Data Privacy

We are committed to complying with fair, transparent and legally compliant standards in relation to personal integrity. We only process personal data in accordance with applicable data protection laws and regulations and only for lawful, explicit and specified purposes. When we at Epiroc are entrusted with personal information about individuals, we must safeguard it and take appropriate steps to protect it from misuse. We must observe all applicable privacy laws when we collect, use, and share personal information about individuals and follow company guidelines when collecting, storing, using, or sharing personal information about individuals. We shall not access personal information stored on our systems, except for business purposes that reflect the purpose for which the information was collected.


We have a General Data Privacy Policy with references to more detailed policies and guidelines for specific areas. It  account for the general principles for processing of personal data in the group, rights of data subjects, how to report personal data breaches, IT Security, to whom personal data may be transferred and to which countries as well as contact details.


Our Employee Personal Data Policy contains detailed information to our employees on the processing of employee personal data, how personal data is collected, retention periods, to whom personal data may be shared and to which countries, employees' rights and how to use them, protection of personal data and where to complain. 

Our Intragroup Data Processing Policy sets out how we process personal data within our group of companies.


Our Privacy Notice and Cookie Policy sets out how we inform stakeholders on our processing of their personal data in a privacy notice of the public-facing websites we maintain at group and local level. Our Cookie Policy contains information on how we inform stakeholders of our cookie handling.


We have an Information Security Incident and Data Breach Policy which provides information on how data subjects can act in the event of an information security incident or a personal data breach and who to contact and a Data Subject Access Request Guideline with information on how we handle and respond to requests for access to personal data made by data subjects and a Right to Data Portability Guideline with information on how we handle and respond to requests for data portability.


When we engage a third party to process personal data on our behalf, we enter into a Data Process Agreement based on our template agreements containing the appropriate elements

Accelerate the transformation