Krekula & Lauri’s Data Protection Policy

Krekula och Lauri Sawmill and its subsidiary, Pajala Bioenergi AB, collects personal data in its operation. It is important to us that you as a customer, supplier or employee are informed about our handling of your personal data. We make sure to comply with the current regulation regarding personal data.

The General Data Protection Regulation (GDPR)

The GDPR came into effect on the 25thof May 2018 in Sweden and the entire European Union. This means that your personal integrity has been strengthened. In short, the new regulation means that companies may only collect personal data if there is a specific purpose for doing so and the collection is in compliance with the regulation. Furthermore, the collected data must be necessary to the operation of the company and data that is no longer required must be deleted. Companies must also be able to prove that they have the necessary routines for correct handling of personal data.

In light of this new regulation, Krekula & Lauri Sawmill has updated its data protection policy. This policy contains a framework for handling personal data within the organization and aims to assure compliance with the GDPR. The companies in the group are solely responsible for how personal data in handled and that the regulation is complied with. Relevant information to customers, suppliers and employees regarding our handling of personal data is presented below.

What Personal Data is Handled?

Any data that can be connected to a single person is considered personal data. Personal data that is handled within the group could be data that you give us our data that we gather from public databases. Personal data that you give us could be data that we receive when you look for employment within the group, when you work within the group or when you trade with us. Examples of personal data that we handle are email addresses, phone numbers or home addresses.

Sensitive Personal Data

Sensitive personal data is data regarding personal opinions, ethnicity, religion, membership in unions, genetic data, biometric data, sexual orientation and data about a person’s health.
Sensitive personal data is never handled within the group.

Purpose with the Handling of Personal Data and Legal Basis

The purpose of the handling of personal data should always be stated and is of crucial importance for assuring a legal basis. The purpose also affects the consideration about what data is to be collected, who should have access to the data and when the data is to be deleted. Your personal data is always deleted when it is no longer needed.

To be able to establish agreements with customers, suppliers and employees, collection of personal data is required within the group. The companies only handle data that is required and relevant to complying with agreements. The companies may also handle certain data because they are required to do so by law. Such data might be personal data on invoices which are handled because we are legally required to keep accounting records.

Who has Access to the Data?

Employees in the group are allowed to handle the personal data that they require in their work. For example, employees may need access to email addresses and phone numbers to perform their tasks. We do not normally share personal data with any third party. However, we may give certain data to authorities if we are legally required to do so.

Your Rights

When we handle your personal data, you have a number of rights which gives you control over your personal data. When an individual whishes to use these rights, the matter should be handled without unnecessary delay.

You have the right to:

• Get access to your personal data. When asked, the companies in the group shall send the individual a free copy of the personal data that is handled.
• Demand correction or demand that data be deleted.
• Object against our handling of your personal data if the legal basis for the handling is a common interest according to article 6.1 of the GDPR.
• Recall consent in the event that the handling of personal data requires the individual’s consent.
• Complain about our handling of your personal data to The Swedish Data Protection Authority.

Contact Information

If you have questions about our handling of personal data or want to make a request, you are welcome to call us on the following number: +46 978 20000.

Data protection officer is CEO Gunnar Lauri.
Contacts: gunnar.lauri(at)krekula-lauri.se, + 46 978 20 000.

Data protection officer at Pajala Bioenergi AB is Steven Rönnbäck.