Close

Privacy notice

Introduction

 

Epiroc AB, reg. no. 556041-2149, and its subsidiaries (collectively referred to as “Epiroc,” “we,” “us” and “our”) care about your privacy and are committed to protecting your personal data in accordance with fair information practices and applicable data privacy laws. Regardless of in which capacity you share information with us, e.g. as a customer, supplier, shareholder etc., it is important to us that you feel safe about how we treat your personal data.

 

The Controller of your data is the company that initially collected your data and decided the purposes and means for using your data. This Privacy Notice applies to situations where Epiroc and, or its subsidiaries act solely or collectively as data controllers/joint controllers or equivalent local law concept.

 

Additional data privacy information may be provided for our websites, events, products, services and any other tools, offerings or platforms that may involve processing of personal data by us. Our privacy practices may vary in connection with different products, services, and solutions as well as in different locations in which we operate. We encourage you to read the Privacy Notice of each legal entity and website, app, service, or solution you visit, review, use or otherwise interact with, where available.

 

This Privacy Notice explains how we collect, use and share personal data that you provide to us, or that we may otherwise obtain or generate, which relates to you (“personal data”). Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is someone who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

 

This Privacy Notice applies to the personal data we obtain through our normal business activities, both online and offline, i.e. collection in connection with sales and marketing, partner and supplier engagement and investor relations. As this Privacy Notice is intended to cover a variety of situations, there may be information contained in the Privacy Notice that does not apply to you.

 

Epiroc will always abide local laws and regulations and will refrain from the collection or use or personal data in a location where it is prohibited by law. If Country specifics items exists, they can be found at the bottom of this page.

1 General Information

Epiroc owns and operates this website. If you have any questions regarding the processing of your personal data or which legal entity that is controller for a specific processing of your data, you will find our contact details at the end of the Privacy Notice.

2 Our processing of your personal data

In summary, Epiroc may process your personal data for the following purposes:

  • to fulfil agreements entered into with customers, suppliers, consultants and other contracting parties;
  • to provide and administrate support and customer services;
  • to provide efficient marketing;
  • to provide information to Epiroc’s shareholders;
  • to register and administrate your user account;
  • to mitigate cyber security threats and to provide secure information technology environments;
  • to provide, improve and develop this website, our business or new services and products by analyzing your use of this website, our products and other analytics/statistics;
  • to assess your abilities and suitability for current or future roles within the company as a job applicant;
  • to comply with any legal or regulatory obligations, requirements or requests;
  • to protect, defend or enforce our legal rights, or those of others; or
  • to enable mergers, divestitures, restricting, reorganization, dissolution and other sale or transfers of Epiroc’s assets.

 

Below, you are provided with more information about e.g. why we process your personal data, which personal data we keep in order to achieve the purposes of the processing and for how long we keep your personal data. 

To fulfil agreements entered into with customers, suppliers, consultants and other contracting parties

Categories of personal data:
  • Identification details, such as name.
  • Contact details, such as, address, telephone number and e-mail address.
  • Work related data, such as employer and title.
  • User account information, such as password and username (email address or other).
  • Purchase order, shipping and payment data.
  • Credit or payment information.
  • Bank account details.
  • Service and warranty data.
  • Details for taxes.
  • Transaction and correspondence history.
  • Device information, such as your IP address, operating system and device settings.
  • Any other information necessary to fulfil any contractual obligation.

What we do:

We process your personal data in order to provide you with the information, products and/or services that you request or purchase from us.

Moreover, we process your personal data in order to fulfil our obligation to keep you informed about safety matters and communicate technical changes. 

Legal basis:

Necessary for us to fulfil our contract with you. The processing is necessary in order to provide the information, products and/or services requested by you pursuant to the contract made between you and us.
Retention period:

Your personal data is kept during the contract period/the term of contractual obligations and up to 24 months thereafter.
Your rights: Please see section 8 below for information about your rights.

To provide and administrate support and customer services

Categories of personal data:
  • Identification details, such as name.
  • Contact details, such as home address, telephone number and e-mail address.
  • Geographical information, such as country or hometown.
  • Work related data, such as employer and title. 
  • Type of products and services of interest to you. 
  • Contact and product preferences. 
  • Preferred languages. 
  • Device information, such as your IP address, operating system and device settings. 
  • Any other information provided by the customer.
What we do: 

We process your personal data in order to provide our support services, account services etc., where we respond to your questions.

