Centuri Privacy policy

Privacy policy - customers and website visitors

Information on how we process your personal data

Version 1.0, 2025-04-07 2025.

1. INTRODUCTION

This privacy policy (the ‘Privacy Policy’) describes how Centuri AB, reg. no. 556558-6210, with address Södra Agnegatan 29, 112 29, Stockholm (‘we’, ‘our’ and ‘us’), processes personal data about you who visit and use our website and about you who come into contact with us in connection with our business and our services - usually because you are a contact person for a corporate customer or partner or a supplier to us.

We are responsible for the personal data processing described in the Privacy Policy in our capacity as data controller. If you want to know more about our processing of your personal data, you are always welcome to contact us, e.g. at the address above or via our e-mail address: info@centuri.se .

It is important to us that you feel safe with how we process your personal data and we therefore ask you to read this Privacy Policy, which we may update from time to time. At the top of the page you can see the current version of this Privacy Policy and when it was last updated.

2. HOW WE COLLECT YOUR PERSONAL DATA
The data we process about you is mainly collected directly from you when you visit and use our website or when we get in touch with you - for example, by email, telephone or at face-to-face meetings, conferences, trade fairs or similar events. We may also collect data about you from third parties, usually from the company or organisation you represent.

3. HOW WE PROCESS YOUR PERSONAL DATA
3.1 Introduction

We will only process your personal data if the processing is authorised by applicable data protection law. This means, among other things, that we must have support for the purposes for which we process your personal data, in the form of a so-called legal basis. For us, this mainly means one of the following grounds:

Performance of a contract - the processing is necessary for us to provide you with our services or otherwise fulfil a contract between us (this applies to you if you are a sole trader), or to take steps at your request before entering into a contract.

If you are acting on behalf of someone else, for example as a representative of a company (which is usually the case), our processing is based on a balance of interests and our legitimate interests in being able to enter into or fulfil the contract with the person you represent.

Fulfilment of legal obligations - the processing is necessary for the fulfilment of our legal obligations under any law or regulation to which we are subject, or any court or public authority order requiring us to process data about you.

Balancing of interests - processing is necessary for the purposes of our legitimate interests or those of a third party, provided that your interests or fundamental rights and freedoms are not overridden (in which case the processing may not take place).

Consent - processing is based on your prior consent, which includes our responsibility to clearly inform you of the processing to which you consent and the possibility to easily withdraw your consent to our further processing

Below we detail the categories of personal data we process, the purposes for which we process them and the legal bases on which our processing of your personal data is based, including how long your data is stored by us. For information on who we share your personal data with, please see section 5 below.

3.2    Maintaining and improving our website
Purpose of the processing   
Collect statistics on and analyse visitor traffic to our website and other technical information generated during visits to the website, in order to maintain and improve its functions, the user experience and our efforts to detect and counteract errors, intrusions and incidents.

This is done with the support of third-party analytics services. The statistics we compile and the analyses we carry out with the support of these services are carried out using data in aggregated form and with the support of de-identified or anonymised data.    

 Categories of personal data

The personal data we process relates to:
•    IP address
•    Other technical information generated when you visit our website, such as the type of technical device you used, browser, pages visited and times of visits (browser information, time zone from where you visited our website, other web traffic information)

Legal basis: Balancing of interests, where our legitimate interest is to collect data to maintain and improve the functionality, content and security of our website. The collection of information using cookies and similar technologies is based on your consent, with the exception of those uses that are strictly necessary for the proper use of our website. For more information on how we use cookies and other similar technologies, please see our cookie policy.

Storage period: We store information about how visitors interact with our website for a maximum of six (6) months. In most cases, the personal data collected is converted into aggregated (anonymised) data before this period expires, in connection with our production of statistics

3.3    Creating potential business relationships
Purposes of processing    
Contact and communication with you for the purpose of establishing a business relationship with you and/or the company or organisation you represent.
This includes, among other things, communication via email about our business, our services and our ongoing activities (see also section 3.6 below).    

Categories of personal data

The personal data we process relates to:
•    First and last name
•    Contact details such as email address, telephone number, location and address
•    Professional title and details of the company or organisation you represent
•    Information that you otherwise provide to us in connection with our communication with you

3.4    Maintaining and developing existing business relationships
Purpose of the processing    
Contact and communication with you in your capacity as, or contact person for, one of our existing customers, partners, suppliers or other business contacts, in order to maintain and develop our business relationship with you and/or the company or organisation you represent.

