Pandox AB (publ), company reg. no. 556030-7885, (“Pandox”) and other companies within the Pandox Group respect and protect the privacy rights of individuals. We are transparent in how we process personal data and it is important for us that all processing is carried out in accordance with the General Data Protection Regulation and other applicable legislation.
Pandox’s internal personal data policy, based on the General Data Protection Regulation, is applied by the companies and employees of the Pandox Group.
Controller of personal data
Processing of personal data
Pandox collects and processes personal data only where permitted under the General Data Protection Regulation or other applicable legislation, and processes only personal data according to the purposes for which the data was collected.
Pandox processes personal data which is obtained directly from you when an agreement is entered into or in other contacts with Pandox through for example our pages in social media or by e-mail. We also process your personal data, which we have obtained indirectly via your employer, in order to administer the business relationship your employer has with Pandox. Pandox also regularly collects personal data from publicly available sources such as private services and public filing systems for information regarding potential tenants, cooperating partners, competitors and other stakeholders.
Categories of personal data
The personal data which is processed is normally the name, contact information, personal ID number (where required by law or in order to manage a contractual relationship) and the account information for private tenants. Other forms of personal data which may be processed are pictures, and such information you may provide when contacting Pandox via the contact information on this web page, or when you interact with our corporate web pages in social media.
The personal data is processed in order to fulfil obligations and exercise rights according to contracts and to fulfil requirements imposed on Pandox by law or decisions by public authorities. The purpose of the processing of the personal data is normally to fulfil administrative, financial and property management purposes, but may also involve marketing and other questions which are related to potential and ongoing contractual relationships.
When you contact Pandox via the contact information on this webpage your personal data will be processed by Pandox for the purpose of communicating with you and answering your questions.
Pandox may also process and anonymize your personal data for statistical purposes and when conducting surveys in order to develop and improve Pandox’s operations. Anonymization of personal data may also take place to enable Pandox and its system providers to develop and test the systems used for processing of your personal data.
Pandox in social media
Pandox has corporate webpages in various social media (for instance Facebook and LinkedIn). These corporate webpages will be used to publish news, videos and blog posts for information and marketing purposes. Your personal data may be processed when you interact with – or contact – Pandox via any of our corporate webpages. Personal data provided via our webpages in social media may be read and used by individuals outside Pandox.
Pandox examines and deletes comments on our webpages in social media regularly. Comments are deleted quickly if they contain sensitive personal data, or if the content could be perceived as insulting or offensive.
Publication of pictures
In conjunction with events or other gatherings, photographers may be present for documentation. Pictures from an event or similar may be published on Pandox’s corporate webpages, in the annual report or on Pandox’s corporate webpages in social media with the purpose of informing about Pandox’s business. A registered individual which are portrayed in a picture has the possibility to decline such processing (see contact details below).
The legal basis for Pandox’s processing as set forth above is normally:
- that the processing is necessary to perform a legal obligation;
- that the processing is necessary for Pandox’s legitimate interests in fulfilling the above-stated purposes/goals and that these interests override the interests or fundamental rights and freedoms of the data subject in not having their personal data processed; or
- that the processing is necessary to perform a contract with the data subject to which the data subject is party to or to undertake measures on the request of the data subject before such contract is entered into.
In the cases where the legal basis for the processing is consent, separate information is provided at the time consent is given.
Data and storage minimization
Pandox does not collect more data than is necessary to fulfil the purpose for which the personal data is collected. This means that Pandox will only request personal data which is necessary for the Group’s business operations.
Pandox does not store information longer than is necessary to fulfil the purpose for which the personal data was collected.
Pandox attaches great importance to the security of personal data and has established both technical and organizational routines in order to ensure that personal data is not lost, manipulated or become accessible to unauthorized persons. All companies within the Pandox Group work according to established security standards for handling information and only retain the services of suppliers who have provided sufficient guarantees for the protection of personal data and other information. Pandox regularly updates its routines and systems in order to guarantee the security of the personal data.
Third-party applications and external webpages
Categories of recipients
Personal data may be transferred between companies in the Pandox Group and to suppliers and others who perform services on behalf of Pandox in connection with the fulfilment of the purpose of the processing.
Transfers of personal data to third countries
Pandox may transfer personal data to suppliers and partners in a third country outside of the EU/EEA. Where a transfer to a third country takes place, Pandox will ensure that appropriate safeguards have been taken and to provide the data subject with relevant information. Such appropriate measures can for example be:
i. to ensure that the parties (for example data exporter and data importer) enter into the EU Commission’s Standard Contract Clauses;
ii. if the transfer takes place to an American company in the US, ensure that the American company is certified in accordance with the EU-US Privacy Shield program; or
iii. if transfer takes place within a group of companies, that the group has adopted so called Binding Corporate Rules approved by the relevant supervisory authority.
Pandox ensures that all transfers to third parties and third countries take place in accordance with the applicable data protection legislation.
The rights of individuals
Pandox wants to be accommodating to individuals in their exercise of their rights. Pandox therefore maintains clear guidelines and routines for how an inquiry from a data subject is to be handled.
As a data subject, you are entitled to request information free of charge from Pandox regarding the processing of your personal data. Upon your request, or on our own initiative, we will correct or erase any incorrect personal data and/or restrict the processing of such data. In addition, you are entitled to request that your personal data not be processed for direct marketing purposes. You also have the right to object to any processing Pandox carries out based upon a weighing of interests as the legal basis. In certain circumstances you also have a right to request that personal data you have provided Pandox are given to you in a digitally readable format. Where Pandox is of the opinion that processing nonetheless needs to be carried out, it is Pandox’s obligation to prove that there are interests which override the interests of the data subject. If you would like to contact us regarding the exercise of your rights, please contact us according to the contact information stated in the section “Contact information” below.
If you are dissatisfied with how we process your personal data, you can contact us or submit a complaint to the supervisory authority (Datainspektionen, the name of which is currently being changed to Integritetsmyndigheten, www.datainspektionen.se).
Further information to specific data subjects
Link to Information Subscriber
Link to Information regarding Supplier Contact Person
Link to Information regarding Tenant Contact Person
Link to Information Shareholder
Pandox AB (publ), reg. no. 556030-7885, PO Box 15, 101 20 Stockholm, Sweden, www.pandox.se, is the controller of the personal data.
To exercise your rights under the General Data Protection Regulation, or if you have any questions regarding our processing of your personal data, please send your inquiry to: