last updated on 18.7.23
This notice provides information on the Veoneer Safety Systems Group’s processing of personal data of occasional and professional visitors to the Veoneer Safety Systems Group´s premises (“Privacy Notice”). If you are visiting or have visited the premises of a Veoneer Safety Systems Group´s company, we may process personal data about you.
For the purpose of this notice, the “Veoneer Safety Systems Group” means Veoneer Sweden Safety Systems AB, acting on its own behalf and as agent for each of its Company Affiliate.
This Privacy Notice applies only when Veoneer Safety Systems Group is collecting or otherwise processing personal data for Veoneer Safety Systems Group’s purposes (i.e., when Veoneer Safety Systems Group, either alone or in common with other entities, is a controller and therefore determines the purposes for which and the manner in which any personal data is processed).
This Privacy Notice does not apply when Veoneer Safety Systems Group is collecting or otherwise processing personal data on behalf of another company, such as Veoneer Safety Systems Group’s independent suppliers and customers.
In addition to this Privacy Notice, other Veoneer Safety Systems Group´s systems, applications, and processes may have their own privacy notices, which provide additional details about what specific personal data is collected and how it is stored, used, and transferred.
Identity and contact details of the controller and the Veoneer Group Data Protection Officer
The Veoneer Safety Systems Group company that you are or have been visiting (below referred to as “Veoneer”) is the controller of the personal data that Veoneer obtains from you and the other sources described below.
“Controller” means that it is Veoneer that decides on the purpose and means for the processing of your personal data. Veoneer is responsible for the processing of your personal data under applicable data privacy laws and regulations.
If you have questions regarding the processing of your personal data, please contact the Veoneer Safety Systems Group Data Protection Officer at [email protected] or by post or phone at:
Veoneer Germany Safety Systems GmbH
Stahltweite 21/a
22761 Hamburg
Germany
+491717755359
What categories of personal data may Veoneer process, on which legal ground(s) and for what purposes?
For the purposes of this Privacy Notice, “personal data” is any information about a specific individual or that identifies or may identify a specific individual. In other words, it is any piece of information than can be linked to you.
For the purposes of this Privacy Notice, the term "process” or “processing” means any use of personal data, including but not limited to the collection, recording, organization, storing, adaptation, alteration, transferring, making available, blocking, deletion or destruction of personal data.
Legal grounds
Veoneer will process your personal data based on either of the following legal grounds, see also further details below.
Legal obligation
Veoneer may process your personal data if such processing is necessary to comply with a legal obligation (e.g., to comply with court orders and legal reporting requirements).
Legitimate interests
Veoneer may process your personal data if such processing is necessary for the purposes of a legitimate interest pursued by Veoneer or a third party. It is generally considered to be in Veoneer’s legitimate interest to manage its daily operations, secure its facilities and equipment and keep internal control. In order to base its processing of personal data of its visitors on the legitimate interest basis, Veoneer makes an assessment on case-by-case basis.
Example, Veoneer may need to process certain personal data to enable the administration of your visit to the Veoneer Group. In this context, Veoneer’s legitimate interest is to manage its daily operations in a secure manner.
Where it is stated herein that Veoneer relies on its legitimate interests for a given processing purpose, Veoneer is of the opinion that its legitimate interests are not overridden by your interests, rights or freedoms. If you wish to obtain further information on this balancing test approach, please contact the Veoneer Group Data Protection Officer via the contact details set out above.
Vital interests
Veoneer may process your personal data to protect the vital interest of you and others if Veoneer has valid reasons to believe that such processing of your personal data may prevent or reduce any significant potential harm to you or others.
Veoneer may process the following categories of data which, in itself or in combination with other data, may constitute personal data and for the general purposes stated in Table 1 below.