This includes, among other things, the usual administration of and communication about our customer, co-operation and supplier agreements, as well as communication via e-mail about our business, our services and our ongoing activities (see also sections 3.5 and 3.6 below).    

Categories of personal data

The personal data we process relates to:
•    First and last name
•    Contact details such as email address, telephone number, location and address
•    Professional title and details of the company or organisation you represent
•    The information you otherwise provide to us in connection with our communication with you

Legal basis: Balancing of interests, where our legitimate interest is to maintain and develop our business relationship with you and/or the company or organisation you represent.
Storage period: We save your personal data for as long as we have a business relationship with you and/or the company or organisation you represent, but for a maximum of two (2) years from the last time we were in contact with each other in connection with our business relationship.

Please note that we may need to retain data for a longer period for other purposes, e.g. if it turns out that we need to take action in order to defend or pursue legal claims. We will also need to store data for a longer period of time in order to fulfil legal obligations, for example regarding accounting in accordance with the Accounting Act (1999:1078) (see further in section 3.7 below).

3.5 Managing the conclusion and performance of contracts
Purpose of the processing    
Administration and communication to enter into or perform contracts between us and you and/or the company or organisation you represent.
This includes invoicing and standard contract management, as well as follow-up and documentation of contract-related issues.    

Categories of personal data
The personal data we process relates to:
•    First and last name
•    Contact details such as email address, phone number, location and address
•    Professional title and details of the company or organisation you represent
•    The information you provide to us in contractual matters, such as questions or comments on contracted services

3.6    Newsletters and other marketing communications
Purpose of the processing    
Administering and sending emails, with the aim of informing about our activities, services and ongoing activities.    

Categories of personal data
The personal data we process relates to:
•    E-mail address
•    First and last name

Legal basis: We will only send you marketing emails if you have registered to receive such emails and have consented to receive them. If you are an existing customer, we will only send you marketing emails if the content is relevant to you and/or the company or organisation you represent. Our mailings are then based on a balance of interests, where our legitimate interest is to be able to market us and our services. You can always choose to unsubscribe from this type of communication by either using the link provided in each marketing mailing and newsletter sent from us or by contacting us via our email address: info@centuri.se.

Retention period: We will retain your personal data for the purpose of sending you marketing emails as long as you have not unsubscribed from receiving further emails. Please note that withdrawing your consent does not affect the lawfulness of the processing we carried out during the time we had your consent.

3.7    Fulfilment of legal obligations and defence of legal claims
We may process your personal data in order for us to fulfil our legal obligations under law or other regulations to which we are subject, or court or authority decisions that require us to process data about you.
We may also process your personal data in order for you and/or the company or organisation you represent, us or the third party concerned to be able to safeguard or defend legal claims, for example in the event of an impending or ongoing dispute.

4.    SECURITY MEASURES
We take security measures to ensure that our handling of your personal data is secure. For example, the systems in which personal data are stored are only accessible to our employees and service providers who need the data to fulfil their tasks. They are also informed of the importance of security and confidentiality in relation to the personal data we process. We implement appropriate security measures and standards to protect your personal data against unauthorised access, disclosure and misuse. We also monitor our systems to detect vulnerabilities. In addition, we have entered into data processing agreements with our service providers (see further in sections 5 and 6 below).

5.    HOW WE SHARE YOUR PERSONAL DATA
Access to your personal data is limited to recipients who need such access for the purposes described in section 3 above or otherwise set out below. Your personal data will thus be shared with the following recipients
(a)    Our suppliers: We use third party suppliers to manage parts of our business. We will share personal data with these suppliers to enable them to perform services on our behalf, such as providing us with support and business systems or sub-contracting our own services. When we use suppliers under this paragraph, we will establish data processing agreements and take other appropriate measures to ensure that your personal data is processed in a manner consistent with this Privacy Policy.
(b)    Co-operation partners: We occasionally co-operate with external parties to improve our services and operations, such as advisors. These parties process personal data either as data controllers according to their own terms and conditions and guidelines for the processing of personal data, or as data processors to us according to our instructions for processing. In the latter case, we enter into data processing agreements and take other appropriate measures to ensure that your personal data is processed in a manner consistent with this Privacy Policy.
(c)    Sale or transfer: We will transfer your personal data to a buyer/investor or potential buyer/investor in connection with the sale or other transfer of all or part of our shares, assets or business. In the event of such a transfer, we will take steps to ensure that the receiving party processes your data in a manner consistent with this Privacy Policy. The purpose of such a transfer is to allow a (potential) buyer/investor to scrutinise our business and, where applicable, take steps and preparations for a possible purchase or investment, where the transfer is made with reference to the legitimate interest of such scrutiny and possible steps and preparations.
(d)    Authorities: We will also share your personal data with e.g. the Police, the Swedish Tax Agency or other authorities when we are obliged to do so by law or other regulation, or by court or government order.

