Last updated May 9, 2022
Who we are
What personal data do we collect and process?
We may collect, store and use the following kinds of personal data:
- information about your computer and about your visits to and use of Enea’s website (including your IP address, weblogs, geographical location, browser type and version; operating system, referral source, length of visit, page views and website navigation);
- data that you provide to us for the purpose of registering with us (including name, address, email address, organizational size and activity);
- data that you provide to us for the purpose of subscribing to our website services, email notifications and/or newsletters (including name and email address);
- information that you provide us by filling in forms on our website, for example information provided at the time of subscribing to our services, posting material, any inquiry through the “Contact Us” section of the website, the request for further services and/or products or information when submitting online job applications;
- data that you provide to us when you use our products and services;
- data that you provide to us when you take part in campaigns or research or otherwise interact with us;
- any other data that you choose to send to us;
When an how do we process your personal data?
Fulfilling your requests
We use personal data to process your requests, and to fulfill our contractual obligations, for example to provide you with products and services. We also use personal data to ensure the functionality and security of our products and services, and to prevent and investigate misuses. We will engage in these activities to manage our contractual relationship with you or to comply with a legal obligation.
Communicating with you
We use personal data to communicate with you, for example to respond to and process your requests and deliver requested material and information, or to provide you notifications you have requested. We will communicate with you based on our legitimate interest, to manage our contractual relationship, or to comply with legal obligations.
We use your personal data to provide you with relevant information about our products and services we feel may be of interest to you, and to personalize the information we provide to you. We market to you based on your consent or our legitimate interest.
Accomplish our business purposes
We use analyze personal data for several reasons including:
- Improving the efficiency of our services, including how this website works and how content is brought to you,
- Enhancing, maintaining, or modifying our current products and services,
- Determining the effectiveness of our promotional campaigns,
- Aggregating and anonymizing personal data for providing third parties with statistical data about our users – this information cannot be used to identify any individual users.
When and how do we share your personal data?
In addition, we may disclose your personal data:
- if we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation or any other governmental request;
- in connection with any legal proceedings or prospective legal proceedings;
- in order to establish, exercise or defend our legal rights, for example in civil or criminal proceedings;
- if we reorganize our business, for example if we sell, buy, merge, consolidate, transfer, or change in control any business or assets, in which case we may disclose your personal data to the prospective seller or buyer (including their advisers);
- if we believe that there is a threat to the information stored in this website, or in order to protect or defend our rights or the well-being of our users. In general, we may release certain personal data in cases where we believe that the release of the information is reasonably necessary to protect the rights, property, and safety of others and ourselves.
- In cases where you provide us with your consent to do so.
We use certain processors in the general running of our business and to assist it in providing our services to our clients. A processor is a third-party service provider or data processor engaged by Enea, who has or potentially will have access to or process personal data on our behalf.
We require our processors to enter into agreements that satisfy the requirements of Article 28 of the General Data Protection Regulation, including but not limited to obligations to:
- process personal data in accordance with Enea’s documented instructions;
- ensure that persons authorized to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
- not engage a sub processor without prior specific or general written authorization of Enea and when engaging a sub processor, impose the same data protection obligations as are in place between itself and Enea;
- provide regular training in security and data protection to personnel to whom they grant access to personal data;
- implement and maintain appropriate technical and organizational measures to ensure the security, integrity and confidentiality of personal data;
- promptly inform Enea about any actual or potential security breach; and
- cooperate with Enea in order to deal with requests from Enea’s clients, data subjects or data protection authorities, as applicable.
Where do we store and transfer your personal data?
What do we do to safeguard your personal data?
We are committed to protect any personal data divulged to us. We have implemented appropriate technical, administrative and organizational precautions to prevent the loss, misuse or alteration of your personal data. We have taken appropriate technical, administrative and organizational facilities, systems and processes necessary to ensure the safety of your personal data and avoid its alteration, loss, theft, or unauthorized disclosure. The persons processing your personal data are required to keep personal data confidential.
Unfortunately, the transmission of information via the internet is not completely secure. Even though we will use reasonable efforts to protect your personal data taking into consideration the risk represented by the processing and nature of the data being protected, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use the measures described above to prevent unauthorized access.
For how long will we store personal data?
We will only retain your personal data for as long as necessary to fulfil the purposes for which we collected it, including to comply with our legal, accounting or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
We may save the personal data longer if we are required by law or to safeguard our legal interests, for example in connection with a legal process.
We will delete any information, which reasonable seems to be inaccurate or out of date by reason of the time elapsed since it was collected or by reason of any other information in our possession.
What are your legal rights?
You have the right to:
- Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check various circumstances of the processing and that we are lawfully processing it.
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons such as our legitimate interests which will be notified to you, if applicable, after you have made your request.
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
You may exercise your rights by contacting us on the address set out under the header “Contact” below.
You should be aware that in some cases, especially if you wish us to delete or stop processing your personal data, this may also mean that we may not be able to continue to provide the services and/or products to you.
What responsibility do we have for third party websites?
The website contains links to other websites. We are not responsible for the privacy policies or practices of third party websites.
How do you contact us?
Who is the controller of your personal data?
The data controller responsible in respect of the data collected on this website is Enea AB, P.O. Box 1033, 164 21 Kista, Sweden.