Please note that this is a translated version from the original policy in Swedish. It may therefore contain minor inaccuracies. See the Swedish homepage at www.ctt.se for the original version.
CTT handles personal data for a variety of purposes related to our business. Here we explain what CTT’s data protection policy means, e.g. what personal data CTT handles and for which purpose, what rights registered persons have and where to turn for questions regarding CTT’s use of your personal information.
Who’s personal data is CTT processing?
CTT mainly deals with the following categories of persons; employees, shareholders, customers, potential customers, suppliers, partners and subscribers of CTT press releases.
Where does CTT get the personal data that is handled?
The personal data that CTT collects and manages is usually retrieved directly from you as an employee or consultant, customer or supplier in the business conducted by the company. Personal data may also be retrieved from external parties or registers, such as for the register of shareholders.
What categories of personal data does CTT treat?
The personal data CTT treats can be divided into different categories:
– Employee details (name and address, e-mail, telephone number, social security number, application documents and CV with accompanying certificate, type of employment, login details)
– Job-related personal data (including, for example, skills, functions / roles, completed training, health and rehabilitation programs, names and contact details for elected representatives, historical data about what you performed in the company (linked to signatures, computer system execution, etc.))
– Customers, potential customers and suppliers (name, email address, telephone number and any other contact details provided by the counterparty)
– Shareholder information (name, social security number, address and in some cases telephone number and e-mail address)
For what purpose are your personal data processed?
All personal data collected by CTT are processed for a particular purpose. Your data is handled solely on the basis of the needs of CTT’s operations. Examples of such needs include administration of personnel, shareholder, customer and supplier registers. Specifically, processing of your data can be done for the following purposes (describing legitimate interests within brackets):
– Administration of CTT’s operations (to fulfill the requirements of the company’s stakeholders to enable the company to conduct its business and to fulfill its commitments. Examples include production, delivery, quality assurance, payroll and reporting to authorities)
– Administration of customer and supplier register (to fulfill CTT’s commitments on purchases, deliveries, and supplier and customer invoice management)
– Marketing of CTT’s operations (to ensure continued operation of the business)
– Administration of warranty and repair matters (to fulfill the obligations that the company have also after the original delivery of its products)
– Distribution of shareholder-related information (in order for CTT as a public company to be able to inform shareholders and other stakeholders in a timely and correct manner about regulatory and other company-relevant information)
With whom may we share your personal information?
CTT does not disclose your personal information to external companies and organizations. Your personal information is only disclosed to external parties for e.g. distribution of annual reports, announcement of press releases, allocation of shares in the profit sharing foundation, wage payments or booking of education / travel / hotel. If you would like more information about the external parties to whom we may provide personal information, please contact CTT.
For how long is your personal data saved?
Collected personal data is stored or processed as long as the purpose for which the data was obtained remains, unless otherwise stated by applicable legislation or other rules for the operations. In addition to this, the data may be saved for a further period to fulfil the requirements of accounting and archiving rules that apply to CTT’s operations. For employees, data will be saved during the term of employment in CTT, and the time thereafter required to comply with applicable laws and regulations, such as LAS.
Where is your personal information processed?
CTT stores and processes personal data in Sweden.
How are personal data protected?
We, and where applicable, our partners, have taken several security measures to protect the personal data being processed. We have relevant safeguards to protect and prevent unauthorized access to our networks and systems. The main rule is that your personal information is processed only in the EEA. In cases where information is processed outside of the EEA, this is only done in accordance with applicable data protection legislation.
– The right to be informed. You are entitled to receive information about what personal data CTT has about you, about the purpose of the treatment of this data and the recipients to whom the information is provided. If you as a registered person oppose any processing of your personal data based on CTT’s legitimate interest, you may oppose it by notifying this in writing to the Chief Financial Officer or Human Resources Manager. CTT will then review the legitimate interest and inform you of the outcome of this review.
– The right to change or correct information. If you want to change or correct any of your personal information, you can do so by contacting the Human Resources Department.
– The right to be deleted. You have the right to have your information deleted if your information is no longer necessary for the purpose it was collected. In some cases, you may have the right to require CTT to limit processing of the data in question.
Who is responsible for personal data in the Company?
CTT Systems AB, corporate identity number 556430-7741, is responsible for all personal data it is processing.
If you want to send a letter to CTT then the address is
CTT Systems AB
611 29 Nyköping
You can also e-mail the Company at firstname.lastname@example.org.