Privacy Policy – Finnhammars Revisionsbyrå

Information regarding the use of personal data

Background

IIn this privacy policy (hereinafter “Policy“) we inform about how we process personal data concerning employees of customers, potential customers and other contacts with suppliers and partners and others who are in contact with us.

The policy applies to personal data processed by Finnhammars Revisionsbyrå AB and / or its partner and partner companies with a registered subsidiary Finnhammars Revisionsbyrå (hereinafter collectively “Finnhammars“).

Personal data manager and contact information

The companies within Finnhammars are either separately or jointly responsible for personal data. In cases where there is a joint personal data responsibility or where Finnhammars Revisionsbyrå AB is separately responsible, you can contact us in one of the following ways:

Finnhammars Revisionsbyrå AB, org.nr. 556358–0462
CEO
Box 194
194 23 UPPLANDS VÄSBY
Phone: +46 8-120 123 00
E-mail: info@finnhammars.se

If you want to know more about our personal data processing or the joint personal data responsibility, please contact us via the contact information above.

Purpose of the treatment and legal basis

Finnhammars needs to have access to certain personal data in order to be able to perform the audit assignment in accordance with applicable laws and regulations and good auditing and auditing practice in Sweden. However, we also need to process personal data for other reasons. Finnhammars processes personal data to carry out money laundering checks (including the real principal) and for auditing and accounting purposes. Personal data is also processed in other respects prior to the acceptance of customers and / or assignments and in connection with the execution of the assignment in order to carry out independent checks, quality checks, control of conflicts of interest and to document measures taken. In these cases, the legal basis for the processing is that the processing is necessary to fulfill a legal obligation incumbent on us as the data controller.

Finnhammars may also process personal data for other risk management measures (such as insurance matters) and to perform the internal financial reporting. This treatment is necessary for Finnhammar’s legitimate interest in managing risks and any requirements.

We also process personal data to perform and administer the assignment, to safeguard your or your employer / client’s interests, to administer and manage our relationship with you and your employer / client (such as invoicing or in relation to suppliers and partners ). Finnhammar’s may also process personal data to inform about events, news and other essential information that is relevant and attributable to Finnhammar’s operations. In these cases, the legal basis for the processing is that the processing is necessary for our interest to fulfill the above-mentioned purpose and that that interest outweighs your interest in not having your personal data processed.

In the case of e-mail correspondence with us, in cases where it contains personal data, we will process the data on the basis that we have or will enter into an agreement with the person we have e-mail contact with, or on the basis that our interest in fulfilling the purposes of the processing outweighs than your interest in not having your personal data processed.

If you are applying for a job with us, you will receive separate information when applying. Essentially, however, your information is processed in such a case to administer the application and the recruitment process.

If we process information on the basis of consent, special information will be provided prior to obtaining such consent.

Categories of personal data and where we get the data from

As an auditing firm, we receive, and collect, many different categories of personal data in connection with our operations. As a rule, we process personal data that we receive from you or your employer / client, but we can also collect such information from public and / or public sources. Such public and / or public sources may be your employer’s or client’s website or from an authority (eg the Swedish Tax Agency, the Swedish Companies Registration Office, Due Compliance, Creditsafe or other publicly available sources).

I vår kärnverksamhet, såsom revisionsuppdrag, behandlar vi information som kan innehålla In our core business, such as auditing assignments, we process information that may contain personal data, such as salary files, board minutes and other documents attributable to the auditing customer’s and its possible Group companies. The personal data is processed prior to the acceptance of customers and / or assignments and due to the performance of the assignment and as a result of review in accordance with good auditing and good auditing practice. The categories of personal data that may be processed include:

contact details such as name, address, telephone number and e-mail address,
information on employment such as employment number, department affiliation, position and period of employment,
health and absence data, e.g. task on sick leave, leave of absence or parental leave,
union affiliation,
social security number / coordination number,
information on financial circumstances such as bank account information, information on salary and other benefits, insurance information and information on registration number for company car,
union affiliation,
social security number / coordination number,
information on financial circumstances such as bank account information, information on salary and other benefits, insurance information and information on registration number for company car,
information on insurance and pension, or
other categories of personal data needed to manage the customer relationship as well as the real principal.
personal data that you, or someone else, provides to us in the performance of our activities (such as copies of identity documents of the persons representing the client within the framework of the customer awareness measures to be taken in accordance with the Money Laundering Act),

In our other operations, we generally do not process personal data other than the following:

name and contact information (e-mail address, telephone number, etc.),
social security number / coordination number,
information about employer, department affiliation and position,
information that you provide us before, at or after meetings, events and trainings as well as during communication. At events or similar, we may also need to process health information (such as allergies). Special information will then be provided in connection with such an arrangement,
personal data that you, or someone else, provides to us in the performance of our activities (such as copies of identity documents of the persons representing the client within the framework of the customer awareness measures to be taken in accordance with the Money Laundering Act),

If you apply for a position with us or submit a spontaneous application, we mainly process the following personal data:

name and contact details (such as e-mail address, telephone number and address),
social security number / coordination number,
sex,
CV and personal letter,
the documents you attach to the application (if they contain personal data),
any test results or other answers to questions.

Categories of recipients and transfer of personal data

We will not disclose your personal data except in cases where i) it has been specifically agreed between us and you, ii) it is necessary within the framework of an assignment to safeguard your or your employer’s rights, iii) it is necessary for us to fulfill a statutory obligation or comply with government decisions or court decisions; or (iv) in the event that we engage outside service providers who perform assignments on our behalf.

