-
INTRODUCTION
This privacy statement covers all necessary information on how Heimstaden
collects, processes, shares and retains your personal data connected to your
relationship with Heimstaden, in your role as a
We may under certain circumstances also process your personal data by the
use of cookies and/or camera surveillance. More information on our use of
cookies and camera surveillance is available in our cookie statement and our
privacy statement on camera surveillance respectively available on our
Website.
Information regarding the processing of your personal data in connection
with registration to and conduction of Heimstaden’s general meetings, please
see Euroclear's privacy notice for general meetings of shareholders,
available at
https://www.euroclear.com/dam/ESw/Legal/Privacy_notice_BOSS_final_30112020.pdf
This statement also describes your rights under applicable data protection
law and how you can exercise them. You are always welcome to contact us if
you have any questions. You can find our contact details at the bottom of
this policy.
-
DATA CONTROLLER
Heimstaden AB, reg. no. 556670-0455, having its registered address on Östra
Promenaden 7A, 211 28 Malmö, and, where applicable, the company within
Heimstaden’s group of companies from which you rent your accommodation
(jointly “Heimstaden”, “we” or “us”)
are joint controllers of any processing of your personal data carried out by
the companies and/or their subsidiaries. Tenants will find more information
in the rental agreement or rental invoice regarding which company, within
Heimstaden’s group of companies, that is their landlord.
-
PROCESSING OF PERSONAL DATA
3.1 Which types of personal data are processed by Heimstaden?
3.1.1 User/visitor of the Website
If you use or visit our Website, we may process the IP address of the device
used when visiting our Website and, where applicable, information on your
browsing on the Website. If you are a visitor on Heimstaden.com and you have
agreed to or not objected to receiving marketing from us by email, we will
also process your email address.
3.1.2 Business Partner
The personal data that we may process is, depending on your relationship
with Heimstaden and the circumstances in general, your name, telephone
number, address, email address, title, personal identity number of
signatories for a company, personal identity number and credit rating in
relation to Business Partners who are registered as sole traders in Sweden
(Sw. enskild firma), material from potential camera surveillance and any
additional information which has been provided by you in connection with
your communication with us. In some situations, we may process additional
types of personal data if deemed necessary in relation to the individual
business relationship.
3.1.3 Tenant, subtenant and housing applicant
If you are a tenant or subtenant, we may process the following personal data
concerning you: your name, personal identity number, address, telephone
number and email address. We also process information on your apartment, for
example information on equipment, defects that need be attended to, and any
reports on disturbance or other concerns. If you have been granted protected
identity (Sw. skyddad identitet) by the Swedish Tax Agency (Sw.
Skatteverket), we will process your personal data in accordance with a
separate, company-internal policy.
If you are a housing applicant, we may process the following personal data
concerning you: your name, telephone number, email address and personal
identity number, references and former landlord, information on employment
and financial situation, which is needed in order to assess whether you meet
the requirements for the apartment you have applied for. If you apply for
student housing, we also need a certificate which verifies that you will be
studying during the rental period.
If you are the registered guardian (Sw. god man) or administrator (Sw.
förvaltare) of a tenant, we may process personal data concerning you
contained in the information necessary to administrate the tenancy relation
with the current tenant that you are a guardian or administrator for.
3.1.4 Guarantor
If you are a guarantor, we may process personal data concerning you
contained in the information provided in the personal guarantee (Sw.
borgensförbindelse) issued, such as name, personal identity number and
telephone number. In addition, your credit rating may be processed.
3.1.5 Shareholder
If you are a shareholder, we may process different types of personal data
concerning you. We process your name, address, telephone number, personal
identity number, shareholding (owned-registered or nominee-registered
shares), registered number of votes, shareholder assistant, shareholder
representative, food preferences and other potential personal data provided
by you in connection with your communication with us.
3.1.6 Sensitive personal data
In addition to the abovementioned situations, we may process additional
information about you, that you provide to us when contacting our customer
service. If the contact is made by telephone, our customer service staff may
take notes which include personal data – sometimes sensitive personal data –
to the extent deemed necessary to attend to your matter.
We will only process sensitive personal data if you give your consent to it.
If your matter requires the processing of sensitive personal data concerning
you, we cannot help you unless we have your explicit consent thereto.
In light of the above, we will always ask for your explicit consent before
we process sensitive personal data concerning you.
3.2 How are your personal data collected?
Personal data are mainly collected through direct interactions initiated by
you, e.g. when you contact us by telephone, email or if you register on our
Website where this is possible. Personal data may also be collected from
your employer, references and former landlords, official records,
municipalities and public authorities, and in some situations from other
companies in connection with Heimstaden’s acquisition of real property, in
the event that you are or have been a customer of the seller’s.
