Close

Data Privacy

We are committed to complying with fair, transparent, and legally compliant standards in relation to personal integrity. We only process personal data in accordance with applicable data protection laws and regulations and only for lawful, explicit, and specified purposes. When we at Epiroc are entrusted with personal information about individuals, we safeguard it and take appropriate steps to protect it from misuse. We observe all applicable privacy laws as well as internal policies and requirements when we collect, store, use, and share personal information about individuals. We only process personal information stored on our systems for business purposes that reflect the purpose for which the information was collected.

We have a Data Privacy Policy with references to “Epiroc’s Data Privacy Framework” which contains more detailed policies and guidelines for specific areas. The policy and the steering documents in the framework contain e.g. group-wide Data Privacy principles for processing of personal data, rights of data subjects, how to report and manage personal data breaches, applicable technical and organizational security measures, how personal data may be transferred internally in the group and externally to vendors and other parties, contact information to relevant stakeholders etc.

 

In the framework there is an Employee Personal Data Policy which contains detailed information to our employees on the processing of employee personal data e.g. how personal data is collected and processed, retention periods, to whom personal data may be shared and to which countries, employees' rights and how to use them, and where to complain. 

 

There are also a “main Data Privacy requirements for our entities” as well as an “Intragroup Data Processing Policy” which sets out how we process personal data within our group of companies.

In our Privacy Notice and Cookie Notice our Data Subjects can find information about our processing of their personal data. All public-facing websites we maintain at group and local level are required to have privacy notices and cookie notices as well as collect cookie consent in an appropriate way.

 

We have an Information Security Incident and Data Breach Policy which provides information on how, in the event of an information security incident or a personal data breach, the organization shall act and who to contact. There are also a Data Subject Rights Requirements and a Data Subject Rights procedure with information on how we handle and respond to Data Subject Rights.

 

When we engage a third party to process personal data on our behalf, we enter into Data Processing Agreement with said processor, based on our template agreement containing the appropriate elements.

Accelerate the transformation