Gamla Byvägen 41
296 85 Åhus
Company registration number: 556101-6089
Phone: +46 44-780 18 00
This policy applies to all processing (collection, storage, transmission, etc.) of personal data that occurs within MalmbergGruppen Aktiebolag and its related company, (“Malmberg”). Malmberg processes personal data in accordance with applicable privacy laws to protect personal privacy.
Personal data means any information relating to an identified or identifiable natural person. An identifiable physical person is a person who can be identified directly or indirectly through, for example, username, identification number, location or online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person. .
All Malmberg employees must be in agreement with and comply with this policy. Malmberg is continuously working to increase employee awareness about the processing of personal data.
Processing of personal data
Malmberg is transparent with how and why personal data is collected and processed. Treatment refers to all positions with personal data such as collection, storage and use.
Malmberg addresses the following personal data:
- Name, Social Security Number, Property Identification and Contact Information for Private Customers,
- Name and contact details of current business contacts,
- Name and contact details of previous business contacts,
- Name, ID number, ID06 number, username, IP address, salary, disciplinary action, account number, certifications, where applicable union membership (see below), positioning information and contact details of employees,
- Name and contact details of employees’ relatives,
- Name, social security number and contact details of hired consultants,
- Name, social security number and contact details of former employees and
- Name, social security number, image, application documents and contact details for jobseekers.
Malmberg does not treat any sensitive personal data with the following exceptions. Information about union membership is only dealt with to the extent that Malmberg is to negotiate with the union or has an obligation to make a wage deduction for trade union fees. Malmberg addresses data on employee health to the extent necessary in the context of Malmberg rehabilitation responsibility or calculation of sickness pay.
Collection of personal data
Malmberg collects personal information directly from the registered person as follows.
- Through the form on the Malmberg website,
- By email and phone contact,
- Through social media
- In preparation and conclusion of agreements and
- In the event of recruitment and ongoing employment relationships.
When Malmberg collects data from other than the registered person, the registrant is notified of the treatment as soon as possible and no later than one month after the data was collected.
Purpose of treatment
Malmberg only handles data for the purpose the task has been collected as follows:
Enter and maintain contractual relations
Malmberg processes personal data in connection with the preparation of agreements (potential customers, suppliers or partners) as well as for administration and completion of entered agreements (current and former customers, suppliers or partners).
Personal data about customers who are individuals are treated to fulfill Malmberg’s obligations under the agreement with the registered person.
Personal details of business contacts are recorded to maintain a contact list. The processing takes place on the basis of Malmberg’s legitimate interest in maintaining business relations and communicating with the registered. Malmberg assumes that this interest is considering the interests of the data subjects for the protection of their personal integrity. The personal data will be processed for the intended purpose only and only as long as the registered person is a business contact with Malmberg.
Processing of personal data is necessary in order for Malmberg to submit a tender and fulfill obligations under an agreement.
Information about previous customers is deleted according to Malmberg’s routines.
Malmberg processes personal data collected in connection with recruitment procedures. In connection with such gathering, they are given the opportunity to agree that Malmberg retains personal data for future recruitment procedures.
Personal data may be processed in computer systems at Malmberg’s related companies and organizations with which Malmberg cooperates with the recruitment process. Personal data will be retained by Malmberg and its partners for the time necessary for the purpose of implementing the recruitment process.
In recruitment procedures, applicants are given the opportunity to agree that Malmberg maintains personal data for Malmberg’s future recruitment needs. The applicant may withdraw such consent at any time. When the registrant no longer agrees that Malmberg processes personal data for future recruitment procedures, the data will be deleted.
Maintain employment conditions
Malmberg deals with personal data about employees in the context of the employment relationship. The data is collected for human resource management, occupational healthcare and, where applicable, the use of references in tender procedures as well as competency checks in the tender process.
Malmberg registers personal information that is necessary for Malmberg’s human resources management. The data is recorded in Malmberg’s personal administration system. The processing is necessary for Malmberg to fulfill its contractual obligations under the agreement.
