to you as a customer. The services we provide in the form of investment services and insurance distribution are subject to detailed laws and regulations regarding, among other things, the collection of information about you as a customer, the assessment of the information obtained, the deciding of appropriate advice and recommendations, the performance of services and ancillary services as well as documentation, follow-up and reporting of services performed.
Custody management and trading
We process your personal data in order to be able to store your funds and securities in custody and to identify who has bought, sold and made decisions in a securities transaction.
Taking out insurance and the administration of insurance
We process your personal data to enter into, administer and fulfill agreements on insurance and present alternative solutions adapted to your individual situation.
Customer due diligence
We process personal data regarding representatives and beneficial owners to comply with legal obligations to document the necessary customer knowledge.
Documentation requirements
We process your personal data for the purpose of documenting the advice we give, which is a legal obligation.
Booking of meetings
We process information in the form of identity data (name only), your social security number and your contact information for the purpose of administering the booking of consultation meetings with you.
Develop products
In order to improve our products, services and systems, we may also conduct various types of analyses and compile statistics based on personal data. The processing takes place in aggregated form and we only process such data as is necessary for the aforementioned purposes.
Secure identification
In order to adequately identify you as a customer or as a contact person for a company / organisation when logging in to our services, as well as for certain types of signatures, we process your identity data, contact information and your social security number to enable secure identification when signing with mobile Bank ID.
Legal obligation
We process your personal data to comply with additional legal obligations such as measures to prevent, detect and counter money laundering, terrorist financing, market abuse and other criminal or fraudulent behaviour. Further processing of personal data takes place as a result of legal obligations regarding reporting to Swedish and foreign authorities, as well as incident management.
On what legal basis do we process your personal data?
The legal basis for the processing is the execution of the agreement we have with you and our legal obligation to document customer relationships and the services we perform. We also have a legitimate interest in developing our products/services and systems.
Who are the recipients of your personal data?
The personal data we process about you can be sent to the Tax Authority, the Swedish Financial Conduct Authority and the companies where you have a custody account. We may also need to disclose necessary personal data about you to our suppliers for the performance of our services, for example in connection with data storage or invoicing. Your contact information may also be shared with selected partners for marketing purposes, provided that you do not object.
Transfer to third countries
Our processing primarily takes place in Sweden or within the EU/EEA. In certain cases, we use suppliers or subcontractors where personal data may be transferred outside the EU/EEA (so-called "third countries"), for example to the UK or the USA. This could be in special situations where crisis management and support are necessary and the necessary expert personnel are not available within the EU/EEA. In these cases, we ensure that measures are taken to meet the protection requirements of Article 46 of the GDPR, for example by ensuring that the EU-commission has recognised that the recipient country offers an adequate level of data protection or through the EU Commission's Standard Contractual Clauses (SCC), supplemented by encryption and data minimisation. You can read more about which countries have been assessed as offering an adequate level of data protection and what this means here (https://www.imy.se/verksamhet/dataskydd/det-har-galler-enligt-gdpr/overforing-till-tredje-land/adekvat-skyddsniva/). You can read more about the European Commission's SCC here (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en).
How long do we store your personal data?
We store your personal data for as long as our agreement with you applies. We also have a requirement to store advisory documentation and related documents for the amount of time within which claims for damages arising from the investment services can be made, plus for an additional year. This means that we store the information for eleven years after our agreement has ended.
Automated decision-making
We do not perform automated decision-making based on your personal data.
As an additional service to our investment services, we may provide a credit for the execution of transactions with financial instruments and then need to collect personal data to check the creditworthiness of the customers who applied for and / or have been granted credit.
What categories of personal data are processed?
Employment information, family relationships, financial information, identity data, contact information, credit information, PEP and money laundering control, social security number and tax-related data. In some cases, we also have company involvement and insurance information.
Is the data required or is it voluntary?
The information we collect from you is required based on the laws and regulations that our business is subject to in order for us to be able to handle credits.
