We are committed to complying with fair, transparent and legally compliant standards in relation to personal integrity. We only process personal data in accordance with applicable data protection laws and regulations and only for lawful, explicit and specified purposes. When we at Epiroc are entrusted with personal information about individuals, we must safeguard it and take appropriate steps to protect it from misuse. We must observe all applicable privacy laws when we collect, use, and share personal information about individuals and follow company guidelines when collecting, storing, using, or sharing personal information about individuals. We shall not access personal information stored on our systems, except for business purposes that reflect the purpose for which the information was collected.
Our Employee Personal Data Policy contains detailed information to our employees on the processing of employee personal data, how personal data is collected, retention periods, to whom personal data may be shared and to which countries, employees' rights and how to use them, protection of personal data and where to complain.
Our Intragroup Data Processing Policy sets out how we process personal data within our group of companies.
We have an Information Security Incident and Data Breach Policy which provides information on how data subjects can act in the event of an information security incident or a personal data breach and who to contact and a Data Subject Access Request Guideline with information on how we handle and respond to requests for access to personal data made by data subjects and a Right to Data Portability Guideline with information on how we handle and respond to requests for data portability.
When we engage a third party to process personal data on our behalf, we enter into a Data Process Agreement based on our template agreements containing the appropriate elements