Please note that the below list is a list of examples only and not intended as an exhaustive list, and that Veoneer will not necessarily process all the data listed below about you, and some of the purposes for processing will overlap and there may be several purposes which justify our use of your personal data.
| Categories of Personal Data | Purpose of Processing | Legal Ground for Processing |
|---|---|---|
| Contact data, such as name, title, place of work and e-mail address. | • Enabling registration of visitors in Veoneer’s visitor registration systems. • General administration of visits. |
• Legitimate interest (to manage visits to Veoneer premises). |
| Time data, such as date and time of when the visit occurred. | • Enabling registration of time of visits. | • Legitimate interest (to manage visits to Veoneer premises). |
| Vehicle detail data, such as registration number of the vehicle that you state upon registration. | • Enabling visitor access to parking lots. | • Legitimate interest (to manage visits to Veoneer premises). |
| Security data, such as access cards, access rights and use of access cards and access rights given to you. | • Enabling visitor to access Veoneer facilities in a secure manner. • Enabling identification and verification of visitors. |
• Legitimate interest (to enable secure access to Veoneer facilities). |
| IT-related data, such as user-ID, passwords and log-in details for your use of Veoneer public networks (if applicable). | • Enabling access to Veoneer public internet networks. | • Legitimate interest (to manage public internet access control, data protection and cyber security in general). |
| Image material, such as video footage that is being recorded on a Veoneer Group company closed-circuit television system (“CCTV”) installed on the applicable Veoneer Group company premises or other video and related security/monitoring systems whether on Veoneer Group premises or not but to which we have a legitimate purpose in viewing / accessing. | • Manage safety and security at Veoneer Group facilities. | • Legitimate interest (to maintain security and safety, prevent fraud or theft; and (where applicable) to assist with regulatory compliance). |
Video surveillance monitoring
Veoneer may use video surveillance monitoring (or CCTV, as defined above) where permitted by law. Video surveillance is generally used to control and prevent unauthorized access to Veoneer’s premises and equipment, however in some countries it may also be used for the purpose to ensure compliance with health and safety guidelines and procedures and for overall production improvement purposes. Video surveillance images and recordings are securely stored and only accessible on a need-to-know basis (for example, to look into an incident).
From where will Veoneer obtain your personal data?
Veoneer will obtain the personal data from yourself or the person you are visiting us together with, as it is possible for visitors to enter the names of their group of visitors. Further, if you are visiting a Veoneer employee, that person may provide personal data about you to the reception for registration purposes.
Some personal data might also be automatically generated from Veoneer’s IT-system and video surveillance systems, such as log information and/or image materials.
What happens if you do not provide Veoneer with any personal data?
Your decision to provide any personal data to Veoneer is voluntary, however for security purposes, all visitors must register themselves in connection with visits to Veoneer Group premises.
If you do not wish to provide your personal data in connection with a visit, we may not be able to grant you access to the Veoneer Group premises.
How will Veoneer share your personal data?
Your personal data may be shared with other Veoneer Group companies and with certain categories of third parties (as further detailed below), which may involve transferring your personal data to other countries.
Sharing of personal data within the Veoneer Group
The Veoneer Group is a global organization with offices and operations throughout the world, and your personal data may be transferred or be accessible internationally throughout the Veoneer Group’s global business and between its various entities and affiliates. Any transfers of your personal data to other Veoneer Group companies (including transfers from within the EU/EEA to outside the EU/EEA) will be governed by the same internal rules that reflect the provisions laid down by the EU General Data Protection Regulation. All Veoneer Group entities must comply with the same internal rules. It means that your rights stay the same no matter where your data are processed by Veoneer Group.
Sharing of personal data with third parties outside of the Veoneer Group
In addition to the sharing of personal data between Veoneer Group companies as set out above, Veoneer may also share your personal data with certain categories of third parties, including:
- Business partners,such as Veoneer Group’s suppliers and service providers in connection with their provision of products and services to the Veoneer Group, such as IT service providers.
- Professional advisors, such as insurers, lawyers and other professional advisors in connection with insurance claims, audits and the receipt of advisory services.