Heimstaden may also collect personal data concerning you from Euroclear
Sweden AB (which manage our share register). If we have a reason therefor,
we may collect your credit rating and process the information we receive
from the credit-rating agency.
Heimstaden may also need to update the personal data in order not to process
outdated personal data about you. These updates may be completed by services
provided by Creditsafe i Sverige AB and Bisnode Sverige AB.
3.3 For which purposes do we process your personal data?
3.3.1 User/visitor of the Website
If you are a user or visitor of our Website, we may process personal data
concerning you in order to make your visit at our Website as enjoyable and
smooth as possible, for marketing purposes, in order to perform website
visitor tracking/website traffic analyses, and to ensure that our Website
runs in a secure way.
3.3.2 Business Partner
We process personal data concerning you in order to administrate our
business relationship with you or the company that you represent (including
ensuring the fulfilment of commitments, management, performing follow-up of
deliveries, etc.) to enable reviews of the progression of construction work
and to ensure that only authorised persons have access to construction sites
through, for example, camera surveillance, and to stay in contact with you.
We may also process your personal data for the purpose of sending
invitations to events to you (including in order to administrate such
events, e.g. as regards the number of attendees, food services and food
preferences).
3.3.3 Tenant, subtenant and housing applicant
Personal data concerning tenants are mainly processed in order for
Heimstaden to perform its duties as landlord, to prepare, administrate and
perform concluded agreements and to otherwise operate our management and
rental business.
We may also process tenants’ personal data in connection with marketing
communication such as publication of posts, pictures, videos, etc. on social
media (e.g. Facebook, LinkedIn and Instagram) as well as publication of
posts, pictures and videos for internal use (e.g. on our intranet). In the
event that we would wish to process your personal data for any of these
purposes, you will receive separate information in advance and, where
applicable, we will ask for your consent to process your personal data for
such a purpose.
In relation to subtenants, Heimstaden processes personal data for the
purpose of evaluating the application regarding sublease of an apartment.
Heimstaden also processes personal data to the extent necessary to comply
with a legal obligation.
Personal data concerning housing applicants are processed for the purpose of
administrating housing applications, including assessments of whether you
meet the relevant requirements for the apartment applied for.
3.3.4 Guarantor
Personal data that are provided to Heimstaden in a personal guarantee to
Heimstaden will be processed by Heimstaden to the extent it is necessary for
the administration and performance of the personal guarantee and/or
applicable legal obligations.
3.3.5 Shareholder
We process personal data concerning shareholders in order to manage
registrations for and the conduction of general meetings (e.g. to check
whether a shareholder’s shareholding is directly owned or registered to a
nominee shareholder and to take appropriate actions in respect thereof, to
administrate the general meeting including food services and food
preferences, etc.) and to take any required measures in respect of the share
register (e.g. to, upon request of a shareholder, disclose the share
register and the information therein). We may also process your personal
data for the purpose of communicating news about the company’s business
operations, such as interim reports and annual reports, if you have
requested to receive such news. In addition, we may process your personal
data in order to communicate with you and administrate related matters that
you, as a shareholder or contact person for a company that is a shareholder,
initiate and which in some cases require that we take further action
depending on the subject-matter. If you are a major shareholder, we may, in
some situations, also process your personal data by publishing name and
shareholding in interim reports, annual reports, on the Website, etc.
In some cases, we may have a reason to process your personal data by
publishing pictures in interim reports, annual reports, on the Website, etc.
Should we wish to process your personal data for such a purpose, you will
receive separate information on the personal data processing that this will
entail and, where required, we will ask for your specific consent to process
your personal data for this purpose.
-
LAWFUL BASES FOR THE PROCESSING OF PERSONAL DATA
4.1 Performance of a contract
4.1.1 Business Partner
Processing of personal data for the purpose of managing our business
relationship in different ways is carried out in order for us to be able to
perform the contract or agreement that our business relationship is based
on.
4.1.2 Tenant
Personal data concerning tenants are processed in order for us to comply
with our obligations as a landlord under the rental agreement and any
applicable law which regulates the tenancy.
4.2 Balancing of interests
4.2.1 General
For processing activities which are based on a balancing of interests,
Heimstaden has made the assessment that the processing is necessary for the
purposes of Heimstaden’s legitimate interests, and that it does not infringe
on your privacy to a large extent.
4.2.2 User/visitor of the Website
Processing of personal data concerning visitors and users of the Website is
carried out based on a balancing of interests where Heimstaden’s interests
of examining and analysing the traffic on the Website, making your visit on
the Website as good as possible and to direct marketing towards you override
the potential risks for infringement of your privacy that may arise as a
result of these types of processing activities.
