SSG Standard Solutions Group AB safeguards your personal privacy, and our Privacy Policy explains how SSG collect and uses your personal data.

It also describes your rights in respect of us and how you can exercise your rights. You can always contact us if you have any questions on privacy and data protection by sending an email to us at dataskydd@ssg.se.

SSG is the data controller in accordance with applicable data protection laws for all personal data processing performed by SSG within the scope of this Privacy Policy.

To be able to offer you and the company you represent SSG’s services, we need to process your personal data as outlined below. This is done with the greatest possible consideration for your privacy.

This Privacy Policy may be updated by SSG from time to time. The latest available version is always published on our website.

  • What do we do with your information?
  • What information does SSG collect?
  • Who may view your personal data?
  • Where do we process your personal data?
  • For how long will we retain your personal data?
  • Personal data responsibility and relationships with assistants
  • Rights in accordance with the GDPR
  • What is the situation with cookies and similar technologies?
  • Contact details

SSG as a Data Controller or a Data Processor

The one who determines the purposes and means of the processing of personal data shall be the data controller for such processing. The one who processes personal data on behalf of a data controller shall be a data processor. In order to determine when SSG holds the respective role according to applicable data protection legislation, SSG has reviewed the personal data processing performed within the framework of SSG's services and thoroughly investigated how the purposes and means are determined for each personal data processing.

SSG provides a variety of services, including online training and courses, entry and identification services, contract templates and security standards. The services provided by SSG complement each other, the services can be used individually or as complete solutions. The services are not provided to a customer isolated from other customers, although personal data is kept confidential. SSG's infrastructure of services enable all connected customers to SSG (industries, contractors, consulting firms, etc.) to, for example, carry out training programs and use SSG Access entry cards for access to the facilities where permission is granted. The processing is not done based on the instructions of an individual customer, SSG has pre-determined the purposes to be achieved with SSG's services and how these are to be achieved (the means).

SSG is the data controller in accordance with applicable data protection legislation for all data processing performed by SSG within the framework of SSG's services, except for the services SSG Access High Personnel Journal and SSG On Site. The data processing performed by SSG as the data controller is described in more detail in this Privacy Policy.

SSG is a data processor in accordance with applicable data protection legislation for the data processing performed by SSG, on behalf of the customer who is also the data controller, to provide SSG's services SSG Access High Personnel Journal and SSG On Site. The data processing performed by SSG as a data controller is governed by the Data Processing Agreement, entered into by and between SSG and the customer who is also the data controller. As a data processor, SSG will process personal data only in accordance with the data processor’s written instruction and the Data Processing Agreement entered into between SSG and the data controller.

What do we do with Your Information?

SSG processes personal data for the following purposes on the basis of the following legal ground:

  • Purpose: To confirm your identity and verify your personal details and contact details. Legal Basis: Our legitimate interest
  • Purpose: To provide SSG’s services to SSG’s customers. Legal Basis: Our legitimate interest
  • Purpose: To provide end-user accounts and/or administrator accounts for accessing SSG’s services. Legal Basis: Our legitimate interest
  • Purpose: To administer and provide SSG Access keycards. Legal Basis: Our legitimate interest
  • Purpose: To manage customer relations and customer agreements, as well as to administer invoicing and payment for SSG’s services. Legal Basis: Our legitimate interest
  • Purpose: To provide customer support and technical support. Legal Basis: Our legitimate interest
  • Purpose: To improve our services and for general business development, with a view to developing new services and functions and new business opportunities. Legal Basis: Our legitimate interest
  • Purpose: To comply with applicable legislation, such as accounting laws. Legal Basis: To comply with applicable legislation

To communicate with you

SSG may also use your personal data to communicate relevant information concerning agreed or related services and to perform customer satisfaction surveys in respect of our services (e.g., when you have contacted SSG service support). This contact may take place via electronic communication channels, over the phone or by post. If you do not wish to receive such communication, you are welcome to send an email to dataskydd@ssg.se.

