Privacy notice

External Privacy Notice


Who are we?
What is personal data?
How do we obtain your personal data?
Personal data categories we process about you
Special categories of personal data
Purpose and legitimate basis of processing your personal data
How we process and retain your personal data
How we protect your personal data
Sharing your personal data
Your rights
Data Protection Officer
Updating this Privacy Notice


We understand that you are aware of and care about your own personal privacy and personal data, and we take that very seriously. HANZA values the privacy of our customers, suppliers and employees.

Who are we?

HANZA is a group of manufacturing companies. The term “HANZA” refers to HANZA AB and its wholly owned subsidiaries. HANZA currently operates in Sweden, Finland, Estonia, Poland, the Czech Republic, Germany and China.

You can contact all the HANZA companies through our Global Switchboard +46 86246200 or by sending an email to moc.aznah@ofni. HANZA’s Head Office is located at Torshamnsgatan 35, 164 40 Kista, Sweden.

What is personal data?

Personal data is any information relating to an identified or identifiable natural person. An identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

How do we obtain your personal data?

  1. When you provide it to us yourself by filling in a contact form at, sending us a letter by post, sending an email to email addresses available on the website, sending an email to any email address ending with moc.aznah@“” or subscribing to our mailing list. Also from business cards you have given to our representatives.
  2. Within the HANZA AB stock acquisition or subscription process.
  3. When you are listed as a contact person in a business relationship between your employer and HANZA.
  4. We may also occasionally obtain personal data about you from publicly-available sources, such as contacts from your company’s website.
  5. Sometimes we get your personal data during everyday activities from our business partners and other third parties.
  6. We use cookies on our website for its technical functioning and for gathering statistics. A cookie is a small piece of data that a website stores on the visitor’s computer or mobile device.
  7. If you use our mobile application, we will collect technical information through your use of the application. We may also collect account- and login data if you create an account in the application.

Personal data categories we process about you

HANZA does business with other companies. For that reason, we process personal data that is mainly business contact information. Such as your name, business email address, business phone number, business address, the company you work for and your position.

If you are applying for a job and send us your CV and other possible personal data, then we process personal information about your qualifications, employment history, place of residence – all the categories of personal data that you provide to us.

If you are shareholder in HANZA AB, then we process your personal identification data and the amount of shares.

When you visit our webpage,, you will be informed that this webpage uses cookies. If you accept, software upon which our site is built and hosted will gather information with the help of cookies to remember the pages you visit on our website, the date and time of your visit, your computer and connection information, such as your browser type and version and operating system, and the Internet Protocol (IP) address used to connect your computer to the Internet.

When you use our mobile application technical information will be collected from you, including device type, IP address, User ID, operating system, user agent, timestamp of visits and local storage. Profile information, login data and content provided by users will only be collected from users with an active account in the app (i.e. employees of Hanza).

However, as you have the possibility to provide us with personal data that is not listed above, we may process additional categories of personal data not listed above.

Special categories of personal data

Special categories of personal data include personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for uniquely identifying you, data concerning health or data concerning your sex life or sexual orientation.

We do not obtain or process special categories of personal data (sensitive data) about you. If you have provided us with personal data which can be categorized as sensitive data, then we will take actions to delete this data or obtain explicit consent from you for our continued processing of it.

We do not knowingly attempt to solicit or receive information from children, and we will take actions to delete personal data about children or will obtain the parental consent required for processing it when we learn that we process such data.

Purpose and legitimate basis of processing your personal data.

We process your personal data only for the original purpose it was obtained.

  1. We assume that if you provided us your business contact information, the company you are representing already has business relations with us or there is a clear intention to enter into business with HANZA. We will use your business contact information for contacting you regarding future business opportunities and for customer surveys. So, our purpose in processing personal data in that case is to provide you our contract manufacturing services. The legal basis is our legitimate interest in entering into or carrying out the contract with the company you represent.
  2. If you have some other important matter, due to which you have contacted us and have requested a response, then our purpose of processing your personal data is to satisfy your request, and processing personal data for that purpose is in our legitimate interest.
  3. We process your data if it is necessary to comply with statutory requirements and the processing purpose is to comply with different legal obligations we have, including disclosing the identity of shareholders.
  4. The purpose of processing personal data gathered by cookies is to allow our website hosting company to get our site usage statistics. Processing Such processing will only take place if you have consented to this.
  5. We process personal data collected through our mobile application to ensure the application functions properly. Technical information is processed for the provision of the application, as well as for statistical purposes. Any processing of your technical information which is not necessary for the provision of the application will only take place if you have consented to this.

