1. WHO IS RESPONSIBLE FOR PERSONAL DATA?
Deform AB with org. Reg. no. 556294-7233 and postal address Strömsnäsvägen 4, 693 32 Degerfors, Sweden (in this policy referred to as "Deform") is responsible for the processing of your personal data in connection with marketing, manufacturing, selling our products and services, as well as in other contacts with Deform, such as through personal visits, registering on our website, and service inquiries via e-mail and phone. As the controller of personal data, it is Deform's responsibility to ensure that your data is handled correctly and securely in accordance with applicable legislation.
2. WHO ARE WE?
Deform is an industrial company that helps organizations to 3D hot- and cold form various types of metallic materials such as quenched and tempered steel sheets, stainless steel sheets, including duplex and super-duplex alloys, carbon steel sheets, clad sheets, titanium, copper, bronze, and aluminium. Deform specializes in large, thick materials and complex shapes in tough materials. We also have our own heat treatment and extensive knowledge of metallurgy. We are a very flexible company that prides itself on high quality and reliability. Your data and privacy are important to us.
3. HOW DO WE RESPECT YOUR PRIVACY?
At Deform, we value your privacy and process your personal data securely and in accordance with applicable data protection laws. We collect and use the personal data of our employees, customers, suppliers, and other important partners.
4. WHAT ARE OUR GUIDELINES AND LAWS?
We comply with the General Data Protection Regulation (GDPR) within the European Union as well as applicable Swedish data protection legislation. These laws apply regardless of how the data is stored. (Electronically, on paper or in any other form.)
5. WHAT IS THE PURPOSE?
This policy informs you about how we process your personal data, why we collect it, who has access and how you can exercise your rights.
6. WHY DO WE PROCESS YOUR PERSONAL DATA?
We process personal data to provide good service, including marketing and information. We may also use them to fulfill legal requirements, conduct customer and market analysis.
If you choose not to provide your personal data, it may affect our ability to offer certain services, process assignments or send newsletters and invitations. You have the right to object to the use of your personal data for direct marketing purposes.
7. WHAT GUIDELINES DO WE FOLLOW? (WHAT PERSONAL DATA DO WE PROCESS?)
We only process personal data when we have a legal basis. We do not process personal data in any other case than when it is needed to fulfil obligations under agreement or law, or if consent has been obtained. We do not process any sensitive personal data (that is, data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or data concerning health or sex life).
8. WHERE DO WE GET ACCESS TO YOUR PERSONAL DATA?
Regarding the collection of personal data, we obtain the information in the following ways:
- We try to obtain your consent before processing your personal data whenever possible. Most often, we receive your information directly from you in connection with inquiries, orders, or services. Sometimes we may need to supplement them from public records.
- You can withdraw your consent at any time, but this may affect our ability to fulfill our obligations to you under law or contract.
8.1. We also access your personal data through the following means:
Processing of personal data of customer representatives and supplier representatives.
- Information provided directly by you.
- Information you register when visiting our website.
- Information obtained from public records.
- When you engage with one of our employees or owners.
- When you sign up for activities we organize.
- When you subscribe to newsletters and other mailings.
- When you respond to surveys and questionnaires.
- When you contact us, apply for employment with us, visit us, or otherwise contact us.
- Through the B2B market where we register contacts at customers, suppliers, and other partners.
9. WHAT IS THE LEGAL BASIS FOR OUR PROCESSING OF YOUR PERSONAL DATA?
For Deform to have the right to collect and process your personal data, there must be a legal basis for each purpose for which the data is processed. The legal bases on which we base our processing are described in this section. Please note that several lawful bases may apply for the same processing.
9.1. LEGAL OBLIGATIONS
This basis means that our processing is necessary to fulfil a legal obligation required by Deform, such as documenting payment details to comply with the requirements of the Accounting Act.
9.2. CONTRACTUAL OBLIGATIONS
This basis means that the processing is necessary to enter or fulfil a contract in which the data subject is a party or is covered by.
For you, who have entered into an agreement with Deform, you accept our terms, including the processing of your personal data to provide tailored benefits and offers. We process your data for inquiries, orders, or purchases to fulfil our contractual obligations, including product/service delivery and credit checks for invoices. Your personal data is necessary to manage you as a customer and provide our services.
This basis means that we process your personal data when you have given your explicit consent to our processing. You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. In certain cases, data transfers can also occur under Article 49 of the GDPR, for example, in fulfilling an international contract or if you have given your consent.
