and EU GDPR regulations
and EU GDPR regulations
Viking Power Privacy Policy: Sweden
At Viking Power, we are fully committed to complying with the General Data Protection Regulation (GDPR) and the Swedish Act containing supplementary provisions to the EU GDPR (SFS 2018:218). This policy explains how we collect, use, and protect personal data, ensuring that we uphold the principles of lawfulness, fairness, transparency, purpose limitation, data minimization, and security.
1. Scope and Applicability
This policy covers all personal data processing activities carried out by us. It applies to all personal data we collect and handle, whether from customers, employees, partners, or other individuals. If there are specific circumstances where the policy does not apply, we will clearly state them.
2. Data Controller and Processor
We act as the data controller when we determine the purposes and means of processing personal data. In cases where we engage third parties to process personal data on our behalf, we ensure they act as data processors under strict agreements that uphold GDPR standards.
3. Principles of Data Processing
We base all our data processing activities on the following GDPR principles:
Lawfulness, fairness, and transparency:
We process personal data legally, fairly, and in a transparent manner.
Purpose limitation:
We only collect and use personal data for legitimate, specified purposes and do not process it in ways that are incompatible with those purposes.
Data minimisation:
We ensure that the personal data we collect is adequate, relevant, and limited to what is necessary.
Accuracy:
We take all reasonable steps to ensure that personal data is accurate and kept up to date, and we provide mechanisms for data correction or deletion upon request.
Storage limitation:
We do not keep personal data longer than necessary. Once data is no longer needed, we securely delete or anonymise it.
Integrity and confidentiality:
We implement appropriate technical and organisational measures to safeguard personal data against unauthorized access, loss, or disclosure.
Accountability:
We take full responsibility for complying with GDPR and can demonstrate our compliance through documentation and processes.
4. Data Subject Rights
We respect the rights of individuals regarding their personal data and have processes in place to support the following rights:
Right of access:
Individuals can request access to the personal data we hold about them.
Right to rectification:
Individuals can request corrections to inaccurate or incomplete data.
Right to erasure (“right to be forgotten”):
Individuals can ask us to delete their personal data, subject to certain conditions.
Right to restrict processing:
Individuals can request that we restrict the processing of their personal data.
Right to data portability:
Individuals can request a copy of their personal data in a structured, commonly used, and machine-readable format.
Right to object:
Individuals can object to certain types of data processing, including direct marketing.
Right to withdraw consent:
Where processing is based on consent, individuals have the right to withdraw their consent at any time.
5. Data Security Measures
We have implemented strong technical and organisational measures to protect personal data. This includes secure data storage, access controls, encryption, and regular security assessments. In the event of a data breach, we have established procedures for timely detection, reporting, and notification in accordance with GDPR requirements.
6. Data Transfers
Whenever we transfer personal data outside the EU or within the EU to other entities, we ensure that such transfers are conducted lawfully. We rely on appropriate safeguards, such as standard contractual clauses or other GDPR-compliant mechanisms, to protect personal data during transfers.
7. Data Protection Impact Assessments (DPIAs)
We conduct Data Protection Impact Assessments when processing activities are likely to result in a high risk to individuals’ rights and freedoms. Our DPIA process allows us to identify and mitigate risks before we begin such processing activities.
8. Contact Information
For any questions, concerns, or requests related to personal data and this policy, individuals can contact our Data Protection Officer (DPO) or our data protection email: tpn@vikingpower.co.uk
9. Legal Basis for Processing
We only process personal data where we have a legal basis to do so. These bases include:
Consent:
When individuals have given clear consent.
Contractual obligations:
When processing is necessary for the performance of a contract.
Legal obligations:
When processing is necessary for compliance with a legal obligation.
Legitimate interests:
When processing is necessary for our legitimate interests and those interests are not overridden by the data subject’s rights.
Public interest:
When processing is necessary for reasons of substantial public interest.
10. Updates and Review
We regularly review and update this policy to ensure that it remains compliant with GDPR, Swedish law, and best practices. Any changes to the policy will be communicated clearly to all relevant stakeholders.