Processing of personal data (GDPR)

Purpose

We take care of your privacy. You should be able to feel secure when entrusting your personal data to us. For this reason, we have drawn up this policy. It is based on current data protection legislation and clarifies how we work to safeguard your rights and privacy.

The purpose of this policy is to make you aware of how we process your personal data, what we use them for, who may view them and under what conditions, and how you can safeguard your rights.

Background

The main reason why we process your personal data is to fulfil our obligations towards you. We proceed on the basis that we do not process more personal data that is necessary for the purpose, and always endeavour to use the least sensitive information.

We also need your personal data to provide you with a good service, for example, in terms of marketing, monitoring and information. In addition, we may need your personal data to comply with laws and carry out customer and market analyses.

You have the right to object to our use of your personal data for direct marketing purposes. When we collect personal data about you for the first time, you will receive more information on this and how you can object to it.

Guidelines

What personal data do we process?

We only process personal data where there is a legal basis for this. We do not process personal data unless this is necessary for the fulfilment of obligations in accordance with agreements and the law. Examples are given below of the personal data we process:

  • Name
  • Address
  • Email address
  • Telephone number
  • Fax number
  • Age
  • Date of birth
  • Gender
  • Title
  • User name
  • Photographs
  • Payment card numbers, credit card numbers and other bank-related information

How do we gain access to your personal data?

Where possible, we try to obtain your consent before starting to process your personal data. We do this by asking you to complete explicit consent clauses if the processing is based on consent.

You have the right to withdraw your consent at any time. In such case, we will no longer process your personal data or obtain new data, provided this is not necessary for the fulfilment of our obligations in accordance with an agreement or the law. Note that withdrawing your consent means we are unable to fulfil the obligations we have towards you.

We also gain access to your personal data in the following ways:

  • Information you provide to us direct
  • Information that is registered when you visit our website
  • Information that we obtain from public records
  • Information that we obtain when you consult one of our employees
  • Information that we obtain when you register for our courses or seminars
  • Information that we obtain when you subscribe to newsletters or other mailings
  • Information that we obtain when you reply to our questionnaires and surveys
  • Information that we obtain when you contact us, seek employment with us, visit us or otherwise contact us

What information do we give you?

When we collect your personal data for the first time, we will inform you how we have obtained your personal data, what we will use them for, what rights you have according to the data protection legislation, and how you can safeguard these rights. You will also be informed of who is responsible for the processing of the personal data and how you can contact us if you have any queries or need to submit a request or enquiry that concerns your personal data and/or your rights.

Are your personal data processed in a satisfactory manner?

We draw up procedures and methods of working to ensure that your personal data are processed in a secure way. The basic condition is that only employees and other persons within the organisation who need the personal data to carry out their work duties have access to them.

Regarding sensitive personal data, we have established authorisation controls, which means there is a higher level of protection for your personal data.

Our security systems are developed with your privacy in mind, and provide a high degree of protection against intrusion, destruction and other modifications that may pose a risk to your privacy.

We have several policies for IT security, to ensure that your personal data are processed securely. We do not transfer your personal data other than as explicitly stated in this policy.

When do we disclose your personal data?

Our basic principle is that we do not disclose your personal data to third parties if you have not given your consent to this or if it is not necessary for the fulfilment of our obligations in accordance with agreements or the law. In those cases where we disclose personal data to third parties, we draw up a confidentiality agreement to ensure that the personal data are processed in a satisfactory manner.

Responsibility

Eson Pac is a data controller, which means that we are responsible for the processing of your personal data and for ensuring that your rights are safeguarded.

Video surveillance in Veddige
In Veddige, we have video surveillance over the building and at the entrance to the office, to protect our operations. In connection with our video surveillance, MM Eson Pac is responsible for data protection and therefore data controller. In the following, we provide an overview of how these video, image and sound recordings are handled by us. This information is directed at all persons who are within the scope of these control systems or who use them, irrespective of whether they are employees, applicants, suppliers, customers, or visitors.

We process the image and sound material relating to you exclusively for the purposes of building or plant security and access control. We have a legitimate interest in processing your personal data for these purposes. The processing serves to maintain general security in the company, i.e., not only production and information security, but also the security of the workforce against attacks of any kind. Due to the security-specific purpose of the processing, the limited recording area of the video surveillance, the few persons authorized to access the data and the storage of this data limited to the necessary extent, our company-related interests prevail. We store information for 30 days.

The legal basis for this is Article 6 (1) (f) GDPR.
We share your personal data processed in connection with the operation of the video or building surveillance systems just if this is necessary. We may share this data with IT service providers who assist us in connection with the technical setup or maintenance of these systems. However, we may also share your personal data with affiliated companies if this is necessary for the stated purposes. Under certain circumstances, we may also be required by law or in the context of official or procedural proceedings to transmit image or sound recordings made by you or access data to authorities. Furthermore, in the event of legal violations or other punishable acts, we may transmit this data to competent courts or other public authorities, but also to law firms. If these recipients are data processors under data protection law, extensive data processing agreements have been concluded.

The MM Group is a globally operating group, which means that your personal data processed in connection with video and building surveillance systems may be transferred to third countries that do not have an adequate level of data protection according to European data protection law. The receiving entities may be Group companies as well as third parties. If there is no adequacy decision by the European Commission for the country of the recipient, we predominantly use binding EU standard contractual clauses to ensure appropriate data protection guarantees and an adequate level of data protection.

As a matter of principle, we only store your personal data for as long as it is required for the purposes, i.e., building or plant security and access control. In addition, we process your personal data for as long as required by statutory retention obligations or for the duration of any limitation periods if we need the data for legal enforcement or defense.

We try to make it as easy as possible for you to exercise your data protection rights. To exercise your rights, please contact the Group Data Protection Officer (privacy@mm.group) and provide sufficient proof of your identity.

You have the following rights in relation to the processing of your personal data:

Right of access, right to rectification, right to erasure, right to restriction of processing and the right to object. Furthermore, you have the right to lodge a complaint with a supervisory authority (data protection authority), in the member state of your place of residence, place of work or the place of the alleged infringement, if you are of the opinion that the processing of personal data relating to you violates these legal requirements.