4.2.3 Business Partner
Processing of personal data which is not directly connected to the
performance of the contract or agreement that our business relationship is
based on may be carried out based on a balancing of interests. This includes
processing of your personal data for the purpose of contacting you and
sending event invitations to you.
4.2.4 Tenant, subtenant and housing applicant
Processing of personal data which is not directly connected to the
performance of the rental agreement may be carried out based on a balancing
of interests. This includes the development and sale of products and
services, distribution of information or newsletters to tenants, offering
services through our Business Partners, such as home insurance or, in some
cases, camera surveillance in common spaces of properties, within the scope
of our rental or administration business. If you do not wish to receive our
newsletter, you can deregister either by contacting us using the contact
details below, or through the link in the email received.
We process subtenants’ personal data based on our legitimate interests of
carrying out a rational assessment of the application for a sublease and
administrating our tenancy relationship with the tenant that you rent the
apartment from.
When you apply for an apartment, we process your personal data based on our
legitimate interest of collecting relevant information about you, in order
to allocate apartments within our rental business.
If you are a registered guardian or administrator of a tenant, we process
your personal data based on our legitimate interest of administrating the
tenancy relationship with the tenant in question.
4.2.5 Guarantor
If you are a guarantor, we process your personal data based on our
legitimate interests of preparing, administrating and performing the
personal guarantee, or based on a legal obligation.
4.2.6 Shareholder
Processing of your personal data for the purpose of sending you news about
our business or invitations to events, as well as any potential publication
of information about you in the annual report or similar, is carried out
based on a balancing of interests. This also applies to Heimstaden’s
management of matters that you, as a shareholder or contact person of a
company that is a shareholder, initiate.
4.3 Compliance with a legal obligation
We retain accounting documentation to the extent required by applicable law.
Processing of a shareholder’s personal data for the purpose of
administrating the share register is carried out based on a legal
obligation.
4.4 Consent
When we process your personal data based on your consent, e.g. when we
publish posts, pictures or videos of you on social media or if you have
given your consent to receiving marketing by email, you can, at any time,
withdraw your consent by contacting us using the contact details below. Such
withdrawal can be made in whole or in part.
-
FOR HOW LONG DO WE RETAIN YOUR PERSONAL DATA?
5.1 General
Your personal data will be retained and processed by us until processing no
longer is necessary in respect of the abovementioned purposes, unless the
data must be retained for a longer period of time in accordance with a legal
obligation.
The information required for our book-keeping (e.g. information about all
orders, invoices, rental invoices and payments) and tax documentation must,
by law, be retained for at least seven years. Please note that some data are
retained for a longer period of time. For example, information pertaining to
invoices are retained for longer than seven years, for follow-up purposes.
If we process your personal data based on your consent, we only retain such
personal data for as long as we still have your consent thereto.
5.2 User/visitor of the Website
Personal data which are collected via cookies that are used on the Website
are retained for different periods of time depending on which type of cookie
that collects the information. We do not retain information that has been
collected by cookies for a longer period than what necessary for the
purposes of the processing. Each Website may have different cookies
implemented. More detailed information about which cookies we use on which
Website, and their respective retention time, is available in Heimstaden’s
cookie statements available on each Website.
5.3 Business Partner
Personal data are, as a main rule, retained until we no longer have a
business relationship with the company that you represent, or until you no
longer represent the company. Personal data which are processed in order to
send you invitations to events are retained as long as you are a contact
person for the company that you represent. Personal data which are processed
in order to administrate events are deleted no later than three months after
the event has taken place.
5.4 Tenant and subtenant
Much of the personal data concerning you, as a tenant or subtenant, are
retained during the rental period and until all claims have been finally
settled. Electronic logs from electronic booking and key management systems
as well as material from potential camera surveillance of public spaces are
normally retained for two to four weeks and are deleted on a regular basis
during the rental period. If the rental agreement is terminated due to
negligence/the tenant’s breach of his or her duty of care (Sw.
misskötsamhet), we may retain a note on the reason for your vacating the
apartment, for two years.
In connection with the rejection of a sublease application, we immediately
delete all personal data concerning the intended subtenant.
If you are a tenant’s registered guardian or administrator, your personal
data are retained during the same period as the represented tenant’s
personal data.
5.5 Housing applicant
If you are a housing applicant, your personal data are processed only for as
long as you wish to remain an applicant. Information on notices of interest
of individual rental objects are deleted shortly after the apartment in
question has been assigned. If you have not been assigned an apartment, due
to that you have not met our tenant requirements, a short description
thereof will be retained for three months.
