Background
This Privacy Policy (the ”Privacy Policy”) describes how we (CTR AB) obtain and process your personal data.
The Privacy Policy also describes your rights in relation to us and how you can assert these rights.
We ask you to carefully read this Privacy Policy before you share any personal data with us.
Controller
CTR AB, corp. reg.no 559054-4903 with address Eklundshovsvägen 1G, SE-752 37 Uppsala, Sweden, Sweden,
is the controller for the processing of your personal data as described in this Privacy Policy.
If you have any questions concerning integrity or data protection, please feel free to contact us. The easiest
way to do that is to send an e-mail to lars.bennbom@ctr-ab.se.
Who is this Privacy Policy for?
This Privacy Policy addresses how we process personal data regarding:
• Representatives from our existing and potential contracting parties, such as customers,
subcontractors, and business partners,
• job applicants,
• visitors to our website ctr-ab.se,
• others who interact with us in any way.
Please note that our website is not intended for individuals under the age of 18. We do not intentionally
collect personal data from children. If you are the parent or guardian and believe your child has provided us
with personal data, please contact us at the address below to request deletion.
How do we collect personal data?
Information from you
In general, we collect personal data directly or indirectly from you in a variety of ways, such as
• when we are engaged or preparing, administering, or performing our business,
• when we enter into, administer or perform agreements,
• when you apply for a job or otherwise announce your interest in working with us,
• when we meet at meetings, events, seminars, fairs, etc.,
• when you participate and sign up to participate in our events and surveys,
• when you visit our facilities or our website,
• when you contact us through our website, social medias, e-mail, letter or phone or face-to-face, or
• when you in any other way interact with us.
Information from other sources
We may also collect personal data from the following sources:
• from other companies within our company group,
• from other persons connected to the party for which you are a contact person, as well as,
• from your references or from any recruitment consultant or other service provider employed in
connection with recruitment.
What personal data do we process?
The categories of personal data that we may process about you may be:
Identity information, such as national personal identity number, date of birth, name, initials, signature, etc.
Contact information, both personal and professional, such as postal address, phone number, mobile phone
number, e-mail address, principal, employer, job title, job role, workplace, information about contact
person, contact details for the principal or employer etc.
Photos that you share with us or photos that we take, such as portraits, photos from events etc.
Billing information, such as billing address, reference person and other billing information, billing history,
payment reminders, costs and cost specifications, account information and other payment information,
payment history, etc.
Qualification and recruitment information, i.e. information about the applied appointment or appointment
of interest, information in any personal letter, CV, resume and submitted credentials and other documents,
information provided by references, test values, notes and summaries of interviews and other contacts
during the recruitment process, summaries and analyses from any recruitment consultant or other service
provider employed in connection with recruitment, certificate of service and testimonials, etc.
Technical information, such as IP address, language settings, browser type, browser settings, time zone,
operating system, platform, screen resolution, response time, download error, your geographical location,
and related traffic and usage information, such as which links you click and when, the address of the website
you arrived from, what marketing information you received and opened.
In addition, we may treat other categories of personal data provided by you or the party for which you are a
contact person.
We will only process your national identification number if and to the extent that it is clearly motivated by
the purpose of the treatment, the importance of a secure identification or other relevant reason.
What do we do with your information?
The purposes of, legal basis and storage periods for, our processing of your personal data
Below we have compiled our various purposes with our processing of your personal data, the categories of
personal data pertaining to the respective process, the legal basis for the processing and how long we store
your personal data:
If you choose not to provide certain personal information to us?
You are not required to provide personal information to us except when provided by law. But please note, if
you choose not to provide us with certain personal data or limit our right to process your personal data, that
may result in that we cannot fully manage our relationship with you, process your job application or fail to
meet an agreement we have with you.
What are our legitimate interests?
As you can see in the list above, we may process your personal information because it is necessary for the
purposes of our legitimate interests. Our “legitimate interest” corresponds to the purpose for which we
perform each processing based on our interest.
When we process your personal information for our legitimate interests, we perform a balancing test where
we make sure to consider and balance any potential impact on you (both positive and negative), and your
rights under data protection laws. Our legitimate interests, such as business, commercial and employer
interests, do not automatically override your interests. We will not use your personal data for activities
where our interests are overridden by the impact on you (unless we have your consent or are otherwise
required or permitted to by law).
We do not consider that our processing disadvantages you in any way. We use your information only in ways
you would understand and reasonably expect, and which have a minimal privacy impact, or where there is a
compelling justification for the processing.
You have a right to object to processing that is based on our legitimate interests. If you wish to do so, please
send an e-mail to lars.bennbom@ctr-ab.se.
How to revoke your consent
We do not process your personal data based on your consent. If we at any point in the future will process
your personal data based on your consent (in such case you will be duly informed beforehand), you have a
right to revoke your consent to this processing of your personal data at any time. If you would like to make
use of this right and revoke your consent, please contact us at lars.bennbom@ctr-ab.se. Please note, if you
revoke your consent, it does not affect the legality of the processing we have performed based on your
consent before it was revoked.
Cookies
We may, with your consent, use cookies when you use our website ctr-ab.se. We will inform you about what
cookies we use from time to time when we collect your consent on our site. More information about cookies
can be found in our cookie policy.
