Privacy Notice
However you interact with us, it is important to Sandvik AB and its group of global subsidiaries that you feel confident about how we will treat your personal data. This Notice is intended to help you understand what personal data we collect, why we collect it, and what we do with it, as well as how you can exercise your privacy rights.
This Notice also provides you with our contact details in case you have any questions or requests about your data. For the purposes of this Notice, personal data means any information about an identified or identifiable individual and includes “personal data”, “personal information” or similar terms as defined under applicable laws.
To understand how we process your personal data collected from cookies and other web or mobile device tracking technologies, please see the Cookie privacy policy and if you are visiting a Sandvik affiliate, please see the Cookie privacy policy link at the bottom of your website.
How does this Notice apply to you?
You are:
This Notice applies to you if you are a current or potential:
- Customer - you or the company you work for has purchased our products or services or expressed an interest in doing so
- Supplier - you work for one of our many supplier companies from whom we purchase goods and services
- Commercial or Administrative Intermediary - you work for one of our many distributors or other intermediaries such as our agents and customs brokers
- Digital Registrant - you use our websites or any of our digital services to:
- request information about our products or services
- register for newsletters or Sandvik sponsored events
- apply to any Sandvik subscriptions or community forums
- respond to survey or marketing communication
- Physical Registrant - you register with us in person at any of our events
- Digital Visitor - you navigate our websites or use our digital services without registering
- Facility Visitor - you visit any of our offices or facilities
- Board Member - you are a member of the board of directors of Sandvik AB or a company within its group of global subsidiaries
- Shareholder - you own shares in Sandvik
You may appear in more than one of these categories, depending on your relationship and activities with Sandvik. For example, you may be both a Customer, Digital Registrant, and a Facility Visitor, if you purchased our products, filled in one of our web forms and visited a Sandvik site at some point in time.
We are:
Unless we tell you otherwise, the Sandvik company that is the “controller” of your personal data is the one you have a relationship with – for example:
- If you are a Customer, the Sandvik company that sold you our products. Usually, this will be the Sandvik company that first collected your data
- If you are a Board Member or Shareholder, the Sandvik company in which you are a shareholder or a board member
- If you are a Customer, Supplier, Commercial or Administrative Intermediary, the Sandvik company which has a business relationship with the organization you represent or are a contact person to
- If you are a Digital Registrant, Physical Registrant, Digital Visitor, Facility Visitor, or Supplier, Commercial Administrative Intermediary, the Sandvik company for which you otherwise interact, visit or communicate.
For more information about the Controller, send us a question at the Contact us section below. You may view a list of all the Sandvik Entities.
Sandvik is global. Many countries have different rules about what we can do with your personal data. We aim for a consistent high standard to the way we manage your personal data, so this statement applies globally. We explain below when the rules might be different in particular countries (for example, where your rights may not be exactly the same).
In some cases, the local Sandvik company may provide you with further information to supplement the information in this statement.
What types of personal data do we use and why?
We collect and use the personal data about you described below. Usually we collect this data from you directly. Sometimes Sandvik collects data about you from another source. This could happen, for example, when our Business Partners or Suppliers provide us with information about you. We also collect personal data from public sources such as social media. We will provide more information about the third-party sources in the specific cases where this happens.
We may collect, use and store certain of the personal data below for our legitimate interests to maintain proper record keeping in order to operate and improve business operations and to document our business and related activities, such as company milestones and events, and where we have tax or company law requirements to keep records.
We may also use this data for our legitimate interests to develop and improve the business, including our services and products. Examples include to draft reports, analyse and compile statistics of various activities and events (such as sales, results and partnerships).
We may also use personal data, if necessary, for our legitimate interests to manage, defend and exercise legal claims.
If you are a Customer, Supplier, Commercial or Administrative Intermediary
-
Customer product updates
Purpose
Providing you information about products and services, including safety and technical matters, when you are already a customer.
Types of data
- Contact data (such as name, business address, email address, and phone number)
Third-party sources of collection
-
Our marketing partners and social media companies such as LinkedIn
Legal grounds
- Performance of a contract (To perform a contract with you or to take steps before entering into a contract with you.)
External Recipients
- Customers
- Vendors
See also, Sharing information outside of Sandvik
-
Targeted marketing communications
Purpose
Providing you information about product and services that you may be interested in and generating new sales.