How we process and retain your personal data

  1. We select and forward information you have provided to us to relevant persons at HANZA, depending on the content of your request. If we find, that you have provided us personal data that does not have any connection with doing business with HANZA or is otherwise not related to HANZA in any way, then we will delete correspondence received from you.
  2. Your personal data will be processed in one or several of the following countries: Sweden, Finland, Estonia, Poland, Germany or the Czech Republic, where HANZA has factories or in Sweden, Ireland and the Netherlands, where our IT service providers have data centers.
  3. We will delete immediately any correspondence that can be classified as spam or phishing letters and irrelevant sales or marketing proposals.
  4. If we are already in business with you or if we can conclude from the information, you have provided that there is an intention of entering into business with HANZA, then we will add your contact information to our ERP or CRM systems and retain it as long as is needed for carrying out the contract.
  5. We will retain personal data that we must process for complying with statutory requirements for as long as is required by legal acts.

How we protect your personal data

We have deployed a wide range of technical and organizational security measures to help protect your personal data against undue access, modification and deletion. Those measures are covering physical security, human resource security, asset management, information handling, access control, user access management, cryptography, protection from malware, backup, network security, etc.

Selected companies in HANZA are holding ISO27001 information security certification and Information Security Management System implementation is conducted throughout the HANZA.

Sharing your personal data

We may disclose your personal information to all HANZA companies (i.e. subsidiaries and holding company) if it is necessary for the original purpose. We do not sell, trade or otherwise transfer your personal data to third parties. Exceptions are third parties who are processors and from whom we outsource the services to support our main business, such as IT services or security services. These parties agree to keep the information confidential and not use it for other purposes not agreed upon. We may also disclose your personal data if it is necessary to comply with statutory requirements.

We strive to process your personal data within the European Economic Area. When transferring your personal data out of the European Economic Area, we will take measures to ensure that the personal data stays protected. We will also take any legal measures necessary to ensure that any such transfer is compliant with the GDPR, such as entering into Standard Contractual Clauses with the recipient.

If you have directly contacted our personnel in China, your business contacts will be processed in China. Nevertheless, we consider this to pose little risk to you, due to the nature of this data and as there are also adequate data protection measures in place – data is in HANZA’s protected computer network and is managed in servers situated in the European Union.

Your rights

The General Data Protection Regulation (“GDPR”) provides the following rights for you as an individual regarding your personal data:

– The right to access your personal data. You have the right to access your personal data and to obtain a copy of the personal data concerning you that is processed by us.
– The right to rectification. If the personal data concerning you that is processed by the Company is inaccurate, incomplete or outdated, you have the right to obtain rectification of such personal data.
– The right to erasure. You have the right to request the erasure of personal data concerning you. Unless we have a legal basis to continue the processing of the personal data concerning you, such personal data shall be erased.
– The right to restrict processing. Under certain circumstances you have the right to obtain restriction of the processing of your personal data. Where processing has been restricted, we may only under certain circumstances carry out other processing activities concerning the personal data than storage.
– The right to data portability. Where your personal data is processed based on your consent or on a contract with you, you have the right to receive the personal data concerning you in a machine-readable format and request that those data are transmitted to another controller.
– The right to withdraw consent. You are entitled to withdraw the consent you have given to us at any time.
– The right to object processing. you have the right to object to the processing of your personal data based on the legal bases of a public interest or legitimate interests at any time. This effectively allows you to stop or prevent us from processing your personal data. You may also object to processing of personal data for marketing purposes. When we receive an objection to processing for direct marketing, we will not process your personal data for this purpose. If, in the event of an objection, there are no compelling legitimate ground for our processing, we will cease the processing and delete the personal data unless it necessary for another purpose based on a separate legal basis.
– Rights in relation to automated decision making and profiling. Unless it is necessary for a (i) a contract we have with you, (ii) is authorized by law or (iii) is based on your explicit consent, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or that similarly significantly affects you.

However, please note that some of these rights only apply to certain personal data processing and may be restricted in certain situations. For complete information on your rights, we recommend that you visit or your national supervisory authority’s website.

If at any point you need more information about your personal data that we process and how we process it, then please contact HANZA or our Data Protection Officer for more information.

If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law, then you have the right to submit your complaints to The Swedish Data Protection Authority or your own national Data Protection Authority. Contacts of Data Protection Authorities can be found in European Commission web page:

Data Protection Officer

HANZA has appointed a Data Protection Officer. If you have any questions or concerns about the personal data processing at HANZA, then feel free to contact DPO by sending email to moc.aznah@opd

Updating this Privacy Notice

We are aware that information privacy is an ongoing responsibility, so we will update this Privacy Notice occasionally, as needed.

The current version of privacy notice was accepted on 15.01.2024.