From which sources do we collect your personal data?
We obtain information from you or the company you represent and financial information from UC.
For what purposes do we process your personal data?
Credit management
Our purpose to collect and process personal data when applying for and/or granting credit is to check creditworthiness. The services we provide are subject to detailed laws and regulations regarding, among other things, the collection of information about you as a customer, the assessment of the information collected, the performance of services as well as documentation, follow-up and reporting of services performed.
Custody management
We process your personal data in order to be able to book the credit at the custody account.
Customer due diligence
We process personal data regarding company involvement in order to comply with legal obligations to document the necessary customer knowledge.
Documentation requirements
We process your personal data for the purpose of documenting credits we handle, which is a legal obligation.
Secure identification
In order to adequately identify you as a customer or as a contact person for a company / organisation when applying for credit.
Legal obligation
We process your personal data to comply with additional legal obligations such as measures to prevent, detect and counter money laundering, terrorist financing, market abuse and other criminal or fraudulent behaviour. Further processing of personal data takes place as a result of legal obligations regarding reporting to Swedish and foreign authorities and incident management.
On what legal basis do we process your personal data?
The legal basis for the processing is the execution of the contract we have with you and our legal obligation to document customer relationships and the services we perform.
Who are the recipients of your personal data?
The personal data we process about you can be sent to the Tax Authority, the Swedish Financial Conduct Authority and UC. We may also need to disclose necessary personal data about you to our suppliers for the performance of our services, for example in connection with data storage or invoicing.
Transfer to third countries
Our processing primarily takes place in Sweden or within the EU/EEA. In isolated cases, we use suppliers or subcontractors where personal data may be transferred outside the EU/EEA (so-called "third countries"), for example to the UK or the USA. This could be in special situations where crisis management and support are necessary and the necessary expert personnel are not available within the EU/EEA. In these cases, we ensure that measures are taken to meet the protection requirements of Article 46 of the GDPR, for example by ensuring that the EU-commission has recognized that the recipient country offers an adequate level of data protection or through the EU Commission's Standard Contractual Clauses (SCC), supplemented by encryption and data minimisation. You can read more about which countries have been assessed as offering an adequate level of data protection and what this means here (https://www.imy.se/verksamhet/dataskydd/det-har-galler-enligt-gdpr/overforing-till-tredje-land/adekvat-skyddsniva/). You can read more about the European Commission's SCC here (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en).
How long is your personal data stored?
We store your personal data for as long as our agreement with you applies. We also have a requirement to store advisory documentation and related documents for the amount of time within which claims for damages arising from the investment services can be made, plus for an additional year. This means that we store the information for eleven years after our agreement has ended.
Automated decision-making
We do not perform automated decision-making based on your personal data.
We enter into agreements with the company or organisation you have a relationship with, to help them value their pension liabilities. This service may form the basis for financial and/or insurance advice.
What categories of personal data are processed?
Employment information, financial information, insurance information and Social Security Number,
Is the data required or is it voluntary?
The information we have about you is necessary to be able to evaluate the total pension liability.
From which sources do we collect your personal data?
We collect information from your employer or the organisation you have a relationship with or their insurance company/insurance administration company.
For what purposes do we process your personal data?
Appraisal
We process personal data regarding financial information and employment information, such as your pensionable income and benefits to be able to value our customer's total pension liability.
Documentation requirements
We process all of the above of your personal data in order to be able to correctly evaluate the pension liability. The valuation forms the basis for the advice that we have a legal obligation to document according to current securities and insurance distribution legislation.
On what legal basis is the personal data processed?
The legal basis for the processing is to be able to execute the contract that has been entered in to.
Who are the recipients of the personal data?
We may need to disclose necessary personal data about you to our suppliers for the performance of our services, for example in connection with data storage.