Types of data
Contact data (such as name, business address, email address, and phone number)
Third-party sources
Our marketing partners and social media companies such as LinkedIn
Legal grounds
- Performance of a contract: If we have a contract with your organization, we have legitimate interests to operate and improve our business operations. We also have a legitimate interest to keep you informed of relevant products and services.
- Legitimate interest: Our legitimate interests in marketing our products and services, and sometimes we will ask for your consent if you are a potential customer.
- Consent: We may ask for your consent for this. We also have a legitimate interest in marketing our products and services.
External Recipients
- Customers
- Vendors
See also, Sharing information outside of Sandvik
-
Analysing your interests
Purpose
Understanding what products and services you may be interested in.
Types of data
Organizational data (such as which company and department you work in)
Third-party sources of collection
N/A
Legal grounds
-
Consent: We may ask for your consent for this. We also have a legitimate interest in marketing our products and services.
External Recipients
N/A
-
-
Generating new customer leads
Purpose
Generating new customer leads.
Types of data
- Organizational data (such as which company and department you work in)
Third-party sources of collection
-
N/A
Legal grounds
- Legitimate interest: We have a legitimate interest in marketing our products and services.
External Recipients
- Customers
- Vendors
See also, Sharing information outside of Sandvik
-
Credit & payment processing
Purpose
Assessing credit and payment history, facilitate payments, fulfil anti-money laundering obligations, and manage payments.
Types of data
- Financial data (such as credit or payment information, bank account details)
Third-party sources of collection
-
N/A
Legal grounds
-
Performance of a contract: To perform a contract with you, or to take steps before entering into a contract.
-
Legal obligation: To fulfil our legal obligations, for example accounting and anti-money laundering obligations under applicable laws, and in cases where a specific law does not apply, pursuant to our legitimate interests to transact business with credit-worthy customers.
External Recipients
-
External advisors
-
Vendors
-
Authorities
See also, Sharing information outside of Sandvik
-
Order, delivery & service handling
Purpose
Facilitating order management, shipment and warranty and administer service agreements.
Types of data
- Contract data (such as sales/purchase orders, shipment address or return to address), billing information, and other information collected under our contracts
Third-party sources of collection
-
N/A
Legal grounds
-
Performance of a contract: To perform a contract with you, or to take steps before entering into a contract.
-
Legitimate interest: We also have a legitimate interest in operating and improving our business operations.
External Recipients
- Vendors
- Intermediaries
See also, Sharing information outside of Sandvik
-
Relationship & training engagement
Purpose
Administering the relationship and communicating and developing new training opportunities you may be interested in.
Types of data
- Learning/training records (such as training attendance, completion of learning activities, competence data, qualifications)
Third-party sources of collection
-
N/A
Legal grounds
-
Performance of a contract: To perform a contract with you, or to take steps before entering into a contract.
-
Legitimate interest: We also have a legitimate interest to keep you up to date with the best practice use of our products and services.
External Recipients
- Vendors
See also, Sharing information outside of Sandvik
-
Preferences communication (language & dietary)
Purpose
Communicating in the language of your choice and catering for dietary requirements.
Types of data
- Individual preferences (such as language and food preferences)
Third-party sources of collection
-
N/A
Legal grounds
-
Consent: We may ask for your consent for this.
-
Legitimate interest: We also have a legitimate interest in operating and improving our business operations.
External Recipients
- Vendors
See also, Sharing information outside of Sandvik
-
Contract fulfillment & support
Purpose
Fulfilling contracts and warranties, product development and fulfilling our support and maintenance obligations.
Types of data
- Service and warranty data (such as Repair and service history and claims)
Third-party sources of collection
-
N/A
Legal grounds
-
Performance of a contract: To perform a contract with you, or to take steps before entering into a contract.
-
Legitimate interest: We also have a legitimate interest in operating and improving our business operations.
External Recipients
- Vendors
See also, Sharing information outside of Sandvik
-
Digital access & security
Purpose
In connection with our digital services, establishing IT system accounts and access to our digital systems and preventing the misuse of our service.
Types of data
- Log-in information such as first and last name, user-name, log in credentials, email address, company that you work for.
Third-party sources of collection
-
N/A
Legal grounds
- Legitimate interest: To perform our legitimate interest to identify our customers as authorised end-users and to provide secure digital solutions to our customers. We also have the legitimate interest to continually improve our services.
External Recipients
- Vendors
See also, Sharing information outside of Sandvik
-
Health & safety compliance
Purpose
Fulfilling our legal obligations to record incidents and managing claims, as well as improving safety in hazardous environments and facilitating access to individuals with accessibility needs.