Finnhammars may also disclose personal information to network agencies or other partners hired by Finnhammars for the purpose of controlling and maintaining Finnhammar’s impartiality and independence, to perform quality controls and take other risk management measures, and to send out invitations to events, news and other important information.

Finnhammars may also disclose personal information to insurance companies or legal advisers in connection with legal proceedings to the extent necessary for Finnhammars to be able to safeguard our legitimate interests or to another recipient if such obligation exists under applicable laws and regulations, professional obligation or government decision.

The information may also be disclosed to courts, authorities, counterparties and counterparty representatives if it is necessary to safeguard your or your employer’s or Finnhammars rights.

If you choose to change auditing company, we will also disclose the information to such a player.

In cases where it is necessary, Finnhammars will ensure that personal data assistant agreements are entered into with such actors.

Transfer to third countries

As a general rule, personal data are not transferred to a third country (a country outside the EU / EEA). Personal data may, however, be processed by Finnhammar’s network bureaus and others hired by Finnhammar’s in order to carry out the measures mentioned above on Finnhammar’s assignment; they can be based both within and outside the EU / EEA. When transferring personal data for processing in a country outside the EU / EEA, which does not ensure an adequate level of protection, Finnhammars is responsible for ensuring that the personal data is covered by appropriate protection measures and provided that statutory rights for data subjects and effective remedies for data subjects are available.

Security when processing personal data

According to current law, Finnhammars is responsible for ensuring that the personal data processed is protected through the necessary technical and organizational security measures, taking into account what is appropriate in relation to the nature and sensitivity of the personal data. Finnhammar’s system and organization are arranged so that unauthorized persons do not have access to the personal data processed in connection with the assignment.

Storage of personal data

Personal data will not be processed during for a longer period than is necessary for the purposes for which the personal data are processed. According to the Accounting Act, we have an obligation to save certain personal data for seven years. With regard to personal data processed in connection with the acceptance of customers and assignments and in connection with the assignment, Finnhammars is obliged to keep the documentation in this regard for at least ten years from the end of the calendar year when the audit was completed in accordance with applicable laws and rules. good auditing and auditing practice in Sweden.

Personal data that is processed for the purpose of developing, analyzing and marketing the audit firm’s operations is stored for a period of one year after the last contact. If you unsubscribe from newsletters or the like, the information will be deleted immediately (unless we have a legal obligation to save it).

Personal data that is processed within the framework of a recruitment procedure is stored for a maximum of two years after the recruitment process has been completed. However, CV and reference information will only be saved after we have received your possible consent.

Rights as registered

Registered persons have the right to request information on whether personal data concerning the data subject is processed and in that case the right to access the personal data free of charge in the form of a so-called register extract. Furthermore, data subjects often have the right to receive incorrect personal data concerning the data subject. Furthermore, data subjects may have the right to have their personal data deleted, the right to request a restriction on the processing of personal data concerning the data subject or object to such processing.

With regard to auditing, it is important to emphasize that such auditing means that the auditing customer’s information for a certain financial year is reviewed at certain times during a specific year and for a certain period thereafter, which means that an update / correction of personal data can not always be done legally. that the audit action has been taken. Furthermore, the information and information that the auditor receives within the framework of the audit assignment is covered by a statutory duty of confidentiality, which means that Finnhammar may not normally disclose such information. In addition, Finnhammar is obliged to document performed audit assignments and retain the documentation for at least ten years from the end of the calendar year in which the audit was completed, which means that it is not permitted to change / delete personal data included in such documentation beforehand. For the reasons mentioned, it is also not possible for Finnhammar or the auditor to, at the request of a registered person, limit or restrict any processing of personal data that takes place as a result of the audit assignment.

You also have the right to request that your personal data not be processed for direct marketing (if any) and to object to such processing (and we will then cease this immediately) or to other processing of your personal data. You also have the right in some cases to receive your personal data in a machine-readable format and in applicable cases, you have, if technically possible, the right to have the personal data transferred to a third party that you assign (so-called data portability).

If you have questions, comments or want to exercise any of your rights, you can always contact us (see contact information above).

Automated decision making

Finnhammars does not perform automated decision-making (including profiling) regarding your personal data.

You always have the right to revoke a consent

If our processing of personal data should take place after consent from you as registered, you always have the right to revoke this. If we request consent for a specific treatment, we will have informed you beforehand about how to revoke such consent and what it means.

You always have the right to complain to the relevant supervisory authority

Om du är missnöjd med – eller har synpunkter på – hur vi behandlar dina personuppgifter If you are dissatisfied with – or have views on – how we process your personal data, you can submit a complaint to a supervisory authority, which in Sweden is currently the Swedish Authority for Privacy Protection (www.imy.se). You can also contact the supervisory authority of the country where you live or work. You can also always contact us directly (see contact information above).

Cookies

Finnhammars does not use cookies on its website www.en.finnhammars.se.

Policy update

This Policy has been established and updated in February 2022. We reserve the right to update and revise the Policy depending on new legal requirements and how we process personal data. You will be informed if this happens if it is important for the processing of your personal data. Please ensure that you continuously check whether this Policy has changed (an updated version from time to time will be available at www.en.finnhammars.se).