Our Integrity Policy

It is important to us that you feel confident about the way we process your personal data or use CCTV at our production units and wood terminal. We process personal data and CCTV material in line with best practice and current legislation.

In the Norra Group, we collect and use your personal data within the framework of our various operations. At our production units in Sävar and Kåge and at the wood terminal in Haparanda, we have cameras monitoring production and the areas around the sawmills. All the areas under surveillance are marked with signs. This policy explains how we process your personal data and what rights you have, plus the purpose of using CCTV in certain limited areas.

The information is aimed at:

  • forest owners (members and non-members)
  • elected officials
  • contractors
  • employees
  • suppliers
  • partners
  • anyone interested in what Norra can do for you
  • participants in our marketing activities or customer surveys
  • participants in our events and activities
  • job applicants
  • visitors to our websites.

 

The General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) has now become law in all EU member states. In simple terms, the General Data Protection Regulation means that:

  • Norra is only allowed to collect your personal data if there is a clear purpose and if we meet the legal requirements
  • the data that is collected must be necessary for the business
  • once the purpose of processing the personal data has been achieved, the data must be erased
  • in the event of an audit by the Swedish Data Protection Authority, Norra must be able to demonstrate that it has the requisite procedures in place for correct processing of personal data.

     

    What counts as personal data?

    Personal data is any kind of information that can directly or indirectly be connected to an identifiable living person. Data about you might include your personal ID number, your name or your address. If you can clearly be identified in an image, this may also count as personal data.

     

    What does processing mean?

    Processing is a broad term that covers almost everything that may be done with personal data, including collection, organisation, storage, amendment, reading, use, sharing and deletion.

     

    Who is responsible for the processing of personal data at Norra?

    Each business within the Norra Group is responsible for ensuring that their personal data is processed correctly and that your rights are upheld. However, the CEO holds ultimate responsibility.

     

    How have we obtained your personal data?

    Norra obtains personal data in two ways: there is data that you voluntarily give to us and data that we collect about you.

     

    Information that you volunteer includes:

  • Data that we receive when you contact us, apply for membership, register via online forms, purchase services, apply for a job with us, visit us or in some other way make contact with us.

     

    Information that we collect about you includes:

  • Data that we gather or purchase from external registers.

     

    Purpose, legal basis and erasure

    The purpose of the processing must always be stated and is critical in determining several factors, ranging from the legal basis of the processing to the assessment of what data is processed, which individuals are given access to data and when data must be erased.

    The purpose of processing your personal data and the legal basis on which we do this varies according to the different relationships Norra has with you as a registered person.

    Your personal data may be saved for a limited period and may be erased when it is no longer relevant for the purposes for which it was collected. Data may be exempt from erasure if, for example, Norra needs it in order to comply with specific legal requirements.

     

    Examples of reasons why Norra processes personal data:

  • To collect, register and administer the information needed for your various contracts or supplementary services, such as Norra Skogsskolan or “My Pages”.
  • To update information such as registered address, email and phone number.
  • To manage deposits and withdrawals from your member account.
  • To calculate your premiums and fees.
  • To answer your questions via an online form or on the phone.
  • Information required so that Norra can fully meet its responsibilities as an employer.

     

    Who has access to your personal data?

    Primarily, it is the relevant employees at Norra who need your personal data in order to perform their work.

    Recipients with whom we share personal data or might share personal data are primarily service providers. These companies are only permitted to process personal data in line with the personal data processor agreement signed with Norra. In addition, we may submit necessary information to government agencies, if we are compelled to do so by law.

     

    Your rights regarding Norra’s processing of your personal data

    When Norra processes your personal data, you have a number of rights. These include being able to obtain information about what data we hold on record about you. A request from you about exercising your rights must be processed within one month, as long as the request is not of a complex nature or a large number of requests have been received. In this case, the time may be extended by two months, but you must be informed of this delay and be told why your request will take longer to process. If a request is clearly unfounded or unreasonable, particularly due to its repeated nature, Norra is entitled to reject the request.

     

    You have the right, for example:

  • to request access to your personal data
  • to request rectification, erasure or restricted processing of your personal data
  • to object to the processing of your personal data
  • in certain cases, to receive your personal data and transfer it somewhere else (data portability). Norra is then obliged to facilitate this data transfer
  • withdraw any consent
  • complain to the Swedish Data Protection Authority about Norra’s processing of your personal data.

 

Why does Norra have CCTV surveillance?

The purpose of our CCTV surveillance is to monitor the stock status within our own business and to prevent and investigate any criminal activity. The decision to use CCTV involved weighing up the various interests: we need to be able to run our business in an efficient way, but we are not obliged to have CCTV surveillance. Data from CCTV is usually stored for no longer than seven days, and Norra complies with all the legislation on processing and erasure. The material is used by Norra’s employees or by a third party contracted to provide services within Norra’s business. No data will be passed on to a third country or used for automated decision-making.

 

If you have any questions or wish to submit a request, contact:

GDPR-Info@norra.se

 

Compliance

The Swedish Data Protection Authority is the supervisory authority. It is also the body you should contact if you have a complaint about the way Norra processes your personal data. Contact details for the Swedish Data Protection Authority can be found on their website:

www.datainspektionen.se