Fair Way Channel Privacy Notice for Sweden (EN)
Read more below.
We at HKScan are committed to operating fairly and upholding high standards of ethics. On this page, we describe and provide further information on how we will collect and process personal data of Alleged Wrongdoers, Reporters and Witnesses in connection with our Fair Way channel.
It is important to us that you feel safe with how we handle your personal data. We take measures to ensure that your personal data is protected and that the processing of your personal data is carried out in accordance with applicable data protection regulations and our internal policies and procedures.
Alleged Wrongdoer is a person who has, pursuant to the report, allegedly acted improperly in a way that would be in the public interest to be disclosed, or otherwise violated inter alia EU laws.
Fair Way channel is intended for reporting suspected cases of unethical behavior in HKScan’s busi-ness. This applies to suspected violations of the law or other official regulations or deviations from HKScan’s Code of Conduct or other policies as further described in our Fair Way Page. https://www.hkscan.com/en/about-us/policies-and-certificates/hkscan-fair-way/
GDPR means the General Data Protection Regulation (EU) 2016/679.
Personal data means any information, which may, directly or indirectly, be used to identify an indi-vidual.
Processing means everything we do with your personal data (normally by digital means), such as collection, compilation, disclosure, structuring, storage, etc.
Reporter is a person who reports any suspected violation through the Fair Way channel.
Witness is a person identified (directly or indirectly) in the report or in communication by the Re-porter as a witness to the suspected violation.
HKScan Sweden AB ("HKScan Sweden") has designated edpLaw Advokatbyrå that receive and investigate the reports ("edpLaw Advokatbyrå") as a competent external party under the Swedish Whistleblowing Act (2021:890) (the “Swedish Whistleblowing Act”) for receiving and investigating whistleblowing reports, as well as following-up and communicating with the Reporter. As a result, HKScan Sweden and edpLaw Advokatbyrå are jointly responsible (joint controllers) for the pro-cessing of your personal data for such purposes, as further described below in our detailed infor-mation on our use of personal data.
Moreover, HKScan Sweden and HKScan Oyj are cooperating with each other when addressing re-ported breaches under the Fair Way channel, including when making business decisions and taking other actions as a result of a report. When processing your personal data for such purposes, HKScan Sweden and HKscan Oyj are jointly responsible (joint controllers), as further described below in our detailed information on our use of personal data.
HKScan Sweden and the relevant parties identified above have set up internal arrangements to de-termine their respective responsibilities in relation to the use of your personal data.
You have the right to obtain the essence of the above-mentioned arrangements, in which case we ask you to contact us on the contact details set out in Section 11 below. This information also reflects the essence of the internal arrangement.
To the extent necessary and depending on the circumstances in each case, we collect and process the following categories of personal data:
As a Reporter you have the possibility to report anonymously, in which case none of your personal data that directly identifies you will be processed by us.
We collect personal data from the following sources:
Below we explain the purposes with our use of personal data and provide examples of processing activities carried out for each purpose.
To read more about which categories of personal data, which legal basis that we rely on for the use of your personal data for each purpose and for how long your personal data is stored as well as which companies that are joint or separate controllers for the respective processing, please see our detailed information on our use of personal data.
We use, to the extent necessary, your personal data to manage reports submitted in our internal whis-tleblowing channel (the Fair Way channel) in accordance with the Swedish Whistleblowing Act. This includes to receive and investigate reports, as well as to be in contact with and report back to the Reporter on actions taken.
For more information about the internal reporting channel, please see
our HKScan Fair Way Page.
Where necessary, we use and share your personal data between authorized functions and departments within the HKScan Group to address whistleblowing reports. By way of example, this may include to carry out legal investigations and take disciplinary actions in relation to employees, such as written warnings, and suspensions and terminating contracts.
We will, where necessary, use and share your personal data internally between functions and depart-ments within the HKScan Group to manage and defend legal claims in relation to a reported whistle-blowing matter, including using reports as evidence in legal proceedings and other disputes.
We use your personal data to follow up and evaluate whistleblowing reports, for example to compile reports and statistics on an aggregated level (i.e. information that cannot be directly related to you) to better understand our business and identify any trends regarding whistleblowing matters (such as the number of matters and types of reported matters).
We use your personal data to ensure necessary technical functionality and security of the Fair Way channel and our IT systems, for example for security logging, error handling, and backups.
We will use your personal data to fulfil our legal obligations, for example in order to comply with data protection obligations under the GDPR (such as requests to exercise your rights).
Below we describe which recipients that we share your personal data with. The recipients below is responsible (data controller) for its own use of your personal data, unless we have stated otherwise.