9.4. LEGITIMATE INTEREST
This basis means that our processing is based on a so-called balancing of interests of legitimate interest. Before the processing begins, we always carry out a balancing of interests to ensure that we do not infringe your fundamental rights and freedoms. We may use your data to improve our services, send you relevant marketing and ensure that our website is secure. We always perform careful assessments to balance our interests with your rights and protect your privacy.
10. WHAT DATA DO WE COLLECT AND HOW DO WE PROCESS THE PERSONAL DATA?
Summary of our processing of personal data explaining the categories of personal data we process for our various purposes and which legal basis forms the basis for our processing.
10.1. OVERVIEW OF PERSONAL DATA PROCESSING FOR CUSTOMER REPRESENTATIVES AND SUPPLIER REPRESENTATIVES
Categories of personal data
To be able to confirm the person's identity and verify their personal and contact details.
To be able to manage your quotes, orders, order confirmations, purchases, and invoices.
To be able to fulfil our obligations or obligations to our customers and suppliers.
To be able to provide our customers with information and market news, products, and services.
To perform risk analysis and prevent fraud.
To comply with legal obligations or obligations and comply with applicable legislation such as the Anti-Money Laundering Act and accounting laws.
To handle customer service and support matters that come submitted to us.
To prevent, prevent and investigate crime within the framework of our business, as well as to establish, defend or assert legal claims.
Collection, recording, storage, processing, grouping and similar of the following data:
● Contact details: – Company– Name– Address– Email address– URL address– Phone number– Fax number– Job title– Date of birth or age– Information about previous orders and quotes– Information about products/services, that the representative is interested in
● Customer choice
● User-generated data
● Payment details
● Financial information
● Correspondence and other information about support cases
Contacts with customers and suppliers are stored in our systems, which require login by authorized personnel to gain access to them.
To be able to fulfil Deforms contractual commitments, both in terms of entering into agreements as well as to fulfil existing ongoing agreements and warranty commitments.
Meet legitimate interest on Deforms: part to be able to communicate effectively with customers and suppliers.
To fulfil Deforms legal obligations and/or obligations.
10.2 OVERVIEW OF PERSONAL DATA PROCESSING FOR CUSTOMER REPRESENTATIVES AND SUPPLIER REPRESENTATIVES
Categories of personal data
To be able to provide our customers with good service, provide information about market news, products, and services.
To be able to publish news and articles in newspapers, trade press, website, social media and the like.
Collection, recording, storage, processing and the like of the following data:
● Contact information
● Device information (IP address, search history, geographical information, etc. Linked to the presence on the Internet)
● User-generated data:
That is, information that you voluntarily register.
● Photon of the representative
Consent of the data subject.
Meet legitimate interest on Deforms part to be able to communicate effectively with customers and suppliers.
10.3 OVERVIEW OF THE PROCESSING OF PERSONAL DATA BY OTHER PERSONS
Categories of personal data
To be able to communicate with relevant authorities and other actors and to be able to have recurring contact, e.g. regarding customs, imports, and exports.
Collection, recording, storage, processing, and the like of the following data:
● Name● Address● Social security number● Email address● Date of birth or age● Device information (e.g., IP address, AD, Language & browser settings, platform, operating system, etc.) ● Competencies● Area of relevance● Photo
● Self-published material● User-generated data: – Information that you voluntarily and voluntarily register.
Meet the legitimate interest of Deform, to communicate effectively with other persons.
To fulfill Deforms legal obligations and obligations.
10.4 DEFORM ALSO COLLECTS COOKIES
Brief description: On our site deform.se cookies are used for various purposes.
Tracking, we collect information about the number of visitors, how they navigate the website and how they found us (through search engines, links, etc.).
This information is important to us because it helps us understand how you use our website. In this way, we can improve the design, functionality and create effective marketing campaigns.
11. IS YOUR PERSONAL DATA PROCESSED IN A SECURE MANNER?
We develop working methods to ensure that your personal data is handled in a secure manner.
Our starting point is that only those who need the data for their work tasks within our organisation have access to it. We use the least privacy-sensitive data and avoid processing sensitive personal data. Our business transactions typically involve informed adult individuals who give their consent to the processing when they request a quote, inquiry, or order from Deform.
We have implemented robust security systems with a focus on protecting your privacy and preventing unauthorized access and alteration of your data. In the event of any security incidents that may involve risks such as discrimination, ID theft or financial loss, we will notify you immediately. We have established data processing agreements with our external IT suppliers and obtain your consent when it is needed for the processing.
We follow strict IT security guidelines and do not transfer personal data in situations other than those clearly described here.