Transfer to third countries
Our processing primarily takes place in Sweden or within the EU/EEA. In isolated cases, we use suppliers or subcontractors where personal data may be transferred outside the EU/EEA (so-called "third countries"), for example to the UK or the USA. This could be in special situations where crisis management and support are necessary and the necessary expert personnel are not available within the EU/EEA. In these cases, we ensure that measures are taken to meet the protection requirements of Article 46 of the GDPR, for example by ensuring that the EU-commission has recognized that the recipient country offers an adequate level of data protection or through the EU Commission's Standard Contractual Clauses (SCC), supplemented by encryption and data minimisation. You can read more about which countries have been assessed as offering an adequate level of data protection and what this means here (https://www.imy.se/verksamhet/dataskydd/det-har-galler-enligt-gdpr/overforing-till-tredje-land/adekvat-skyddsniva/). You can read more about the European Commission's SCC here (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en).
How long is your personal data stored?
We store your personal data for as long as our agreement with our customer applies. We also have a requirement to store advisory documentation and related documents for the amount of time within which claims for damages arising from the financial advice can be made, plus for an additional year. This means that we store the information for eleven years after our agreement has ended.
Automated decision-making
We do not perform automated decision-making based on your personal data.
We may market our services to you through, for example, telemarketing, newsletters and event invitations. Our website also uses cookies which are created when you log in to one of our websites. This processing is completely voluntary and can be objected to at any time.
What personal data is processed?
Within the framework of our marketing, we may process your employment information, your identity data and your contact information. If you participate in an event we organize, we may also process information about allergies, if you provide it to us.
Of the above information, we only use those that are necessary for the type of marketing we carry out.
Our websites and applications use cookies. A cookie is a small text file with information about your settings and preferences that is saved in your browser when you visit the website. When we use cookies, we process information about your IP address, your browsing habits and your visit history. For more information about the cookies we use see (https://www.soderbergpartners.se/en/about-us/personal-data-cookies/cookies/).
If you want to be placed on our block list where you make it clear that you no longer want any direct marketing communication from us, we may process the types of contact information that you choose to put on the block list.
Is the data required or is it voluntary?
It is up to you whether we may use your personal data to market our or our partners' services. You can find more information on how to object to us using your personal data for marketing purposes under the heading Right to object. In addition, you can always choose whether you want to allow our website to place cookies, which are not necessary for the website to work, in your browser or not.
Providing information about allergies or other food preferences is voluntary after consent has been obtained and your consent can be revoked at any time. However, a revoked consent means that we can no longer accommodate your possible wishes regarding allergies or food preferences.
From which sources do we collect your personal data?
We collect information directly from you, other companies that your employer and/or the company that you represent is a customer of and with which we cooperate, as well as from external address providers.
For what purposes do we process your personal data?
Telemarketing
We process your identity data and contact information in order to market our services and enable contact with you.
Event
We process your identity data and contact information for the purpose of producing guest lists and providing information to you about events that we are planning and/or that you have accepted. We also process information about any allergies, in cases where you provide them to us. We will then obtain your specific consent for this processing.
Newsletter
We process identity data (name only) and contact details (e-mail address only) for the purpose of sending you newsletters. We send out newsletters to you who have chosen to subscribe via our website and to you who are a customer provided that you do not object to this. For more information about the newsletter, see here.
Contact form
We process identity data (name only) and contact information for the purpose of contacting you in the case you want to be contacted. The purpose of the processing is for the appropriate person or department to be able to help and respond to what you want help or information about.
Block list
We process the contact information or contact information that you choose to put on the block list in order to live up to our legal obligation to have an internal marketing block list.
Cookies
The purpose of our processing of personal data derived from cookies is to improve your user experience on our website. This is done through follow-up of web statistics to improve the website's content, appearance and functionality. The purpose is also to ensure that our website works, to analyze visitor statistics and to be able to provide relevant marketing and relevant offers to you through web advertising. In order for us to be able to target marketing and offers that are relevant to you as a visitor, we sometimes make selections based on your browsing habits and visitor statistics on our website. It may then happen that some visitors receive offers that others do not receive, based on so-called profiling.
