Privacy policy
Privacy policy - Install
The policy regulates how Install (the company) handles personal data in accordance with the EU's General Data Protection Regulation (GDPR). The policy covers the handling of all personal data and includes both structured and unstructured data. The policy is anchored with all our employees.
Application and revision
The Board of Directors is responsible for ensuring that the processing of personal data complies with this policy.
The policy shall be established, and if necessary updated, annually by the Board of Directors.
The company's data protection officer is tasked with keeping abreast of changes to the General Data Protection Regulation and is responsible for updating the policy in response to new and changing regulations.
This policy shall be applied by all officers and employees of the company, as well as sub-consultants and contractors who are in one way or another involved in our business activities.
Organisation and responsibilities
The CEO is ultimately responsible for the content of the company's personal data policy and for ensuring that it is implemented and complied with by all the company's executives, employees and contractors. The CEO may delegate the responsibility for the content and implementation to an appropriate person in the company.
All officers, employees and contractors of the Company are responsible for ensuring that they act in accordance with the Company's Privacy Policy.
Personal data processing
Any processing of personal data is carried out in accordance with the following principles:
- Legality
- Purpose limitation
- Task minimisation
- Correctness
- Storage minimisation
- Privacy and confidentiality
Data collection criteria
The data processing principles mean that we only process personal data on an ongoing basis that is of direct relevance and legitimate business interest, contractual or statutory. Only in exceptional cases and if necessary are other personal data processed, which are then regulated by consent agreements.
Only personal data that are strictly necessary for the conduct of business, the fulfilment of applicable contracts, human resources management and compliance with legal requirements shall be processed and stored. When the personal data no longer fulfil these criteria, they shall be deleted without delay.
Handling procedures
Our data processing is continuously documented in our management register, which is managed by the data controller. A person who is registered always has the right to receive an extract of the registered data, and the right to correct incorrect data. Follow-up and evaluation of our processing of personal data must take place at least annually.
Unauthorised data processing
Any incidents concerning personal data that we process must be reported to the data controller without delay. The data controller must report the incident to the Swedish Data Protection Authority without undue delay and no later than within 72 hours, and otherwise take the necessary measures in response to the incident.
In external management, collaboration and purchase of services
Our requirements for personal data to be handled in accordance with the GDPR must always be ensured when procuring external suppliers and developing IT solutions and services, and must be part of the requirements specification and any agreements. Outsourcing of personal data processing is regulated by personal data processing agreements.
Contact details
Install Nordic AB
559114-9744
Telephone: 010-240 08 00
E-mail: