This integrity policy is effective from 25 May 2018 and was last updated October 2022.
OX2 AB and all of our subsidiaries work to ensure that your privacy and integrity are protected when you use our services. Our goal is to help you feel confident that your personal privacy is respected and that your personal information is processed correctly. We take responsibility to ensure that personal data that is processed by OX2 AB is used only for the intended purpose, and is protected against unauthorised access.
All processing of personal data by the OX2 AB and our subsidiaries is carried out in accordance with applicable privacy legislation, since 25 May 2018, the General Data Protection Regulation (GDPR).
Who is responsible for your personal information?
What kind of personal information do we process?
When you collaborate with us, use our services or visit our website, you may be asked to provide personal data. We also save certain information that you provide to us when you are in contact with us.
- Contact information: name, telephone number, e-mail address, address
- Technical information: the URL through which you access our website, your IP address and user behaviour, type of browser, languages and operating system
- Information that needs extra protection, such as national ID numbers or bank account numbers, is only processed if absolutely necessary, and then only with limited access and safety measures applied.
Purposes of processing personal data
OX2 Group and our subsidiaries process your personal information for the following purposes:
- So that we can provide and deliver products and services as agreed with you.
- In order for us to be able to communicate and maintain a relationship with you before, during and after the agreements or partnerships.
- For marketing purposes, such as informing you about our services and general development in renewable energy.
- For conducting background checks if required when entering into a business relationship with a counterparty.
The legal basis for the processing of personal data
The companies within the OX2 group handle personal data that is required to complete the tasks to which we are committed under the agreement. After completion of the agreement we will save the necessary data on the basis of legal obligations, such as for accounting purposes and in accordance with the applicable retention periods. Should the agreements call for processing of data that is worthy of extra protection, such as sensitive data or social security numbers, these will be removed no later than 30 days after the legal basis expires.
Based on legitimate interest, we save contact information after completed agreements for the purposes of entering into new and similar collaborations. We save the contact information of prospective customers after mutual interest has been expressed. Data removal takes place on an annual basis, in order to keep our contact information relevant.
OX2 may also conduct background checks for the purpose of complying with applicable laws and regulations to ensure that we only engage in business activities with suitable counterparties.
Who has access to your personal information?
Your information may be processed by our personal data assistants, who carry out tasks on behalf of the OX2 companies. These personal data assistants will then only process the information in accordance with the purposes for which your personal information has been gathered, and in accordance with OX2’s instructions.
Disclosure is made according to legal obligations and practice to, e.g. the authorities, auditors and legal representatives.
We will not sell, share or in any other way disseminate your personal information to third parties, except in accordance with this policy.
Your rights and contact information
If you have any questions concerning how we process your personal data, or want to contact us for any other reason relating to your personal data, please contact our DPO at: firstname.lastname@example.org
You may also contact or lodge a complaint with The Swedish Authority for Privacy Protection (IMY), or the similar authority in your country, by contacting: imy.se/en/
At the following link, you can find contact details for the supervisory authority in your country: https://edpb.europa.eu/about-edpb/about-edpb/members_en