Skip to main contentSkip to navigationSkip to search

Privacy policy

Pandox AB (publ), company reg. no. 556030-7885, (“Pandox”) and other companies within the Pandox Group respect and protect the privacy rights of individuals. We are transparent in how we process personal data and it is important for us that all processing is carried out in accordance with the General Data Protection Regulation and other applicable legislation.

General comments

This privacy policy is intended to describe how Pandox processes external personal data and to inform you, as an individual, about our processing of personal data. The information contained here is general in nature and in many cases more specific information is provided in an agreement or in other contexts, and such specific information applies as a supplement to and, where applicable, amends the information set forth below. 

Pandox’s internal personal data policy, based on the General Data Protection Regulation, is applied by the companies and employees of the Pandox Group.

Controller of personal data

Pandox is the data controller for the processing of any personal data for which it determines the purposes and means. Pandox is the data controller for general group operations and for certain subsidiaries which conduct property business. In addition, there are subsidiaries within the Pandox Group that have independent personal data responsibility, for example companies which conduct hotel operations. Information regarding how subsidiaries that are data controllers fulfil their obligations are set forth on each subsidiary’s website. This privacy policy covers the processing for which Pandox is responsible.

Processing of personal data


Pandox collects and processes personal data only where permitted under the General Data Protection Regulation or other applicable legislation, and processes only personal data according to the purposes for which the data was collected.

Pandox processes personal data which is obtained directly from you when an agreement is entered into or in other contacts with Pandox through for example our pages in social media or by e-mail. We also process your personal data, which we have obtained indirectly via your employer, in order to administer the business relationship your employer has with Pandox. Pandox also regularly collects personal data from publicly available sources such as private services and public filing systems for information regarding potential tenants, cooperating partners, competitors and other stakeholders.

Categories of personal data

The personal data which is processed is normally the name, contact information, personal ID number (where required by law or in order to manage a contractual relationship) and the account information for private tenants. Other forms of personal data which may be processed are pictures, and such information you may provide when contacting Pandox via the contact information on this web page, or when you interact with our corporate web pages in social media.



The personal data is processed in order to fulfil obligations and exercise rights according to contracts and to fulfil requirements imposed on Pandox by law or decisions by public authorities. The purpose of the processing of the personal data is normally to fulfil administrative, financial and property management purposes, but may also involve marketing and other questions which are related to potential and ongoing contractual relationships.


When you contact Pandox via the contact information on this webpage your personal data will be processed by Pandox for the purpose of communicating with you and answering your questions.


Pandox may also process and anonymize your personal data for statistical purposes and when conducting surveys in order to develop and improve Pandox’s operations. Anonymization of personal data may also take place to enable Pandox and its system providers to develop and test the systems used for processing of your personal data.

Pandox in social media

Pandox has corporate webpages in various social media (for instance Facebook and LinkedIn). These corporate webpages will be used to publish news, videos and blog posts for information and marketing purposes.  Your personal data may be processed when you interact with – or contact – Pandox via any of our corporate webpages. Personal data provided via our webpages in social media may be read and used by individuals outside Pandox.

Pandox examines and deletes comments on our webpages in social media regularly. Comments are deleted quickly if they contain sensitive personal data, or if the content could be perceived as insulting or offensive.

Publication of pictures

In conjunction with events or other gatherings, photographers may be present for documentation. Pictures from an event or similar may be published on Pandox’s corporate webpages, in the annual report or on Pandox’s corporate webpages in social media with the purpose of informing about Pandox’s business. A registered individual which are portrayed in a picture has the possibility to decline such processing (see contact details below).


In connection with Pandox's market days or events in which Pandox's financial reports are presented, Pandox - or a supplier on behalf of Pandox - may record and/or livestream such an event via webcast. Some recordings are uploaded for the purpose of allowing people who have not participated in the event to be able to see the information afterwards. Participants who participate in a livestreamed webcast have the opportunity to interact directly by, for example, asking questions. Pandox processes your personal information in these circumstances in order to answer your questions and to provide information to the public regarding Pandox's results, strategic and long-term development and other relevant information such as market trends and developments.

