1.1 Your privacy is important to us and we aim to inform you about the various types of personal data we process and the purposes for which we do this below. We strive for a high level of protection in all processing of personal data. Within the EU/EEA, the General Data Protection Regulation (GDPR) applies from 25th of May 2018.
1.2 In accordance with applicable data protection legislation (GDPR), Blue AB, or the Blue Group companies, are responsible for the processing of your personal data as set out below. If you have any questions about this information and would like to get in touch with us, please send an email to firstname.lastname@example.org.
2. What information do we collect and process including legal grounds
2.1.1 The term ‘personal data’ refers to such information which, directly or indirectly, may refer to you as an individual. Examples of such data is name, address, email address, telephone number, personal ID number, contact details, IP address, experience and qualifications. Personal data processing refers to any action that we or a third party that we have engaged take with the personal data, such as collection, registration and storage.
2.1.2 Personal data may only be processed for specified and explicitly stated purposes and may not be subsequently processed for any purpose that goes beyond these purposes.
2.2 Websites and social media
We use the information we collect to improve the structure and content on our websites, for the websites’ usability, to send you our newsletters and other information that you have requested, for customized online advertising and to develop anonymous usage statistics.
We will not sell, rent or give away your personal information to any unrelated company, organization or individual without your permission.
2.2.2 Newsletter and other email communication
We use the service provided by Mailchimp to administer our newsletters, invitations and other email communication. You can sign up for our newsletters on our websites and when you subscribe, we will collect some of your personal information, including your name, email address, IP address and certain information about the links you click on in the mailings we send you, on a Mailchimp server.
We collect this data exclusively for our own use to be able to send you newsletters, invitations and other communication that we believe you may be interested in getting from us and that you approve to receive. To be able to use the Mailchimp service we share your data with them. Neither we nor Mailchimp will share your data with any other party, unless legally compelled to do so.
If you no longer wish to receive email communication from us, there is an unsubscribe link at the end of all our mailings. When you unsubscribe, your personal data will be deleted from our and Mailchimp’s records.
2.2.3 We delete personal data when the purpose of the processing has been completed.
2.2.4 Legal ground: (i) performance of services requested through the websites and (ii) legitimate interest for other processing activities, such as for the purpose of improving the content of the websites as well as for statistical and marketing purposes.
2.3 Employment or applications
2.3.1 If you have provided an application to us in the Blue Group, for the purpose of administrating the application and contact you we will then handle your basic information, for example your name, address, email address, telephone number, previous employments, skills and birthday.
2.3.2 Legal ground: (i) performance of a contract where you ask us to review and administer your application and (ii) legitimate interest to administer the current recruitment process, including for future recruitment purposes.
2.4 Business customers/supplier
2.4.1 We also process personal data that you have provided to us for the purpose of (i) administering the relationship with you in your capacity as representative of an entity registered as a business customer or supplier with us and (ii) sending relevant marketing material, product deliveries, invoices, product information etc. to the business customer or supplier that you represent. For example, this may concern name and contact details as well as the history of purchased products and services. The data will be kept until we have been notified that there is a new person and/or representative appointed and will then be updated.
2.4.2 Legal ground: legitimate interest of maintaining the relation with our business partners (business customers/supplier).
3. Security for the protection of personal data
3.1 We care about the protection of your personal data and will apply industry standard security measures to ensure adequate protection of your data.
4. Restrictions on the disclosure of personal data
4.1 As mentioned above, we may share personal data about you within the companies in our group. We may also appoint external partners to perform tasks on our behalf, such as providing IT services, shipping services (to handle distribution to our customers) marketing, recruitments, data analysis or statistics. The performance of these services may mean that our partners, both within and outside the EU/EEA, are able to gain access to your personal data.
For the sole purpose of supporting our business third party processors may process your information, but only to the extent necessary for us to conduct our business. We have procedures to ensure that these third party processors value your privacy.
4.2 For partners outside EU/EEA we have concluded processing contracts in accordance with Article 28(3.) GDPR, EU standard contractual clauses in accordance with Article 28(7.) GDPR or the transmission is based on a decision of the EU Commission in accordance with Article 45 GDPR (e.g. Privacy Shield).
4.3 We do reserve the right to disclose information about you if we are legally obliged to or if we are required to surrender it by administrative or law enforcement bodies (e.g. police or public prosecutors).
We do not sell your personal information to any third parties.
5. Your rights and the right to file a complaint
5.1 You have the right to request information from us at any time about your personal data we have stored and the origin, recipients or categories of recipients to whom these data are forwarded or otherwise disclosed, the purpose of the storage and processing, the planned storage period, our automated decision-making procedure, the right to data portability, the existence of a right to rectification, erasure, restriction of or objection to processing, and any existing right to lodge a complaint with a supervisory authority.
You also have the right to rectification of incorrect data and, in cases where the legal requirements are met, to blocking and erasure, as well as to restrict the processing of data. In such event, please contact Blue via the contact details listed below.
6. Data controller and contact details
6.1 Data controller 6.1.1 Websites, social media and newsletters: The Blue Group company that provides the specific website, social media profile/page or the newsletter is the data controller.
6.1.2 Recruitment: The Blue Group company to which the vacancy relates is the data controller.
6.1.3 Business customers/suppliers: The Blue Group company that has entered into an agreement with the business customer or supplier is the data controller.
6.2 Contact details
6.2.1 If you have any questions on how we process your personal data or want information about further contact details for the data controllers above, please contact us by e-mail or post.
114 26 Stockholm
6.3 Our websites may sometimes contain links to external websites or services that we do not control. If you follow a link to an external website, you are encouraged to review the principles for processing of personal data and information about cookies that apply to that website.
7. Updating this policy
Last updated: 25 May 2018