Please note that some of this data may be seen as sensitive personal data (or special category data in certain jurisdictions), requiring a higher level of protection than other forms of personal data.
Types of data
- Health and safety data (such as incidences occurring during visits to our test and manufacturing facilities, and any injuries that may occur from use of our equipment)
Third-party sources of collection
-
N/A
Legal grounds
-
Performance of a contract: To perform our contract with you.
-
Legal obligation: We have legal obligations under various health and safety laws.
-
Legitimate interest: We also have a legitimate interest in ensuring the safety of our business operations.
External Recipients
-
External advisors
-
Authorities
-
Vendors
See also, Sharing information outside of Sandvik
-
Arranging travel to Sandvik sites and events.
Types of data
- Travel data (such as visa and passport information, travel costs, itinerary)
Third-party sources of collection
-
N/A
Legal grounds
- Legitimate interest: We have legitimate interests in managing visits to our sites and events.
External Recipients
-
External advisors
-
Authorities
-
Vendors
See also, Sharing information outside of Sandvik
-
Sponsorship and Community work
Types of data
- Contact information of the recipients receiving the donations
Third-party sources of collection
-
N/A
Legal grounds
- Legitimate interest: We have legitimate interests in supporting the communities where we do business
External Recipients
- Vendors
See also, Sharing information outside of Sandvik
-
Sanctions & compliance screening
Purpose
Comply with trade sanctions and export control laws applicable to our operations globally, which may include laws in the EU, US, and other jurisdictions necessary for our global operations.
This includes screening individuals and entities against official sanctions lists to prevent prohibited transactions and ensure regulatory compliance.
Types of data
- Personal data such as full name, email address, date of birth, nationality, and identification numbers (e.g., passport or national ID where required for screening). We may also process publicly available information relevant to sanctions compliance (such as information relating to sanctions or criminal offences) and handled in accordance with applicable laws and subject to enhanced safeguards where required.
Third-party sources of collection
-
Official sanctions lists (e.g., EU Consolidated List, OFAC SDN List)
-
Publicly available sources
-
Third-party screening service providers.
Legal grounds
-
Legal obligation under EU or Member State law where applicable.
-
Legitimate interest: Where no legal obligation exists under EU law, processing is based on our legitimate interests to operate and sell our products and services globally, to comply with international sanctions law and to manage legal and reputational risks.
External Recipients
- Customers
- Vendors
See also, Sharing information outside of Sandvik
Your a digital registrant
-
Customer service communications
Purpose
Communicating with you based on customer service requests and any other queries you send us during our contractual relationship, and informing you about safety and technical matters.
Types of data
- Contact data (such as name, business address, email address, and phone number)
Third-party sources of collection
-
N/A
Legal grounds
- Performance of a contract: To perform a contract with you, to take steps before entering into a contract or for our legitimate interests to operate and improve our business operations and to help you get the most value out of your Sandvik products and services;
External Recipients
- External advisors
- Vendors
See also, Sharing information outside of Sandvik
-
Providing you information about products and services
Purpose
Providing you information about products and services that may be of interest to you
Types of data
- Contact data (such as name, business address, email address, and phone number)
Third-party sources of collection
-
N/A
Legal grounds
- Legitimate interest: We have legitimate interests to market our products and services and sometimes, we will ask for your consent.
External Recipients
- External advisors
- Vendors
See also, Sharing information outside of Sandvik
-
Customer lead generation
Purpose
Generating new customer leads.
Types of data
- Contact data (such as name, business address, email address, and phone number)
Third-party sources of collection
-
N/A
Legal grounds
- Legitimate interest: We have legitimate interest to market our products and services, and sometimes we will ask for your consent.
External Recipients
- External advisors
- Vendors
See also, Sharing information outside of Sandvik
-
Analysing your interests
Purpose
Understanding what products and services you might be interested in.
Types of data
- Organizational data (such as which company and department you work in)
Third-party sources of collection
-
N/A
Legal grounds
-
Consent: We may ask for your consent for this.
-
Legitimate interest: We also have a legitimate interest in marketing our products and services,
External Recipients
- Vendors
See also, Sharing information outside of Sandvik
-
Managing your language and dietary preferences
Purpose
To communicate in the language of your choice and cater for dietary requirements.
Types of data
- Individual preferences (such as language and food preferences)
Third-party sources of collection
-
N/A
Legal grounds
-
Consent: We may ask for your consent for this.
