GDPR – your privacy
Your privacy is important for us at Vasakronan. On this page, you will find information about Vasakronan’s processing of personal data.
Our main principles
Vasakronan AB (publ), Corp. Reg. No. 556061-4603, (“Vasakronan”) is the controller for all wholly owned subsidiaries that are part of the Vasakronan Group. In the processing of personal data, Vasakronan complies with General Data Protection Regulation (GDPR) and other supplementary data protection rules.
Vasakronan has an internal privacy policy, based on the GDPR and other data protection rules. The internal privacy policy applies to all of the Vasakronan Group’s operations and all of its employees. Vasakronan also has a register containing all of the Group’s personal data processing. If you require additional and/or more specific information in addition to what is stated on this page, you are welcome to contact us.
This information applies in general. In some cases, more specific information is provided in a separate contract or in another manner for other forms of involvement with the Vasakronan Group. Such information is intended to supplement, and where appropriate, amend the information below. You can find directed information under the separate headings below.
The processing of personal data
Collection
The personal data processed by Vasakronan is often collected from you directly in conjunction with a contract being signed or through some other contact with the Vasakronan Group. Vasakronan will also collect personal data from your employer, bank or credit reference agency. To ensure that information is updated, Vasakronan also continuously collects personal data from generally available sources, such as from public and private registers. Vasakronan may also collect personal data from generally available sources, such as public and private registers, to obtain information both of a general and of a specific nature regarding potential tenants, stakeholders and other partners. Vasakronan will also collect personal data from suppliers that provide meters, cloud services and similar systems in and around Vasakronan properties.
Categories of personal data
The personal data relating to you that we process includes your name, contact details such as phone number, address and e-mail address, personal identity number (if required for secure identification), corporate registration number, financial status, account information and any other data in accordance with what is stated in applicable agreements or information.
Vasakronan also processes online identifiers, such as IP addresses, MAC addresses or the equivalent that are supplied by website visitors, which is explained in our cookie information and location information.
Images and/or films may be processed such as CCTV and at events, advertising, communication and marketing through, for example, sending e-mails, digital information signs in properties or in Vasakronan’s mobile applications and on its website.
Purposes
The main purpose of Vasakronan’s processing of personal data is to be able to meet its obligations and exercise its rights in accordance with agreements, to take measures requested before or after an agreement has been signed, and to meet the requirements placed on Vasakronan by law, other regulations or rules and official decisions. In certain cases, if so required, personal data is processed to exercise legal claims.
Vasakronan also processes personal data for marketing purposes, statistics, system testing, troubleshooting, market and customer analyses, all to provide an overall view of Vasakronan’s customer involvement and satisfaction. In addition, personal data is processed to collect and analyse information about existing and potential tenants, stakeholders and other partners.
Vasakronan processes anonymised/encrypted location information in and around properties with the aim of providing Wi-Fi, analysing footfall and managing bookings of resources. Location information is also used to provide visitor registration and reception services, and to optimise and streamline service offerings, resource utilisation, resource distribution and property operations.
We use contact information to communicate news or other important information such as safety messages in or around our properties and to process matters in general. Contact information can also be used for customer surveys and invitations to events.
Lawful basis
The lawful basis for processing personal data is, in many cases, that the data is necessary to fulfil a contract that you are party to or to take action at your request in conjunction with or before signing such a contract. It is with the support of legitimate interests that personal data concerning representatives or contact persons is processed to administer the contracts that Vasakronan has with other legal entities.
In terms of contact information, the lawful basis for processing is based on a balance of interests where Vasakronan’s legitimate interests also comprise conducting marketing and communication, analysis and product development.
The lawful basis of Vasakronan’s legitimate interests also comprises CCTV, access systems and visitor registration.
A lawful basis for processing may also be to meet legal obligations or protect Vasakronan’s legal interests in accordance with, for example, the act on renting of own property or the bookkeeping act. In the event that lawful basis includes consent, Vasakronan provides special information in this regard. Additional purposes and lawful bases can be stated through specific information or contracts. For more information, refer to the corresponding heading.