The following information is registered: Name, social security number, username, IP address, salary, disciplinary action, account number, certifications, where applicable union membership (only when required to negotiate with the trade union or payroll tax deduction), positioning information and contact details.
Details of paid salary are submitted to the Swedish Tax Agency. Personal data may be processed in computer systems at Malmberg’s related companies as well as companies and organizations that Malmberg cooperates with.
Malmberg also treats personal data about employees’ relatives in order to contact relatives in cases such as accident or illness. Malmberg relatives register is available only for Malmberg’s personnel administration. Information on the purpose of the treatment is given primarily in the employment contract.
Positioning information is recorded by checking Malmberg’s vehicle position. The tracking system is used for anti-theft protection and for electronic driving records. For this purpose it is necessary to collect data about each individual vehicle. The data is saved for up to three months in order to fulfill Malmberg’s reporting obligation against the Swedish Tax Agency.
Malmberg addresses the name, social security number and ID06 number of employees who are staying at construction sites in accordance with the General Terms and Conditions of Identification and Attendance, ID06.
Malmberg addresses e-mail addresses for direct marketing of the company’s products and services. The data is collected on the basis of Malmberg’s legitimate interest in maintaining a contact list, maintaining business contacts and communicating with the registered as a business contact. Malmberg estimates that these legitimate interests consider the registrant’s interest in not processing the data.
Disposal of personal data
Personal data are no longer stored than necessary to fulfill the purpose of the treatment. Malmberg delivers personal data continuously as they are no longer relevant to the purposes for which they have been collected. As a starting point, this means that personal data will only be retained until Malmberg’s and all registered transactions have been finally settled.
Correction, erasure and data portability
The registered person is entitled, in accordance with applicable privacy laws, to request a so-called registry extracts with information about what personal data Malmberg deals with regarding the individual. In addition, the registered person has the right to claim that Malmberg transmits the registered person’s data to the registered designated party. The request under this paragraph must be made in writing and signed by the individual personally, in order to avoid unauthorized access to personal data.
The registrant is also entitled, at any time, to request that Malmberg either correct, block or delete the individual’s personal data. In case Malmberg is required by law to proceed with the storage of personal data, the information can only be blocked.
Malmberg will provide, on request, the registered information on the extent to which personal data about the data subject is processed, so-called register extracts. Malmberg leaves without undue delay and no later than one month after the request was received information about the personal data being processed, the categories of personal data processing, the predicted period of time the data will be stored, the data from which the data have been retrieved, for which purpose, and who or what information has been provided and a copy of the personal data.
The registered person is entitled to request Malmberg to correct or delete personal information that is incorrect or processed in violation of applicable law.
The registrant has the right to object to the registration of personal data for direct marketing. In that case, Malmberg will stop processing the personal data of the data subject for this purpose.
In order for Malmberg to ensure that the request is not made by anyone other than the registered person, the request must be submitted in writing and signed by the data subject.
When Malmberg collects personal information, Malmberg provides information to the registrant about which company is the personally responsible person, the purpose for which the data has been collected and the information required for the data subject to be able to utilize his rights under applicable personal data law.
Personal data may be handed over to other companies within the Malmberg Group or to its partners.
Malmberg uses several IT services and systems in its operations. Some systems use cloud solutions, which means that Malmberg transmits personal data to the supplier. In these cases, the supplier is Malmberg’s personal information assistant and handles personal information in accordance with Malmberg’s instructions. Malmberg only collaborates with personal data counselors that meet the requirements based on applicable personal data legislation.
Information security and measures
Malmberg takes the necessary technical and organizational measures to ensure that the processing is conducted in accordance with applicable personal data and this policy, and that personal data will not be lost or made available to unauthorized persons.
Personal data is stored in Malmberg’s network, locally on mobile phones and computers as well as in e-mail.
Malmberg uses antivirus software and has password strength and password change routines.