To read more about specific cookies and their use, please see our Cookie Policy (https://www.soderbergpartners.se/en/about-us/personal-data-cookies/cookies/).
On what legal basis do we process your personal data?
We have a legitimate interest of marketing our services. In our balance of interests, we have taken great care that you who receive the marketing should not be surprised or unduly disturbed by our marketing. We also have a legitimate interest of analyzing data in order to improve your user experience on the website.
We carry out targeted marketing and profiling based on your consent when you have approved marketing cookies. If you have consented to marketing cookies, you can withdraw your consent to these at any time. Read more about how to change cookie settings under "Manage cookie settings" and in our Cookie Policy which can be found here https://www.soderbergpartners.se/en/about-us/personal-data-cookies/cookies/.
If we process information about allergies or other food preferences before an event, we will, via each event's registration form, collect your consent first. If you have given your consent, you have the right to withdraw your consent at any time. However, a revoked consent means that we can no longer accommodate your possible wishes regarding allergies or food preferences.
For the block list, our legal basis is the fulfillment of our legal obligation to have a functioning block list.
Who are the recipients of your personal data?
Information about you is disclosed to companies that help us with our marketing or our events.
Your contact information may also be shared with selected partners for marketing purposes, provided that you do not object.
Transfer to third countries
Our processing primarily takes place in Sweden or within the EU/EEA. In isolated cases, we use suppliers or subcontractors where personal data may be transferred outside the EU/EEA (so-called "third countries"), for example to the UK or the USA. This could be in special situations where crisis management and support are necessary and the necessary expert personnel are not available within the EU/EEA. In these cases, we ensure that measures are taken to meet the protection requirements of Article 46 of the GDPR, for example by ensuring that the EU-commission has recognized that the recipient country offers an adequate level of data protection or through the EU Commission's Standard Contractual Clauses (SCC), supplemented by encryption and data minimisation. You can read more about which countries have been assessed as offering an adequate level of data protection and what this means here (https://www.imy.se/verksamhet/dataskydd/det-har-galler-enligt-gdpr/overforing-till-tredje-land/adekvat-skyddsniva/). You can read more about the European Commission's SCC here (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en).
How long is your personal data stored?
We save your information for as long as necessary depending on the type of marketing we carry out. Regarding telemarketing, events and the contact form, we store your personal data for a maximum of six months, or until you decline further contact. Once you have chosen to subscribe to our newsletter, we will retain your data for as long as you have subscribed to the newsletter.
Please see our cookie policy for information on the storage period regarding cookies https://www.soderbergpartners.se/en/about-us/personal-data-cookies/cookies/.
Automated decision-making
We do not perform automated decision-making based on your personal data.
In order to enter into a cooperation agreement or supplier agreement with the company or organisation you represent, we need to process your personal data. We do this in order to be able to take measures before entering into a contract and simplify communication with the company or organisation you represent.
What personal data do we process?
We process information about employment information, identity data and contact information.
Is the data required or is it voluntary?
It is voluntary to provide the information we process about you.
From which sources do we obtain your personal data?
The data is collected directly from you or from the company or organisation you represent.
For what purposes do we process your personal data?
Conclusion of contract
We process your identity data, contact information and your employment information in order to be able to fulfill our contractual relationship with the company you represent, take measures before entering into a contract and simplify communication.
Meeting booking
We process your contact information for the purpose of administering the booking of a meeting with you as a representative at the company or organisation you represent.
Secure identification
In order to adequately identify you as a customer or as a contact person for a company/organisation when logging in to our services. As well as for certain types of signatures, we process your identity data, contact information and your social security number in order to enable secure identification when signing with mobile Bank ID.
On what legal basis do we process your personal data?
We have a legitimate interest in processing your personal data in order to manage and fulfill our contractual relationships with customer companies and a legal obligation to ensure secure identification.
Who are the recipients of your personal data?
In order to be able to administer our customer agreements, we disclose information to the companies that store our contract and communication documents for us. In addition, your contact information may be shared with selected partners for marketing purposes.
