PERSONAL DATA POLICY
Introduction
This policy was created by and for the organization (Mevera Metall AB, AB Metalleveranser, AB Stockholms Metallimport, and Gamla Stans Metall AB) for the processing of personal data.
The "organization" is the data controller.
Information, regardless of form, interface, or environment, that can directly or indirectly be attributed to a physical person (who is alive) is considered personal data according to the Personal Data Act.
Purpose and Goal
The organization shall ensure that the personal data of customers, partners, and internal resources are handled in accordance with the purpose of the processing.
Scope
This policy and associated documents encompass the regulations, processes, and procedures that shall apply to all processing of personal data within the organization – structured as well as unstructured.
The handling of personal data shall be regulated in agreements.
A data processor shall be appointed and is responsible for coordination and supervision in and for the processing of personal data.
The organization's processing of personal data shall comply with the requirements of applicable laws, regulations, and ordinances.
The organization's work with personal data processing includes:
· Planning and agreeing on and for the processing of personal data
· Informing about the purpose of the processing of personal data
· Obtaining consent for and to the processing of personal data
· Conducting analysis, risk management, and classification process, which shall result in the selection of methods and levels of protection for the processing of personal data
· Training staff in personal data handling and classification to process data correctly and to actively participate, develop, and improve processes for the processing
· Controlling, following up, conducting analysis, and quality assurance to ensure over time that the purpose of the processing of personal data is fulfilled.
Policy adopted 2018-02-28
Management of Mevera Metall AB