12. WHERE IS YOUR PERSONAL DATA STORED?
The data we collect from you will primarily be processed within Sweden. If this is not possible, we choose solutions within the EU, only in certain cases when it comes to the processing of personal data via our website where data can be handled by external third parties, as described in the section on cookies. In case of a need for the transfer and processing of data on servers in third countries outside the EU, such as in the USA, we use dedicated and carefully monitored service providers. These service providers are committed to ensuring an adequate level of data protection and have agreed in principle with the data protection clauses of the European Commission. Read more about the European Commission's standard contractual clauses here.
12.1. DO WE TRANSFER PERSONAL DATA OUTSIDE THE EU?
We strive to handle most of our personal data within Sweden and the EU/EEA, the European Union/European Economic Area and ensure that all personal and confidential information is processed and stored within Sweden. From time to time, we work with external partners outside the EU to improve our website. If it is necessary to process personal data outside the EU, we will ensure that agreements are in place to protect your data in the same way as if it were within the EEA. Your privacy is of the utmost importance to us, and we work diligently to ensure that your data is protected, no matter where it is processed.
Please note that if you interact with us on social media, your personal data, including your picture and name, will be transferred to third countries outside the EU, in particular to the United States. This transfer happens automatically when you are active on social media platforms and is something that we have no control over. It is important to note that the GDPR does not apply in this third country, which poses an increased privacy risk, including the ability of authorities in the third country to access your personal data and limited possibilities for you to control your data.
This transfer is necessary for you to be able to contact us via social media. We rely on standard contractual clauses and supplement these with technical and organizational security measures to ensure that your data is processed securely. For more information about the European Commission's Standard Contractual Clauses, please visit their official website for more information. Thank you for your trust when interacting with us online.
13. WHO HAS ACCESS TO YOUR DATA
We use suppliers to carry out maintenance of our systems, data analysis, auditing, payments. These providers have access to your personal data to the extent necessary to perform these tasks on our behalf and are obligated not to disclose or use the information for any other purpose. We never pass on, sell or exchange your personal data for marketing purposes.
14. WHEN DO WE DISCLOSE YOUR PERSONAL DATA?
Our starting point is not to disclose your personal data to third parties unless you have consented to it or if it is not necessary to fulfil our obligations under contract or law. We never sell your information to third parties. In cases where we disclose personal data to third parties, we have established consent with you, and ensure that the personal data is processed in a secure manner. The purpose of the division is to get the services that the business and your wishes require to be performed. We share your personal data with the subcontractors and freight forwarders we use to deliver your goods. We always choose large, reputable, and trusted companies/services. The data is stored in our and their databases (storage in databases is called structured processing).
15. WHERE CAN YOU FIND THE PRIVACY POLICIES OF THIRD PARTIES WE USE?
Please look at the privacy policies of the third parties with whom we share personal data. Explore their policies to gain insight into their personal data handling practices.
16. HOW LONG IS THE PERSONAL DATA STORED?
As a starting point, we store your personal data for as long as the customer, supplier and/or partner relationship is ongoing and/or as long as you do not actively unsubscribe from, for example, a mailing list. Please note that you may be registered to more than one product, service and/or mailing list.
We will delete your personal data when we are no longer legally obliged to store it or when it is no longer needed for processing.
17. WHAT INFORMATION DO WE PROVIDE TO YOU?
When we collect your personal data for the first time, we will inform you about how we obtained the personal data, what we will use it for, what rights you have under data protection legislation and how you can exercise them. You will also be informed about who is responsible for the processing of personal data and how you can contact us if you have questions or need to submit a request or inquiry regarding your personal data and/or rights.
18. WHAT ARE YOUR RIGHTS?
An individual has the right to withdraw consent at any time. Deform will then no longer process the personal data that only requires consent. Please note that certain information is required to fulfil legal and contractual obligations. We must continue to deal with these. An individual also has the right to "be erased", i.e. that all personal data is deleted. This may then mean that we can no longer fulfil contractual or legal obligations.
If you think that we have handled your personal data incorrectly, you are welcome to contact us. Contact details can be found at the bottom of this policy.
You also have the right to lodge a complaint with the supervisory authority, the Swedish Authority for Privacy Protection.
Deform reserves the right to periodically revise or update this policy to reflect changes in our practices or to comply with the law. If Deform makes any significant changes to the way we process your personal data, we will clearly announce this on our website or through direct contact with you. We encourage you to periodically visit this section of the Site to review any changes that may have been made.
Last updated: 2023-10-26
E-mail: firstname.lastname@example.org Phone: +46 586 473 00