Policy

1. Introduction

Dasa Control Systems AB, reg. no. 556360-4338 (hereinafter referred to as "Dasa") is responsible for the processing of your personal data in connection with your visit to our website and in other contexts where we interact with you.

Dasa is thus responsible for ensuring that all personal data is processed correctly and in accordance with applicable data protection legislation.

This Privacy Policy describes Dasa's processing of personal data and is intended to make you feel confident that Dasa processes your data in accordance with applicable data protection legislation.

Personal data refers to any information that directly or indirectly can be attributed to a living individual. Within the scope of Dasa's operations, there may be personal data such as first and last name, phone number, address, postal code, email address, etc.

If you have any unanswered questions, please contact us. Information on how to contact us can be found in the section "Contact information" below.

2. Why we process personal data, the legal basis, which personal data we process, and the storage period

2.1 Customers or representatives of customers, as well as potential customers

Purpose: To handle purchase orders from customers, respond to inquiries from potential customers, and participate in tenders and pitches.

Processing

We manage contact details to carry out a purchase order made by a customer. This includes keeping in touch with customer contacts through various means (phone, email, chat, video conference, or similar). Personal data is also needed to handle quotes, deliveries (including handling shipping labels, notifications, and delivery contacts), customer identification, payment handling, address verification against credit reporting agencies, and handling complaints and warranty matters.

Categories of personal data

Registration number
Contact details (e.g., address, email, and phone number)
Payment information
Purchase information (e.g., which product and/or service has been ordered and production tracking)

From which sources do we collect personal data?

Customers, potential customers, customer representatives, references, credit reporting agencies

Legal basis: Contractual fulfilment

The collection of personal data is required for us to fulfil our contractual obligations. If the data is not provided, we may not be able to fulfil our obligations and may have to decline the assignment.

Automated decision-making

Our processing of personal data does not involve decisions based on automated processing of personal data.

Storage period

Personal data is stored until the delivery is completed (including payment) and for a period of x months thereafter to handle any complaints, warranty issues, or additional orders.

Personal data, necessary for fulfilling Dasa’s legal obligations according to legal requirements, judgments, or authority decisions (e.g., the Swedish Bookkeeping Act), are stored due to legal obligations until the delivery and payment are completed and for a period of up to 7 additional years.

Purpose: To fulfil the company's legal obligations when purchasing a product or service

Processing

This covers actions necessary to fulfil the company's legal obligations according to legal requirements, judgments, or authority decisions (e.g., the Swedish Bookkeeping Act).

From which sources do we collect personal data?

Customer or customer's representative

Categories of personal data

Registration number
Contact details (e.g., address, email, and phone number)
Payment history
Payment information

Legal basis

Legal obligation

Automated decision-making, including profiling

This process does not involve decisions based on automated processing of personal data.

Storage period

Until the purchase is completed (including delivery and payment) and for a time of up to 7 years thereafter.

Purpose: For marketing

Processing

We handle contact details to market Dasa via postal mailings, email mailings (e.g., newsletters and event invitations), or targeted digital advertising.

Categories of personal data

Name
Contact details (e.g., address, email, and phone number)
Job title
Employer

From which sources do we collect personal data?

Customers or their representatives and potential customers or their representatives.

Legal basis

Consent and legitimate interest

The processing is necessary to satisfy our interest in marketing our products and services to our customers/potential customers.

Automated decision-making

Our processing of personal data does not involve decisions based on automated processing of personal data.

Storage period

The personal data of existing customers or their representatives is stored as long as we deem that they are interested in receiving the mailings, which means as long as they are our customer, otherwise at the latest two years from their last activity due to our marketing. A longer period may apply with consent.

The personal data of potential customers is stored as long as we deem that they may be interested in receiving the mailings, which typically means one year from their last activity due to our marketing. A longer period may apply with consent.

2.2 Suppliers and collaborative partners

Purpose

To communicate with contact persons of suppliers and collaborative partners, as well as potential suppliers and partners.

Processing

This includes, for example, making inquiries and orders, receiving deliveries, managing invoices and payments, and handling collaborations.

Categories of personal data

Contact information (e.g., address, email, and phone number)
Job title

From which sources do we collect personal data?

Suppliers and collaborative partners and their representatives as well as representatives from customers.

Legal basis

Legitimate interest

The agency has a legitimate interest in processing the personal data necessary to communicate with contact persons at suppliers and collaborative partners.

Automated decision-making

This processing does not involve decisions based on the automated processing of personal data.

Storage period

Until we have received information that the contact person has left or changed contact details.

