A leading technical installation and building services company

Privacy policy for the Nimlas Group

1. Introduction

Nimlas Group AB values your personal privacy. We therefore strive to always protect your personal data in the best possible way and to comply with applicable data protection regulations. This privacy policy explains how and why Nimlas Group AB (and other data controllers within the group where Nimlas Group AB is included) processes your personal data and what rights you have.

The information is general and aimed at those who visit our website www.nimlasgroup.com (the "Website"), work with us, or represent one of our customers, suppliers (including subcontractors), or other business partners, as well as those who apply for jobs with us. This policy also covers various types of communication; both regarding how you communicate with us and for what purposes. Different sections of this policy will therefore be applicable and relevant to you depending on your relationship with us.

For employees within Nimlas Group, we have specific policies, instructions, and other documentation to ensure that we handle employees' personal data in accordance with applicable data protection laws at any given time. Such issues are usually not handled in this privacy policy. Even for other registered individuals or processing activities, additional information regarding personal data processing may have been made available

2. Data Controller

Data Controller
Nimlas Group AB, VAT number 559291-7982( “Nimlas”)
Rosenborgsgatan 12,
169 74, Solna, Sweden
Email: gdpr@nimlasgroup.com

Nimlas is the data controller for the processing of some of your personal data as described in
this information text.

Other Data Controllers within the Group

Within in the Nimlas Group consists of several subsidiaries. To some extent, Nimlas subsidiaries (“Subsidiaries”) are data controllers for data that you provide or transfer to the relevant subsidiary. A current list of the various subsidiaries – and thus all data controllers in the Nimlas Group – can be found at https://www.nimlasgroup.com/our-companies. There, you will also find contact details for each company.

Joint Data Control within the Nimlas Group

Between the different companies within the Nimlas Group, certain information, and documentation, sometimes including personal data, are exchanged. Additionally, Nimlas subsidiaries provide certain services, systems, and other facilities that may involve the processing of personal data. Generally, Nimlas performs these services as a data processor on behalf of the subsidiaries. To a limited extent, Nimlas and the relevant subsidiary are jointly data controllers.

To ensure that your personal data is processed in accordance with applicable regulations, Nimlas and the subsidiaries have entered into a special agreement in accordance with applicable data protection regulations, including ensuring that your rights as a data subject and the data controllers' obligations to provide you with information are fulfilled.

Your Main Contact for Data Protection Matters

Your main contact for data protection matters is always the company within the Nimlas that you normally contact, communicate with, or contract with. If you have no such contact, Nimlas is usually the data controller for the processing of personal data concerning you and additionally for the processing of personal data collected via the Website and other websites and/or social media channels operated by Nimlas.

Questions Regarding Data Processing

If you have any questions about how we process your personal data or your related rights, you are always welcome to contact the relevant Nimlas company as described above or – in all circumstances – Nimlas. See contact information below.

3. What Data Do We Process About You and Why?

We process your personal data for different purposes depending on your relationship with us.

In most cases, we process personal data that you have chosen to provide to us, often in your professional role as a contact person for one of our customers, suppliers, or other partners. In some cases, we also collect personal data from someone other than you, namely if you or the company you represent is to enter into or has entered into an agreement with us. We also automatically collect certain information about your use of our website. We do not sell or share personal data to or with third parties unless such sharing or transfer is stated in this policy if the receiving party processes personal data on our behalf, or if otherwise expressly agreed with you.

In the following sections, you will find more detailed information about what personal data we process about you and why, depending on whether you visit our website or other digital channels, communicate with us, or are a contact person for one of our suppliers, customers, or other partners. 3 For more information on how we use cookies on our websites, please read our cookie policy >> (LINK).

When You Visit the Website or Other Digital Channels and Communicate with Us

Purpose: To maintain, test, and improve our website

Processing:

Analysis of data we collect for the above purpose. Based on the data we process, we conduct analyses on an aggregated level (without identifying you as an individual) to support the maintenance, testing, and improvement of our website.

