Privacy notice

Introduction

Epiroc AB and its affiliated companies care about your privacy and are committed to protecting your personal information in accordance with fair information practices and applicable data privacy laws. Regardless of in which capacity you share information with us, e.g. as a customer, supplier, shareholder, etc., it is important to us that you feel safe about how we treat your personal data.

This privacy notice explains how Epiroc AB and its subsidiaries (“Epiroc,” “we,” “us” and “our”) collect, use and share personal information that you provide to us, or that we may otherwise obtain or generate, which relates to you (“Personal Information”).

If Country specifics items exists they can be found at the bottom of the page. 

Scope

Personal data or personal information means any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is someone who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

This privacy notice applies to the personal data we obtain through our normal business activities, both online and offline i.e. collection in connection with sales and marketing, partner and supplier engagement and investor relations. As this privacy notice is intended to cover a variety of situations, there may be information contained in the privacy notice that does not apply to you. Also, this Privacy Policy does not apply to personal data obtained through our Careers website, which is subject to the Applicant’s Privacy Notice.


It is clear that Epiroc will always abide local laws and regulations and will refrain from the collection or use or personal data in a location where it is prohibited by law. 

Collection of personal data

We may collect, use and process your personal data in order to provide you with services, products or information that you request. The collection of personal data will be transparent to you, and you will have the opportunity to decide whether or not to provide it. In order to provide you with a specific product, service, or information or to process a transaction, we may request your personally identifiable information. This will be indicated whenever we collect it.

For further information on the type of personal data that we may collect, please see below under “Categories of personal data, purposes of process and legal bases”.

Further, we may process your personal data for the purpose of marketing, meaning that we may send you information and offers about products or services which we believe may be of interest to you. The legal basis for our processing is that it is necessary for our legitimate interest of maintaining good customer relations. You may always object to marketing from us, please see below under “Your Rights”.

Website

When you enter our website, we may collect your computer’s IP address. The IP address does not identify you as an individual but does identify your Internet service provider. Other non-personally identifiable information that we may collect include the type of Internet browser used, the type of computer operating system used, and the domain name of the website from which you visited our site. The information is aggregated to provide broad demographic information, such as the geographic location of visitors and how long they stay on our site. Collecting this type of information allows us to administer our site, diagnose server problems, analyze trends and statistics, and provide better customer service.

In addition, we may use your personal data for the purposes of analyzing and developing our website and its services and for marketing purposes. The legal ground for our processing is that the processing is necessary for our legitimate interests to improve our services and our marketing measures. For the avoidance of doubt, data available to Epiroc through your use of the website and its services shall belong to Epiroc without any restrictions (provided that it doesn’t contain your personal data).

Cookies

Read more about how we work with Cookies:

Use of personal data

Personal data is only collected when necessary to provide a product, service, information, process a transaction or if you submit it to us for other purposes, and provided that we have legitimate legal bases for such processing. If you choose not to provide any of the personal information requested, Epiroc may be unable to complete your transaction, or provide the information, services or products you have requested. When collected, we will clearly state the purposes for which the personal data might be used as well as the period during which the personal data will be kept by us.

For further information on the purposes for our collection and use of personal data, as well as the legal bases for such collection and use, please see below under “Categories of personal data, purposes of process and legal bases”.

If required, we may need to get your consent to allow to use your personal data. Such consent may be withdrawn at any time (as further set out under the section “Your rights”).

Categories of personal data, purposes of processing and legal bases

Please click on the relevant link to jump to the section that applies to you:

Recipients of personal data

  • Within Epiroc: business functions which require access to your data in order to perform our contractual and legal obligations (i.e. sales, accounting, operations, legal) or for the purpose of our legitimate interests (i.e. marketing).
  • Third parties: we may use third parties to provide or perform services and functions on our behalf. We may make personal information available to those third parties to perform these services and functions. Any processing of that personal information will be on our instructions and in accordance with applicable data processing regulations, as well as compatible with the original purposes.
  • As required by law: we may also make personal information available to public or judicial authorities, law enforcement personnel and agencies as required by law, including to meet national security or law enforcement requirements, and including to agencies and courts in the countries where we operate. Where permitted by law, we may also disclose personal information to third parties (including legal counsel) when necessary for the establishment, exercise or defense of legal claims, or to otherwise enforce our rights, protect our property or the rights, property or safety of others, or as needed to support external audit, compliance and corporate governance functions.
  • Mergers and acquisitions: personal information may be transferred to a party acquiring all or part of the equity or assets of Epiroc or its business operations in the event of a sale, merger, liquidation, dissolution or other.
  • Affiliates: we may also transfer and share information to Epiroc affiliates in compliance with applicable law

International transfers

Because Epiroc is a global company with locations in many different countries, we may transfer your Personal Information from one legal entity to another or from one country to another in order to accomplish the purposes listed above. We will transfer your Personal Information consistent with applicable legal requirements and only to the extent necessary for the purposes set out above. Within the Epiroc group of companies, Personal Information is transferred subject to the same rules and levels of security. If required, data processing agreements will be in place to ensure the necessary level of protection and, in the event of a transfer of your Personal Information to a country outside the EU/EEA, such transfer will be made in compliance with the applicable rules for a transfer to a third country. 