-
Legitimate interest: We also have a legitimate interest in operating and improving our business operations.
External Recipients
- Vendors
See also, Sharing information outside of Sandvik
-
Sales follow-up and product recommendations
Purpose
Following up with you about the products or services you showed interest in and providing you information about related products and services.
Types of data
-
Information about the event you attended
-
Information about where you were on the Internet when you gave us your contact information and the material you downloaded from our website. Information about the Sandvik community blog or chat forums you participated in.
-
Information about Sandvik newsletters or other Sandvik content you have subscribed to.
Third-party sources of collection
-
N/A
Legal grounds
- Consent: We may ask for your consent for this.
- Legitimate interest: We also have a legitimate interest in marketing our products and services.
External Recipients
- Vendors
See also, Sharing information outside of Sandvik
-
-
Digital service support
Purpose
Allow us to better service you in response to customer service requests and other website or mobile device transactions.
Types of data
- Device data (such as IP address, cookies, session identifiers, browser type, web pages viewed and links clicked).
Please see the Cookie privacy policy and if you are visiting a Sandvik affiliate, please see the Cookie privacy policy link at the bottom of your website.
Third-party sources of collection
-
N/A
Legal grounds
- Legitimate interest: We have a legitimate interest in ensuring the correct functioning of our websites and fulfilling website transaction activities;
External Recipients
- External advisors
- Vendors
See also, Sharing information outside of Sandvik
-
Site features, surveys & promos
Purpose
Administering promotions, surveys or other website features.
Types of data
- Device data (such as IP address, cookies, session identifiers, browser type, web pages viewed and links clicked).
Please see the Cookie privacy policy and if you are visiting a Sandvik affiliate, please see the Cookie privacy policy link at the bottom of your website.
Third-party sources of collection
-
N/A
Legal grounds
- Legitimate interest: Our legitimate interests to market products and services.
External Recipients
- External advisors
- Vendors
See also, Sharing information outside of Sandvik
Your a physical registrant
-
Product, safety and technical communications
Purpose
To send you information about product and services, including about safety and technical matters
Types of data
- Contact data (such as name, business address, email address, and phone number)
Third-party sources of collection
-
N/A
Legal grounds
- Performance of a contract: To perform a contract with you, or to take steps before entering into a contract or we have a legitimate interest based on the contract with your organization to operate and improve our business operations.
- Legitimate interest: We also have a legitimate interest to keep you informed of relevant products and services.
External Recipients
- Vendors
See also, Sharing information outside of Sandvik
-
Sales and marketing commuinication
Purpose
To send you information about product and services that you may be interested in for the purposes of generating new sales.
Types of data
- Contact data (such as name, business address, email address, and phone number)
Third-party sources of collection
-
N/A
Legal grounds
- Legitimate interest: Our legitimate interests in marketing our products and services, and sometimes we will ask for your consent if you are a potential customer.
External Recipients
- Vendors
See also, Sharing information outside of Sandvik
-
Limited camera surveillance at certain locations
Limited camera surveillance at certain locations to:
- provide access to sites
- prevent and monitor access to unauthorised persons
- prevent and investigate property damage and other crimes
- investigate incidents and accidents
Types of data
- Video, photo, time and location of recording, vehicle licence plate
Third-party sources of collection
-
N/A
Legal grounds
- Legitimate interest: We have a legitimate interest in preventing and detecting crime or other wrongdoing and in improving our safety response to the individuals on our premises in case of emergencies occurring on our premises.
External Recipients
- External advisors
- Authorities
- Vendors
See also, Sharing information outside of Sandvik
-
Marketing interest analysis
Purpose
To understand what products and services you might be interested in.
Types of data
- Organizational data (such as which company and department you work in)
Third-party sources of collection
-
N/A
Legal grounds
- Consent: We may ask for your consent.
-
Legitimate interest: We have a legitimate interest in marketing our products and services
External Recipients
- Vendors
See also, Sharing information outside of Sandvik
-
Marketing lead generation
Purpose
Generating new customer leads.
Types of data
- Organizational data (such as which company and department you work in)
Third-party sources of collection
-
N/A
Legal grounds
-
Consent: We may ask for your consent for this.
-
Legitimate interest: We have legitimate interest to market our products and services
External Recipients
- Vendors
See also, Sharing information outside of Sandvik
-
Managing your language and dietary preferences
Purpose
To communicate in the language of your choice and cater for dietary requirements.