Transfer to third countries
Our processing primarily takes place in Sweden or within the EU/EEA. In isolated cases, we use suppliers or subcontractors where personal data may be transferred outside the EU/EEA (so-called "third countries"), for example to the UK or the USA. This could be in special situations where crisis management and support are necessary and the necessary expert personnel are not available within the EU/EEA. In these cases, we ensure that measures are taken to meet the protection requirements of Article 46 of the GDPR, for example by ensuring that the EU-commission has recognized that the recipient country offers an adequate level of data protection or through the EU Commission's Standard Contractual Clauses (SCC), supplemented by encryption and data minimisation. You can read more about which countries have been assessed as offering an adequate level of data protection and what this means here (https://www.imy.se/verksamhet/dataskydd/det-har-galler-enligt-gdpr/overforing-till-tredje-land/adekvat-skyddsniva/). You can read more about the European Commission's SCC here (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en).
How long do we store your personal data?
We process your personal data for as long as it is necessary with regard to the conclusion of agreements and the signing of insurance. If the company or organisation you represent chooses to enter into an agreement with us, we save that agreement and information about the performance for the amount of time within which claims for damages arising from the agreement can be made, plus for an additional year. This means that we store the information for eleven years after our agreement with the company/organisation that you represent has ended if there are insurance elements. If there are no elements of insurance, the information is kept for five years.
Automated decision-making
We do not perform automated decision-making based on your personal data.
If a relative of yours is a customer of ours, we may ask questions about family circumstances and financial situation, which may affect the advice to your relative.
What personal data is processed?
We process information about family relationships, financial information and identity data.
Is the data required or is it voluntary?
The information we hold about you is required based on the laws and regulations to which the business is subject in order for us to perform investment services.
From which sources do we collect your personal data?
We collect the information from your relative if he or she is a customer of ours.
For what purposes do we process your personal data?
We process your identity data, family relationship information and financial information in order to provide good advice to our customers and to meet the legal requirements for mapping and documentation that apply to our business.
On what legal basis do we process your personal data?
The legal basis for the processing is that, in order to provide appropriate advice, we have a legal obligation to request certain information about relatives.
Who are the recipients of your personal data?
We may need to disclose necessary information to our suppliers for the performance of our services to you, for example in connection with data storage.
Transfer to third countries
Our processing primarily takes place in Sweden or within the EU/EEA. In isolated cases, we use suppliers or subcontractors where personal data may be transferred outside the EU/EEA (so-called "third countries"), for example to the UK or the USA. This could be in special situations where crisis management and support are necessary and the necessary expert personnel are not available within the EU/EEA. In these cases, we ensure that measures are taken to meet the protection requirements of Article 46 of the GDPR, for example by ensuring that the EU-commission has recognized that the recipient country offers an adequate level of data protection or through the EU Commission's Standard Contractual Clauses (SCC), supplemented by encryption and data minimisation. You can read more about which countries have been assessed as offering an adequate level of data protection and what this means here (https://www.imy.se/verksamhet/dataskydd/det-har-galler-enligt-gdpr/overforing-till-tredje-land/adekvat-skyddsniva/). You can read more about the European Commission's SCC here (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en).
How long do we store your personal data?
We store your personal data for as long as our agreement with you applies. We also have a requirement to store advisory documentation and related documents for the amount of time within which claims for damages arising from the investment services can be made, plus for an additional year. This means that we store the information for eleven years after our agreement has ended.
Automated decision-making
We do not perform automated decision-making based on your personal data.
At our head office Stureplan 8, Stockholm, we have camera surveillance in our premises. We do this for security reasons.
For this processing, we, Söderberg & Partners Wealth Management AB, are joint controllers together with the companies PO Söderberg & Partner AB and Söderberg & Partners Insurance Consulting AB. If you have any questions regarding camera surveillance, you are welcome to contact our Data Protection Officer at dataskyddsombudet@soderbergpartners.se.
