Paper Province is a world-leading business cluster within the forest bioeconomy. We are owned and operated by more than 100 member companies. Paper Province (hereinafter also “we” or “us”) safeguards your privacy and this data protection policy explains how.
The policy has the following content:
Under current data protection legislation, personal data may only be collected for “specified, explicit and legitimate purposes”. The party collecting the data may not later process them in a manner incompatible with these purposes. Moreover, any processing conducted by the party that has collected the data must be supported by law, that is, have a legal basis. Our processing of your personal data is founded on one or more of the following legal bases:
In the vast majority of cases, the legal basis is contract, legal obligation or legitimate interests assessment. However, in certain cases, our processing requires your consent. In such cases, we will obtain your consent for the concerned processing before it is begun.
Below, we present the “legitimate purposes” for which we collect your personal data and the appropriate legal basis for doing so.
You are always welcome to contact us with any questions you may have concerning privacy and data protection by emailing us at firstname.lastname@example.org.
What do we do with your information?
All information is used to provide, deliver and improve our services to you as a member or as a participant at an event, seminar or network meeting. We process your personal data for the following purposes on the following legal bases:
Purposes and legal bases
The purposes of the processing are to: 1) confirm your identity and verify your personal and contact details; 2) improve our services and develop the services we offer our member companies; and 3) comply with current legislation, such as the Swedish accounting act. The legal bases are contract, legitimate interests assessment and legal obligation, respectively.
Communication with you
We may process your personal data when we need to communicate with you to provide relevant information concerning membership news, business intelligence and invitations to seminars, events and network meetings. Our legitimate interests for this type of processing are to keep you as a member/customer informed about our services and to be able to improve said services. In conjunction with such processing, we may use your contact details (name, email address, phone number). Contact may be made by electronic communication channels, phone or post. If you do not wish to receive such communications, you are welcome to email us at email@example.com. As regards our electronic mailings, each email always includes an option to unsubscribe.
What information do we collect?
You may directly or indirectly provide us with information about yourself in several different ways, such as when visiting our website or registering for an event/seminar/network meeting or as a subscriber to our newsletters. This information can include the following details: personal and contact information (name, mobile number, email address, organisational affiliation, position, invoicing and delivery address). We do not normally collect information classed as sensitive personal data. However, in connection with a particular event at which we provide refreshments, we may collect information about food allergies. This information is kept only until the event has ended.
Who is able to access your data?
All our staff have access to the stored information. The reason for this is that all employees are involved in some form of communication activity with our member companies. However, it is primarily communication officers and administrators who are the most frequent users. In addition, any external consultants we engage may have access to information, although they are only granted access to the information required to fulfil their contracted roles.
Our IT services provider
All IT operation and maintenance are provided by Onestep IT AB. In partnership with them, we have taken appropriate legal, technical and organisational measures to ensure that your data are handled securely and provided adequate protection. We have also entered into a personal data processing agreement with Onestep IT AB.
What we will NOT do with your data
We will not sell or share your personal data with any third party without your permission to do so.
Where do we process your personal data?
We will primarily process your personal data in Sweden. If your personal data are transferred to a country outside the EU/EEA, we will take measures to ensure that your personal data continue to be protected and will also take the measures necessary to lawfully transfer said personal data to countries outside the EU/EEA.
How long do we keep your personal data?
Your personal data are kept only for as long as there is a need to keep them to fulfil the purposes for which they were collected in accordance with this data protection policy. We may keep certain data for longer if this is necessary for compliance with other legal requirements. We keep data about members/customers for a maximum of 12 months after the member/customer no longer has a binding, ongoing relationship with us.
Under current data protection legislation, you are entitled to receive information about when and how we process your personal data. Moreover, in certain cases, you are entitled to a copy of your personal data or to have them moved, rectified or erased. You have the right to receive, free of charge, information about which of your personal data we process (following a subject access request, or SAR). Such requests shall be made in writing and be signed by you. Note that we only release data that we definitely know to be yours. Nor may we release information that infringes someone else’s rights. You are to submit such a request to us by post. Mark the envelope “Data protection” and send it to: Paper Province, Sommargatan 101 A, 656 37 Karlstad. To be certain that the information pertaining to the subject access request is not sent to the wrong person, we send it to your officially registered address.
Right to rectification
You are entitled to request that your personal data be rectified if they are inaccurate. We are then obligated to rectify your personal data without undue delay.
Right to erasure (right to be forgotten)
As a member/customer, you are always entitled to contact us to request that your personal data be erased. We are obligated to erase the data provided that: 1) the data are no longer required for the purposes for which they were collected; 2) the processing is based on your consent and you are withdrawing your consent; 3) the processing is conducted for direct marketing and you object to the data being processed; 4) you object to personal data processing conducted after a legitimate interests assessment and there are no legitimate reasons that override you interest; 5) the personal data have been processed unlawfully; or 6) erasure is required to fulfil a legal obligation.
Right to restrict the processing of your personal data
You are entitled to request the restriction of the processing of your personal data, which means that we may only process your personal data for certain specific purposes. We will restrict our processing in the following cases: 1) If you claim that the personal data are inaccurate, and we need time to check the accuracy of the data. 2) You object to the processing we conduct. The processing is then restricted until a legitimate interests assessment has been conducted comparing your reasons for objecting and our legitimate interests. 3) If you believe that we should erase your personal data, but we cannot do so for some reason.
Right to object to processing
In certain cases, you are entitled to object to the processing of your personal data, such as within research or following a legitimate interests assessment. Then we may only continue the processing if there are mandatory legitimate interests that override your rights, or if the processing is required to exercise our legal claims.
If you believe that we are processing your personal data in violation of current data protection legislation, you are encouraged to report the matter to us at your earliest convenience.
Paper Province is the controller of the processing of your personal data as set out above and complies with Swedish data protection legislation. All our employees are well acquainted with data protection matters. You are always welcome to send any questions about our processing of personal data to firstname.lastname@example.org.
Paper Province reserves the right to update this policy as necessary. This data protection policy was last updated on 14 December 2018.
Cookies and similar technologies