Pandox AB (publ), company reg. no. 556030-7885, (“Pandox”) and other companies within the Pandox Group respect and protect the privacy rights of individuals. We are transparent in how we process personal data and it is important for us that all processing is carried out in accordance with the General Data Protection Regulation and other applicable legislation.
Pandox’s internal personal data policy, based on the General Data Protection Regulation, is applied by the companies and employees of the Pandox Group.
Controller of personal data
Processing of personal data
Pandox collects and processes personal data only where permitted under the General Data Protection Regulation or other applicable legislation, and processes only personal data according to the purposes for which the data was collected.
Pandox processes personal data which is obtained directly from you when an agreement is entered into or in other contacts with Pandox. We also process your personal data, which we have obtained indirectly via your employer, in order to administer the business relationship your employer has with Pandox. Pandox also regularly collects personal data from publicly available sources such as private services and public filing systems for information regarding potential tenants, cooperating partners, competitors and other stakeholders.
Categories of personal data
The personal data which is processed is normally the name, contact information, personal ID number (where required by law or in order to manage a contractual relationship) and the account information for private tenants.
The personal data is processed in order to fulfil obligations and exercise rights according to contracts and to fulfil requirements imposed on Pandox by law or decisions by public authorities. The purpose of the processing of the personal data is normally to fulfil administrative, financial and property management purposes, but may also involve marketing and other questions which are related to potential and ongoing contractual relationships.
The legal basis for Pandox’s processing as set forth above is normally:
- that the processing is necessary to perform a legal obligation;
- that the processing is necessary for Pandox’s legitimate interests in fulfilling the above-stated purposes/goals and that these interests override the interests or fundamental rights and freedoms of the data subject in not having their personal data processed; or
- that the processing is necessary to perform a contract with the data subject.
In the cases where the legal basis for the processing is consent, separate information is provided at the time consent is given.
Data and storage minimization
Pandox does not collect more data than is necessary to fulfil the purpose for which the personal data is collected. This means that Pandox will only request personal data which is necessary for the Group’s business operations.
Pandox does not store information longer than is necessary to fulfil the purpose for which the personal data was collected.
Pandox attaches great importance to the security of personal data and has established both technical and organizational routines in order to ensure that personal data is not lost, manipulated or become accessible to unauthorized persons. All companies within the Pandox Group work according to established security standards for handling information and only retain the services of suppliers who have provided sufficient guarantees for the protection of personal data and other information. Pandox regularly updates its routines and systems in order to guarantee the security of the personal data.
Third-party applications and external websites
Transfers of personal data to third countries and disclosure to third parties
Pandox only stores personal data within the EU/EEA. Where a transfer to a third country takes place in exceptional cases, Pandox will ensure that there is a legal basis for such a transfer and will provide the relevant data subject with required information.
Pandox guarantees that all transfers to third parties and third countries take place in accordance with the applicable data protection legislation.
The rights of individuals
Pandox wants to be accommodating to individuals in their exercise of their rights. Pandox therefore maintains clear guidelines and routines for how an inquiry from a data subject is to be handled.
As a data subject, you are entitled to request information free of charge from Pandox regarding the processing of your personal data. Upon your request, or on our own initiative, we will correct or erase any incorrect personal data and/or restrict the processing of such data. In addition, you are entitled to request that your personal data not be processed for direct marketing purposes. You also have the right to object to any processing Pandox carries out based upon a weighing of interests as the legal basis. Where Pandox is of the opinion that processing nonetheless needs to be carried out, it is Pandox’s obligation to prove that there are interests which override the interests of the data subject. If you would like to contact us regarding the exercise of your rights, please contact us according to the contact information stated in the section “Contact information” below.
If you are dissatisfied with how we process your personal data, you can contact us or submit a complaint to the supervisory authority (Datainspektionen, the name of which is currently being changed to Integritetsmyndigheten, www.datainspektionen.se).
Information for the data subjects who are the contact persons at Pandox’s suppliers or customers
Link to Information regarding Supplier Contact Person
Link to Information regarding Tenant Contact Person
To exercise your rights under the General Data Protection Regulation, or if you have any questions regarding our processing of your personal data, please send your inquiry to: