Ekman[1] Privacy Notice

1 Preamble

Ekman needs to gather and use certain information about its employees, potential employees and business partners.

The Ekman Privacy Notice is information to you, as a private person and an Ekman employee or business partner, and describes what personal data is processed, how and for what purpose, as well as your personal rights (EU only).

2 Data Controller

Ekman & Co AB, registration number 556020-4595

Box 230, 401 23 Gothenburg, Sweden

Polhemsplatsen 5, 411 11 Gothenburg, Sweden

Telephone: +46-31-750 56 42

Contact: the Ekman Personal Data Protection Control Group

E-mail address: GDPR@ekmangroup.com

3 Personal data processed

The personal data in the different categories is processed in different ways from office to office. However, the rules for how Ekman handles personal data and sensitive personal data are the same for all offices worldwide. Not all categories of personal data apply to all offices and the wording may differ between countries and offices.

4 Categories of personal data subjects

a)   Employees
b)   Potential employees
c)   Business partners and potential business partners

5 Sources of personal data

a)   Employee / Employment contract
b)   Potential employee / Job application / Recruitment firm
c)   Business partners / Contracts, Internet, Credit reporting firms, Due Diligence research tools

6 Personal data processed (may differ between offices and countries)

a)   Name, address, date of birth, personal id number, telephone number, emergency contact number, date of employment, employee number, title, bank account details, passport copy, photos, videos, etc.
b)   Name, address, date of birth, personal id number, telephone number, information in CV, resumé and other personal data voluntarily provided by the job applicant
c)   Name, contact details, title, company, IP-address, tax id number, family members, date of birth, previous employments, board memberships, etc.

7 Purpose of processing of personal data

a)   To fulfill obligations according to employment contract and local employment/labor laws (pay salaries, payroll taxes, offer benefits, reporting to authorities, filing, etc.) and to facilitate job duties
b)   To fill job positions
c)   To conduct business and manage business partner relations, including due diligence as part of trade compliance regulations

8 Legal basis for processing of personal data

a)   Employment law, employment contract
b)   Voluntary
c)   Contract, pending contract, legitimate interest (conduct business), international trade compliance laws

9 Recipients/category of recipients of personal data (may differ between offices and countries)

a)   Payroll service companies, Pension- and tax authorities, insurance companies, banks, travel agencies, accounting firms etc.
b)   Potentially companies within the Ekman Group (only)
c)   Companies within the Ekman Group, Credit insurance companies, auditors and others to fulfill business obligations, follow legal requirements and conduct business, and only when necessary and lawful

10 International transfer of personal data (may differ between offices and countries)

a)   Personal data is not transferred out of EU/EEA, with the possible exception for cloud service, servers and IT-support and maintenance
b)   Potentially to companies with the Ekman Group (only)
c)   Where necessary to conduct business and on a legal basis

11 Period data is kept

a)   Per local employment/labor laws
b)   1 year (unless hired)
c)   Per contract, per accounting, tax or business and compliance laws or per legitimate interest

12 Right to access, rectification, erasure, restrict processing and object to processing of personal data (EU only)

As a private person in the EU you have many rights regarding your personal data which is collected and stored. In summary, these include:

(a) the right to transparency and access with respect to the personal data that is stored and processed

(b) the right to corrections of any mistakes in the personal data and erasure in certain situations

(c) the right to restriction of processing in certain circumstances

(d) the right to object at any time to processing of personal data concerning you that is carried out based on our legitimate interest and you have specific reasons to object to such processing.

Forms for the above requests are available via GDPR@ekmangroup.com

13 Right to portability (EU only)

The right to data portability, i.e. to receive personal data collected about you in a structured, commonly used and machine-readable format.

Form for the above request is available via GDPR@ekmangroup.com

14 Right to lodge complaint with a Data Protection Authority (EU only)

Supervisory authorities in each EU country will monitor the processing of personal data in accordance with the GDPR and complaints should be lodged directly with them.

Further information can be found at the bottom of this Privacy Notice.

Before any complaint is lodged with the DPA, the local Ekman Personal Data Protection Administrator, as well as the Ekman Personal Data Protection Control Group, should be contacted at GDPR@ekmangroup.com.

15 Right to compensation in case of a breach (EU only)

As a private person in the EU, you have the right to claim compensation for damages caused by any potential breach of data protection legislation.

16 Security measures

Technical and organizational measures have been implemented to protect personal data against accidental or unlawful destruction, accidental loss, alteration, unauthorized disclosure or access and against all other unlawful forms of processing.

These measures include, but are not limited to, the Ekman Code of Conduct, The Ekman Personal Data Protection Policy, GDPR training of personnel, Whistleblowing service, the  "Ekman Code of Conduct for Business Partners", IS/IT policies, The Ekman Personal Data Protection Control Group, Ekman Data Protection Administrators worldwide, Internal audit function, Personal Data Protection Agreements (GDPR) with vendors/processors, GDPR instructions and Q&A for our personnel, consent forms, and other controls which might include passwords, backups, encryption, locks etc.

17 Questions and concerns

If you have any questions or concerns regarding protection of your personal data, please contact first the Personal Data Protection Administrator in your office (employees) or you can contact the Ekman Personal Data Protection Control Group at GDPR@ekmangroup.com.

We will make every effort to resolve any concern you may have.

18 Links for additional information (EU/EEA only)

National Data Protection Agency:


Denmark           http://www.datatilsynet.dk/
Italy                    http://www.garanteprivacy.it/
Poland               http://www.giodo.gov.pl/
Spain                 https://www.agpd.es/
Sweden              http://www.datainspektionen.se/
Switzerland      contact20@edoeb.admin.ch
UK                     https://ico.org.uk

[1]Ekman” shall in this page mean Ekman & Co AB and its affiliates and subsidiaries; sometimes also referred to as the “Ekman Group”.