Privacy notice.

Personal data means any information that directly or indirectly can be linked to a living individual. For example: personal identity number, name, address, photos, registration numbers, online identifiers, as well as a person's physical, physiological, genetic, mental, economic, cultural or social identity.

Rote Consulting AB (org. no. 556371–6876) is the data controller for processing of personal data that takes place within its operations.

We process your personal data for one or more purposes in accordance with the General Data Protection Regulation (GDPR) and the ePrivacy Directive on privacy and electronic communications, which regulates the use of cookies (the Swedish Electronic Communications Act – LEK).

We only process personal data when we have a legal basis, and no more data than what is required for the purpose.

Among other things, we process information about you if you are a client, a supplier, send a job application, visit our website or use our whistleblower function.

Examples of personal data we process:

Data that you voluntarily provide, such as contact information, date of birth, CV and communication between you and Rote Consulting AB.

For as long as the information is necessary for compliance with a legal obligation and for the purpose of the processing. If the purposes of processing no longer apply, the data will be deleted.

We do not share personal data with anyone other than the data processors with whom we have entered into data processing agreements, in accordance with our policy, instructions and guidelines for security and data protection.

We may also be required to share your personal data with authorities acting as independent data controllers. If an authority is an independent controller, it means that Rote Consulting cannot govern how the data provided to that authority is processed.

Independent data controllers with whom we may need to share your personal data in accordance with legislation, or upon suspicion of a crime, include the police and tax authorities. When your personal data is shared with an authority acting as an independent controller, that authority's privacy notice and data processing will apply.

When we collect information about you, you have a number of fundamental rights under the General Data Protection Regulation.

Your rights include the right to request access to and rectification or erasure of your personal data, restriction of and objection to our processing, and the right to receive your data in a structured, commonly used and machine-readable format (data portability).

You always have the right to lodge a complaint if you are dissatisfied with our processing of your personal data, either to the Swedish Authority for Privacy Protection IMY (www.imy.se) or directly to us.

Your personal data is protected by both technical and organisational measures. All personal data is stored securely and access to data is monitored and limited to those whose work tasks require it.

We reserve the right to revise and amend this privacy notice on the processing of personal data when we find it necessary.

This privacy notice was revised 240826.