To read more about why and based on which legal bases that we share your personal data with dif-ferent recipients, please see our detailed information on our use of personal data.
We share personal data with:
Service providers. To process personal data for the proposes described in this information, we share personal data with service providers that we have engaged. These service providers provide, for ex-ample, IT services (such as hosting of and operating the Fair Way channel). When these service pro-viders process personal data on our behalf, they act as data processors for us, and we are responsible for the processing of your personal data. They must not use your personal data for their own purposes and are contractually and legally obliged to protect your personal data.
Other recipients. If needed, we share your personal data with other recipients for the following pur-poses:
Examples of recipients are HKScan Group companies, external advisors, trade unions, public authori-ties, law enforcement and courts. These recipients will normally act as sole and separate controllers for their own use of your personal data.
Subject to applicable law, you have a number of rights regarding the processing of your personal data. Below we explain your rights and under which circumstances you may exercise them.
To be as transparent as possible, we have only described the rights and terms that we, in light of the processing activities carried out by us, have deemed will be relevant for you. For a full description of the rights under chapter III of the GDPR, please see the information on rights at the Swedish Authority for Privacy Protection’s (IMY’s) website.
Please note that the person managing a whistleblowing matter is not, according to the Swedish Whis-tleblowing Act, permitted to make any unauthorized disclosures of information that would reveal the identity of the Reporter or any other individual involved in the matter. Moreover, pursuant to the Swedish Data Protection Act (2018:218), Articles 13–15 of the GDPR will not apply to personal data that the data controller is prohibited to disclose according to law or other regulation. Therefore, the below stated rights will not apply in case they conflict with the said rules on confidentiality under the Swedish Whistleblowing Act or where any other legal exemption applies.
In order to exercise your rights, please contact us on the contact details in Section "Any questions?"
Right to access (Article 15 GDPR)
You have the right to receive confirmation that your personal data is being processed by us and, if so, to access the personal data and the following information:
You have also the right to receive a copy of your personal data in a commonly used electronic format.
Right to rectification (Article 16 GDPR)
You have the right to rectification of incomplete or incorrect personal data processed by us. Depend-ing on the purpose of the processing you also have a right to have incomplete personal data completed, including by means of providing a supplementary statement.
Right to deletion (Article 17 GDPR)
You have the right to erasure of your personal data. The right to erasure apply:
What is stated above regarding the right to erasure does not apply to the extent the processing is nec-essary e.g.:
Right to restrict processing (Article 18 GDPR)
You have the right to obtain restriction of processing where one of the following grounds applies:
Where processing has been restricted, such personal data shall, except for storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest. If you have obtained restriction of processing you shall be informed by us before the restriction of processing is lifted.
Right to data portability (Article 20 GDPR)
The right to data portability only applies when the processing takes place on the basis of your consent or to fulfil or enter into an agreement with you, why this right cannot be exercised by you in relation to our use of your personal data as described in this information.
Right to object to processing (Article 21 GDPR)
You have also the right to object, on grounds relating to your particular situation, to the pro-cessing of your personal data by us or on our behalf, where such processing is based on Article 6.1f (legitimate interests) of the GDPR.
Where an objection is made for processing activities based on Article 6.1f of the GDPR, we may only continue processing your personal data if (i) we can demonstrate compelling legitimate grounds that outweigh your privacy interests, or (ii) the processing is necessary for us to estab-lish, exercise or defend legal claims.
Automated decision-making, including profiling
We do not carry out any automated decision-making or profiling which have any legal effects or similar on you.
Your personal data will at all times be used and stored within the EU/EEA.
In order to ensure that the content reflects our use of personal data from time to time, we regularly update this information. As an example, we will update this information if we decide to collect additional categories of personal data or if we intend to use collected personal data for additional purposes.
We will in such case notify you in advance by appropriate means, for example by showing a message on this page. The latest version of this information is always available on this page and the date when this information was last updated is stated above.
If you have questions about this information, our use of your personal data or if you wish to exercise your rights, please contact us. Please see contact details below.
If you are not satisfied with our response, you have the right to lodge a complaint with the relevant data protection authority in your country. In Sweden, the Swedish Authority for Privacy Protection (IMY) (www.imy.se) is the data protection authority. In Finland, the Office of the Data Protection Ombudsman (https://tietosuoja.fi/home) is the data protection authority.
Data controllers
HKScan Sweden AB
Company registration number: 556655-4597
HKScan Oyj
Company registration number: 0111425-3
edplaw Advokatbyrå AB
Company registration num-ber: 559280-3208
Joint contact point
Address: Lemminkäisenkatu 48, FI-20520 Turku, Finland
E-mail: privacy@hkscan.com
DPM: juha.koskimaa@hkscan.com