Personal Data Policy
This Personal Data Policy was revised on 15 June 2023.
Skogssällskapet AB (hereinafter “Skogssällskapet”, “us” and “we”) undertakes to protect and respect your integrity in the execution of our services, in contacts with you, and in all our processing of your personal data. Skogssällskapet is the data controller in the processing of your personal data in accordance with prevailing legislation.
You can find our contact information below, under Contact details.
Skogssällskapet processes the personal data needed to complete our undertaking in relation to you. Skogssällskapet may also need to process your personal data in accordance with requirements in law or regulation. Personal data means all information that can be attributed to an identifiable natural person. Further information about our data processing is given below.
- Information security
- Personal data that is collected about you or that you share with us
- Purpose of data processing
- Mobile app: “My Forest – Skogssällskapet”
- Lawful grounds
- Sharing your personal data
- Transfer to a third country
- Changes in the Personal Data Policy
- Data retention and deletion of personal data
- Your rights as a data subject
- Right to submit complaints to a regulatory authority
- Contact details
We feel it is extremely important that your personal data is protected. We therefore apply all appropriate technical and organisational security measures necessary to protect your personal data against unauthorised access, alteration, or destruction. To protect your personal data, we ensure that the physical servers are protected, that our systems are protected electronically by firewalls, that our electronic equipment is protected against intrusion, and that our employees with access to your personal data are familiar with personal data management and issues relating to confidentiality and secrecy. However, this means there is always a risk involved when sharing personal data on digital channels, as it is not possible to completely protect technical systems from intrusion.
Personal data that is collected about you or that you share with us
We may collect the following data about you to enable us to supply you with our various services, when you communicate with us, or to comply with legal requirements:
- Email address
- Postal address
- Telephone number
- Personal identity number and passport number
- Credit information
- IP address
- Bank details
- Property details
- Financial information regarding forest business activities and our services
For financial services, such as tax returns, the following information may also be collected:
- Income details
- Membership of a registered religious community
- Travel journal/information about travel
For property services, such as management of tenure agreements, the following information may also be collected:
- Personal data regarding holders of usufructuary rights
- Credit information regarding usufructuary rights
- Personal data relating to rights holders, easement, etc.
For recruitment purposes, the following information may also be collected about you if you are applying for a vacant position:
- Personal letter and CV
- Test results and analyses relating to recruitment
- Diplomas and other certificates
If you create an account, apply for funding, or are named in an application for funding, the following information may also be collected:
- Information provided in the application, such as gender, project plan, budget, education, academic title, and CV, depending on what information is submitted
- Information about co-applicants, head of department, or other persons involved
Purpose of data processing
We may process your personal data for the following purposes:
- To communicate with you and to enable you to communicate with us
- To fulfil and enter into agreements with you
- To set up and process your order for our services
- To execute and improve our execution of the services
- To review and analyse the use of our services
- To enable us to keep statistics regarding the use of our services and visits to our digital channels
- To administer your payment for the services
- To administer your dealings with us
- To protect our rights and our business operation
- To comply with requirements according to law, ordinances, or statutory regulations
- To enable us to receive, investigate, and provide feedback regarding whistleblower reports
- To enable us to investigate misuse of the services
- To enable us to conduct market surveys
- To enable us to send you information and offers
Mobile app: “My Forest – Skogssällskapet”
User data is needed to log into the app, and so that the app can recognise the type of user involved (user role). Your user data is stored in an encrypted and protected section in your mobile device so that you do not need to log in every time you use the app.
You can personalise the settings in the app, and you can choose to save these. We do this to facilitate and improve the user experience. One example can be which map layers are to be displayed on the map when the app is started.
In the app you can draw areas, lines, and points on the map, either by hand or by using the location information from your mobile device. Your location information may be retrieved from your IP address, Wi-Fi, Bluetooth, mobile telephony network, or GPS that is accessible through your mobile device. Location information from the mobile device can therefore be used to find a point on the map where you are located, or to log your position and thereby “draw” on the map. Location information is only stored if you have chosen to use the device’s location information to draw or log a position on the map. If you have activated logging and “draw” using the device’s location information, i.e. using the function “Logging with GPS (Line)” or “Logging with GPS (Area)”, logging also takes place even when the app is running in the background. “In the background” means when the app is not being used or is not visible on the device’s display. Location information is retrieved and logged until you switch off the function. In activation of GPS in the map, the app retrieves the device’s location information in order to show the position of the device on the map. All functions in the app that use the device’s location information can be switched on and off. Data drawn from location information cannot be distinguished from data drawn by hand.
All data that you provide may be stored locally in the app and on our servers. Examples are text, images, files, the device’s location information, or all other information that you have entered in the app or allowed it to retrieve. The data may be stored in the app and on the server for as long as it is needed for the service to function or until you decide to erase the information. In all data management, reasonable security measures and standards are used to prevent unauthorised access and to ensure good data security. All Internet communication towards the server takes place with encrypted transfer. Unfortunately, no data management is completely secure.
