Privacy statement

At Sweco we respect the privacy of individuals and recognize the importance of the personal data entrusted to us by our customers, our employees and other parties. It is our responsibility to -in a relevant and proper manner- process and protect all personal data compliant with the applicable privacy legislation.

In short, the general principles for protecting personal data within Sweco are:

• We are transparent on how we comply with the applicable privacy legislation
• We limit the collection and processing of personal data
• We process (sensitive) personal data only if the processing has a clear legal ground
• We register details about individuals limited to achieving the purpose of the processing
• We inform individuals which personal data we collect and how these data will be used
• We treat personal data as strictly confidential and take appropriate technical and organizational security measures to protect personal data against loss or unlawful processing
• We keep personal data only for as long as necessary to fulfil the purposes for which it was collected or local law requires
• If our processing of personal data is likely to pose a high risk to individuals’ rights and freedoms, we will perform a data protection impact assessment and, if necessary, take appropriate security measures
• Our systems and processes support personal data protection. We document that our systems and processes work as intended.
• Where we outsource processing of personal data we impose contractual obligations to protect these data.