Sustainable Business Performance Indicators

Privacy policy

Our privacy policy includes information about how we use, process and protect your personal data and about your rights as a registered user.

This privacy policy was last updated 2019-12-03.

The data controller responsible for the processing of personal data is ÅF Pöyry AB (AFRY), Frösundaleden 2, 169 70, Solna. Please contact us if you have any comments or questions regarding this privacy policy or regarding your personal data:

The purpose of processing personal data is to enable data collection and communication regarding sustainability performance between you and AFRY. The personal data is used to contact you with requests and information, to store information related to legal requirements and to provide you with the services of this application and ensure its technical functionality. Personal data will not be used for any other purposes without your consent.

The legal grounds for the processing is to pursue the legitimate interest of AFRY from a business perspective and to comply with applicable legislations.

Personal data will only be stored as long as necessary for the purposes stated in this privacy policy, and when no longer required be erased.

Personal data within the following categories are collected and processed:

  • Contact details: e.g. name, email, telephone and role
  • Information related to legal requirements: e.g. signatures in declarations
  • Identification information: e.g. user ID, username and password
  • Communication information: e.g. notes about contact details, request status, declaration answers, telephone conversations or meeting decisions that may include references to personal data
  • Usage and log data: e.g. personal preferences, cookie data, outgoing emails and standard web logs

Personal data originate from either yourself or internal or external databases, registers, systems, documents, communication or equivalent of your employer or AFRY, or from publicly accessible sources.

Personal data may be shared with third parties such as selected suppliers processing data on our behalf, authorities if we are obligated to do so, or business partners if legitimate from a business perspective and according to applicable legislation.

Some third parties that supports our business and process personal data includes but are not limited to: ÅF Industry AB (Sweden) and ÅF Digital Solutions AB (Sweden) for system development and hosting, MICROSOFT CORP (USA) Azure platform for cloud computing services and SendGrid Inc. (USA) for email services.

All suppliers in third countries outside EEA are Privacy Shield certified and using the EU Standard Contractual Clauses in order to ensure adequate protection.

Please contact us if you wish to exercise any of your rights as a data subject:

  • Right to access and data portability: receive certain information about processing and obtain copies of certain personal data upon request
  • Right to rectification: correct inaccurate personal data
  • Right to erasure: erase personal data on certain conditions
  • Right to restriction: restrict the processing in certain situations
  • Right to object: object to certain processing

You also have the right to file a complaint to a supervisory authority regarding our processing of your personal data.

Technical and organisational measures is established to ensure the security of your personal data against unauthorised or unlawful processing and against accidental loss, destruction or damage.