We will not communicate with end-users for marketing purposes unless they have requested to receive such marketing from us. Administrators of SSG’s customers may receive information and marketing relating to SSG and the services we provide.

SSG's Legitimate Interest

SSG has a legitimate commercial interest in providing its services to its customers. SSG considers that there is a relevant and appropriate relationship between SSG and you (the registered data subjects). The registered data subjects are mainly affiliated with SSG’s customer companies. Registered users usually interact directly with SSG within the framework of SSG's services. SSG believes that the registered data subjects may reasonably expect SSG to process their personal data when SSG is providing its services. SSG only performs personal data processing that data subjects reasonably can expect. Therefore, SSG considers that SSG can perform the personal data processing as described above based on the legal basis of legitimate interest.

What Personal Data Does SSG Collect?

Information that you provide to us

You may directly or indirectly give us information about yourself in a number of different ways, such as when you register on our website or are registered in our systems as a user by an administrator. This information may include:

  • For participants of SSG courses and online courses, as well as holders of SSG Access keycards: Name, photo, date of birth, personal ID number, email address, delivery address, mobile phone number and language.
  • For holders of user accounts to the SSG services: Name, company and email address.
  • For administrators and the point of contact at customer companies, contractors and providers: Name, email address, mobile phone number, company, postal address, billing address and delivery address.

The processing of personal ID number is motivated with regards to the importance of safe identification and the correct person has carried out that participation in SSG courses and online courses.

Information that we collect about you

When you use our services, we simply collect information required in order to maintain our agreements (such as when you enter a plant via an access gate). The following are examples of the kind of information that we store:

  • Information on courses, how long they are valid for and valid plants – details regarding the courses and validity periods of training courses that you have completed.
  • Financial information – what you have bought at our online shop, what documents you have the right to download, or what services you have the right to use.
  • Geographical information – your geographical location when entering and exiting plants.

Information that you provide to us, such as information about the services and your use of them, is generally considered necessary in order to conclude a contractual relationship with us.

Transfer of Personal Data

SSG processes personal data in order to provide SSG’s services. As part of providing the services, SSG may share your personal information with selected third parties. SSG only transfers personal data to third parties if necessary to fulfill a legal obligation or when it is necessary to provide the services or manage SSG’s business.

SSG Access

If you are an SSG Entre customer, order a SSG Access keycard, or participate in a course or online course, we will submit your personal data to Areff AB. Areff AB is a subcontractor that manufactures the SSG Access keycards, i.e. the keycards issued to allow workers to access various plants.

For some industrial plants, we have agreements where we share personal data in order to guarantee accessibility. In these cases, we share personal data regarding contractors who are approved to access the industrial plant in question. The personal data is shared with the respective industrial plant only to the extent necessary to allow entry to the respective industrial plant via the SSG Access keycard. The respective industrial plant is the data controller for its processing of personal data.

Our service provider

All IT operations are provided by GDM AB, and we have undertaken all reasonable legal, technical and organizational measures to ensure that your personal data is handled securely and with an adequate level of protection.

Hosting and Storage Services

SSG’s services are hosted by Microsoft within the EU/EEA.

Authorities

SSG may submit necessary information to authorities such as the police, the Swedish Tax Agency or other authorities if we are obliged to do so by law, or if you have granted your approval for us to do this.

Contact us at dataskydd@ssg.se for a complete overview of our processing operations in relation to the services that you use.

What we will NOT do with your personal data

We will not sell your personal data to third parties unless we have your permission to do so.

Where do we process your personal data?

All handling of your data by SSG takes place within the EU/EEA. However, SSG may process personal data outside the EU/EEA if necessary. If personal data is transferred to any country outside the EU/EEA, SSG will undertake action to ensure that this personal data continues to be protected, as well as taking the measures required to legally transfer personal data to countries outside the EU/EEA.

