Website Privacy Notice - NCC

1. Introduction

When visiting NCC:s websites NCC may collect and process personal data ("Personal data") about you.

The NCC company that provide the website you visit is controller for the processing of personal data in accordance with this Privacy Notice.

This privacy notice ("Privacy Notice") sets out which personal data that NCC collects and for which purposes the Personal data is processed.

Throughout this Privacy Notice the term "processing" is used to cover all activities involving your Personal data, including collecting, handling, storing, sharing, accessing, using, transferring and disposing of information.

"Applicable Data Privacy Laws" means data protection laws and regulations implementing the Data Protection Directive 95/46/EC and as of 25 May 2018 the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (the "GDPR").

"Personal data" is defined as any information relating to an identified or identifiable natural person.

2. Cookies

2.1.

NCC use cookies and other similar techniques to collect information about you and your device (such as phone or computer) when you visit our website. For more information regarding NCC's use of cookies, click here [link].

3. From where do we collect your personal data

3.1.

We collect Personal data from you (such as name and email address) if you chose to contact us through the website. See also section 2.1 above regarding use of cookies.

3.2.

We may also collect your Personal data from communication agencies when measuring and analyzing our social media presence (e.g. from published articles and social media channels).

4. Why do we collect and process your personal data

4.1.Provide you with information such as Newsletters, Catalogues and Press Releases

If you sign up to subscribe to newsletters, catalogues, press releases and similar information about NCC and its business or order such information on a one time basis we process your Personal data for the purposes of providing you with the requested subscription or information. Personal data processed for these purposes include:

Categories of personal data

  • First name
  • Last name
  • Email address
  • Phone number
  • Company/organization

The legal basis for the above processing of your Personal data is that the processing is necessary in order to fulfil our legitimate interest to provide you with the subscription and information you have requested, article 6.1 f) GDPR.  If you do not provide information marked with * on the website form we will not be in a position to provide you with the requested service. 

4.2. Answer your Questions and handle Feedback in General 

Most of our websites provide functionality for the visitor to communicate with us to ask questions and give feedback regarding our services and business. Were you use such functionality NCC will processes your Personal data for the purposes of answering your questions and handle feedback from you. Personal data processed for these purposes include: 

Categories of personal data

  • First name
  • Last name
  • Email address
  • Address
  • Phone number
  • Feeback and comments made by you

The legal basis for the above processing of your Personal data is that the processing is necessary in order to fulfil our legitimate interest to answer questions and handle feedback from you, article 6.1 f) GDPR. If you do not provide information marked with * on the website form we will not be in a position to provide you with the requested service.

4.3. Respond to your requests for Quotations

Some of our websites allow you to send a request for quotation for certain work or services to be performed by NCC. If you send a request for quotation NCC will processes Personal data for the purposes of responding to and managing your requests for the quotation. Personal data processed for these purposes include:

Categories of personal data

  • First name
  • Last name
  • Email address
  • Address 
  • Phone number
  • Company/organization

The legal basis for the above processing of your Personal data is that the processing is necessary in order to fulfil our legitimate interest to answer and handle your request for quotation, article 6.1 f) GDPR. If you do not provide information marked with * on the website form we will not be in a position to provide you with the requested service.

4.4. Respond to your purchase requests 

Some of our websites allow you to send a purchase request relating to our products and services. If you send a purchase request NCC will processes Personal data for the purposes of responding to and managing your purchase request. Personal data processed for these purposes include:

Categories of personal data

  • First name
  • Last name
  • Email address
  • Address 
  • Phone number
  • Personal number
  • Credit reports (including e.g. credit rating and payment default)   
  • Company/organization
  • Organization number
  • Other company and financial information publicly available

The legal basis for the above processing of your Personal data is that the processing is necessary in order to fulfil our legitimate interest to answer and handle your purchase request, article 6.1 f) GDPR. If you send a purchase request as a consumer, we will process your Personal data in order to fulfil the purchase agreement between NCC and you, article 6.1 b) GDPR. If you do not provide information marked with * on the website form we will not be in a position to provide you with the requested service.

4.5. Manage and respond to your requests and notices in our business portals

As a corporate customer or a supplier to NCC you have access to some of our business portals, where you for example can view and manage ongoing projects and agreements, submit offers and handle invoices. If you as a corporate customer or a supplier to NCC use these functions NCC will process Personal data for the purposes of managing the ongoing relationship with you and to respond to and evaluate your offers. Personal data processed for these purposes include:

Categories of personal data

  • Name
  • Email address
  • Address
  • Phone number
  • Position/title in company 
  • Personal number
  • Company/organization
  • Area of responsibility
  • Company information publicly available (e.g. number of employees and VAT number)
  • Financial information (relating to invoices, offers, agreements etc.) 
  • Comments by you 

The legal basis for the above processing of your Personal data is that the processing is necessary in order to fulfil our legitimate interest to manage and respond to your request and notices in our business portals, article 6.1 f) GDPR. If you do not provide information marked with * on the website form we will not be in a position to provide you with the requested service.