What types of personal data do we process?
Image capture.
Required or voluntary?
In order to be able to monitor our premises in order to prevent and investigate crime, and to be able to have traceability in the event of more serious incidents, we must process the image recordings that are made.
What is our legal basis?
Camera surveillance is carried out with a legitimate interest as a legal basis as we believe that the surveillance interest, i.e. the interest in preventing and investigating crimes and being able to have traceability in the event of more serious incidents, outweighs the privacy interest.
Who are the recipients of your personal data?
The supplier Securitas Sverige AB is used to provide the service. Personal data may also be disclosed to the police in cases where a criminal investigation is ongoing.
Third-country transfers
Your personal data is only processed within Sweden.
How long is your personal data stored?
We process your personal data for three (3) days, then it is automatically deleted.
Automated decision-making
We do not perform automated decision-making based on your personal data.
We may process your information if you submit a complaint to us. We may also process your personal data in the context of a legal process in which we are a party, when your personal data is needed for us to establish, exercise or defend our legal claims.
What personal data is processed?
We may process your information in the form of employment information, corporate involvement, family relationships, financial information, insurance information, identity information, contact information, PEP and anti-money laundering, social security number, and tax-related information.
Of the categories mentioned above, we only process the categories that are necessary to handle your complaint or to establish, exercise, or defend our legal claims in each individual proceeding.
Is the data required or is it voluntary?
We need to process the data in order to handle complaints and establish, exercise or defend our legal claims.
From which sources do we collect your personal data?
We collect the information directly from you or from other sources, depending on the relationship you have with us. These sources are listed in each category above.
For what purposes do we process your personal data?
Complaints
We process your personal data to handle a potential complaint from you.
Legal proceedings
We process your personal data to establish, exercise, and defend our legal claims in disputes or other legal proceedings.
On what legal basis do we process your personal information?
We have a legal obligation to process your personal information when handling complaints from you. When we process information in the context of a legal process, we have a legitimate interest in processing your personal data in order to establish, exercise or defend our legal claims.
Who are the recipients of your personal information?
In the context of a legal process, we may disclose your personal information to our suppliers who assist us in managing the process, such as a law firm, and to our suppliers for storage of documents related to each process.
Transfer to third countries
Our processing primarily takes place in Sweden or within the EU/EEA. In isolated cases, we use suppliers or subcontractors where personal data may be transferred outside the EU/EEA (so-called "third countries"), for example to the UK or the USA. This could be in special situations where crisis management and support are necessary and the necessary expert personnel are not available within the EU/EEA. In these cases, we ensure that measures are taken to meet the protection requirements of Article 46 of the GDPR, for example by ensuring that the EU-commission has recognized that the recipient country offers an adequate level of data protection or through the EU Commission's Standard Contractual Clauses (SCC), supplemented by encryption and data minimisation. You can read more about which countries have been assessed as offering an adequate level of data protection and what this means here (https://www.imy.se/verksamhet/dataskydd/det-har-galler-enligt-gdpr/overforing-till-tredje-land/adekvat-skyddsniva/). You can read more about the European Commission's SCC here (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en).
How long do we store your personal data?
In the case of a complaint from you, we store your personal information for five (5) years after the complaint has been received by us, in accordance with the requirements imposed on us by law. In the case of a legal process, we store your personal information for as long as necessary depending on the circumstances of each process, usually until a final decision has been reached and has become legally binding.
Automated decision-making
We do not perform automated decision-making based on your personal data.
Your rights
What rights do I have and how do I use them?
If we process personal data about you, you have a number of rights under the GDPR that you can use. If you are unsure whether we process information about you, you also have the right to receive information about whether we do or not. See the list below where we describe in more detail your rights and how you should go about using them.
You have the right to receive confirmation of whether we process personal data about you and in such cases to access your personal data (also called "register extract"). You also have the right to receive a copy of your personal data being processed. You have the right to receive a register extract free of charge showing what personal data is registered about you, the purposes of the processing and the categories of personal data to which the processing relates.