Personal data, necessary for management to fulfil Dasa's legal obligations according to legal requirements, court decisions, or authority decisions (e.g., the Swedish Accounting Act), are stored due to legal obligations until delivery and payment have been completed and for a period of up to an additional 7 years.

2.3 Job applicants

Purpose

To administer a recruitment process.

Processing

This includes, for example, reviewing applications and communicating with applicants.

Categories of personal data

Name
Address
Social Security Number
Contact information (e.g., address, email, and phone number)
Identity documents
Information about the job applicant's achievements and previous work experiences

From which sources do we collect personal data?

From job applicants and the applicant's previous employers/references.

Legal basis

Until the position is filled: fulfilment of a contract
After the position has been filled: a balance of interests (or consent)

Automated decision-making

This processing does not involve decisions based on the automated processing of personal data.

Storage period

Up to two years from when the position has been filled. After the recruitment is completed, the data is archived to be used in the event of a possible appeal of the recruitment, for example under anti-discrimination legislation. Once the possibility of appeal no longer exists, the information will be destroyed.

2.4 Website visitors

Purpose

To have the opportunity to develop our services based on how our users interact with the various parts of our website. We also want to market ourselves to website visitors who are potential customers. The information collected is non-identifying until a form is filled out.

Processing

This includes, for instance, remarketing on external platforms and the use of analytics tools.

Categories of personal data

Cookies
Web beacons/pixel tags

When a form on the website is submitted to contact us or subscribe to our newsletter, we also process

Name
Contact details (e.g., address, email, and phone number)
Your activity on our website

From which sources do we collect personal data?

Website visitors and advertisers
Website forms

Legal basis

Consent and/or legitimate interest in marketing our services to you.

Automated decision-making

This processing does not involve decisions based on the automated processing of personal data.

Storage period

Our website uses two types of cookies.

One is a session cookie that is saved temporarily during your visit to the website. The cookie disappears when you close your browser.

The other type of cookie is stored on your computer for a longer time and is reused during your next visit to the website or when visiting other websites. You can delete these cookies from your browser.

Learn more about our processing of cookies and how to remove them.

3. Recipients of personal data and transfers outside the EU/EEA

As the data controller, we may instruct a partner or supplier to carry out the processing specified above, e.g., IT suppliers, providers of analysis tools, advertisers, etc. Such processing will not occur for any purpose other than what has been stated. Some partners and suppliers may have part of their operations in countries outside the EU/EEA (a so-called third country). Transfers only occur to those countries that, according to the EU Commission, have an adequate level of protection or if the provider has a legally binding and enforceable instrument guaranteeing the security of the data.

4. Your rights

You have the right to: request information about the personal data we process about you, and you can request a copy of these (data extract), have incorrect personal data corrected, and in some cases, ask us to delete your personal data, object to the processing of certain personal data about you, and request that the processing of your personal data be limited, receive the personal data you have provided to us transferred to another data controller (right to data portability), if the processing is based on consent, withdraw this consent at any time, and if you are dissatisfied with how we process your personal data, you can file a complaint with The Swedish Authority for Privacy Protection's (IMY), which is the supervisory authority.

You can email the person responsible at any time and obtain, delete, or limit the processing of your personal data (contact information can be found below). Please note that if you request that we limit the processing or delete your personal data, it may mean that we will not be able to provide the service to you.

5. Protection of personal data

We have taken appropriate technical and organizational measures to protect personal data against loss, misuse, unauthorized access, disclosure, alteration, and destruction. To ensure that personal data is processed securely and confidentially, we use passwords, encrypted connections, and whenever possible: two-factor authentication. External contact with local servers only takes place via password-protected VPN tunnels. All external systems where personal data may be present are protected against intrusion according to industry standards.

Our employees and suppliers are bound by confidentiality agreements and are obliged to follow our rules for information and IT security, this personal data policy, and other internal regulations that further govern the processing of personal data.

6. Changes to this Privacy Policy

Dasa reserves the right to revise this Privacy Policy as needed. The date of the latest revision is indicated at the end of the Privacy Policy. If Dasa makes any changes to the Privacy Policy, Dasa will publish these changes in the news feed on the website. Therefore, you are advised to read this Privacy Policy regularly to be aware of any changes. If Dasa changes the Privacy Policy in a manner that significantly differs from what was stated when the person's consent was collected, Dasa will notify about these changes and, if necessary, obtain a new consent for Dasa’s personal data processing.

10. Contact information

For any questions or concerns regarding this Privacy Policy or our processing of personal data, please contact us at:

Dasa Control Systems AB, reg.no. 556360-4338

Thomas Palmgren, Sals & Marketing Director

Hammerdalsvägen 3, 352 46 Växjö

Email: info@dasa.se

Phone: +46 (0)470-77 09 50