5.6 Guarantor
Heimstaden retains personal data concerning guarantors until the rental
agreement, for which the personal guarantee was signed, expires, or for as
long as is necessary to monitor potential claims.
5.7 Shareholder
Data concerning your shareholding in Heimstaden are retained, by law, for at
least ten years, for shareholding history purposes.
Data processed in order to manage communication with you as well as related
matters initiated by you, as a shareholder or contact person for a company
that is a shareholder, are retained for as long as the data are relevant in
relation to the subject of the communication and/or matter.
Data which are processed in order to send you news are retained as long as
you wish to receive such news.
Data which are published in annual reports are retained for at least ten
years.
-
SECURITY MEASURES
Heimstaden has drafted policies and established standards to ensure that the
processing of your personal data is carried out in a secure manner. As a
main rule, access to personal data is only granted to employees of the
company, who need such access in order to carry out their work tasks.
In relation to sensitive personal data, we have established certain access
control measures which entail a better protection of your personal data.
Our security systems are developed with a focus on your privacy and they
provide high protection against intrusion, deletion and other modifications
which could pose risks to your privacy.
We only transfer personal data in accordance with this policy.
-
TO WHOM DO WE DISCLOSE YOUR PERSONAL DATA?
7.1 General
We may disclose your personal data to other companies in Heimstaden’s group
of companies for the purpose of sharing relevant contacts and to pass on
information deriving from communications with you, for cooperation when
choosing Business Partners, etc.
Heimstaden may also disclose your personal data in order to comply with
legal obligations, and they may be disclosed to public authorities when so
required by law.
7.2 User/visitor of the Website
Personal data may be disclosed to the suppliers of the tools that we use on
the Website for statistics and for marketing purposes, depending on the
Website you are visiting. More information is available in Heimstaden’s
cookie statements available on each Website.
7.3 Business Partner
To the extent necessary for them to fulfil their obligations, we may
disclose your personal data to our Business Partners providing services on
our behalf. Collected personal data would first and foremost be shared with
our IT suppliers, in order to withhold and maintain our IT systems and,
depending on the business relationship, with our accountants and our bank.
7.4 Tenant, subtenant and housing applicant
To the extent they need the personal data to carry out their services, your
personal data may be disclosed to our Business Partners in connection with,
inter alia, allocation of apartments, customer surveys, debt collection,
property maintenance, electricity supply networks, telecommunication, home
insurance, external standby disturbance duty, accounting, security and
provision of systems. Your personal data may also be disclosed to public
authorities or municipalities for crime investigation purposes, reports of
disturbances or contract terminations to social services, and housing
adaptations. In connection with rental negotiations, your personal data will
be disclosed to tenants’ associations. In case of divestment of the property
you live in, or in certain cases where you have previously been living,
personal data may be disclosed to potential buyers and their advisors.
-
WHERE DO WE PROCESS YOUR PERSONAL DATA?
As a main rule, your personal data will only be processed within the EU/EEA.
In the event that your personal data is transferred to a third country,
Heimstaden ensures that necessary safeguards are in place in relation to
your personal data. Such safeguards include the application of the European
Commission’s Standard Contractual Clauses between Heimstaden and each
recipient of the personal data.
-
YOUR RIGHTS
You have the right to request information regarding what personal data
concerning you that we are processing and how they are being used. This
information will be delivered in the form of a register extract.
In case the personal data we process about you are inaccurate or incomplete,
you can request correction or completion thereof.
To a certain extent, you have the right to “be forgotten”, which means
deletion of your personal data processed by us. However, we are entitled to
deny such requests under certain conditions, e.g. if we need to process your
personal data for compelling reasons.
Under certain conditions, you have the right to request that the processing
of your personal data is restricted to certain given purposes.
You have the right to object to any processing of your personal data which
is carried out based on our legitimate interests.
You have the right to data portability, which means that under certain
conditions you are entitled to receive your personal data in a structured,
commonly used and machine-readable format, in order to transmit them to
another data controller.
Should you wish to exercise any of the rights mentioned above, please
contact us by using the contact details below. When assisting you with such
matters, we may ask you for identification to protect your privacy and your
personal data.
If you have objections to our processing of your personal data, you can file
a complaint with the Swedish Authority for Privacy Protection (Sw.
Integritetsskyddsmyndigheten). For more information please visit
https://www.imy.se/en/individuals/forms-and-e-services/file-a-gdpr-complaint/
.
-
CHANGES TO THIS PRIVACY POLICY
We may change the terms of this privacy policy. The latest version of it is
available on the Website.
-
CONTACT DETAILS
If you have any questions related to this privacy policy or if you want to
contact us regarding our processing of your personal data, please contact us
on
dataskyddsforordningen@heimstaden.com