 

Epiroc relies on available legal mechanisms to enable the legal transfer of Personal Information across borders. To the extent that Epiroc relies on the standard contractual clauses (also called the model clauses) to authorize transfer, Epiroc will comply with those requirements, including where there may be a conflict between those requirements and this Notice.

 

Epiroc will not sell or otherwise share your personal information outside the Epiroc group of companies, except to:

  • service providers Epiroc has retained to perform services on our behalf. Epiroc will only share your Personal Information with service providers whom Epiroc has contractually restricted from using or disclosing the information except as necessary to perform services on our behalf or to comply with legal requirements;
  • comply with legal obligations, including but not limited to, in response to a legitimate legal request from law enforcement authorities or other government regulators;
  • investigate suspected or actual illegal activity;
  • prevent physical harm or financial loss; or
  • support the sale or transfer of all or a portion of our business or assets (including through bankruptcy).

Retention

We will retain your personal information as long as we have an ongoing relationship with you or as long as necessary to achieve the purpose for which it was collected, usually for the duration of any contractual relationship and for any period thereafter as legally required or permitted by applicable law. 

Your rights

You are entitled to the following rights under applicable laws. Please note that all the rights are not unconditional. Therefore, an attempt to invoke one of the following rights might not lead to an action from us. 
  • You have the right to obtain without constraint at reasonable intervals and without excessive delay or expense a copy (in a commonly used electronic form) of all data relating to you that are processed.
  • You have the right to obtain the rectification or update of inaccurate, out-of-date or incomplete personal information.
  • You have the right to erasure of personal data under certain circumstances. Please note that this right is not unconditional. Therefore, an attempt to invoke the right might not lead to an action from us.
  • You have the right to object, at any time on compelling legitimate grounds relating to your particular situation, to the processing of your personal data, unless that processing is required by law. Where the objection is justified, the processing must cease.
  • You have the right to request, at any time on compelling legitimate grounds relating to your particular situation, that the processing of your personal data is restricted, unless that processing is required by law. Where the request is justified, the processing must be restricted.
  • You may have the right to request data portability. Data portability is the provision of your personal information in a structured, commonly used and machine-readable form so that it may be transferred to another company easily. The right to data portability is subject to restrictions i.e. data portability does not apply to paper records and must not prejudice the rights of others or sensitive company information.
  • You have the right not to be subject to decisions based solely on automated decision making if those decisions produce legal effect or significantly affect you.
  • You have the right to withdraw any consent previously granted for a specific purpose at any time, if consent is the legal basis for the processing of your personal information.

We respect these rights and have processes in place to recognize and respond to individuals wishing to exercise these rights. We will respond to your request no later than within one month. You may request to exercise any of these rights through your local contact or via gdpr@epiroc.com.

Security

Epiroc is committed to making sure that your personal information processed iskept secure and has implemented appropriate technical measures and security policies that protect the information it has under its control from:

 

  • Unauthorized access.
  • Improper use or disclosure.
  • Unauthorized modification.
  • Unlawful destruction or accidental loss.

All Epiroc personnel and any third parties which Epiroc engages to process your personal information are obliged to respect the confidentiality of your information.

However, no server or transmission over the Internet can be guaranteed to be 100 percent secure. Therefore, any activity or communication is conducted at your own risk. 

Data controller

The Controller of your data is the Epiroc group company that initially collected your data and decided the purposes and means for using your data.
If you have questions about who the Controller of your data is or any other questions about your data, please contact the Epiroc group privacy officer via gdpr@epiroc.com

Privacy concerns and how to contact us

For further information on the processing of personal data or if you are concerned about an alleged breach of privacy law or any other regulation by Epiroc, you can contact gdpr@epiroc.com.
An Epiroc Privacy Officer will be made available to respond to your questions or investigate your complaint and give you information about how it will be handled.

How to contact the appropriate authority

If we do not address any of your requests or fail to provide you with a valid reason why we are unable to do so, you have the right to contact supervisory authority to make a complaint. You can find your local supervisory authority at following link: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm

Changes to our privacy notice

We reserve the right to change, modify and update this privacy notice at any time. Please check periodically to ensure that you have reviewed the most current notice.

Read more about our work with your privacy:

Region or country depending specificities, under this section