For how long will we retain your personal data?

Your personal data is stored only as long as necessary to fulfill the purposes for which the personal data was collected in accordance with this Privacy Policy. SSG will process personal data about you for as long as you have a current relationship with SSG, either with you directly or through a relationship with a customer company or business partner of SSG, and for a maximum of 12 months thereafter. If you have completed courses or hold an SSG Access Card, the personal data will be stored as long as the course or SSG Access keycard is valid and for a maximum of 12 months thereafter, unless you during that time participate in a new course or order a new SSG Access keycard.

Regardless of what has been stated in the paragraph above, SSG may store personal data for a longer time period if necessary to comply with legal requirements, such as for accounting purposes, or protect SSG’s legal interests, e.g. if legal proceedings are in progress.

Your Rights as a Data Subject

You have a number of rights as a data subject in relation to SSG. Applicable privacy laws govern these rights. If you wish to exercise any of your rights, please contact SSG's Data Protection Officer via the contact details listed below. It is free of charge for you to exercise your rights. However, if your request would be clearly unfounded or unreasonable, SSG may charge an administrative fee to handle your request.

SSG will respond to requests relating as soon as possible, and always within one month from the date when SSG received the request. If your request is complicated or if a large number of requests have been submitted, SSG has the right to extend the time by another two months. You will be notified by SSG in such case.

The right of access

You have the right to request a confirmation on whether SSG processes personal data relating to you, and, if personal data is processed by SSG, to receive a free copy of the personal data that is processed. If you wish to request extracts on repeated occasions, SSG will charge you an administrative fee. When a request is submitted, SSG will also submit further information about the processing operation, such as its purpose, personal data categories that are processed, anticipated storage time, etc.

The right to rectification

If your personal data held by SSG is incorrect, you have the right to request that this data is corrected. SSG is obliged to correct your personal data without unnecessary delay.

The right to erasure

You have the right to have your personal data deleted from SSG’s systems if the personal data is no longer needed to fulfil the purpose for which it was collected.

If your personal data has been submitted to a third party, SSG will take reasonable action to notify these parties of your request for data deletion.

If SSG is unable to delete your data for legal reasons, we will restrict the processing of your data to only include whatever is required to fulfil SSG’s legal obligations.

The right to restrict processing of your personal data

You have the right to request restriction of the processing of your personal data, which means that we will ensure that we only process your personal data for certain specific purposes. SSG will restrict processing in the following cases:

  • If you claim that your personal data is incorrect and SSG needs time to check the correctness of the data.
  • If SSG no longer needs the data but you request that we continue to retain it because you need it in order to deal with legal claims.
  • If you object to the processing performed by SSG. In such cases, processing will be restricted until your reasons for the objection and SSG’s compelling legitimate reasons have been weighed against one another.
  • If you are of the opinion that we should delete the personal data, but we are unable to do for some reason.

The right to object to processing

You have the right to object to SSG’s processing of your personal data in certain cases, e.g. in respect of research or training activities. In this case, SSG will stop processing the data unless we have compelling reasons to continue doing so, or if processing is required in order to deal with SSG’s legal claims.

The right to submit complaints to the supervisory authority

You have the right to file a complaint to a supervisory authority regarding SSG's personal data processing. If you are dissatisfied with how we process your personal data, please contact the Swedish authority Datainspektionen, +46 8 657 61 00, datainspektionen@datainspektion.se, box 8114, 104 20 Stockholm, or the equivalent authority in your EU-country of residence.

Cookies

We use cookies when you visit our website. More information on how we process cookies can be found in our cookie policy.

Contact details

SSG has appointed a Data Protection Officer to manage all enquiries relating to data protection and personal data. SSG’s Data Protection Officer and/or SSG as a data controller can be contacted by phoning +46 (0)60 14 15 10 or sending an email to dataskydd@ssg.se.