Sharing or transferring your information
We may disclose your personal information to chosen third parties in accordance with this Privacy Policy. In
the event of such sharing or transfer we will take every reasonable legal-, technical- and organizational
action in order to make sure that your personal data is handled in a safe manner and that the level of
security is adequate. Any third party that process your information on our behalf are bound by processor
contracts which includes a provision that such third party shall follow our instructions, take the measures
that we find necessary and observe confidentiality.
We may disclose your personal information to any of our consultants, insurers, professional advisers,
suppliers, subcontractors, advertisement partners, business partners, customers and companies within our
company group insofar as reasonably necessary for the purposes set out in this Privacy Policy. Hence, we
might share your personal data when a third party provide us with services such as providing, hosting and
maintaining IT systems, accounting, technical support, testing, surveys, etc. on our behalf.
We may also disclose your personal information to the extent that we are required to do so by law or a court
order, in connection with any ongoing or prospective legal proceedings, to establish, exercise or defend our
legal rights, for archival purposes of public interest, scientific or historical research or statistical purposes.
Please note that our website may contain links to other third-party sites, plug-ins, applications or other
online services. If you click on a link to a third-party site or other online service, you will be taken to a site or
other online service we do not control and that is not governed by this Privacy Policy. We are not
responsible for the privacy practices used by third-party sites and other online services. We suggest that you
read the privacy policies of those sites and other online services carefully.
How do we protect your information?
You should always feel secure when you provide us with your personal data. Therefore, we have taken the
suitable legal, technical, and organisational precautions to prevent unauthorized access, use, change and
deletion of your personal information. All our processing of your personal data is in accordance with current
applicable data protection legislation.
Where are we processing your information?
It is our objective to process all your personal data within the EU/EEA. In some situations, however, your
personal data may be transferred to and processed by a supplier, a subcontractor, or another business
partner with registered office in a country outside the EU/EEA. All such sharing and processing of
information will be in accordance with current applicable data protection legislation, and we will take all
reasonable legal, technical and organisational actions to make sure that your personal data will be processed
securely and with an adequate level of protection comparable with, and at the same level as, the protection
that is provided within the EU/ EEA.
If you have any questions regarding a transfer, please contact us through the contact details provided in this
Privacy Policy.
Your rights
Right of access and to information
You have the right to obtain a confirmation from us as to whether or not personal data concerning you are
being processed by us, and, where that is the case, you have the right to access that personal data.
We will, free of charge and once per year upon your request, provide a copy of your personal data
undergoing processing. If you make the request by electronic means, and unless otherwise requested by
you, the information will be provided in a commonly used electronic form.
Right to rectification
You have the right to obtain from us, the rectification of inaccurate personal data concerning you. Taking
into account the purposes of the processing, you also have the right to have incomplete personal data
completed.
Right to erasure (”right to be forgotten”)
You have the right to obtain from us, the erasure of personal data concerning you and we have the
obligation to erase your personal data in some situations, for example:
• if the personal data is no longer necessary in relation to the purposes for which they were collected,
• if the processing is based on your consent and you withdraw that consent (and there is no other
legal basis for the treatment),
• if the processing is based on our legitimate interests and you object to the processing and there are
no overriding legitimate grounds for the processing,
• if the personal data have been unlawfully processed, or
• if the personal data have to be erased for compliance with a legal obligation, etc.
There might be reasons as to why we cannot immediately erase all your personal data. Our continuous
processing of your personal data might for example be necessary for us to fulfil a legal obligation that
requires processing of your personal data, for example bookkeeping and tax legislation, or to establish,
exercise or defend a legal claim. In that case we will block the information that could not be immediately
erased from use for any other purposes than the ones that hindered the information from being erased
immediately.
Right to restriction of processing
You have the right, under certain conditions, to obtain from us restriction of processing of your personal
data. Restriction of processing means that your stored personal data will be marked with the aim of limiting
their processing in the future to certain given purposes.
The right to restriction applies for example when you have contested the accuracy of your personal data, for
a period enabling us to verify the accuracy of the personal data, and when you have objected to our
processing based on our legitimate interests, pending the verification whether our legitimate grounds
override yours.
Right to data portability
You may have the right, under certain conditions, to receive the personal data concerning you that you have
provided to us in a structured, commonly used and machine-readable format and the right to transmit those
data to another controller without hindrance from us.
When exercising your right to data portability, you have the right to have your personal data transmitted
directly from us to another controller, where technically feasible.
Right to object
You have the right to object, on grounds relating to your particular situation, at any time to certain
processing of your personal data. The right to object applies when we process your personal data including
profiling, to perform an engagement of public interest, as part of the exercise of public authority or after a
balance of interest.
Where personal data are processed for direct marketing purposes, you have the right to object at any time
to our processing of your personal data for such marketing.
Right to lodge a complaint
If you consider that our processing of your personal data infringes the GDPR you have the right to lodge a
complaint with the Integritetsskyddsmyndigheten, which is the supervisory authority in Sweden.
Exercise your rights
If you wish to exercise any of your rights you can easily do that by contacting us using the contact
information below. In order to protect your integrity and your personal data we might require that you
identify yourself when you require our assistance.
Contact information
Center for Translational Research Sweden AB
Corp. reg.no 559054-4903
E-mail lars.bennbom@ctr-ab.se
Phone number: +46 709 185362
Adress: Eklundshovsvägen 1G
SE-752 37 Uppsala
SWEDEN
This Privacy Policy was updated December 2023