Types of data
Individual preferences (such as language and food preferences)
Third-party sources of collection
-
N/A
Legal grounds
- Consent: We may ask for your consent for this.
- Legitimate interest: We also have a legitimate interest in operating and improving our business operations.
External Recipients
- Vendors
See also, Sharing information outside of Sandvik
-
-
Post event follow-up
Purpose
To follow-up with you about the product or service you showed interest.
Types of data
- Information about the event you attended
Third-party sources of collection
-
N/A
Legal grounds
- Legitimate interest: We have a legitimate interest in marketing our products and services
External Recipients
- Vendors
See also, Sharing information outside of Sandvik
-
Post event sales & marketing
Purpose
To send you information about related products and services.
Types of data
- Information about the event you attended
Third-party sources of collection
-
N/A
Legal grounds
- Legitimate interest: We have a legitimate interest in marketing our products and services
- Consent: We will sometimes ask for your consent.
External Recipients
- Vendors
See also, Sharing information outside of Sandvik
Your a digital visitor
-
Online interest-based marketing
Purpose
To follow up with you about the product or service you showed interest in and send you information about related products and services.
Types of data
- Information about the event you attended
Third-party sources of collection
-
N/A
Legal grounds
- Consent: Your consent
- Legitimate interest: We also have a legitimate interest in marketing our products and services.
External Recipients
- Vendors
See also, Sharing information outside of Sandvik
-
Customer service & support
Purpose
To allow us to better service you in responding to your customer service requests and other website or mobile device transactions
Types of data
- Device data (such as IP address, cookies, session identifiers, browser type, web pages viewed and links clicked).
Please see the Cookie privacy policy and if you are visiting a Sandvik affiliate, please see the Cookie privacy policy link at the bottom of your website.
Third-party sources of collection
-
N/A
Legal grounds
- Legitimate interest: We have a legitimate interest in ensuring the correct functioning of our website and fulfilling website transaction activity
- Consent: We will sometimes ask for your consent
External Recipients
- External advisors
- Vendors
See also, Sharing information outside of Sandvik
-
Promotions, surveys and website features
Purpose
To administer a promotion, survey or other website feature.
Types of data
- Device data (such as IP address, cookies, session identifiers, browser type, web pages viewed and links clicked).
Please see the Cookie privacy policy and if you are visiting a Sandvik affiliate, please see the Cookie privacy policy link at the bottom of your website.
Third-party sources of collection
-
N/A
Legal grounds
- Legitimate interest: Our legitimate interests to market products and services.
- Consent: We may ask for consent
External Recipients
- External advisors
- Vendors
See also, Sharing information outside of Sandvik
Your a facility visitor
-
Product and safety updates
Purpose
To send you information about product and services, including about safety and technical matters.
Types of data
- Contact data (such as name, business address, email address, and phone number)
Third-party sources of collection
-
N/A
Legal grounds
- Performance of a contract: To perform a contract with you, or to take steps before entering into a contract or if we have a contract with your organization, we have legitimate interests to operate and improve our business operations. We also have a legitimate interest to keep you informed of relevant products and services.
External Recipients
- External advisors
- Authorities
- Vendors
See also, Sharing information outside of Sandvik
-
Marketing and sales communications
Purpose
To send you information about product and services that you may be interested in for the purposes of generating new sales
Types of data
- Contact data (such as name, business address, email address, and phone number)
Third-party sources of collection
-
N/A
Legal grounds
- Legitimate interest: Our legitimate interests in marketing our products and services, and sometimes we will ask for your consent if you are a potential customer.
External Recipients
- External advisors
- Authorities
- Vendors
See also, Sharing information outside of Sandvik
-
Limited video surveillance
Purpose
To undertake limited camera surveillance at certain locations to:
- provide access to sites
- prevent and monitor access to unauthorised persons
- prevent and investigate property damage and other crimes
- investigate incidents and accidents
Types of data
- Video, photo, time and location of recording, vehicle licence plate
Third-party sources of collection
-
N/A
Legal grounds
- Legitimate interest: We have a legitimate interest in preventing and detecting crime or other wrongdoing.
External Recipients
- External advisors
- Authorities
- Vendors
See also, Sharing information outside of Sandvik
-
Analysing your product and services interests
Purpose
To understand what products and services you might be interested in.
Types of data
- Organizational data (such as which company and department you work in)
Third-party sources of collection
-
N/A
Legal grounds
- Legitimate interest: We have a legitimate interest in marketing our products and services, and sometimes, we will ask for your consent.