- Emergency service providers, such as the police, fire brigade, ambulance and roadside assistance to protect the vital interest of you and other such as in connection with emergency assistance.
- Law enforcement, regulatory authorities and other public and judicial bodies in connection with legal obligations such as court orders or legal reporting requirements or if considered necessary in exceptional cases to protect the vital interest of you or others.
Any third-party service providers and professional advisors to whom your personal data are disclosed, are expected and required to protect the confidentiality and security of your personal data and may only use your personal data in compliance with applicable data privacy laws and regulations.
Further, in the event that any Veoneer Group company that is located within the EU/EEA transfers personal data to external third parties that are located outside of the EU/EEA the relevant Veoneer Group company will satisfy itself that there are appropriate safeguards in place which provide adequate levels of protection of your personal data as required by applicable data privacy laws (including the EU General Data Protection Regulation). For example, this may include the use of EU approved Standard Contractual Clauses.
If you have questions about how Veoneer will share your personal data, please contact the Veoneer Group Data Protection Officer via the contact details set out above.
How does Veoneer safeguard personal data?
Veoneer utilizes appropriate and reasonable legal, technical and organizational security measures, including information technology security and physical security measures, to adequately protect personal data.
These measures are appropriate to the risks posed by the processing of personal data and to the sensitivity of the personal data and consider the requirements of applicable local law. In addition, the measures are continuously improved in line with the development of available security products and services.
Veoneer requires all persons to abide by applicable security policies related to personal data when using Veoneer systems.
For how long will Veoneer process your personal data?
Veoneer will normally process your personal data for a maximum period of two (2) years after your visit. After this period, Veoneer will only process the personal data as may be required to comply with local legal obligations or to satisfy any legal requirements in the event of an actual, threatened or anticipated dispute or claim.
Certain Veoneer entities and affiliates could apply shorter maximum retention periods according to local legal obligations.
If you have questions about how Veoneer will store your personal data, please contact the Veoneer Group Data Protection Officer via the contact details set out above.
Your data protection rights
You may be entitled, where provided for under applicable data privacy laws and regulations, to:
- Request access to the personal data Veoneer process about you: this right entitles you to know whether we hold personal data about you and, if we do, to obtain information on and a copy of the specific pieces and categories of personal data.
- Request a rectification of your personal data: this right entitles you to have your personal data corrected if it is inaccurate or incomplete.
- Object to the processing of your personal data: this right entitles you to request that Veoneer no longer processes your personal data.
- Request the erasure or deletion of your personal data: this right entitles you to request the erasure or deletion of your personal data, including where such personal data would no longer be necessary to achieve the purposes.
- Request the restriction of the processing of your personal data: this right entitles you to request that Veoneer processes your personal data only in limited circumstances, including with your consent.
- Request portability of your personal data: this right entitles you to receive a copy (in a portable and, if technically feasible, readily usable format) of your personal data, or request Veoneer to transmit such personal data to another data controller.
- In the event that our processing of your personal data or part thereof is based on your consent, to withdraw at any time your consent, in which case Veoneer will cease any further processing activities of your personal data or the relevant part thereof (however such withdrawal will not affect the legality of the data processing activities prior to the withdrawal).
Please note that Veoneer may not always be obliged to comply with a request of deletion, restriction, objection or data portability. Assessment may be made on a case-by-case basis of Veoneer’s legal obligations and the exception to such rights.
You also have the right to lodge any complaints you may have regarding Veoneer’s processing of your personal data to a supervisory authority. For more information about these rights and how to exercise them, please contact the Veoneer Group Data Protection Officer via the contact details set out above.
What happens if this Privacy Notice changes?
Veoneer encourages the periodic review of this Privacy Notice to stay aware of any changes to it.
We reserve the right to amend this Privacy Notice as needed. When we do, we will note near the top of this Privacy Notice the date that any such changes are made and/or when they become effective.