Legal basis:
Legitimate interest. After a balancing of interests where we have pursued the following legitimate interest, which we assess overrides your interest of protection of your privacy:

  • Epiroc’s interest of processing your personal data in order to administer the provision of our support and customer services.
Retention period:

Your personal data is kept for 24 months after our last interaction with you.
Your rights: You have the right to object to processing of your personal data based upon a legitimate interest as legal basis. Please see section 8 below for more information about your rights. 

To provide efficient marketing

Categories of personal data:
  • Identification details, such as name and job title.
  • Contact details, such as phone number and e-mail address.
  • Device information, such as your IP address, operating system and device settings.
  • The type of products and services that may interest you.
  • Contact and product preferences.
  • Preferred languages.
  • Marketing preferences.
  • Referred personal data, such as tags, categories, and other profiling data

What we do: 

We process your personal data

within the scope of our marketing,

as we provide relevant and tailored communication to our audience. In order to do so, we need to understand what products and services information you would be interested in receiving, send such information, invite you to our events, provide effective communication in the language you choose etc.

Legal basis: 

Legitimate interest. After a balancing of interests where we have pursued the following legitimate interest, which we assess overrides your interest of protection of your privacy:

  • Epiroc’s interest of offering products and services that meet the needs and desires of its customers.

    Your consent in relation to: 
  • direct marketing, (if the electronic contact details have not been collected in connection with the sale of same of similar products or the provision of same or similar services and the receiver has not exercised the right given to opt out provided each time); and * use of cookies that are not strictly necessary for the function of this website.
Retention period:

Your personal data is kept for 24 months after our last interaction with you.
Your rights: You have the right to object to processing of your personal data based upon a legitimate interest as legal basis. When our processing of your personal data is based on your consent you have right to withdraw your consent at any time. Please see section 8 below for more information about your rights. 

To provide information to Epiroc’s shareholders

Categories of personal data:
  • Identification details, such as name.
  • Contact details, such as telephone number, e-mail address, address.
  • Work related data, such as employer and title.
What we do: 

We process our shareholders’ personal data in order to provide important information about Epiroc, such as annual and quarterly reports, invitations to investor meetings and requests for investor consents. 

Legal basis:

Legitimate interest. After a balancing of interests where we have pursued the following legitimate interest, which we assess overrides your interest of protection of your privacy:

  • Epiroc’s interest in effective and efficient communication with its shareholders.
Retention period: 

Your personal data is kept for 24 months after our last interaction with you.
Your rights: Your rights: You have the right to object to processing of your personal data based upon a legitimate interest as legal basis. Please see section 8 below for more information about your rights.

 

To register and administrate your user account

Categories of personal data:
  • Identification details, such as name.
  • Contact details, such as telephone number, e-mail address, address.
  •  Geographical information, such as country or hometown.
  • Work related data, such as employer and title.
  • VAT registration number.
  • Any other information provided by the customer.
What we do: 

We process your personal data in order to register and administrate your user account.
Legal basis:

Necessary for us to fulfil our contract with you. The processing is necessary in order to provide the services requested by you pursuant to the contract made between you and us.

Retention period:

Your personal data is kept during the term of your user account and up to 24 months thereafter.

Your rights: Please see section 8 below for information about your rights

 

To mitigate cyber security threats and to provide secure information technology environments

Categories of personal data:
  • Device information, such as your IP address, operating system and device settings.
  • Geographical information, such as country or hometown.
What we do:

We process your personal data in order to register and administrate your user account. 
Legal basis:

Legitimate interest. After a balancing of interests where we have pursued the following legitimate interest, which we assess overrides your interest of protection of your privacy: Epiroc’s interest of mitigate and defend against cyber security threats and to provide secure information technology environments.

Retention period:

Your personal data is kept during the term of your user account and up to 24 months thereafter.

Your rights: You have the right to object to processing of your personal data based upon a legitimate interest as legal basis. Please see section 8 below for more information about your rights.

To improve and develop this website, our business or new services and products by analyzing your use of this website, our products and other analytics/statistics

Categories of personal data:
  • Usage information such as cookie information, browsing pattern, behavior on this website and information you fill into online forms.
  • Device information, such as your IP address, operating system and device settings.
What we do

We analyze and process your personal data in order to improve and develop this website or newservices and products.

