Epiroc AB, reg. no. 556041-2149, and its subsidiaries (collectively referred to as “Epiroc,” “we,” “us” and “our”) care about your privacy and are committed to protecting your personal data in accordance with fair information practices and applicable data privacy laws. Regardless of in which capacity you share information with us, e.g. as a customer, supplier, shareholder etc., it is important to us that you feel safe about how we treat your personal data.
The Controller of your data is the company that initially collected your data and decided the purposes and means for using your data. This Privacy Notice applies to situations where Epiroc and, or its subsidiaries act solely or collectively as data controllers/joint controllers or equivalent local law concept.
Additional data privacy information may be provided for our websites, events, products, services and any other tools, offerings or platforms that may involve processing of personal data by us. Our privacy practices may vary in connection with different products, services, and solutions as well as in different locations in which we operate. We encourage you to read the Privacy Notice of each legal entity and website, app, service, or solution you visit, review, use or otherwise interact with, where available.
This Privacy Notice explains how we collect, use and share personal data that you provide to us, or that we may otherwise obtain or generate, which relates to you (“personal data”). Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is someone who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
This Privacy Notice applies to the personal data we obtain through our normal business activities, both online and offline, i.e. collection in connection with sales and marketing, partner and supplier engagement and investor relations. As this Privacy Notice is intended to cover a variety of situations, there may be information contained in the Privacy Notice that does not apply to you.
Epiroc will always abide local laws and regulations and will refrain from the collection or use or personal data in a location where it is prohibited by law. If Country specifics items exists, they can be found at the bottom of this page.
In summary, Epiroc may process your personal data for the following purposes:
Below, you are provided with more information about e.g. why we process your personal data, which personal data we keep in order to achieve the purposes of the processing and for how long we keep your personal data. When clicking ► specific information below will ▼appear.
The personal data that we process about you is data that you have provided us with or that we have otherwise acquired as part of the provision of our services. We collect personal data:
We may share personal data with third parties that are trusted recipients and with whom we have an agreement ensuring that your personal data is processed in accordance with this Privacy Notice. We may share data with:
In certain circumstances, we may also need to disclose personal data upon the request from authorities or to third parties in connection with court proceedings or business acquisition or combination processes, or other similar processes.
We will not sell your personal data.
In the capacity of data controller, we are responsible for ensuring that your personal data is processed in compliance with applicable laws. In relation to applicable data protection laws, you as a data subject may have the following rights in relation to your personal data. To exercise these rights, you may contact us at provided contact details in the end of this Privacy Notice.
For specific data privacy rights of data subjects, see country specific privacy notices in the end of this Privacy Notice.
Where GDPR are applicable we have an obligation to respond to your requests to exercise your rights within one month of receiving your request. If your request is complex or if we have received many requests, we have the right to extend this deadline to two months. If we are unable to take the action you request within one month, we will inform you of the reason for the delay and of your right to lodge a complaint with a supervisory authority and to seek judicial remedy. You will not be charged for requesting information, for communication or measures that we carry out. However, if your request is manifestly unfounded or excessive, we may charge an administrative fee for providing the information or taking the action requested or refuse to act on your request altogether.
Right to access to your personal data. You have the right to obtain confirmation on whether we process personal data about you and receive a copy of such data as well as information on how we process your personal data.
Right to request a copy of the European Commission’s standard contractual clauses and its appendices that we use with any third parties, as mentioned in section 7.
Right to rectification. You have the right to rectify any inaccurate personal data we process about you or have any incomplete personal data about you completed.
Right to erasure of your personal data. You have the right to request that we delete your personal data if there is no compelling reason for us to continue processing the data. Personal data should therefore be erased if:
However, there may be legal requirements or other compelling reasons that prevent us from immediately erasing your personal data. We will then stop processing your personal data for purposes other than in compliance with the law or where there are no compelling legitimate grounds for doing so.
Restriction of processing. This means that we temporarily restrict the processing of your data. You may have the right to request restriction when:
We will take all reasonable measures possible to notify everyone who has received personal data as stated in section 6 above if we have rectified, erased or restricted access to your personal data after you have requested us to do so. If you request information on recipients of your personal data, we will inform you about the recipients.
Right to object to processing. You have the right to object to the processing of your personal data if our processing is based upon legitimate interests. If you object to such processing, we will cease processing of your personal data, unless we can demonstrate compelling legitimate grounds for the processing overriding your interests, or if the data is needed for the establishment, exercise, or defense of legal claims. You always have the right to opt out of receiving direct marketing from us.
Right to information. You have the right to receive transparent information about how we process your personal data.
Right to withdraw your consent. When we need your consent in order to process your personal data, you always have the right to withdraw such consent at any time by contacting us. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal.
This applies where the GDPR is applicable. If consent is used as a legal basis based on other countries' Data Privacy legislation (outside the EU/EEA), the rules for the respective country's interpretation of consent will apply. We aim to, to the extent possible, handle consent based on EU/EEA interpretation also for processing’s based on consent as legal baes for processing from other countries' Data Privacy legislation, where the GDPR is not applicable.
Right to data portability. You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format, and you may have that data ported directly to another controller, where such personal data is processed based on your consent or to perform a contract with you.
Right to complain. If you are not satisfied with our processing of your personal data, do not hesitate to contact us at the email-address under section 12, and label the email “Privacy Complaint”. You also have the right to lodge a complaint with the supervisory authority if you are not satisfied with our processing of your personal data. For EU and EEA countries, you can find your local supervisory authority here.
Please note that a number of these rights only apply in certain circumstances, and all these rights may be limited by law. If you wish to exercise your rights or have any questions regarding the processing of your personal data, please contact us using the contact details set out in section 12.
We always want you to feel confident about providing us with your personal data. We have therefore taken appropriate security measures to protect your personal data against unauthorized access, alteration and erasure.
Even though we work hard to protect your data, no security measures are perfect or impenetrable. Should a security breach occur that may materially impact you or your personal data, e.g. risk of fraud or identity theft, we will contact you to explain what action you can take to mitigate potential adverse effects of the breach.
We strongly advise you to be cautious and to protect your own personal data. You are responsible for keeping your passwords confidential and to avoid others from observing your personal data when using our services in public spaces.
We may, from time to time, make changes to this Privacy Notice to reflect any changes in our data processing practices. We recommend that you visit this Privacy Notice on occasion to learn about new privacy practices or changes. If we make material changes to the way in which we use information we collect, we will use reasonable efforts to notify you by means consistent with applicable law and will take additional steps as required by applicable law.
This Privacy Notice was last updated: June, 2024.
Do not hesitate to contact us if you have any questions about this Privacy Notice or our processing of your personal data at:
Epiroc AB, reg. no. 556041-2149. Email: dataprivacy@epiroc.com. If you wish to exercise your rights, please contact the Epiroc IT Service Desk at: service.desk.it@support.epiroc.com, and label the email “Data Subject Right Request” or “Data privacy breach”.