Provision of data
Personal data may be provided to other companies with whom the Vasakronan Group collaborates, within and outside the EU and EEA. For more information about the categories of company that process the different types of personal data, refer to each specific heading below. Personal data may also be provided to government agencies to which companies in the Vasakronan Group are obliged to submit data.
If Vasakronan provides your data to recipients outside the EU and the EEA, appropriate security measures are taken to ensure that your rights and freedoms are protected by, for example, entering into a standardised data protection agreement or another measure in accordance with the applicable contract terms and conditions and the applicable data protection rules at any given time.
Deletion of data
Your personal data will not be stored for a time longer than necessary for the purpose for which it is used. This means, for example, that personal data is stored as long as agreements, other commitments or legal requirements pertaining to you are applicable. Additionally, personal data may be stored for marketing purposes, statistics, market and customer analyses, etc., for a period of up to two years after the end of the contractual relationship.
If we do not have any ongoing contract with you, and have not had any contact with you for a period of one year, Vasakronan will delete your personal data. In the event that other storage periods apply, Vasakronan will inform you about this in the agreement or in some other manner. Vasakronan has specific deletion procedures for personal data processing which are stated in Vasakronan’s register.
Marketing
If you submit contact information using the form on Vasakronan’s website, this information will be used to contact you to inform you about Vasakronan’s services and offering, and to invite you to seminars and similar events. This processing takes place using a balance of interests as a lawful basis. Vasakronan shares some of your contact information with its partners for marketing purposes.
If personal data is collected and used for marketing or direct marketing purposes, Vasakronan follows applicable legislation and what is considered to be good practice. Personal data can be used for marketing for Vasakronan’s own services or those of another party that are closely related to the contractual relationship. In this case, good practice refers to Swedish Data & Marketing Association’s (SWEDMA) rules prepared in collaboration with the Swedish Authority for Privacy Protection.
Particular information for our tenants and customers
The Arena
Vasakronan processes personal data such as contact information for some Arena members’ employees and representatives for purposes including to fulfil and administer rights and obligations pursuant to member contracts.
Other purposes include maintaining ongoing management and maintenance of premises and properties, which includes maintaining communication with contacts at Arena member companies. Through Vasakronan’s system suppliers in Wi-Fi passwords, access management, resource bookings and resource optimisation, Vasakronan also handles personal data on a consolidated basis to offer services to Arena members’ users and tenants’ employees as well as visitors and event guests and to be able to invoice in accordance with actual resource use. In the event that Vasakronan, within the framework of the latter purpose above, shares personal data with Arena members, the Arena member company in question will have responsibility for this personal data after receiving it.
Personal data required to administer contracts with legal entities is processed with a balance of interests as the lawful basis. If the contracting party is an individual firm or private person, the contract is based on the lawful basis for the processing.
If you are invited to Arena in the capacity of a visitor, Vasakronan processes your contact information to administer your visit, mainly to provide you with access to Wi-Fi, the premises and to process communication between us with a legitimate interest as a lawful basis.
Residential
The Swedish Property Federation has prepared a guiding document concerning the processing of personal data in the lettings market. Vasakronan complies with these and regards them as good practice in the market. The guidelines are available on the Swedish Property Federation’s website www.fastighetsagarna.se
Cookies
If you would like more information about how Vasakronan processes cookies in conjunction with visiting our website, refer to our Cookie Policy.
Cykel & Service
Vasakronan processes personal data such as contact information for members and, in the event that members are companies, members’ employees and representatives to fulfil and administer rights and obligations pursuant to member contracts. Other purposes include providing membership services, which includes communication with contact persons and representatives for the concept’s members. Vasakronan’s partner and operator Cykloteket manages the administration of access and lockers. These purposes are conducted with a legitimate interest as a lawful basis.
Personal data required to administer contracts with legal entities is processed with a balance of interests as the lawful basis. If the contracting party is an individual firm or private person, the contract is based on the lawful basis for the processing.