Legal basis

The legal basis for Pandox’s processing as set forth above is normally:

  • that the processing is necessary to perform a legal obligation;
  • that the processing is necessary for Pandox’s legitimate interests in fulfilling the above-stated purposes/goals and that these interests override the interests or fundamental rights and freedoms of the data subject in not having their personal data processed; or
  • that the processing is necessary to perform a contract with the data subject to which the data subject is party to or to undertake measures on the request of the data subject before such contract is entered into.

In the cases where the legal basis for the processing is consent, separate information is provided at the time consent is given.

Data and storage minimization

Pandox does not collect more data than is necessary to fulfil the purpose for which the personal data is collected. This means that Pandox will only request personal data which is necessary for the Group’s business operations.

Pandox does not store information longer than is necessary to fulfil the purpose for which the personal data was collected.


Pandox attaches great importance to the security of personal data and has established both technical and organizational routines in order to ensure that personal data is not lost, manipulated or become accessible to unauthorized persons. All companies within the Pandox Group work according to established security standards for handling information and only retain the services of suppliers who have provided sufficient guarantees for the protection of personal data and other information. Pandox regularly updates its routines and systems in order to guarantee the security of the personal data.

Third-party applications and external webpages

There may be references and links in Pandox’s business and webpage to third-party applications and external webpages over which Pandox does not have control. When you interact with these third-party applications and external webpages, the respective application or website's privacy policy and cookie policy apply. This privacy policy only covers such processing which is directly related to Pandox’s processing of personal data and Pandox is not liable for any processing of personal data which is carried out independently by any third party. This privacy policy is also applicable for Pandox’s corporate pages on social media platforms (such as Facebook and LinkedIn).

Categories of recipients

Personal data may be transferred between companies in the Pandox Group and to suppliers and others who perform services on behalf of Pandox in connection with the fulfilment of the purpose of the processing.


In a potential decision-making process regarding an acquisition or sale of assets or shares in a company (including subsidiaries of Pandox), your (as tenant or contact person/employee of tenant, customer or supplier) personal data may be shared with parties involved in such a process. Such processing of personal data takes place only when it is strictly necessary for the decision making or as part of a subsequent transaction.

Transfers of personal data to third countries

Pandox may transfer personal data to suppliers and partners in a third country outside of the EU/EEA. Where a transfer to a third country takes place, Pandox will ensure that appropriate safeguards have been taken and to provide the data subject with relevant information. Such appropriate measures can for example be:

i. to ensure that the parties (for example data exporter and data importer) enter into the EU Commission’s Standard Contract Clauses; or

ii. if transfer takes place within a group of companies, that the group has adopted so called Binding Corporate Rules approved by the relevant supervisory authority.

Pandox ensures that all transfers to third parties and third countries take place in accordance with the applicable data protection legislation.

The rights of individuals

Pandox wants to be accommodating to individuals in their exercise of their rights. Pandox therefore maintains clear guidelines and routines for how an inquiry from a data subject is to be handled.

As a data subject, you are entitled to request information free of charge from Pandox regarding the processing of your personal data. Upon your request, or on our own initiative, we will correct or erase any incorrect personal data and/or restrict the processing of such data. In addition, you are entitled to request that your personal data not be processed for direct marketing purposes. You also have the right to object to any processing Pandox carries out based upon a weighing of interests as the legal basis. In certain circumstances you also have a right to request that personal data you have provided Pandox are given to you in a digitally readable format. Where Pandox is of the opinion that processing nonetheless needs to be carried out, it is Pandox’s obligation to prove that there are interests which override the interests of the data subject. If you would like to contact us regarding the exercise of your rights, please contact us according to the contact information stated in the section “Contact information” below.

If you are dissatisfied with how we process your personal data, you can contact us or submit a complaint to the supervisory authority (Integritetsskyddsmyndigheten,

Further information to specific data subjects

Link to Information Subscriber
Link to Information regarding Supplier Contact Person
Link to Information regarding Tenant Contact Person
Link to Information Shareholder
Link to Information Event
Link to Information Recruitment Process

Contact information

Pandox AB (publ), reg. no. 556030-7885, PO Box 15, 101 20 Stockholm, Sweden,, is the controller of the personal data.

To exercise your rights under the General Data Protection Regulation, or if you have any questions regarding our processing of your personal data, please send your inquiry to:


This privacy policy may be updated and, in such case, a new version will be published on Pandox’s webpage.