4.6. Manage and respond to your reporting of violations of NCC's Code of Conduct 

As a corporate customer or a supplier to NCC you have access to our portal were you can report violations of NCC's Code of Conduct. If you as a corporate customer or a supplier to NCC use these functions NCC will process Personal data for the purposes of managing and investigating the reported violation of NCC's Code of Conduct. Personal data processed for these purposes include:

Categories of personal data

  • Complaints and comment by you 

The legal basis for the above processing of your Personal data is that the processing is necessary in order to fulfil our legitimate interest to managing and investigating the reported violation of NCC's Code of Conduct, article 6.1 f) GDPR. 

4.7. Create personal Website User Accounts 

Some of NCC's websites allow users to set up a personal user account with log-in. For those websites and if you create a user account NCC will process your Personal data for the purposes of creating and managing your personal user account, create your log-in and provide you with access to your account. Personal data processed for these purposes include: 

Categories of personal data

  • First name
  • Last name
  • Email address
  • Customer number 
  • Phone number

The legal basis for the above processing of your Personal data is that the processing is necessary in order to fulfil our legitimate interest to create and manage your user account and fulfil the user account agreement with you, article 6.1 f) GDPR. If you do not provide information marked with * on the website form we will not be in a position to provide you with the requested service.

4.8. Manage complaints and fulfil our guarantee commitments relating to our products

Some of our websites allow you to provide us with complaints relating to our products. Were you provide us with a complaint NCC will process your Personal data for the purposes of investigating, managing and replying to your complaint, in order to fulfil our guarantee commitments. Personal data processed for these purposes include:

Categories of personal data

  • First name
  • Last name
  • Email address
  • Address and floor number
  • Department number
  • Phone number
  • Customer reference number
  • Type of property 
  • Company/organization 
  • Complaint and comments by you

The legal basis for the above processing of your Personal data is that the processing is necessary in order to fulfil our legitimate interest of investigating, managing and replying to your complaint, article 6.1 f) GDPR. If are a consumer who have bought our products or services, we will process your Personal data in order to fulfil the purchase agreement between NCC and you, article 6.1 b) GDPR. If you do not provide information marked with * on the website form we will not be in a position to provide you with the requested service.

4.9. Manage your Order for Construction Material and other products provided by NCC 

Some of our websites allow you to order construction material (such as asphalt) and other products provided by NCC. Were you provide us with an order of construction material or other products NCC will process your Personal data for the purposes of managing the order. Personal data processed for these purposes include: 

Categories of personal data

  • First name
  • Last name
  • Email address
  • Address 
  • Phone number
  • Company/organization 
  • Company ID
  • Position/title in company 
  • Fax number
  • Organization number 
  • Invoice address 
  • EAN number
  • Requisition number
  • Customer number

The legal basis for the above processing of your Personal data is that the processing is necessary in order to fulfil our legitimate interest of managing your order, article 6.1 f) GDPR. If you order products as a consumer, we will process your Personal data in order to fulfil the purchase agreement between NCC and you, article 6.1 b) GDPR. If you do not provide information marked with * on the website form we will not be in a position to provide you with the requested service.

4.10. Managing Contests

Were you chose to participate in contests arranged by NCC we will process Personal data for the purposes of managing the competition, decide on awards and communicate with the participants. Personal data processed for these purposes include:

Categories of personal data

  • Name
  • Phone number
  • E-mail address
  • Address 
  • Department 
  • Business area

The legal basis for the above processing of your Personal data is that the processing is necessary in order to fulfil our legitimate interest of managing the competition, decide on awards and communicate with the participants, article 6.1 f) GDPR. If you do not provide information marked with * on the website form we will not be in a position to have you participate in the contest. We will not publish your name on any internal or external website without obtaining your consent thereto.

4.11. Managing your registration  for and participation in Events and Training Courses 

Some of our sites allow you to register for events and training courses. If you do so NCC will process your Personal data for the purposes of managing and responding to your interest and registration. If you register for an event or training course we will also use your personal data to carry out the event or training course. Personal data processed for these purposes include:   

Categories of personal data

  • First name
  • Last name
  • Email address
  • Phone number
  • Company/Organization 
  • Personal number
  • Address
  • Food preferences 
  • Work title 

The legal basis for the above processing of your Personal data is that the processing is necessary in order to fulfil our legitimate interest of managing your interest in and participation in the training course or event, article 6.1 f) GDPR. If you do not provide information marked with * on the website form we will not be in a position to provide you with the requested service. We will ask for your consent (article 9.2 a) GDPR) regarding food preferences.

