The General Data Protection Regulation (GDPR) becomes law in the member countries of the EU on 25 May 2018. The Regulation will entail a large number of changes for those who process personal data and strengthened rights for the individual in terms of personal integrity. On this page, you will find information about Vasakronan’s processing of personal data.
Our main principles
Vasakronan AB (publ), 556061-4603, (“Vasakronan”) is the personal data controller for all companies that are part of the Vasakronan Group. In the processing of personal data, Vasakronan complies with GDPR and other supplementary data protection rules. This information applies in general. In many cases, more specific information is provided in a contract or in another manner for other forms of involvement with the Vasakronan Group. Such information is intended to supplement, and where appropriate, amend the information below.
Vasakronan also has an internal data protection policy, based on GDPR and other data protection rules. The internal data protection policy applies to all of the Vasakronan Group’s operations and all of its employees.
The collection of personal data
The personal data processed by Vasakronan is collected from you directly in conjunction with a contract being signed or some other contact with the Vasakronan Group. Vasakronan may also collect personal data from your employer, your bank, credit report companies, etc. In addition, we continuously collect personal data from generally available sources, such as from public and private registers, to ensure that the information is updated. We may also collect personal data from generally available sources, such as public and private registers, to obtain information of both a general and specific nature regarding potential tenants, stakeholders and other partners.
Categories of personal data
The personal data relating to you that we process includes your name, contact details, personal identity number (if required for secure identification), financial status, account information and any other data in accordance with what is stated in applicable agreements or information. Vasakronan also processes online identifiers, such as IP addresses or the equivalent that are supplied by website visitors.
Provision of data
Personal data may be provided to other companies with whom the Vasakronan Group cooperates, within and outside the EU and EEA. Your personal data may also be provided to government agencies to which the Vasakronan Group is obliged to submit data.
If Vasakronan provides your data to recipients outside the EU and the EEA, appropriate security measures are taken to ensure that your rights and freedoms are protected by, for example, entering into a standardised data protection agreement or another measure in accordance with the applicable contract terms and conditions. If you wish to receive a copy of the documents pertaining to such action, you can submit a request to Vasakronan’s data protection officer.
The main purpose of Vasakronan’s processing of personal data is to be able to meet its obligations and exercise its rights in accordance with agreements, to take measures requested before or after an agreement has been signed, and to meet the demands placed on Vasakronan by law, other regulations or official decisions. Vasakronan also processes personal data for marketing purposes, statistics, system testing, market and customer analyses, all to provide an overall view of customers’ involvement with the Group and to exercise legal rights. In addition, personal data is processed to collect and analyse information of both a general and specific nature regarding existing and potential tenants, stakeholders and other partners. Personal data may also be used for customer surveys, invitations to events and to respond to questions as well as otherwise processing your questions or cases.
The lawful basis for processing according to the above is that processing is necessary to fulfil a contract that you are party to or to take action at your request in conjunction with or before signing such a contract or to meet a legal obligation. In addition, the lawful basis for processing comprises legitimate interests, with Vasakronan’s rightful interests comprising, for example, marketing, analysis and product development. In the event that lawful basis includes consent, special information in this regard will be provided. Further purposes and legal bases may be stated in applicable agreements or information.
Deletion of data
Your personal data will not be not stored for a time longer than necessary for the purpose. This means, for example, that personal data is stored as long as agreements, other commitments or legal requirements pertaining to you and Vasakronan are applicable. Additionally, your personal data may be stored for marketing purposes, statistics, market and customer analyses, etc., for a period of up to two years after the end of the contractual relationship. If we have no agreement and have not been in contact for more than one year, we will delete your data. In the event that other storage periods apply, we will inform you about this in the agreement or in some other manner.
If personal data is collected and used for marketing or direct marketing purposes, Vasakronan follows what is considered to be good practice in this area. Personal data can be used for marketing for Vasakronan’s own services or those of another party that are closely related to the contractual relationship. In this case, good practice refers to SWEDMA’s rules prepared in cooperation with the Swedish Data Protection Authority.
Particular information regarding office and retail premises
Personal data that is required for the administration of a lease is collected with legitimate interests as the lawful basis. This applies to entry systems as well.
Particular information regarding residential tenants
For the purpose of creating a shared good practice for the processing of personal data in the residential rental market, the Swedish Property Federation has prepared guidelines that will be examined by the Swedish Data Protection Authority. Vasakronan complies with these and the guidelines are regarded as good practice for property owners.
Particular information regarding cameras
Vasakronan has a legitimate interest that provides a lawful basis for using camera surveillance in and around its properties, for example, for the purposes of security and order as well as to prevent crime. Vasakronan complies with the guidelines from the Swedish Property Federation and the Swedish Association of Public Housing Companies (SABO) regarding camera surveillance, which are regarded as good practice for property owners. This means, for example, that we usually do not save material from camera surveillance for more than four weeks at the most. If you would like more information, you are welcome to contact us using the contact details provided below.
If you wish to contact us regarding other matters
Regardless of whether or not you have a contractual arrangement with Vasakronan, contact may occur for various reasons, initiated by either you or Vasakronan – for example, by e-mail. Depending on the reasons for this contact, the personal data you provide during this contact may be stored by Vasakronan. As far as possible, this will be made clear when relevant in your communication with us. If you would like more detailed information or would like to have any personal data erased, see the link and contact information below.
If you believe that we have acted wrongly in relation to your personal data, you can address your complaint to the Swedish Data Protection Authority.
Do we have your data?
Using the link below, you can receive information about whether or not Vasakronan has processed your personal data. After we have checked whether we are storing your data and you have received an extract from our register, you may also request changes to or removal of your data. You can also withdraw any previously provided consent.
Are you a personal data processor in relation to Vasakronan and want to report a personal data incident?
The contact information for Vasakronan’s data protection
officer Karl-Fredrik Björklund is provided below.
Box 75 57
SE- 103 93 Stockholm