Erasure of personal data
Your personal data is processed only as long as it is needed to fulfill the purpose of the processing or to fulfill PostNord’s legal obligations. Thereafter, your personal data is erased in accordance with our erasure policy or internal guidelines for deletion of data.
Legal basis for our processing of your personal data
PostNord will always adhere to applicable data protection legislation when processing your personal data. We process your personal data when this is necessary in order to perform an agreement with you or to respond to a customer service request you have made, or when we have a legitimate and compelling interest for processing your personal data, e.g. an interest to market ourselves to visitors of our Digital Channels or an interest in developing and improving our services. We may also process your personal data when we are legally obliged to do so, e.g. according to the Swedish Postal Services Act (Sw. postlagen, SFS 2010:1045).
Would PostNord’s processing of your personal data require your consent according to applicable data protection legislation, we will obtain your prior consent to such processing, which is normally done by having you actively tick a box.
Security measures for protection of personal data
A high level of security for your personal data is of utmost importance to PostNord, and we have in place appropriate technical and organizational security measures to protect your personal data from unauthorized access, modification, dissemination or destruction.
PostNord’s duty of confidentiality as set forth in the Swedish Postal Services Act, applies to mail, but other information about PostNord’s customers is also treated confidentially. Address information in our directory for mail delivery may in some instances be handed over to authorities based on an obligation in law or other regulation.
Limitations in the transfer of personal data
PostNord may engage external partners and suppliers to perform services on behalf of PostNord, e.g. to provide IT services, payment services or to assist in marketing, analysis or statistics. The performance of these services may entail such parties, both within and outside of the EU/EEA, obtaining access to your personal data.
Companies which are processing personal data on behalf of PostNord are obliged to sign an agreement with PostNord in order to ensure a high level of protection for your personal data. For partners located outside the EU/EEA, additional protective measures are undertaken, e.g. the signing of an agreement which includes the European Commission’s model clauses for data transfers, which can be found on the European Commission’s website.
PostNord may transfer personal data to a third party, such as the police or other authority, in the course of an investigation or otherwise when so obliged by law or governmental decision.
This integrity policy applies to information that PostNord is processing about you within the scope of our Digital Channels. PostNord’s Digital Channels may sometimes contain links to external websites or services which are not controlled by PostNord. If you follow a link to an external website, you are urged to review the principles for data processing and cookies applicable to the website in question.
Processing of personal data concerning children
PostNord’s digital channels are not intended for children and PostNord is thereby not knowingly collecting personal data pertaining to children. If you are a legal guardian and learns that your child has submitted personal data to PostNord, we ask that you contact us on the address stated in the section 10 below so that you can exercise your rights to, inter alia, correction or deletion.
The PostNord entity specified in the terms of the service you use, in the digital channel you visit or in connection with any other contact with us, is the controller of the processing of your personal data. If you have questions about PostNord’s processing of your personal data, or if you want information on and contact details to the data controllers in other companies within the PostNord Group, please contact PostNord’s Data Protection Officer on:
Data Protection Officer
105 00 Stockholm
If you are a corporate customer, please contact PostNord’s customer service or your key account manager.
Your rights in connection with our processing
You have the following rights in relation to the company that is processing your personal data:
- Right to access (register transcript) – a right to obtain confirmation and information of the processing of your personal data.
- Right to rectification – a right to have your personal data corrected.
- Right to erasure – a right to have your personal data erased. This right is limited to data that, by law, requires your consent to be processed, if you withdraw that consent and oppose the processing.
- Right to object – a right to object against our processing if the legal ground for the processing is based on a balancing of interests or if it is used for direct marketing.
- Right to restrict data processing – a right to demand that the processing of personal data is restricted, e.g. if you oppose the correctness of the data. While the matter is investigated, PostNord’s access to the data in question is restricted.
- Right to data portability – a right to request that personal data be sent from one data controller to another. This right is restricted to data, which you have submitted to us.
You are also entitled to, at any point in time, file a complaint with the applicable supervisory authority if you believe that our processing of your personal data is in breach of applicable data protection legislation.
If you wish to exercise any of your rights, or wish to acquire more information regarding any of said rights, or the conditions for exercising them, we ask that you contact us via the contact information in the section 10 above.
Amendments to this integrity policy
PostNord may from time to time make amendments to this integrity policy. The current version of the integrity policy is always available on PostNord’s websites.