If you wish to receive a register extract, you can apply for this by submitting the application form that you find here.
You have the right to request that any incorrect information about you be corrected and also demand that we limit our processing of your personal data while we investigate your request. You also have the right to request a supplement to any incomplete information we hold about you.
If you wish to have information corrected, you can request this by submitting the application form that you will find here.
Under certain conditions, you have the right to have the information we process about you deleted. You have the right to have your personal data deleted if:
- the personal data is no longer necessary for the purposes of the processing,
- you withdraw your consent on which the processing is based,
- if you have objected to the processing that is supported by a balance of interests and we are not considered to have a legitimate interest in continued processing that outweighs your interest,
- if the processing is for direct marketing purposes and you object to the processing of the data,
- the personal data has been unlawfully processed, or
- if deletion is required to comply with a legal obligation.
We are not always able to comply with a request for deletion. For example, there may be legal requirements that require us to retain the personal data or if we need the information to be able to fulfill an agreement with you.
In case you wish to have information deleted, you can request this by submitting the application form that you find here.
You have the right to request that our processing of your personal data be restricted. Restriction can occur for several reasons.
- If you dispute that the personal data we process about you is correct, you can request restricted processing while we check whether the data is correct.
- If the document is unlawful and you object to the erasure of the personal data and instead request restriction of use.
- If you have objected to processing that is based on a balance of interests that we have used as a legal basis for a certain purpose, you can request restricted personal data processing while we work to assess whether our legitimate interests outweigh your legitimate interest.
- If we as a controller no longer need the personal data for the purposes of the processing but you need it to be able to establish, exercise or defend legal claims.
If restriction occurs, we may only, in addition to storing the data, process the data for the establishment, exercise or defense of legal claims, to protect someone else's rights or because you have given your consent. If you have had the processing of your personal data restricted, we will inform you before the restriction of processing ends.
In case you wish to have information restricted, you can request this by submitting the application form that you find here.
You have the right to object at any time to our processing of your personal data based on a balance of interests as a legal basis (legitimate interest) including profiling. Continued processing of your personal data requires us to show a legitimate interest that outweighs your interest in the processing in question. Otherwise, we may only process the data for the establishment, exercise or defense of legal claims.
You also have the right to object at any time to processing carried out for direct marketing purposes, including profiling to the extent that it is related to such direct marketing. If you have objected to processing for direct marketing purposes, we may no longer process your data for such purposes.
If you wish to object to our use of your personal data, you can request this by submitting the application form that you can find here.
In some cases, you have the right to have your personal data transferred in electronic format to another data controller (so-called "data portability"). This assumes that the transfer is technically possible and can be done in an automated way. The right to data portability applies to data that you have provided to us and that we process on the basis of performance of a contract or consent as legal bases.
If you wish to have data portability of your data, you can apply for this by submitting the application form available here.
How is your data protected
We pursue a very ambitious information security programme. This means, among other things, that we have strong technical measures that protect all our information, such as firewalls and intrusion protection. In addition, we work with access control, which means that personal data is not accessible to more of our employees than is necessary for each employee to be able to perform their work. Finally, we impose at least as high security requirements on the suppliers who process personal data on our behalf.
Questions & Complaints
If you have questions or concerns regarding our personal data management that cannot be answered by this page, you are welcome to contact your advisor, our switchboard (08-451 50 00), or email info@soderbergpartners.se.
We have appointed a Data safety representative who works to monitor compliance with the rules on the protection of personal data. Our Data Protection Officer can be reached via dataskyddsombudet@soderbergpartners.se.
If you think that we process information about you in a way that violates the Data Protection Regulation, you can primarily contact us through one of our communication channels above. If, after handling by us, you do not feel satisfied, you have the right to file a complaint with the Swedish Authority for Privacy Protection, which is responsible for the supervision of personal data processing in Sweden. The Swedish Authority for Privacy Protection can be reached via www.imy.se.