4.12. Managing notices of interest for commercial properties 

Some of our sites allow you to send us your interest in commercial properties . If you do so NCC will process your Personal data for the purposes of managing and responding to your notice of interest. Personal data processed for these purposes include:

Categories of personal data

  • First name
  • Last name
  • Email address
  • Phone number
  • Company/Organization 
  • Address
  • Work title 

The legal basis for the above processing of your Personal data is that the processing is necessary in order to fulfil our legitimate interest of managing your interest in our commercial properties, article 6.1 f) GDPR. If you do not provide information marked with * on the website form we will not be in a position to provide you with the requested service.

4.13. Managing your Work Applications

Some of our websites allow you to submit a work application to become employed at NCC. Our processing of your Personal data in order to manage and evaluate work applications is governed by our Applicant Privacy Notice, click here.

4.14. Establish Traffic Arrangement Plans 

Some of our websites allow you to create a request for a basis to establish traffic arrangement plans (TA plan). If you do so NCC will process your Personal data for the purposes of managing your request, communicating with you and establishing the traffic arrangement plan. Personal data processed for these purposes include.

Categories of personal data

  • First name
  • Last name
  • Email address
  • Address
  • Phone number 

Your submission may also include Personal data related to the notifier, main contractor, supervisor, construction manager and other individuals as set out in the website form. The legal basis for the above processing of your Personal data is that the processing is necessary in order to fulfil our legitimate interest of managing your request for establishing a basis for the traffic arrangement plan, article 6.1 f) GDPR. If you do not provide information marked with * on the website form we will not be in a position to provide you with the requested service.

4.15. Manage services and benefits available to NCC employees

Some of our websites are available only to our NCC employees, where you as an employee for example can respond to adverts regarding second hand material and goods for free or submit a notice of interest for private rental properties provided by NCC. If you as a NCC employee use such services NCC will process your Personal data in order to manage and answer your communication with us. If you chose to respond to an advert or to submit a notice of interest as a non-employee we will process your Personal data in order to deny you access to the services. Personal data processed for these purposes include:

Categories of personal data

  • Name
  • Email address
  • Address
  • Phone number
  • Content in email or other communication
  • Personal number
  • Company/Organization 
  • Food preferences 
  • Pets
  • Preferred date and location of rental
  • Comments by you

The legal basis for the above processing of your Personal data is that the processing is necessary for the performance of the contract between you and NCC, article 6.1 b) GDPR. If you are responding to an add or submitting a notice of interest as a representative for a legal entity or as a non-employee the processing will be based on our legitimate interest of managing and answering your communication as well as denying you access to the services, article 6.1 f GDPR.

4.16. Communicate and promote NCC on social media platforms 

NCC has active profiles on social media platforms, including Facebook, Instagram, LinkedIn and Youtube. On these platforms NCC may publish articles, pictures and videos for the purposes of communicating and promoting NCC. When posts are being published on our social media profiles we may process your Personal data, such as name and photograph. We will only process your Personal data for now mentioned purposes if you have given your consent (article 6.1 a) GDPR) and, your parent or guardian's consent if needed.

4.17. Comply with legal obligations 

NCC processes Personal data in order to comply with legal obligations, such as book-keeping and tax purposes. Personal data processed for these purposes include:

Categories of personal data

  • Name
  • Last name
  • Transaction data 
  • Other information as necessary for the purpose

The legal basis for the above processing of your Personal data is that the processing is necessary for NCC's compliance with legal obligations, article 6.1 c) GDPR.

4.18. Establish, exercise and defend legal claims

NCC may process your Personal data for the purposes of establishing, exercising and defending legal claims in the un-likely event of a dispute between you and NCC. Personal data processed for these purposes include:

Categories of personal data

  • First name
  • Last name
  • Email address
  • Other information as necessary for the purpose

The legal basis for the above processing of your personal data is that the processing is necessary in order to fulfill our legitimate interest to establish, exercise and defend legal claims, article 6.1 f) GDPR.

5. For how long do we keep your personal data

NCC will retain Personal data for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by local law to which NCC is subject. We are using the following criteria to establish our retention period: (i) as long as we have an ongoing relationship with you (either as an individual or in your capacity as employed by one of our corporate customers, suppliers or co-operations partners); (ii) as required by legal obligations to which NCC is subject (such as tax and accounting obligations); and (iii) as advisable in light of our legal position (such as applicable statutes of limitations).

