External Privacy Notice

Introduction.
Who are we?
What is personal data?
How do we obtain your personal data?
Personal data categories we process about you.
Special categories of personal data.
Purpose and legitimate basis of processing your personal data. How we process and retain your personal data.
How we protect your personal data.
Sharing your personal data.
Your rights.
Data Protection Officer.
Updating this Privacy Notice.

Introduction.

We understand that you are aware of and care about your own personal privacy and personal data, and we take that very seriously. HANZA values the privacy of our customers, suppliers and employees.

Who are we?

HANZA is a group of manufacturing companies. The term “HANZA” refers to HANZA Holding AB and its affiliates. HANZA currently operates in Sweden, Finland, Estonia, Poland, the Czech Republic and China.

You can contact all the HANZA companies through our Global Switchboard +46 86246200 or by sending an email to info@hanza.com. HANZA’s headquarters is located at Brovägen 5, 182 76 Stocksund, Sweden.

What is personal data?

Personal data is any information relating to an identified or identifiable natural person. An identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

How do we obtain your personal data?

  1. When you provide it to us yourself by filling in a contact form at hanza.com, sending us a letter by post, sending an email to email addresses available on the hanza.com website, sending an email to any email address ending with “@hanza.com” or subscribing to our mailing list. Also from business cards you have given to our representatives.
  2. Within the HANZA Holding AB stock acquisition or subscription process.
  3. When you are listed as a contact person in a business relationship between your employer and HANZA.
  4. We may also occasionally obtain personal data about you from publicly-available sources, such as contacts from your company’s website.
  5. Sometimes we get your personal data during everyday activities from our business partners and other third parties.
  6. We use cookies on our website for its technical functioning and for gathering statistics. A cookie is a small piece of data that a website stores on the visitor’s computer or mobile device.

Personal data categories we process about you.

HANZA does business with other companies. For that reason, we process personal data that is mainly business contact information. Such as your name, business email address, business phone number, business address, the company you work for and your position.

If you are applying for a job and send us your CV and other possible personal data, then we process personal information about your qualifications, employment history, place of residence – all the categories of personal data that you provide to us.

If you are shareholder in HANZA Holding AB, then we process your personal identification data and the amount of shares.

When you visit our webpage, www.hanza.com, you will be informed that this webpage uses cookies. If you accept, software upon which our site is built and hosted will gather information with the help of cookies to remember the pages you visit on our website, the date and time of your visit, your computer and connection information, such as your browser type and version and operating system, and the Internet Protocol (IP) address used to connect your computer to the Internet.

However, as you have the possibility to provide us with personal data that is not listed above, we may also unknowingly process categories of personal data not listed above.

Special categories of personal data.

Special categories of personal data include personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for uniquely identifying you, data concerning health or data concerning your sex life or sexual orientation.

We do not obtain or process special categories of personal data (sensitive data) about you. If you have provided us with personal data what can be categorized as sensitive data, then we will take actions to delete this data or obtain explicit consent from you for our continued processing of it.

We do not knowingly attempt to solicit or receive information from children and we will take actions to delete personal data about children or will obtain the parental consent required for processing it when we learn that we process such data.

Purpose and legitimate basis of processing your personal data.

We process your personal data only for the original purpose it was obtained.

  1. We assume that if you provided us your business contact information, the company you are representing already has business relations with us or there is a clear intention to enter into business with HANZA. We will use your business contact information for contacting you regarding future business opportunities and for customer surveys. So our purpose in processing personal data in that case is to provide you our manufacturing and advisory services. The legitimate basis is our legitimate interest in entering into or carrying out the contract with the company you represent.
  2. If you have some other important matter, due to which you have contacted us and have requested a response, then our purpose of processing your personal data is to satisfy your request, and processing personal data for that purpose is in our legitimate interest.
  3. We process your data if it is necessary to comply with statutory requirements and the processing purpose is to comply with different legal obligations we have, including disclosing the identity of shareholders.
  4. The purpose of processing personal data gathered by cookies is to allow our website hosting company to get our site usage statistics. Processing is based on our legitimate interest in ensuring availability of the HANZA website.

How we process and retain your personal data.

  1. We select and forward information you have provided to us to relevant persons at HANZA, depending on the content of your request. If we find, that you have provided us personal data that does not have any connection with doing business with HANZA or is otherwise not related to HANZA in any way, then we will delete correspondence received from you.
  2. Your personal data will be processed in one or several of the following countries: Sweden, Finland, Estonia, Poland or the Czech Republic, where HANZA has factories or in Sweden, Ireland and the Netherlands, where our IT service providers have data centers.
  3. Your business contacts can only be processed at our sites in China if you have provided such information directly to them. However, they follow the same rules if they process it as the HANZA companies in Europe.
  4. We will delete immediately any correspondence that can be classified as spam or phishing letters and irrelevant sales or marketing proposals.
  5. If we are already in business with you or if we can conclude from the information you have provided that there is an intention of entering into business with HANZA, then we will add your contact information to our ERP or CRM systems and retain it until it is needed for carrying out the contract. We will review business contacts in our ERP and CRM system annually and delete business contacts no longer needed for the purpose.
  6. Correspondence, including personal data, which is provided by you regarding any other matter, we will review annually and delete the correspondence, if the matter can be considered complete.
  7. We will retain personal data that we must process for complying with statutory requirements for as long as is required by legal acts.

How we protect your personal data.

We have employed a wide range of security measures to help protect your personal data against undue access, modification and deletion. For example, only authorized employees have permission to manage personal data, and we use firewalls with Unified Threat Management tools for preventing unauthorized persons from gaining access to your personal information. Our sites in China are connected to the same secure corporate network and follow the same policies and means as rest of HANZA for protecting data. In light of the above, you can rest assured that your personal data is in safe hands.

Sharing your personal data.

We may disclose your personal information to all HANZA companies (i.e. subsidiaries and holding company) if it is necessary for the original purpose. We do not sell, trade or otherwise transfer your personal data to third parties. Exceptions are third parties who are processors and to whom we outsource services to support our main business. Such as IT services or security services. These parties agree to keep the information confidential and not use it for other purposes not agreed upon. We may also disclose your personal data if it is necessary to comply with statutory requirements.

We do not transfer your personal data outside the European Economic Area. However, if you have directly contacted our personnel in China, your business contacts will be processed in China. Nevertheless, we consider this to pose little risk to you due to the nature of this data and as there are also adequate data protection measures in place – data is in HANZA’s protected computer network and is managed in servers situated in the European Union.

Your rights.

The General Data Protection Regulation (“GDPR”) provides the following rights for you as an individual regarding your personal data:

However, GDPR also stipulates many restrictions to those rights listed above.

If at any point you need more information about your personal data that we process and how we process it, then please contact HANZA or our Data Protection Officer for more information.

If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law, then you have the right to submit your complaints to The Swedish Data Protection Authority or your own national Data Protection Authority. Contacts of Data Protection Authorities can be found in European Commission web page: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm

Data Protection Officer.

HANZA has appointed a Data Protection Officer. If you have any questions or concerns about the personal data processing at HANZA, then feel free to contact him. The DPO contact is:

Name: Kristian Teiter
Email: dpo@hanza.com
Phone: +372 7468890
Postal address: Puiestee 2, Tartu 50303 ESTONIA.

Updating this Privacy Notice.

We are aware that information privacy is an ongoing responsibility, so we will update this Privacy Notice occasionally, as needed.

The current version of privacy notice was accepted on 25.05.2018 by HANZA management.