Access to the device’s functions and sensors
In some cases, the app uses the device’s built-in functions and sensors to provide you with content and services. However, this first requires that you grant the app special authorisation to the functions and sensors. One example is your location information, which may be retrieved from your IP address, Wi-Fi, Bluetooth, mobile telephony network, or GPS that is accessible through your mobile device.
Anonymous user data for troubleshooting
In the event of problems with the app, anonymous user data is sent (app version, type of device, and OS version of the device) and error log (what went wrong, where the error occurred in the app code, and why) to a third-party server that is specially intended for analysis and troubleshooting for apps. Collected data is therefore completely anonymous and not linked to you as an individual. We do this to facilitate troubleshooting and, over time, to improve the app’s quality and functionality.
In this section, we summarise the lawful grounds on which we base our processing of your personal data. We base our data processing on various lawful grounds, depending on the purpose of our processing of your personal data.
- We use the lawful ground “Contract” in our processing of your personal data when this is necessary to fulfil the terms of a contract we have entered into with you, or ahead of entering into a contract, with regard to:
- ordering of our services
- administration of your order or other matters, payment for services we provide to you, and disbursment
- client and staff administrative systems for, e.g., invoicing and salary calculation
- employment and other types of recruitment
2. We use the lawful ground “Weighing of interests” in situations where our assessment is that we have a legitimate interest in processing your personal data. Our legitimate interests are:
- to execute and improve our execution of the services
- to review and analyse the use of our services
- to enable us to keep statistics on the use of our services and visits to our digital channels
- to protect our rights and our business operation
- to enable us to investigate misuse of the services
- to enable us to conduct market surveys
- to enable us to send you information and offers
3. We use the lawful ground “Legal obligations” in our processing of your personal data when this is necessary to meet requirements according to law, ordinances, or official regulation that are applicable to our business or to the services we provide in our business.
4. We use the lawful ground “Consent” in our processing of your personal data when this is necessary:
- to enable us to send you information and offers
Sharing your personal data
We may share your personal data with service suppliers, such as payment agents, commissioned contractors, collaboration partners, and data storage service suppliers, so that we can provide you with services. We may also share your personal data with public agencies, such as the Swedish Tax Agency, the Police, courts, and other law enforcement agencies, if we are obliged to so by law or to protect our rights or the rights of third parties.
We may also share your personal data with Swedish or foreign group companies, distributors, agents, or collaboration partners and other associated parties, or a subsequent owner and part-owner and their advisors in connection with a merger, consolidation, restructuring, or sale of significant shares and/or assets, or some other type of reorganisation.
Transfer to a third country
If Skogssällskapet’s processing of your personal data involves transferring personal data to countries outside the EU/EES, measures are taken to assure a high level of security and legal management.
Changes in the Personal Data Policy
If we need to make changes in the processing of your personal data, we will inform you of the content of the new conditions. If you are a client, we will inform you of any changes when you have logged in to My Pages. For other groups, we will inform you of any changes in our digital channels.
Data retention and deletion of personal data
Your personal data will not be saved for longer than is necessary in relation to the purpose of the processing, and we will otherwise delete personal data in ways that comply with applicable legislation.
- If you have registered for an event arranged by Skogssällskapet, the personal data is deleted after the event has been held, providing consent to save the data has not been given.
- If you have registered for newsletters or other information, the data is saved, providing no request for deregistration has been received. If you have deregistered, the personal data is deleted as soon as possible, but no later than before the next newsletter is sent out, or one month after deregistration has been received.
- If you terminate your use of our services or, in some other way, terminate your client relationship with us, your personal data will be stored until it is no longer relevant, unless special legislative requirements apply, such as the Swedish Book-keeping Act. If it can be suspected that fraud or some other unauthorised use of the service has occurred, we reserve the right to store this data for a longer period until the suspicions have been investigated.
- If you have applied for funding from Stiftelsen Skogssällskapet or other foundations administered by Stiftelsen Skogssällskapet, the personal data is saved for different periods, depending on whether funding is awarded or not. Data regarding your account will be processed for as long as you have an account. If your account is inactive, you will receive two reminders before we automatically delete your account. Where applications have not been awarded funding, the personal data is deleted no later than 5 years after the year’s application process is completed. Where applications have been awarded funding, the personal data in the application is deleted no later than 5 years after completion of the project.
Your rights as a data subject
You have the following rights:
- Right to erasure (right to be forgotten)
- Right to rectification
- Right to access your personal data
- Right to be informed
- Right to restricted processing
- Right to object to processing
- Rights when a decision is automated
- Right to data portability
If you want to know about what the rights mean, and want to exercise your rights, contact us (see Contact details below).
Right to submit complaints to a regulatory authority
You are entitled to submit complaints to the Swedish Authority for Private Protection (IMY), which is the authority in Sweden that regulates how we as a company comply with GDPR legislation. Here is the IMY website: https://www.imy.se/en. External link.
If you have any questions regarding our Personal Data Policy, or any other question regarding our processing of your personal data, you are welcome to contact us.
Registration No. 556333 - 7855
Visitor address: Kilsgatan 4, 411 04 Göteborg
Postal address: Box 11374, 404 28 Göteborg
Telephone: 0771 22 00 44