Studio Sergel
Vasakronan processes personal data such as contact information for employees and representatives to fulfil and administer rights and obligations concerning bookings of the Studio Sergel concept. Other purposes include processing and marketing the services that are part of the concept, which comprises communication with stakeholders and contact persons and representatives for organisation that use Studio Sergel. Vasakronan’s partner and operator MKTG processes the administration and operations of Studio Sergel. These purposes are conducted with a legitimate interest as a lawful basis.
Personal data required to administer contracts with legal entities is processed with a balance of interests as the lawful basis. If the contracting party is an individual firm or private person, the contract is based on the lawful basis for the processing.
Premises
Vasakronan processes personal data such as contact information for some of the tenant’s employees and representatives for purposes including to fulfil and administer rights and obligations pursuant to the lease. Other purposes include maintaining ongoing management and maintenance of premises and properties, which includes maintaining communication with contacts at the tenants’ premises.
Personal data required to administer contracts with legal entities is processed with a balance of interests as the lawful basis. If the contracting party is an individual firm or private person, the contract is based on the lawful basis for the processing.
Camera surveillance
Vasakronan’s purpose of camera surveillance in and around Vasakronan’s properties is to maintain order, safety and security and to prevent or detect crime. This assessment has been documented in a register that covers every camera in Vasakronan’s property portfolio. The lawful basis for all camera surveillance is a legitimate interest. Vasakronan follows the Swedish Property Federation’s and the Swedish Housing Association of Municipal Housing Companies’ guidance for camera surveillance that is considered good practice in the market. The guidelines are available on the Swedish Property Federation’s website: www.fastighetsagarna.se
The Zenit platform and Samverket project
Vasakronan processes personal data such as contact information for members’ employees and representatives to fulfil and administer rights and obligations as part of member contacts. Personal data required to administer contracts with legal entities is processed with a balance of interests as the lawful basis. If the contracting party is an individual firm or private person, the contract is based on the lawful basis for the processing.
Vasakronan collects personal data such as contact information for members’ employees directly from members’ contract representatives with the aim of processing the services that are part of membership and informing about news and events, which covers information to and communication with employees, contact persons and representatives for members of the Zenit platform and Samverket. Other purposes include maintaining ongoing management and maintenance of premises and properties. Vasakronan also processes the administration of access and visitors to the premises. Vasakronan shares the members’ employees contact information with partners in Samverket for information, news and marketing of the Zenit platform and the Samverket project with a legitimate interest as a lawful basis.
Through Vasakronan’s system suppliers for resource bookings and resource optimisation, Vasakronan also processes personal data on a consolidated basis to offer services to members’ users of the Zenit platform and the Samverket project as well as visitors and to be able to invoice in accordance with actual resource use, with a legitimate interest as a lawful basis. In the event that Vasakronan, within the framework of the latter purpose above, shares personal data with the Zenit platform or Samverket project members, the member company/organisation question will have responsibility for this personal data after receiving it. If an individual is invited as a visitor, Vasakronan processes this individual’s contact information to administer the visit, mainly to provide access to Wi-Fi, the premises and to process communication between Vasakronan and the individual with a legitimate interest as a lawful basis.
If you contact us regarding other matters
Even if you do not have a contractual relationship with Vasakronan, contact can be made by Vasakronan or yourself through, for example, e-mail regarding various issues or matters. Depending on the reasons for this contact, the personal data you provide during this contact will be stored by Vasakronan for the time that is necessary to manage the issue or matter. Insofar as possible, this will be made immediately clear upon contact with Vasakronan. If you would like more detailed information or would like to have any personal data erased, see the link and contact information below.
If you believe that Vasakronan has acted wrongly in relation to your personal data, you can contact the Swedish Authority for Privacy Protection www.imy.se.
Do you want to receive, move or erase your information or withdraw previously given consent?
Using the link below, you can receive information about how Vasakronan processes your personal data. After Vasakronan has confirmed your identity and checked whether we are storing your data, you will receive an extract from our register. After this, you may request changes, relocation or removal or your data. You can also withdraw consent provided earlier, Click here
Are you a processor?
Are you a processor in relation to Vasakronan and want to report a personal data breach?
Do you have other questions related to Vasakronan and GDPR?
Please feel free to contact Linus Lindström.
