GS1 is the data controller for the processing of your personal data and is responsible for ensuring that all processing is carried out in accordance with applicable law.
Categories of personal data we process concerning you
When you are in contact with GS1, you may provide us with personal data. GS1 processes your personal data such as name, address, email address, etc.
Who may get access to your personal data?
Your personal data will be processed by GS1.
In addition, your personal data may be shared with third parties that process personal data on our behalf, so-called personal data processors. For example, our IT and system providers may gain access to your personal information.
We and our suppliers and partners only process your personal data within EU/EES.
Specifically for sole traders
If you are a sole trader and the company contains your personal name, the following also applies. We share this information, as well as your company’s contact information with certain selected recipients who process the personal information on their own behalf. It can e.g. be resellers who use the information we share with them to verify that the identification number your company uses is based on a valid GS1 license. In addition, the data will be shared with third parties through services provided by GS1 Sweden or GS1 Global Office. In all cases, the personal data may also be processed outside the EU / EEA, e.g. in the U.S.
The transfer of personal data takes place in accordance with your expressed consent [which is obtained separately]. There is no decision on an adequate level of protection and there are also no suitable protection measures for the transfer to e.g. the USA. There may be no supervisory authority and/or data processing principles and/or rights for the data subject in the recipient country. Despite this, we make the assessment that a transfer can take place without risk, taking into account that the personal data constitutes information regarding your company.
Purpose and legal basis for our processing of your personal data
GS1 bases the processing of your personal data on a number of legal grounds and for a number of purposes described below.
- In some cases, GS1 may have a legal obligation to process your personal data. This applies to the processing of personal data that we do to meet legal requirements according to, for example, the Accounting Act (Bokföringslag (1999:1078)).
- Part of the processing of personal data that we perform is based on a so-called balancing of interests. Examples of this are when we use partners, or our handling of personal data about contact persons at our customer companies, and to enable general customer care and customer service.
Our legitimate interest in processing your personal data is that GS1 should be able to handle practical parts of a business relationship.
The provision of your personal data is in some cases a requirement that is necessary to enter into an agreement between your company and us. You are not obliged to provide personal information. If you do not provide us with your personal information, we will not be able to fulfill our agreement or fulfill our obligations in relation to your company.
How do we protect your personal data?
We and our IT- and system suppliers have taken several security measures to protect the personal data that is being processed. We have firewalls and anti-virus software to protect and prevent unauthorised access to our networks and systems. Our employees have strict instructions to process all personal data in accordance with applicable laws and regulations. Only a limited number of employees have access to the facilities and systems where personal data are being stored and passwords and usernames, as well as two-factor authentication, are required to log in to these systems.
How long do we keep your personal data?
We never process your personal data for a longer period than is allowed by applicable law, regulation, case law, or authority decisions. Personal data that we process for the purpose of fulfilling our agreement with your company are normally processed for the period that is necessary to administer the contractual relationship, exercise our rights and fulfil our obligations towards your company in its capacity of a customer to us. To comply with legal obligations, we may keep your personal data for a longer period.
In accordance with current data protection legislation, you have the right to access information about which personal data we process about you and the right to request the correction of your personal data.
Under certain conditions, you also have the right to request deletion or restriction of your personal data or object to our processing of your personal data. You also have, under certain conditions, the right to obtain the personal data concerning you that you have provided to us in a structured, generally used and machine-readable format and have the right to transfer these to another personal data controller.
You have the right at any time to withdraw a consent to the processing of personal data with effect from the withdrawal. You also have the right at any time to object towards the processing of your personal data for the purpose of direct marketing.
If you have any complaints regarding our processing of your personal data, you have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten) or any other competent supervisory authority that monitors enterprises’ processing of personal data.
If you wish to exercise your rights in accordance with what is stated above or otherwise wish to contact us regarding our processing of your personal data.