6. Disclosure and transfer of Personal data

Group companies
NCC may disclose Personal data processed to other companies within the NCC group in order to maintain and manage our services and functions provided under section 4, as well as to comply with legal obligations and establish, exercise and defend legal claims.

Other recipients
NCC may also disclose Personal data outside the NCC group, such as:

Recipient: Courts and outside counsels
Purpose of transfer: In order to exercise, establish or defend legal claims
Legal basis:To fulfill ours and yours legitimate interest to have disputes settled by competent courts.

Recipient: Event companies and co-operations partners
Purpose of transfer:To prepare and host events and conferences
Legal basis:To fulfill our legitimate interest to carry out events and conferences

Data processors acting on behalf of NCC

Moreover, NCC may disclose Personal data to external parties, such as IT service providers, communication agencies, vendors and other service providers which process Personal data under the instructions of NCC. Where such disclosure entails transfers of Personal data outside the EU/EEA, NCC will ensure that Standard Contractual Clauses have been entered into between the transferring NCC entity and the receiving external party. Alternatively, other safe guards will be put in place prior to such transfers.

Appropriate Safe Guards to countries outside the EU/EEA-area

You are under Applicable Data Privacy Law upon request entitled receive a copy of any documentation demonstrating that appropriate safeguards have been taken in order to protect your Personal data during a transfer outside the EU/EEA.

If you would like know more about the processing of your Personal data and whether your Personal data is transferred outside EU/EEA, please contact us on the contact details as set out below under section 9.

7. Security

7.1.

We will ensure that the access to your data is accurately secured by applying appropriate safeguards, depending on the circumstances taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk. In support of this commitment, we have implemented appropriate technical, physical and organizational measures to protect your personal data against: unauthorized or accidental destruction, alteration or disclosure; misuse; damage; theft or accidental loss; or unauthorized access.

8. Your rights

8.1. Right of rectification

NCC will take steps in accordance with Applicable Data Privacy Law to keep your Personal data accurate, complete and up-to-date. If you identify that any Personal data related to you is inadequate, incomplete or incorrect, you are entitled to have the Personal data corrected.

Moreover, you also have the right to request access to the Personal data that we process about you.

8.2. Further rights as of 25th May 2018

As of 25th May 2018, you are also under Applicable Data Privacy Law in addition to rectification entitled to:

(i) Access

You may request confirmation whether or not Personal data is processed and if that is the case access to your Personal data and additional information such as the purposes of the processing. You are also entitled to receive a copy of the Personal data undergoing processing. If the request is made by electronic means the information will be provided in a commonly used electronic format if you do not request otherwise.

(ii) Object to certain processing

You may object to processing of your Personal data processed on the basis of a legitimate interest, on grounds relating to your particular situation and to processing for direct marketing purposes. If you have opted to receive a subscription by email each email will include an easy accessible opt-out function where you may de-register from further communication.

(iii) Erasure

You may have your Personal data erased under certain circumstances such as when your Personal data it is no longer needed for the purposes for which it was collected.

(iv) Restriction of processing

You may ask us to restrict the processing of your Personal data to only comprise storage of your Personal data under certain circumstances such when the processing is unlawful, but you do not want your Personal data erased.

(v) Withdrawal of consent

You have the right to at any time withdraw your consent to processing of Personal data to the extent the processing is based on your consent.

(vi) Data Portability

You may ask to receive a machine-readable copy of the Personal data processed on the basis of your consent or on the basis that the processing is necessary in order to perform an agreement with you, and which Personal data have been provided to NCC by you (data portability), and ask for the information to be transferred to another data controller (where possible).

8.3. Complaints to the supervisory authority

You acknowledge that you always have the right to lodge complaints pertaining to the processing of your Personal data to the competent data protection authority if so provided under Applicable Data Privacy Law. The data protection authority can be reached here.

8.4. Third party notices

In some of our websites we provide links to e.g. our partners' external websites. NCC is not responsible or liable for any third party privacy and if you chose to visit the website linked to we recommend you to carefully read the privacy terms of such external website.

9. Contact information

If you have any questions or concerns regarding the processing of your Personal data or wish to exercise any of your rights, please contact NCC on the contact details set forth below.

The data controller for Personal data is NCC AB  org: 556034-5174

Address:
NCC AB
Vallgatan 3
Att: NCC GDPR Team
170 80 Solna, Sweden

Email: gdpr@ncc.se