Privacy Policy

Privacy Policy

This policy governs how Samnytt (the company) handles personal data in accordance with the EU General Data Protection Regulation (GDPR). The policy covers the management of all personal data and includes both structured and unstructured data. The policy is anchored with all our employees.

APPLICATION AND REVISION

The company’s board is responsible for ensuring that the processing of personal data complies with this policy. The policy shall be established, and if necessary, updated annually by the company’s board. The company’s data protection officer is tasked with staying informed about changes in the data protection regulation and is responsible for updating the policy due to new and amended regulations. This policy shall be applied by all the company’s officers and employees as well as subcontractors and contractors who are involved in our business activities in any way.

ORGANIZATION AND RESPONSIBILITY

The board is ultimately responsible for the content of the company’s privacy policy and for its implementation and compliance by all the company’s officers, employees, and contractors. The board may delegate the responsibility for the content and implementation to an appropriate person within the company. All the company’s officers, employees, and contractors are responsible for acting in accordance with the company’s privacy policy.

PERSONAL DATA PROCESSING

Each processing of personal data is done according to the following principles:

  • Legality
  • Purpose limitation
  • Data minimization
  • Accuracy
  • Storage minimization
  • Integrity and confidentiality

DATA COLLECTION CRITERIA

The principles of data processing mean that we continuously only handle personal data that is directly relevant and justified by legitimate business interests, regulated by contract, or required by law. Only in exceptional cases and if necessary, other personal data are handled, which are then regulated through consent agreements. Only personal data that is absolutely necessary for conducting business operations, fulfilling current contracts, handling personnel administration, and complying with legal requirements shall be processed and stored. When personal data no longer meets these criteria, it shall be deleted without delay.

HANDLING ROUTINES

Individuals registered always have the right to access their registered data, as well as the right to correct inaccurate data. The follow-up and evaluation of our handling of personal data shall occur at least annually.

ILLEGAL DATA HANDLING

Any incidents involving personal data that we process shall be reported without delay to the data protection officer. The data protection officer shall report the incident to the Data Inspection Authority without unnecessary delay and no later than within 72 hours, as well as take the necessary measures in response to the incident.

IN CASE OF EXTERNAL HANDLING, COOPERATION, AND PROCUREMENT OF SERVICES

Our requirements for the handling of personal data in accordance with GDPR shall always be ensured when procuring external suppliers and developing IT solutions and services, and shall be a part of the specifications and any agreements. Outsourcing of personal data processing is regulated through data processing agreements.

ADAPEX

When you use our website and enter your email address on our website (either to log in or to sign up for a newsletter or similar), we may share the information with solution providers and its group companies that we collect from you, such as your email address (in hashed, pseudonymous form), IP address, or information about your browser or operating system, with any of the following, acting as “joint controllers” (as applicable and defined in GDPR).

This website is connected to Adapex INC for the purpose of placing advertisements on the website, and Adapex INC will collect and use certain data for advertising purposes. Learn more about Adapex’s data use here.