Personal Data Processed:

Information about your visits to our website through cookies (e.g., information about which pages you visited, which links you clicked on, technical data about your device such as IP address, geographical location, browser settings)

Legal Basis:

Processing is necessary to meet our legitimate interest in maintaining, testing, and improving our website (balancing of interests).

Retention Period: 6 months.

Purpose: To communicate with you when you contact us via e.g., email, phone, or through our digital channels

Processing:

Handling of your case and responding to questions; improvement of services and information that we provide via our website or other digital channels

Personal Data Processed:

  • Name and contact information (such as email addresses, phone numbers, and address);
  • other information and data that you choose to provide us with

Legal Basis:

Processing is necessary to meet our and your legitimate interest in communicating with you when you have contacted us (balancing of interests)

Retention Period: During the time your case is ongoing and 12 months thereafter.

Purpose: To prevent and detect misuse of our services, e.g., security attacks

Processing:

Necessary processing to protect our IT environment against attacks and intrusions

Personal Data Processed:

Information about your visits to our website through cookies (e.g., information about which pages you visited, which links you clicked on, technical data about your device such as IP address, geographical location, browser settings)

Legal Basis:

Processing is necessary to meet our legitimate interest in protecting our IT environment from attacks and intrusions (balancing of interests).

Retention Period: 6 months.

When You Are a Contact Person for One of Our Suppliers, Customers, or Other Partners

Purpose: To prepare, administer, and fulfill agreements with suppliers, customers, or other partners

Processing:

Necessary processing to administer our rights and obligations under the concluded contractor, supplier, customer, or other types of cooperation agreement; ongoing contact with our supplier, customer, or partner

Personal Data Processed:

Name of the contact person at the supplier, customer, or partner; contact information (email, phone number, etc.) of the contact person; if the supplier, customer, or partner is a sole trader, the organization number/personal number

Legal Basis:

Processing is necessary to meet our legitimate interest in fulfilling the agreement with our supplier, customer, or partner, or if you provide information to us as a sole trader, to fulfill our agreement or take measures you request before an agreement is concluded.

Processing is also necessary to meet our legitimate interest in preparing, administering, and fulfilling agreements with suppliers, customers, or other partners.

Retention Period: As long as we have rights or obligations under the agreement and for a period of two (2) years (purchase, sale, and cooperation) or ten (10) years (contracting) thereafter. It is not a requirement that your personal data be provided to us, but if we are not allowed to process your personal data, we may not be able to enter into an agreement and subsequently fulfill our agreement (or only be able to do so with some delays) and administer the contractual relationship with you or the company you represent/are the contact person for.

Purpose: To administer inspections, potential complaints, guarantees, claims, and other similar demands

Processing:

Necessary processing to administer our rights and obligations under contractor, supplier, customer, or cooperation agreements

Personal Data Processed:

  • Name of the contact person at the supplier, customer, or partner;
  • Contact information (email, phone number, etc.) of the contact person;
  • If the supplier, customer, or partner is a sole trader, the organization number/personal number

Legal Basis:

Administering complaints, warranties, and similar matters is necessary for us to fulfill our legal obligations. The processing of your personal data within this framework is necessary to fulfill our legitimate interest in complying with our legal obligations and to defend ourselves against potential claims

Retention Period: Until warranty periods, liability periods, and similar periods under the respective agreements have expired and a subsequent period of six (6) months thereafter, unless legal proceedings are ongoing. In case of legal proceedings, we may continue to process the data until such legal proceedings are finally settled. It is not a requirement that you provide us with your personal data. If we are not allowed to process your personal data, we may not be able to enter into an agreement and subsequently fulfill our agreement (or only be able to do so with some delays) and administer the contractual relationship with you or the company you represent/are the contact person for

Purpose: For marketing and similar purposes

Processing:

Sending information about news, product and service offers, events, and similar marketing materials via email and/or other digital channels

Personal Data Processed:

Name and contact information (email, phone number, etc.) of the contact person at the customer or potential customer, as well as partners

Legal Basis:

