It is important to us that you feel confident about the way we process your personal data or use CCTV at our production units and wood terminal. We process personal data and CCTV material in line with best practice and current legislation.
In the Norra Group, we collect and use your personal data within the framework of our various operations. At our production units in Sävar and Kåge and at the wood terminal in Haparanda, we have cameras monitoring production and the areas around the sawmills. All the areas under surveillance are marked with signs. This policy explains how we process your personal data and what rights you have, plus the purpose of using CCTV in certain limited areas.
The General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) has now become law in all EU member states. In simple terms, the General Data Protection Regulation means that:
What counts as personal data?
Personal data is any kind of information that can directly or indirectly be connected to an identifiable living person. Data about you might include your personal ID number, your name or your address. If you can clearly be identified in an image, this may also count as personal data.
What does processing mean?
Processing is a broad term that covers almost everything that may be done with personal data, including collection, organisation, storage, amendment, reading, use, sharing and deletion.
Who is responsible for the processing of personal data at Norra?
Each business within the Norra Group is responsible for ensuring that their personal data is processed correctly and that your rights are upheld. However, the CEO holds ultimate responsibility.
How have we obtained your personal data?
Norra obtains personal data in two ways: there is data that you voluntarily give to us and data that we collect about you.
Information that you volunteer includes:
Information that we collect about you includes:
Purpose, legal basis and erasure
The purpose of the processing must always be stated and is critical in determining several factors, ranging from the legal basis of the processing to the assessment of what data is processed, which individuals are given access to data and when data must be erased.
The purpose of processing your personal data and the legal basis on which we do this varies according to the different relationships Norra has with you as a registered person.
Your personal data may be saved for a limited period and may be erased when it is no longer relevant for the purposes for which it was collected. Data may be exempt from erasure if, for example, Norra needs it in order to comply with specific legal requirements.
Examples of reasons why Norra processes personal data:
Who has access to your personal data?
Primarily, it is the relevant employees at Norra who need your personal data in order to perform their work.
Recipients with whom we share personal data or might share personal data are primarily service providers. These companies are only permitted to process personal data in line with the personal data processor agreement signed with Norra. In addition, we may submit necessary information to government agencies, if we are compelled to do so by law.
Your rights regarding Norra’s processing of your personal data
When Norra processes your personal data, you have a number of rights. These include being able to obtain information about what data we hold on record about you. A request from you about exercising your rights must be processed within one month, as long as the request is not of a complex nature or a large number of requests have been received. In this case, the time may be extended by two months, but you must be informed of this delay and be told why your request will take longer to process. If a request is clearly unfounded or unreasonable, particularly due to its repeated nature, Norra is entitled to reject the request.
You have the right, for example:
Why does Norra have CCTV surveillance?
The purpose of our CCTV surveillance is to monitor the stock status within our own business and to prevent and investigate any criminal activity. The decision to use CCTV involved weighing up the various interests: we need to be able to run our business in an efficient way, but we are not obliged to have CCTV surveillance. Data from CCTV is usually stored for no longer than seven days, and Norra complies with all the legislation on processing and erasure. The material is used by Norra’s employees or by a third party contracted to provide services within Norra’s business. No data will be passed on to a third country or used for automated decision-making.
If you have any questions or wish to submit a request, contact:
The Swedish Data Protection Authority is the supervisory authority. It is also the body you should contact if you have a complaint about the way Norra processes your personal data. Contact details for the Swedish Data Protection Authority can be found on their website: