Thomas Concrete Group
Privacy Policy

Processing of personal data

Introduction

We at Thomas Concrete Group (defined Thomas Concrete Group AB, ID 556062-2812) does protect your personal integrity and strive for a high level of protection in all processing of personal data. All processing performed by Thomas Concrete Group takes place in accordance to the General Data Protection Regulation (GDPR). Within the EU / EEA, GDPR applies from May.

Thomas Concrete Group AB, or the company designated as a personally responsible person, is responsible in accordance with applicable data protection laws for the processing of your personal data as set out below.

If you have any questions about this information text, or if you wish to use any of your rights as set out below, contact Thomas Concrete Group. Contact information can be found under the heading "Contact Information" below.

What is personal data?

All types of information directly or indirectly connected to you as an individual, are counted as personal data according to the General Data Protection Regulation. Examples of such information are name, address, phone number, E-mail address, as well as picture, social security number, and IP address.

What does personal data processing mean?

Personal data processing refers to all actions taken by us, or third parties, with the personal data, such as collection, registration or storage, regardless of whether it is performed automated or not.

Who is responsible for the personal data we collect?

Thomas Concrete Group AB, org. No. 556062-2812, with address Södra vägen 28, 412 54 Göteborg, is personally responsible for the company's processing of personal data.

What personal data do we collect about you and for what purpose?

Personal data may only be processed for specific and explicit purposes and may not be processed for any purpose beyond these purposes.

We at Thomas Concrete Group deal with personal information that you have provided us yourself, with the purpose of being able to manage requests and potential agreements with you, as well as provide information and services, to conduct sales and to deliver products and services according to inquiries and agreement. This can for example be through a quotation request, a registration in our customer portal, a registration for our events, a contest that has been advertised on our web pages and to which you have choose to subscribe, or through our newsletters that you can order.

Personal data is also treated for statistical purposes for us to see and understand how users use our websites to be able to develop and improve the content on them. However, such information is used in a form that doesn’t make it possible to identify you as an individual.

We would like to inform you that when you use features on our websites that allow you to post information, or other material on our websites, this information may also contain personal information.

We collect the following data:

• Name
• ID number
• Contact details (eg address, email and phone number)
• Payment history
• Credit information
• Credit information from credit reporting companies
• Purchasing information (eg, any product or service that has been ordered)
• User details for the customer portal (registered users only)

Your personal information may also be used for marketing and for surveys for development and improvement of our products and services. In case you do not want to take part in marketing and / or offers, please contact us. Contact information can be found under the heading "Contact Information" below.

From what sources do we retrieve your personal information?

In addition to the information you provide to us, or as we collect, based on your purchase and how you are using our services, we may also collect personal data from someone else (such as third party). The information we collect from third parties are following:

1. Addresses from public records to be sure we have the correct address details for you.
2. Credit rating data from credit rating agencies, banks or disclosure companies.

Who may we share your personal data with?

Processors. A Processor is a company that processes the information on our behalf and according to our instructions.

1. Transports (logistics companies and freight forwarders).
2. Payment solutions (banks and other payment service providers).
3. Marketing (printing-and distribution companies, social media, media agencies or advertising agencies).
4. IT services (companies that handle necessary operations, technical support and maintenance of our IT solutions).

We check all our Processors to ensure that they can provide sufficient safeguards regarding the security and

Where do we process your personal information?

We always strive for your personal data to be processed within the EU / EEA and all our own IT systems are located within the EU / EEA.

In cases where personal data are processed outside the EU / EEA, the level of protection is guaranteed, either by a decision of the EU Commission that the country concerned ensures an adequate level of protection, or by the use of so-called appropriate safeguards. Examples of appropriate protection measures are approved code of conduct in the recipient country, standard contract clauses, binding company internal rules or Privacy Shield.

How long do we save your personal information?

We will never save your personal data longer than is necessary for the respective purposes and applicable legal requirements, maximum 7 years.

What rights do you as a registered person have?

You are entitled to update, delete or move your personal data. Thomas Concrete Group strives to ensure that all the information we process is correct. This does of course also apply to the personal information we collect. In the case where any data is incorrect, corrections will be made without delay. You are of course entitled to access the information we have registered about you.

You may request the deletion of personal data we are dealing with if:

• The data is no longer necessary for the purposes for which they have been collected or processed.
• You oppose an interest weighing we have made based on legitimate interest and your objection is heavier than our legitimate interest.
• You oppose treatment for direct marketing purposes.
• Personal data is processed illegally.
• Personal data must be deleted to comply with a legal obligation we are subject to.

Right to access. You can request access to the information (information is provided in the form of a PDF-file with name, customer number or ID number, phone number, E-Mail address, credit information, order history, information about the legal right to process the personal data). Please note that if we receive a request for access, we may ask for additional information to ensure the efficient handling of your request, as well as that the information is provided to the right person.

Right to data portability. If our right to process your personal data is based on your consent, or on an agreement with you, you are entitled to request the information relating to you, and which you have submitted to us, to be transferred to another Processor (so called Data Portability).

A prerequisite for data portability is that the transmission is technically possible and can be automated. A request for Data Portability has to be done in a written form to us.

If you want to access this information, or have other questions regarding our processing of personal data, please contact us at the following address:

Thomas Concrete Group AB
Södra vägen 28, 412 54 Göteborg

What are cookies and how do we use it?

A cookie is a file consisting of a part of a text that can be placed in your computer's hardware by permission of you. If you approve this, your browser will add the text to a separate file. Thomas Concrete Group uses cookies to facilitate analysis of traffic on our websites, by knowing who has visited a particularly site at a certain time. You can specify in your browser settings whether you accept cookies or not. You can also choose to delete any cookies at any time.

On our websites, we use the following cookies:

1. Session cookies (a temporary cookie that ends when you close your browser or device).
2. Durable cookies (cookies remaining on your computer until you delete them or they expire).
3. Pre-cookies (cookies set by the website you visit).
4. Third party cookies (cookies set by a third party website. These are mainly used for analysis, eg Google Analytics.
   https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage)

You can read more about cookies here: www.allaboutcookies.org

How are your personal data protected?

We use IT systems to protect the privacy, the integrity, and the access to personal data. We have taken special security measures to protect your personal data from unauthorized treatment (such as unauthorized access, loss, destruction or damage). Only those persons who actually need to process your personal information to fulfill our stated purposes have access to them.

Modifications of the Privacy Policy

Thomas Concrete Group will continuously update this Privacy Policy due to changed legislation or similar reasons. Thomas Concrete Group recommends that you read the terms and conditions to be informed of how Thomas Concrete Group protects and manages your personal information.

The Swedish Data Protection Authority (DPA)

The Swedish Data Protection Authority is responsible for monitoring the application of the law, and the person who believes that a company handles personal information in an improperly way, can file a complaint to Datainspektionen.

Contact

Thomas Concrete Group AB
Södra vägen 28, 412 54 Göteborg
Tove Pettersson, Data Protection Officer, gdpr@thomasbetong.se