External Recipients
- Vendors
See also, Sharing information outside of Sandvik
-
Lead generation activities
Purpoose
Generating new customer leads.
Types of data
- Organizational data (such as which company and department you work in)
Third-party sources of collection
-
N/A
Legal grounds
- Legitimate interest: We have legitimate interest to market our products and services, and sometimes we may ask for your consent.
External Recipients
- External advisors
- Vendors
See also, Sharing information outside of Sandvik
-
Managing your language and dietary preferences
Purpose
To communicate in the language of your choice and cater for dietary requirements.
Types of data
- Individual preferences (such as language and food preferences)
Third-party sources of collection
-
N/A
Legal grounds
- Consent: We may ask for your consent for this.
- Legitimate interest: We also have a legitimate interest in operating and improving our business operations.
External Recipients
- External advisors
- Vendors
See also, Sharing information outside of Sandvik
-
Travel arrangements
Purpose
To arrange travel to Sandvik sites and events.
Types of data
- Travel data (such as visa and passport information, travel costs, itinerary)
Third-party sources of collection
-
N/A
Legal grounds
- Legitimate interest: We also have a legitimate interest in managing our sites and events.
External Recipients
- External advisors
- Authorities
- Vendors
See also, Sharing information outside of Sandvik
-
Sales follow-up and related offers
Purpose
To follow up with you about the product or service you showed interest in and send you information about related products and services.
Types of data
- Information about the event you attended
Third-party sources of collection
-
N/A
Legal grounds
- Consent: We may ask for your consent for this.
- Legitimate interest: We also have a legitimate interest in marketing our products and services.
External Recipients
- Vendors
See also, Sharing information outside of Sandvik
-
Travel coordination and welcome communications
Purpose
For travel and transfer arrangements and welcome messages.
Types of data
- Information about your visit (location, date and time)
Third-party sources of collection
-
N/A
Legal grounds
- Legitimate interest: We also have a legitimate interest in managing our sites and events.
External Recipients
- External advisors
- Vendors
See also, Sharing information outside of Sandvik
-
Parking permit management
Purpose
To facilitate and manage parking permits.
Types of data
- License plate
Third-party sources of collection
-
N/A
Legal grounds
- Legitimate interest: We also have a legitimate interest in managing our sites and events.
External Recipients
- Vendors
See also, Sharing information outside of Sandvik
Your a board member
-
Managing the board member relationship
Purpose
To manage the relationship with you as a board member, for example to appoint board members, carry out board meetings, manage remuneration and expenses, document the business (such as information in minutes) and communicate with you as a board member
Types of data
-
Financial data and Board Member characteristics (such as contact information, identity information, profile data, picture, video and audio material, and salary and remuneration data)
Third-party sources of collection
-
N/A
Legal grounds
- Legitimate interest: The relevant board member agreement with you.If we have not entered into a board member agreement with you or if the activity is not strictly necessary to fulfil such agreement, the processing of your personal data is necessary to satisfy our legitimate interest in managing the business relationship with you.
External Recipients
- N/A
Retention period
Personal data is stored during the board assignment.
Personal data in business-related documents and contracts of key relevance for the relevant Sandvik company are stored until further notice.
Board minutes are stored as long as they are necessary and relevant for the business in accordance with applicable laws.
-
-
Anti-money laundering and financial assessments
Purpose
To fulfil anti-money laundering obligations and financial fitness assessments where required by law, such as “know your customer” KYC procedures.
Types of data
- Board Member characteristics (such as contact information, identify information, profile data and skills data)
Third-party sources of collection
-
N/A
Legal grounds
- Legal obligation: To comply with legal requirements under the relevant local company law.
- Legitimate interest: We also have a legitimate interest in operating and improving our business operations.
External Recipients
- N/A
Retention period
Personal data is stored during your board assignment
Sharing information outside of Sandvik
Sandvik does not sell, trade, or otherwise transfer your personal data to outside parties except as provided below. Sandvik may share your data with the following categories of recipients:
Third parties (controllers)
When necessary, we may share your personal data with external recipients who are responsible for their own processing of your personal data, unless we have stated otherwise or we remain responsible under applicable laws. These recipients are known as “controllers” under the GDPR. For transfers occurring from cookies and other such tracking technologies, please see the Cookie privacy policy, and if you are visiting a Sandvik affiliate, please see the Cookie privacy policy link at the bottom of your website.
These third parties include:
- Other Sandvik group companies for our legitimate interests in running our business operations, and subject to inter-company agreements.