Legal basis:

Legitimate interest. After a balancing of interests where we have pursued the following legitimate interest, which we assess overrides your interest of protection of your privacy:

  • Epiroc’s interest in improving and developing this website, its services and its products, provided that our processing of your personal data is ancillary to the provision of the Service.
Retention period:

Your personal data is kept for as long as necessary to improve and develop this website, our services and our products, but no longer than 24 months without anonymizing it.
Your rights: You have the right to object to processing of your personal data based upon a legitimate interest as legal basis. Please see section 8 below for more information about your rights.

To assess your abilities and suitability for current or future roles within the company as a job applicant

Categories of personal data:
  • Identification details, such as name.
  • personal identification number, if provided.
  • Contact details, such as home address, e-mail address and telephone numbers.
  • CV, such as current title, position and responsibilities, previous positions and professional experience and education.
  • Compensation and benefits information and salary package expectations.
  • Reference information, if provided
  • Background checks
  • Referred information in recruitment process

What we do:

We process your personal data in order to be able to evaluate and assess your abilities and suitability for current or future roles with the company you are applying for as a job applicant.

Legal basis:

Legitimate interest. After a balancing of interests where we have pursued the following legitimate interest which we assess overrides your interest of protection of your privacy:

  • Epiroc’s interest of completing an assessment of your suitability for the applied role. Your consent in relation to: 
  • Background checks.

Retention period:


Your personal data is kept for 24 months (shorter period in certain countries).

 
Your rights: You have the right to object to processing of your personal data based upon a legitimate interest as legal basis. Please see section 8 below for more information about your rights.

To comply with any legal or regulatory obligations, requirements or requests

Categories of personal data: 
  • All of the above.

What we do:

We process your personal data to comply with our legal obligations under applicable law.

Legal basis:

Legal obligations. We need to process personal data to comply with our legal obligations under applicable legislation, such as the Anti-Money Laundering Act, the Accounting Act and to respond to your request to exercise your rights under the GDPR.

Retention period:

We will store your personal data as long as necessary for us to fulfil our legal obligations. Personal data processed to fulfil legal obligations in the Accounting Act will be stored for seven years. Data Processed to fulfil the Anti-Money Laundering Act will be stored for five to ten years, depending on the circumstances.
Your rights: Please see section 8 below for more information about your rights.

To protect, defend or enforce our legal rights, or those of others

Categories of personal data:
  • All of the above.
What we do: 

In case of a dispute, we are entitled to process your personal data to protect, defend or enforce the legal claim.

Legal basis: 

Legitimate interest. Processing is necessary for the purposes of our legitimate interests to protect, defend or enforce legal claims. In case of a dispute, we are entitled to process your personal data since we assess that our interest in safeguarding our interests in a dispute overrides your interest in protection of your privacy.

Retention period:

We will store your data for the purposes of establishing or defending Epiroc against legal claims for as long as you can make legal claims against us. As a result, we may store personal data during any warranty period and until any limitation period has expired.
Your rights: You have the right to object to processing of your personal data based upon a legitimate interest as legal basis. Please see section 8 below for more information about your rights.

To enable mergers, divestitures, restricting, reorganization, dissolution and other sale or transfers of Epiroc’s assets

Categories of personal data:
  • All of the above.
What we do: 

In case of a merger, divestiture, restricting, reorganization, dissolution or other sale of transfer of Epiroc’s assets we may need to process your personal data in order to enable such transfer. 

Legal basis: 

Legitimate interest. Processing is necessary for the purposes of our legitimate interests of enabling mergers, divestitures, restructuring, reorganization, dissolution and other sale or transfers of Epiroc’s assets, which we assess overrides your interest in protection of your personal data.

Retention period:

The personal data will be processed as long as necessary to fulfil the purpose with the processing. Personal data that is transferred to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Epiroc’s assets will not be stored by Epiroc after such transfer unless required to fulfil any of the other purposes set out above.
Your rights: You have the right to object to processing of your personal data based upon a legitimate interest as legal basis. Please see section 8 below for more information about your rights. 