Processing is necessary to meet our legitimate interest in marketing our products and services, maintaining our business relationship with you, and communicating with you in your professional role (balancing of interests) or if you have chosen to subscribe to our newsletter, your consent

Retention Period: If you are a contact person at one of our existing or former customers or partners; during the contract period and for a period of [two (2) years] thereafter. If you are a contact person at one of our potential customers or partners; [during the time our marketing campaign is ongoing]. If you have given your consent; until you withdraw your consent, which you can easily do in all our mailings by clicking on the "unsubscribe" link. You always have the option to unsubscribe from further mailings from us at any time. If you unsubscribe, we will immediately cease processing your personal data for this purpose.

4. Do you want to know more about how we have balanced our interests?

As described above, we sometimes process your personal data based on our legitimate interest. If you have any questions or want to know more about how we have balanced these interests, you are welcome to contact us.

5. Who Gets Access to Your Personal Data?

As stated above, your personal data is normally disclosed to the data-controlling Subsidiary you are in contact with, communicate with, or have signed a contract with, which is then responsible for your personal data. To some extent, certain such data may be transferred to Nimlas for group-wide functions and processes for which Nimlas is the data controller.

In addition, your personal data is shared with companies that process personal data on our behalf, so-called data processors. For example, our partners and other suppliers such as IT and system providers who provide operation, development, and support for our systems and cloud services have access to your personal data.

For this purpose, we have signed so-called data processing agreements with them, which, among other things, means that they are required to process the information securely, correctly, and confidentially. If you have applied for a job with us, your data is sometimes shared with the recruitment firms that process application data and application documents.

6. Are Your Personal Data Transferred to Other Countries?

Some of our IT suppliers operate outside the EU/EEA. This may result in your personal data being transferred outside the EU/EEA. When such transfer occurs, we take special protective measures to ensure an adequate level of protection of your personal data, which, for example, may mean that we sign agreements that include the standardized model clauses for data transfer adopted by the EU Commission.

7. You Have Various Rights as a Data Subject Under the Data Protection Regulation

Security for your personal data

Nimlas will take appropriate technical and organizational security measures to ensure that your personal data is handled securely and to limit and prevent the risk that your personal data falls into the wrong hands.

Your Rights

According to current data protection legislation, you have the right to receive information about the processing of your personal data free of charge once a year. Such a request must be made in writing and sent to Nimlas (see contact details below). You also have certain other rights.

  • You have the right to withdraw your consent at any time with future effect.
  • You have the right to object to the processing.
  • You can request that your personal data be corrected.
  • You can also, in certain cases, request that your personal data be deleted, limited, or blocked by contacting Nimlas.
  • Under certain conditions, you have the right to data portability of your personal data, which means that your data should be transferable to another data controller. However, this right is limited to data that you have provided us..

You can also file complaints about Nimlas's handling of your personal data directly with the supervisory authority, the Swedish Authority for Privacy Protection (www.imy.se). However, there may be legal limitations that affect your rights above.

If you have questions regarding the processing of your personal data, you are always welcome to contact us.

8. Changes to This Privacy Policy or Your Personal Data

Nimlas reserves the right to change this Privacy Policy, including due to changes in applicable data protection legislation. Established changes will be published on the Website

If you want to change your data, such as changing your address, you can do so by contacting us.

9. Do you want to contact us?

If you want to use your rights as above or otherwise want to get in touch with us due to our processing of your personal data, you can contact Nimlas at gdpr@nimlasgroup.com

This Privacy Policy was established by Nimlas in June 2024

We are the Nimlas Group

Nimlas provides services across the full range of technical disciplines from heating & sanitation, electricity, ventilation, automation, fire safety, cooling/refrigeration, and related services.

Our office

Nimlas Group AB

Rosenborgsgatan 12,
169 74, Solna, Sweden

Contact us

Email: info@nimlasgroup.com

VAT reg.no: 559291-7982

Copyright © 2022 Nimlas Group AB  |  Sitemap |  Cookies  |  Privacypolicy