- Business partners such as authorised resellers or distributors, for our legitimate interests in running our business operations.
- Appropriate authorities, including law enforcement, when necessary to comply with laws or to protect our rights or the rights of others.
- External auditors when required to do so in accordance with legal obligations.
Our vendors (also known as processors, suppliers or service providers)
We will also at times engage vendors to fulfil some of the purposes described above. For example, we use processors for our digital services and marketing.
Accordingly, these vendors will process personal data on our behalf and in this capacity, they may not process your personal data for their own purposes and are legally and contractually obligated to protect your personal data.
Where we transfer your personal data
Due to Sandvik's global operations, it might be necessary to move or disclose your personal data to recipients in different countries for our business needs. These countries include: Sweden, US, India, South Africa, Australia, Brazil and China. Sandvik will comply with applicable local laws when it does this.
For personal data collected in the European Economic Area
Consequently, if you are in Europe for instance, your data has been or may be transferred to recipients in so-called third countries (these are countries outside the European Economic Area, “EEA” for short) that may not offer an equivalent level of protection as in the EEA. If personal data is transferred to locations outside the EEA, we ensure, as required by law, that your data protection rights are adequately protected, either because the European Commission has decided that the country to which personal data is transferred ensures an adequate level of protection (Art. 45, GDPR) or because the transfer is subject to appropriate safeguards such as the EU’s standard contractual clauses (Art. 46, GDPR) with the recipient or binding corporate rules (Art. 47 GDPR), or because an exception applies (Art. 49 GDPR).
For more information about international data transfers, and if you would like a copy of the relevant mechanism used, contact us at privacy@sandvik.com.
Your rights
For data subjects in the EEA/EU and United Kingdom
You have the right to:
- Know what data Sandvik holds about you
- Restrict, under certain circumstances, our processing of your data
- Ask for access to your data
- Have your data corrected if inaccurate or out of date
You can also object, based on your personal circumstances, to our processing of your data for our legitimate interests or object to our decisions about you based on profiling or automated decisions using your personal data (we will generally tell you separately if we are conducting significant automated decision making). In some cases, you can ask us to completely erase your data from our systems, and in other cases you can ask us to provide your data in a machine-readable format and have the data transferred to another company.
These rights may be limited, for example if fulfilling your request would reveal personal data about another person, or if you ask us to delete information which we are required by law or have compelling legitimate interests to keep. In some cases, they may apply differently depending on which country you are in and which Sandvik company is the “controller".
For data subjects in Australia
If you are in Australia, under the Privacy Act 1988 (Cth) you have the right to:
- Ask for access to the personal information that Sandvik holds about you
- Have your personal information corrected if it is inaccurate, out of date, incomplete, irrelevant or misleading.
These rights may be limited in certain circumstances, for example if fulfilling your request would reveal personal information about another person, would have an unreasonable impact on the privacy of others, or if we are required or authorised by law to refuse your request.
There is no charge for requesting access to your personal information, but we may require you to meet our reasonable costs in providing you with access (such as photocopying costs or costs for time spent on collating large amounts of material).
We will respond to your requests to access or correct personal information in a reasonable time and will take all reasonable steps to ensure that the personal information we hold about you remains accurate, up to date, complete, relevant and not misleading.
To exercise any of these rights, please visit our privacy portal at Data privacy.
If we collect personal data based on your consent, you can withdraw your consent at any time (although this won’t affect the lawfulness of our use of your data before you withdrew consent). You can exercise this right by clicking on “withdrawing consent”, clicking on the “unsubscribe” link located at the bottom of Sandvik marketing emails or web forms where we obtained your consent or by contacting us using the details set out in the “Contact Us” section below.
In some cases, we are able to send you direct marketing without your consent, where we rely on our legitimate interests, if permitted to do so under applicable laws, or another ground under applicable local law applies. You can always opt-out of direct marketing. You can do this by following the instructions in the communication where this is an electronic message, or by contacting us using the details set out in the “Contact Us” section below.
If you have a complaint about how we have handled your personal data, please contact us using the details in the “Contact us” section below. We will investigate your complaint and respond within a reasonable period (generally 30 days). While we always appreciate the opportunity to resolve your concerns first, you have the right to contact or lodge a complaint with a data protection authority if you have concerns about our handling of your personal data. This could be:
- The Swedish Authority for Privacy Protection (IMY) which regulates Sandvik AB, the parent company of the Sandvik group of companies
- The authority in the country of the Sandvik company that collected your data or the authority in the country where you believe a violation of your personal data rights occurred.
