Bulten is committed to maintain the highest standards of its processing of Personal Data whether such data relates to an employee of Bulten or a customer, supplier, job applicant or other stakeholders. It is the policy of Bulten to require its managers and employees, wherever located, to comply with all applicable legal and regulatory requirements.
Any questions concerning the applicability of these procedures should be directed to the Personal Data Coordinator. The contact information of the Personal Data Coordinator is:
Claes Lundqvist, Information Security
+46 31 7345934
+46 70 7730599
3. General Data Protection Considerations
Bulten AB (publ) is considered to be the Data Controller of Bulten. The Data Controller strives to always protect Personal Data from unauthorized access, disclosure, alteration or destruction. Bulten´s operations are subject to the requirements of various national data protection laws, in particular European data protection laws, but also other laws and in other jurisdictions, as well as European data protection authorities, which impose certain limitations and procedures on processing of Personal Data. Some processing is required by law and therefore always legitimate, such as the processing of Personal Data relating to health and union affiliations for the purpose of the administration of sick pay, rehabilitation of employee, fulfilment of obligation to negotiate with unions and union fee deduction on salary and in order for Bulten to otherwise perform its obligations or exercising its rights under employment law. Further, the Personal Data is processed for the purpose of Bulten´s reporting obligations according to applicable law, e.g. to unions and authorities such as tax and social insurance. However, almost all countries’ data protection law stipulates a requirement to inform the data subject of its rights to access its data and to correct and amend such data.
4. Data subjects
4.1.1 Bulten will hold, process and transfer Personal Data regarding its employees, employees’ next of kin, job applicants, customers, suppliers and other stakeholders for the purpose of conducting business activities. This Personal Data is used solely for legitimate employment and business purposes, and it is only disclosed to those who are authorized to use it for these purposes.
4.1.2 The Personal Data is not collected uniformly within Bulten as the subsidiaries are subject to different national legislation which are providing different legal requirements for the processing of Personal Data. However, Bulten does not intend to process any excessive data that is not required by the specific business unit within Bulten.
4.2.1 Bulten will, as a part of its normal business activities, process its employees’ Personal Data e.g. name, address, telephone number , social security number/national insurance number, personal identity number or employment number etc.
4.2.2 The information will be used for administration, evaluation and development of the employment relationship.
4.3 Job applicants
Bulten will, as a part of its normal business activities, process Personal Data relating to job applicants. Such Personal Data is mainly provided by the job applicant but can also be gathered by Bulten from the job applicant’s previous employers or from any third party or source such as the Internet. The Personal Data consists of data submitted by the job applicant, normally in a C.V. Such Personal Data shall only be processed for the purpose of evaluating the job applicant for the intended position or for another position which Bulten deems appropriate from time to time. In the event Bulten wishes to retain the job applicant’s Personal Data after the intended position has been appointed, Bulten shall inform the job applicant of such storage. In no event shall such Personal Data be stored for a longer time than necessary for the purpose of its processing or in conflict with any applicable data protection law.
4.4 Customers, suppliers and other stakeholders
Bulten will, as a part of its normal business activities, process Personal Data relating to customers, suppliers and other stakeholders. Such Personal Data is mainly provided by the contact person at respective customer, supplier or by other stakeholders. However, the Personal Data may also be gathered from any third party or source such as the Internet. The Personal Data consists of name, telephone number, e-mail address and other data necessary to fulfil any customer/supplier agreement or obligation. In no event shall such Personal Data be stored for a longer time than necessary for the purpose of its processing or in conflict with any applicable data protection law.
5. Transfer of Personal Data
5.1 Transfer of Personal Data within Bulten
5.2 Transfer of Personal Data outside Bulten
Bulten will, as a part of its normal business activities, transfer Personal Data relating to its employees, job applicants, customers, suppliers and other stakeholders. Such transfers are concerning employees in relation to third parties with whom Bulten has entered into agreements, e.g. banks in order to pay salary; insurance providers in order to provide insurance for the employees; unions in order to fulfil the union obligations; occupational health care providers in order to provide health care; and pensions funds in order to fulfil its pension obligations etc. Any transfer shall be limited to strictly required and necessary Personal Data. Transfer of personal data shall always be assessed and precautions shall be maintained.
5.3 Data Transfers from countries outside Europe to EU
A Processor and a person or those persons who work under the Processor’s or the Controller’s direction may only Process Personal Data in accordance with instructions from the Controller. Any engagement of a Processor shall be governed by a written agreement of the Processor’s Processing of the Personal Data on behalf of the Controller. Such agreement shall specifically stipulate that the Processor may only process Personal Data in accordance with instructions from the Controller and that the Processor is liable to implement appropriate technical and organisational measures to protect the Personal Data that is processed. The measures shall provide a level of security that is appropriate having regard to (a) the technical possibilities available, (b) what it would cost to implement the measures, (c) the special risks that exist with Processing of Personal Data, and d) how sensitive the Processed Personal Data really is.
6. Access and rectification
While Bulten cannot guarantee that unauthorized access will never occur, please be assured that all employees must take great care in maintaining the security of any Data Subject’s Personal Data and in preventing unauthorized access to it through the use of appropriate technology and internal procedures.
8. Retention of personal data
Personal Data about employees should not be retained after ended employment. However, some Personal Data may be required by law to be retained for an extended period. Bulten may also retain information for as long as a dispute with a former employee is current. It may also be necessary to retain certain data for administrative purposes, such as payment of pensions. Bulten may retain purely factual information such as “termination due to redundancy”, “dismissal” and “termination due to personal reasons” as well as grades and employment certificates with ratings which Bulten has provided the employee after ended employment relationship.
8.2 Job candidates
Personal Data in job applications, interview notes and data from references should normally be sorted out when the recruitment procedure has been completed. However, Bulten may retain the information e.g. as long as the job candidate has the opportunity to appeal a negative decision. If Bulten wishes to use any Personal Data for future recruitment purposes, information is required to be provided to the job candidate as well as obtaining his/her consent.
8.3 Customers, suppliers and other stakeholders
Bulten may not retain its customers’, suppliers´ or other stakeholders´ Personal Data after such relationship has ended, for example, when a contractual agreement regarding goods/services has ended. If Bulten has undertaken to fulfil any warranty obligations, the retention of some Personal Data may be justified until such warranty period has expired.