3 Collection of personal data

3.1 Personal data that you provide us with

The personal data that we process about you is data that you have provided us with or that we have otherwise acquired as part of the provision of our services. We collect personal data:

  • when you create an account to use our services or create a new user for that account;
  • when you submit user-interaction data via our products or to our services;
  • when you complete transactions through this website, such as fulfilling an order for our services and products;
  • when you contact our support or customer service;
  • when you apply for a position at Epiroc;
  • through forms or other paper interaction with us;
  • through submittal of written documentation and emails sent to and from Epiroc; and
  • when you share information with us through other means, such as meetings, collaboration tools, conversations, social media, online forms or otherwise through our websites;

3.2 Personal data that we collect from other sources

We may also collect or receive information about you from other sources e.g. public registers, and Specially Designated Nationals and Blocked Persons lists (so called “SDN list screening”) etc.

4 Automated decision-making

In Epiroc, we have controls in place to not have processing activities that make decisions solely based on automated decision-making, including profiling, if said decision can have legal consequences for or significantly affects the data subject, without also offer an alternative for the data subject, e.g., by offering a manual review of the decision or collect the subject’s consent to carry on with the automated decision.

5 Retention of personal data

We retain your personal data for as long as necessary for the purposes for which we originally collected the data in accordance with this Privacy Notice. When we no longer need to save your data, we will remove it from our systems, databases, and backups. In the tables above under section 2, you will find more information about how long we keep your personal data for different purposes.

 

We may be required to keep your personal data for other reasons, such as to comply with legal obligations or to safeguard our legal interest, or for any other important public interest.

6 With whom do we share your personal data?

We may share personal data with third parties that are trusted recipients and with whom we have an agreement ensuring that your personal data is processed in accordance with this Privacy Notice. We may share data with:

  • our subsidiaries and affiliates;
  • third party service providers;
  • a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Epiroc’s assets; and
  • suppliers in the event of need for sub suppliers on particular components.

In certain circumstances, we may also need to disclose personal data upon the request from authorities or to third parties in connection with court proceedings or business acquisition or combination processes, or other similar processes.

We will not sell your personal data.

7 International transfers of your personal data

Because Epiroc is a global company with locations in many different countries, we may transfer your personal data to countries that are both in and outside the EU/EEA when transferring from one affiliated company to another in order to accomplish the purposes listed above.

 

When transferring personal data outside the EU/EEA, we will ensure that there is a legal basis for the transfer and that the level of protection is equivalent to that applicable within the EU/EEA, either by ensuring that the country has an adequate level of protection, that we have taken adequate protective measures such as the European Commission’s standard contractual clauses, that the data subjects have given their explicit consent or that the transfer is necessary with regards to the purposes set out in article 49 of the GDPR.

8 Your rights

8.1 Our responsibility for your rights

In the capacity of data controller, we are responsible for ensuring that your personal data is processed in compliance with applicable laws. In relation to applicable data protection laws, you as a data subject may have the following rights in relation to your personal data. To exercise these rights, you may contact us at provided contact details in the end of this Privacy Notice.

 

For specific data privacy rights of data subjects, see country specific privacy notices in the end of this Privacy Notice.

 

Where GDPR are applicable we have an obligation to respond to your requests to exercise your rights within one month of receiving your request. If your request is complex or if we have received many requests, we have the right to extend this deadline to two months. If we are unable to take the action you request within one month, we will inform you of the reason for the delay and of your right to lodge a complaint with a supervisory authority and to seek judicial remedy. You will not be charged for requesting information, for communication or measures that we carry out. However, if your request is manifestly unfounded or excessive, we may charge an administrative fee for providing the information or taking the action requested or refuse to act on your request altogether.

8.2 Your right to access, rectification, erasure and restriction

Right to access to your personal data. You have the right to obtain confirmation on whether we process personal data about you and receive a copy of such data as well as information on how we process your personal data.

 

Right to request a copy of the European Commission’s standard contractual clauses and its appendices that we use with any third parties, as mentioned in section 7.

 

Right to rectification. You have the right to rectify any inaccurate personal data we process about you or have any incomplete personal data about you completed.

Right to erasure of your personal data. You have the right to request that we delete your personal data if there is no compelling reason for us to continue processing the data. Personal data should therefore be erased if:

  • it is no longer needed for the purpose for which we collected it;
  • we process your personal data based on consent provided by you and you withdraw your consent;
  • you object to us processing your data based on a legitimate interest assessment and we have no compelling interest that overrides your interests and rights;
  • we have processed the personal data unlawfully; or
  • we have a legal obligation to erase the personal data.