How long do we keep your personal data (retention periods)
We keep your personal data only for as long as needed to fulfil the purposes described above and as needed to meet legal data retention requirements (including but not limited to: contractual periods, warranty and product liability requirements, legal reporting obligations, retention requirements necessary for anticipated disputes, and to prevent fraud). Where we no longer have a legitimate business need for the data, or are no longer entitled to retain data under applicable local laws, we will either anonymise it so that it can no longer be traced to you or we will delete it.
The below standard retention periods apply to the types of personal data referenced in this Privacy Notice. These retention periods are subject to: certain rights available to you (such as your right to erasure); choices and permissions you have selected; periodic changes to legal obligations we must comply with; or where we have otherwise notified you of a different retention period. For more information about retention periods for the processing activities described above, please submit a Personal Data Request at Data privacy.
- For as long as you have a business relationship with us (for example, as a Customer or Supplier), we keep your contact information and for an additional period of up to 5 years.
- Contact details of non-customers and other information regarding the communication for up to 12 months following our last interaction with you or any request for a product or service. This period will begin again following any new interaction with us.
- Where we process personal data for other marketing purposes or with your consent, we usually keep the data until you change your preferences or opt-out, and for a short period afterwards (to allow us to implement your requests). We keep a record of the fact you have asked us not to contact you, so we can respect your preferences in the future.
- In case of potential legal disputes, we keep copies of relevant personal data for as long as we have a business relationship with you and for a short period afterwards. This may differ depending on the country, due to different local legal requirements. For example, in the UK this will be 6 years to reflect the statutory limitation period for most claims, but in Sweden this will be ten years.
- For online identifiers, tracked by cookies and other such tracking devices, we keep the information for up to 36 months from the date of your last interaction with us. Please refer to our cookie policy and cookie banner for their specific duration times.
- For customer care interactions, the retention period depends on your country of residence and ranges between 1 to 10 years from the date the case is closed. For details connected to your market, please submit a Personal Data Request at Data privacy.
- Call recordings and chat transcripts are kept for up to 1 year from the date of the call or the chat.
- For specific digital services, please refer to the specific privacy notices sent for the applicable digital service.
- Contract data is kept for the duration of the agreement and for an additional period of up to 5 years.
- Personal data obtained through camera surveillance (CCTV) is kept up to 30 days after the visit.
- We keep certain business records indefinitely (for example company records, which may include data of Board members or Shareholders).
- Personal data is retained only as long as necessary to fulfil the purposes described above and to comply with legal obligations, including recordkeeping requirements under OFAC’s Reporting, Procedures and Penalties Regulations (RPPR).
You can ask us for more specific information about retention periods using the details in the “Contact us” section below.
How do we hold your personal data?
We hold most information about you in computer systems and databases operated by either us or our external service providers. Some information about you is recorded in paper files that we store securely.
We implement and maintain reasonable technical and organisational processes and security measures to protect personal information which we hold from misuse, interference or loss, and from unauthorised access, modification or disclosure.
Blogs, chat rooms and bulletin boards
Sandvik may provide blogs, chat rooms or bulletin boards on our websites. Any personal information you choose to submit in such forum may be read, collected, or used by others who visit these forums. These non-Sandvik third parties may at their own discretion send you unsolicited messages. We are not responsible for these third parties’ handling of your personal data.
We post a list of customers’ references and testimonials about our products and services only upon consent of each customer.
Cookies
If you navigate our websites, you will find specific and applicable cookie and other tracking information on the specific website. For more information, see our please see the Cookie privacy policy and if you are visiting a Sandvik affiliate, please see the Cookie privacy policy link at the bottom of your website .
Updates to this Privacy Notice
We may update this Privacy Notice from time to time. From time to time, we may also notify you in other ways about the processing of your personal data.
Contact us
If you have any questions about this Privacy Notice or wish to exercise your rights, please contact us by submitting a Personal Data Request at Data privacy or if you are in Germany and wish to contact any of the following entities (Sandvik Holding, Walter AG, SMC Deutschland GmbH, SMC Central Europe GmbH, or Sandvik Tooling Germany GmbH), please contact their Data Protection Officer at privacy@sandvik.com.
If you are in France and wish to contact Sandvik Mining and Construction France S.A.S, please submit your question or request to the Data Protection Officer at contact@dpo-consulting.com.