6.    WHERE WE PROCESS YOUR PERSONAL DATA
We aim to always process your personal data within the EU/EEA. As some of our suppliers operate internationally, your personal data will be transferred to countries outside the EU/EEA according to the agreements we have with the suppliers. In such cases, we have an obligation to ensure that the transfer takes place in accordance with applicable data protection law before the data is transferred, e.g. by ensuring that the country to which the data is transferred fulfils the adequacy requirements as decided by the European Commission, or by ensuring that the transfer is subject to appropriate safeguards such as standard contractual clauses as decided by the European Commission and further appropriate measures to safeguard your rights and freedoms.

The following link provides information on the non-EU/EEA countries that the European Commission has decided fulfil an adequate level of protection for the authorised transfer of personal data.

The following link provides you with the standard contractual clauses adopted by the European Commission

7.    YOUR RIGHTS
You have rights in relation to us and our processing of your personal data. Information about your rights and how to exercise them is set out below. 
Please note that your rights apply to the extent provided by applicable data protection legislation and that, where applicable, there may be exceptions to the rights. Please also note that we may need more information from you in order to, among other things, confirm your identity before we proceed with your request to exercise your rights.
To exercise your rights or to request more information about them, please contact us, most easily via our e-mail address: info@centuri.se.

7.1    Right of access
You have the right to obtain confirmation as to whether we are processing your personal data. If we are processing your personal data, you also have the right to receive copies of the personal data concerning you that we are processing as well as further information about the processing, such as the purposes of the processing, the relevant categories of personal data and the recipients of such personal data.

7.2    Right to rectification
You have the right to request that we rectify any inaccurate personal data that we process about you, as well as request that we complete incomplete information.

7.3    The right to erasure
You may request that we erase your personal data without undue delay in the following situations:
•    The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
•    Our processing is based on your consent, and you withdraw your consent for the relevant processing;
•    you object to processing we carry out on the basis of legitimate interests and your objection overrides our or another party's legitimate interest in the processing;
•    The personal data is processed unlawfully;
•    The personal data must be erased in order for us to fulfil one or more legal obligations.

7.4    Right to Restriction of Processing
You have the right to request that we restrict the processing of your personal data in the following situations: 
• You contest the accuracy of the personal data, for a period enabling us to verify the accuracy of the data; 
• The processing is unlawful and you oppose the erasure of your personal data and request the restriction of its use instead; 
• The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed, but is required for you to establish, exercise, or defend legal claims; 
• You have objected to processing carried out based on legitimate interest, pending the verification of whether our legitimate grounds override yours.

7.5    Right to Object
You have the right to object to our processing of your personal data when it is based on (i) our or a third party's legitimate interest, or (ii) our exercise of official authority or a task carried out in the public interest, including profiling. If you object, we must demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or that the processing is necessary for the establishment, exercise, or defense of legal claims in order to continue the processing.

7.6    Right to Data Portability
If our processing of your personal data is based on (i) an agreement with you or (ii) your consent, you have the right to receive the personal data you have provided to us, which concerns you, in an electronic format. You have the right to have the data transferred directly from us to another data controller, if technically feasible.

Please note that this right to data portability does not cover data that we process manually

7.7    Right to Withdraw Your Consent

If our processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. Withdrawing your consent does not affect the lawfulness of processing based on your consent before it was withdrawn.

7.8     Complaints to the Supervisory Authority

In Sweden, the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten) is the authority responsible for overseeing the application of current data protection legislation. If you believe that we are processing your personal data incorrectly, we encourage you to contact us first so we can review your concerns. However, you can always file your complaint with the Swedish Authority for Privacy Protection.If our processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. Withdrawing your consent does not affect the lawfulness of processing based on your consent before it was withdrawn.

8.    COMPLAINTS TO THE SUPERVISORY AUTHORITY
In Sweden, the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten) is the authority responsible for overseeing the application of current data protection legislation. If you believe that we are processing your personal data incorrectly, we encourage you to contact us first so we can review your concerns. However, you can always file your complaint with the Swedish Authority for Privacy Protection.