Responsibility for personal data
All companies within MalmbergGruppen AB are personally responsible and are responsible for ensuring that the processing of personal data that is done on behalf of Malmberg is legal and correct. Personal data collected by any of the companies within the Malmberg Group may be transferred to other companies within the Group or companies, as well as companies and organizations that Malmberg cooperates with.
Any questions, comments and complaints regarding Malmberg’s handling of personal data can be sent to the e-mail address: or by regular mail:
296 85 Åhus
Supervisory Authority – Data Inspection
If you believe Malmberg violates applicable privacy laws, you are welcome to contact the Data Inspectorate. On the Data Inspection website, you will find further information on how to proceed.
This policy has been updated 2018-07-04
This policy applies to the website www.malmberg.se and describes the types of personal data that is being collected by it, as well as the reasons for collecting it and how it may be used.
The website is mainly used for marketing and information purposes.
This policy notice serves to explain:
- The types of information we collect.
- How the information is being used.
- The choices you can make about your own personal data, e.g. how you can access and update your personal information.
We collect information about the devices used to visit our website. This includes the computer operating system version, unique device ID and information about mobile networks, including phone numbers.
A cookie is a small text file that is stored on a user’s computer. The information in the file is used to tailor the appearance and information of a website to the user. There are two types of cookies: persistent cookies and session cookies. A persistent cookie is stored on the user’s hard drive for a specific amount of time. A session cookie is only stored in temporary memory and is erased when the web browser is closed. We use both persistent cookies and session cookies on our website.
You can choose to disable cookies in your web browser. Choose your browser in the list below for instructions:
Please note that some of the services we provide can only be accessed if your browser accepts cookies.
GDPR Compliance Checklist | Albacross Help Center
Information about Albacross’ processing of your personal data
We inform you regarding the processing of personal data on behalf of Albacross Nordic AB (“Albacross”).
Information collected from cookies set in your device that qualify as personal data will be processed by Albacross, a company offering lead identification and ad targeting services with offices in Stockholm and Krakow. Please see below for full contact details.
The purpose for the processing of the personal data is that it enables Albacross to improve a service rendered to us and our website (e.g “Lead Generation” service), by adding data to their database about companies. The Albacross database will in addition to “Lead Generation” be used for targeted advertising purposes towards companies and for this purpose data will be transferred to third party data service providers. For the purpose of clarity, targeted advertising regards companies, not towards individuals.
The data that is collected and used by Albacross to achieve this purpose is information about the IP-address from which you visited our website, and technical information that enables Albacross to tell apart different visitors from the same IP-address. Albacross stores the domain from form input in order to correlate the IP-address with your employer.
Albacross Nordic AB
Companyreg. no 556942-7338
111 35 Stockholm, Sweden
How we use the data collected from our customers
Information collected on www.malmberg.se is primarily used to communicate with new and existing customers. The information may also be used to provide user-specific content, such as personalized offers and advertisements.
Information collected using cookies and similar technology, such as pixel tags, is used to improve the user experience and the quality of our services. One tool used for this purpose is Google Analytics.
If we wish to use your data for purposes not outlined in this policy we will first ask for your consent.
Malmberg stores data on servers provided by City Networks AB in Karlskrona.
How long is the data stored?
The data is stored for as long as it is required in order to fulfill the purpose identified when the user first provided the information, or to comply with legal storage times and disclosure requirements.
Data security for our customers
We work hard to protect our customers from unauthorized access to our data; this includes unauthorized modification, exposure or destruction of the information we are storing. We have taken these specific safety measures:
- Our website is encrypted using SSL.
- We maintain routines for collecting, storing and managing data, including physical protection.
Right to access: You have the right to request a copy of all information stored about you by www.malmberg.se and to verify this information.
Right to correction: You have the right to correct any erroneous or incomplete information we might have about you.
Right to erasure (“the right to be forgotten”): You have the right to request erasure of your personal data, given that the data is no longer necessary in order to fulfill the purpose identified when the data was collected. In some cases, legal obligations prohibit us from immediately deleting the data. These obligations can be in the form of bookkeeping or tax laws. In these instances, we will block that particular information from being used for purposes other than those specific legal obligations.