However, there may be legal requirements or other compelling reasons that prevent us from immediately erasing your personal data. We will then stop processing your personal data for purposes other than in compliance with the law or where there are no compelling legitimate grounds for doing so.

 

Restriction of processing. This means that we temporarily restrict the processing of your data. You may have the right to request restriction when:

  • you consider your data to be inaccurate and you have requested rectification as defined above, while we establish the accuracy of the data;
  • the processing is unlawful, and you do not want the data to be erased;
  • as the personal data controller, we no longer need the personal data for our processing purposes, but you need them to be able to establish, exercise or defend a legal claim; or
  • you have objected to the processing as defined below, while waiting for us to consider whether our legitimate interests override yours.

We will take all reasonable measures possible to notify everyone who has received personal data as stated in section 6 above if we have rectified, erased or restricted access to your personal data after you have requested us to do so. If you request information on recipients of your personal data, we will inform you about the recipients.

Right to object to processing. You have the right to object to the processing of your personal data if our processing is based upon legitimate interests. If you object to such processing, we will cease processing of your personal data, unless we can demonstrate compelling legitimate grounds for the processing overriding your interests, or if the data is needed for the establishment, exercise, or defense of legal claims. You always have the right to opt out of receiving direct marketing from us.

 

Right to information. You have the right to receive transparent information about how we process your personal data.

 

Right to withdraw your consent. When we need your consent in order to process your personal data, you always have the right to withdraw such consent at any time by contacting us. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal.

 

This applies where the GDPR is applicable. If consent is used as a legal basis based on other countries' Data Privacy legislation (outside the EU/EEA), the rules for the respective country's interpretation of consent will apply. We aim to, to the extent possible, handle consent based on EU/EEA interpretation also for processing’s based on consent as legal base for processing from other countries' Data Privacy legislation, where the GDPR is not applicable.

 

Right to data portability. You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format, and you may have that data ported directly to another controller, where such personal data is processed based on your consent or to perform a contract with you.

 

Right to complain. If you are not satisfied with our processing of your personal data, do not hesitate to contact us at the email-address under section 12, and label the email “Privacy Complaint”. You also have the right to lodge a complaint with the supervisory authority if you are not satisfied with our processing of your personal data. For EU and EEA countries, you can find your local supervisory authority here.

 

Please note that a number of these rights only apply in certain circumstances, and all these rights may be limited by law. If you wish to exercise your rights or have any questions regarding the processing of your personal data, please contact us using the contact details set out in section 12.

9 Protection of your personal data

We always want you to feel confident about providing us with your personal data. We have therefore taken appropriate security measures to protect your personal data against unauthorized access, alteration and erasure.

 

Even though we work hard to protect your data, no security measures are perfect or impenetrable. Should a security breach occur that may materially impact you or your personal data, e.g. risk of fraud or identity theft, we will contact you to explain what action you can take to mitigate potential adverse effects of the breach.

 

We strongly advise you to be cautious and to protect your own personal data. You are responsible for keeping your passwords confidential and to avoid others from observing your personal data when using our services in public spaces. 

10 Cookies

We use cookies that may include personal data to improve, analyze and administer this website, our services and your experience of them. You can find more information about this in our Cookie Notice.

11 Changes to the Privacy Notice

We may, from time to time, make changes to this Privacy Notice to reflect any changes in our data processing practices. We recommend that you visit this Privacy Notice on occasion to learn about new privacy practices or changes.  If we make material changes to the way in which we use information we collect, we will use reasonable efforts to notify you by means consistent with applicable law and will take additional steps as required by applicable law.

 

This Privacy Notice was last updated:  May 22nd, 2024.

12 Contact details

Do not hesitate to contact us if you have any questions about this Privacy Notice or our processing of your personal data at:

 

Epiroc AB, reg. no. 556041-2149. Email: dataprivacy@epiroc.com. If you wish to exercise your rights, please contact the Epiroc IT Service Desk at: service.desk.it@support.epiroc.com, and label the email “Data Subject Right Request” or “Data privacy breach”.

Read more about our work with your privacy:

Region or country specifics:

Accelerate the transformation