Processing of personal data - Municipalities or public authorities

Which personal data will be processed?

Castellum compiles and processes the following data: name, email address, employer, position, food preferences and any additional information which may be disclosed by you when communicating with us (your “personal data”).

Why do we process your personal data?

Castellum processes your personal data in order to compile information about individuals at relevant municipalities, public authorities and other public bodies who are relevant for Castellum and to enable us to contact you easily regarding permit issues and other similar issues within the scope of Castellum’s property management business. We may also process your personal data in order to send you news about our operations or to invitations to events (including organising such events, e.g. as regards participants, refreshment and food preferences).

From where do we obtain personal data?

The personal data is compiled directly from you. Information may also be compiled from your employer.

Who has access to your personal data?

We have taken appropriate technical and organisational security measures to protect your personal data against, for example, loss and unauthorised access. Only persons at Castellum have access to your personal data and such will be processed only for the purposes stated above.

We may, however, share your personal data with other companies within the Castellum group with the aim of sharing relevant contacts and transferring knowledge of what has arisen in communication with you. We may also share your personal data with our providers and other cooperation partners who perform services on our behalf. The personal data you provide to us may primarily be shared with our IT providers for the supporting and the maintenance of our IT systems.

How long is your personal data stored?

Your personal data will be stored and processed by us no longer than necessary in light of the purpose of the processing, unless there are specific statutory requirements entailing that the data must be stored for a longer period. Personal data which is processed in order to send you news about our operations or invitations to events will be stored for such time as you continue to be our contact person.

What right does Castellum have to process your personal data?

The processing of your personal data is based on a balancing of interests. Castellum considers that it is entitled to process your personal data since the processing is necessary for purposes which involve Castellum’s legitimate interests.

This is our reasoning

Castellums legitimate interest in this case is to know which individuals at various municipalities, public authorities and other public bodies it is relevant to contact on various types of issues. In addition, Castellum’s legitimate interest with respect to the processing of personal data for sending you news or invitations to events is to keep you updated concerning what is happening in our business and to maintain the commercial relationship which has been created and to maintain a positive relationship with you. Castellum has weighed its legitimate interests against the possible encroachment on privacy that Castellum’s processing of your personal data might entail. Castellum makes the assessment that the risk of encroachment on privacy is restricted since you, in your professional capacity, should be able to expect that certain data will be processed for the above-mentioned purposes. The personal data which is processed cannot be deemed to be particularly privacy-sensitive personal data. The personal data which is processed is also restricted to what is needed to perform the purposes for which the processing of personal data takes place. Accordingly, following a balancing of interests, Castellum makes the assessment that Castellum is entitled to process the personal data.

What happens if you do not provide your personal data?

It is necessary that you provide the personal data stated above to enable Castellum to contact you. If the data stated above which is obtained from you is not provided, Castellum is unable to contact you.

Your rights

You are entitled to request access to the personal data that Castellum processes about you. You are entitled to have incorrect personal data about you rectified and may request that personal data be erased. You are also entitled to object to certain processing of your personal data and to request that the processing of personal data be restricted.

If you request that Castellum restricts or erases your personal data, this may have the consequence that Castellum is unable to perform its duties. You are also entitled to request to receive your personal data in a machine-readable format with the aim of transmitting the data to another controller (referred to as data portability).

If you are dissatisfied with the way in which Castellum processes your personal data you may complain to the supervisory authority regarding Castellum’s processing of personal data.

If you have any questions concerning the way in which your personal data is processed, you are welcome to contact Castellum’s data protection team on gdpr@castellum.se.

Controller and contact details to Castellum

The controller in respect of the processing of your personal data is the company stated in the list below which belongs to the region in which your contact person at Castellum is located:

• Castellum Mitt AB; reg. no. 556121-9089, Box 1824, 701 18 Örebro
• Castellum Stockholm AB; reg. no. 556002-8952, Box 1084, 101 39 Stockholm
• Castellum Väst AB; reg. no. 556122-3768, Box 8725, 402 75 Gothenburg
• Castellum Öresund AB; reg. no. 556476-7688, Box 3158, 200 22 Malmö
• Castellum Mälardalen AB, org.nr. 559292-6678, med adress Box 1187, 721 29 Västerås