• EN

Privacy Noticy

1 Preamble
Ekman needs to gather and use certain information about its employees, potential
employees and business partners.
The Ekman Privacy Notice is information to you, as a private person and an Ekman
employee or business partner, and describes what personal data is processed, how
and for what purpose, as well as your personal rights (EU only).

2 Data Controller
Ekman & Co AB, registration number 556020-4595
P.O. Box 230, 401 23 Gothenburg, Sweden
Polhemsplatsen 5, 411 11 Gothenburg, Sweden
Telephone: +46 31 750 56 42
Contact: the Ekman Personal Data Protection Control Group
E-mail address: GDPR@ekmangroup.com

3 Personal data processed
The personal data in the different categories is processed in different ways from office
to office. However, the rules for how Ekman handles personal data and sensitive
personal data are the same for all offices worldwide. Not all categories of personal
data apply to all offices and the wording may differ between countries and offices.

4 Categories of personal data subjects
a) Employees
b) Potential employees
c) Business partners and potential business partners

5 Sources of personal data
a) Employee/Employment contract
b) Potential employee/Job application/Recruitment firm
c) Business partners/Contracts, Internet, Credit reporting firms, Due Diligence
research tools

6 Personal data processed (may differ between offices and countries)
a) Name, address, date of birth, personal id number, telephone number, emergency
contact number, date of employment, employee number, title, bank account
details, passport copy, photos, videos, etc.
1 ”Ekman” shall in this document mean Ekman & Co AB and its affiliates and subsidiaries;
sometimes also referred to as the “Ekman Group”.
2 (4)
b) Name, address, date of birth, personal id number, telephone number, information
in CV, resumé and other personal data voluntarily provided by the job applicant
c) Name, contact details, title, company, name(s) for company owner(s), IP-address,
tax id number, family members, date of birth, previous employments, board
memberships, etc.
7 Purpose of processing of personal data
a) To fulfill obligations according to employment contract and local
employment/labor laws (pay salaries, payroll taxes, offer benefits, reporting to
authorities, filing, etc.) and to facilitate job duties
b) To fill job positions
c) To conduct business and manage business partner relations, including due
diligence as part of trade compliance regulations
8 Legal basis for processing of personal data
a) Employment law, employment contract
b) Voluntary
c) Contract, pending contract, legitimate interest (conduct business), international
trade compliance laws
9 Recipients/category of recipients of personal data (may differ between
offices and countries)
a) Payroll service companies, Pension- and tax authorities, insurance companies,
banks, travel agencies, accounting firms etc.
b) Potentially companies within the Ekman Group (only)
c) Companies within the Ekman Group, Credit insurance companies, auditors and
others to fulfill business obligations, follow legal requirements and conduct
business, and only when necessary and lawful
10 International transfer of personal data (may differ between offices and
countries)
a) Personal data is not transferred out of EU/EEA, with the possible exception for
cloud service, servers and IT-support and maintenance
b) Potentially to companies with the Ekman Group (only)
c) Where necessary to conduct business and on a legal basis
11 Period data is kept
a) Per local employment/labor laws
b) 1 year (unless hired)
c) Per contract, per accounting, tax or business and compliance laws or per legitimate
interest
3 (4)
12 Right to access, rectification, erasure, restrict processing and object to
processing of personal data (EU only)
As a private person in the EU you have many rights regarding your personal data which
is collected and stored. In summary, these include:
a) the right to transparency and access with respect to the personal data that is
stored and processed
b) the right to corrections of any mistakes in the personal data and erasure in certain
situations
c) the right to restriction of processing in certain circumstances
d) the right to object at any time to processing of personal data concerning you that
is carried out based on our legitimate interest and you have specific reasons to
object to such processing.
Forms for the above requests are available via GDPR@ekmangroup.com
13 Right to portability (EU only)
The right to data portability, i.e. to receive personal data collected about you in a
structured, commonly used and machine-readable format.
Form for the above request is available via GDPR@ekmangroup.com
14 Right to lodge complaint with a Data Protection Authority (EU only)
Supervisory authoritiesin each EU country will monitor the processing of personal data
in accordance with the GDPR and complaints should be lodged directly with them.
Further information can be found at the bottom of this Privacy Notice.
Before any complaint is lodged with the DPA, the local Ekman Personal Data Protection
Administrator, as well as the Ekman Personal Data Protection Control Group, should
be contacted at GDPR@ekmangroup.com.
15 Right to compensation in case of a breach (EU only)
As a private person in the EU, you have the right to claim compensation for damages
caused by any potential breach of data protection legislation.
16 Security measures
Technical and organizational measures have been implemented to protect personal
data against accidental or unlawful destruction, accidental loss, alteration,
unauthorized disclosure or access and against all other unlawful forms of processing.
These measures include, but are not limited to, the Ekman Code of Conduct, The
Ekman Personal Data Protection Policy, GDPR training of personnel, Whistleblowing
service, the “Ekman Code of Conduct for Business Partners”, IS/IT policies, The Ekman
Personal Data Protection Control Group, Ekman Data Protection Administrators
worldwide, Internal audit function, Personal Data Protection Agreements (GDPR) with
vendors/processors, GDPR instructions and Q&A for our personnel, consent forms,
and other controls which might include passwords, backups, encryption, locks etc.
4 (4)
17 Questions and concerns
If you have any questions or concerns regarding protection of your personal data,
please contact first the Personal Data Protection Administrator in your office
(employees) or you can contact the Ekman Personal Data Protection Control Group at
GDPR@ekmangroup.com.
We will make every effort to resolve any concern you may have.
18 Links for additional information (EU/EEA only)
National Data Protection Agency:
Denmark http://www.datatilsynet.dk/
Italy http://www.garanteprivacy.it/
Poland https://uodo.gov.pl/
Spain https://www.aepd.es/
Sweden https://www.imy.se
Switzerland https://www.edoeb.admin.ch/edoeb/de/home.html

Gothenburg, February 2023

Contact our offices

We have offices around the world. Click on the link below to find your closest contact.

GO TO CONTACT
  • EN
This is Ekman
Business Areas
Business Support
Contact
Career
Sustainability
Challenge the Fabric
  • EN
Back
Overview

Company

This is Ekman
History
Sustainability
Certifications

Management

Board of Directors
Group Management

Other

General Trade Rules
Financial Information
Tax Policy
Code of Conduct
  • EN
Overview
Back

Business Areas

Pulp
Paper & Packaging
Plastics
Recovered Materials
Innovare
Bioenergy