Privacy policy

Personal data handled by Kebni AB (the Company)
The Company may handle the following personal data about the employees, temporary workers, consultants, suppliers, and customers. The personal data may be collected during instances related to the Company’s normal operation, such as, but not limited to: 

Basic personal data
Full name, birth data, social security number, nationality, gender, office telephone/mobile phone number, workplace address, home address, and other relevant private contact data, employment number, bank- and account data, organization, date of employment, time for expired employment, work position, employment rate, employment time, blue collar / white collar work, and when necessary other relevant personal data.   

Personal data necessary to give employees, temporary workers, and consultants, suppliers, and customers access to the Company IS/IT system and network, e.g., internet addresses, work e-mail, IP-addresses, and usernames for login, but also other types of personal data which are logged when using the IS/IT system and Company network.  

The purposes with handling personal data
The Company may collect and handle personal data for the purposes listed below. The list is not exhaustive, but the purpose is to give a view of the need for the Company to collect and handle personal data. 

  • Administration of employment at the Company, maintenance of personnel files and register  
  • Job planning and management  
  • Recruitment, competence development, career planning, personal development, evaluation, and follow-up of work performance  
  • Handling of benefits, salary payments, allowances, taxes, and insurances 
  • Handling of business trips, travel insurances, and international assignments 
  • Give employees, temporary workers, supplier, customers, and consultants access to Company IS/IT- and business-related systems and other Company resources 
  • Support and maintain a safe and efficient use of internal information channels, such as e-mail and other internet- or telephone-based services,  
  • Secure that business-critical information other Company assets are safe and protected 
  • Financial planning, reporting, establishing budgets and analysis 
  • Health and working environment 
  • Follow up on the application of internal policies, directives, and regulations 
  • Protect the Company’s property and assets, both physical and intellectual property rights, to prevent fraud and other illegal activities  
  • Handle work-related disputes and complaints, e.g., compensation claims, and act in accordance with other applicable legal obligations that the Company may have through the employees, temporary workers, consultants, employment with Kebni  


Legal body for handling of personal data
The legal body for handling personal data is fulfilment of the employment agreement or other relevant consultant, supplier, or customer agreements. The legal body also consists of the fact that the Company, in addition to laws constituted by collective agreements or other regulations demanding handling of personal data, is obliged to process personal data in a certain way, e.g., in relation to the Swedish Tax Agency office or insurance companies. The legal body can also be constituted by the Company’s right to carry out processing of data after a balance of interests. In addition, the Company may handle personal data after consent from the employee.  

 If the processing of personal data is required to fulfil an agreement or a legal obligation, the employee, temporary worker, and consultant cannot object. If the processing of data takes place after a balancing of interests, an objection to the processing is examined in the individual case. 

 How personal data is protected and who has access
The Company applies appropriate technical and organizational safety precautions to protect personal data against loss, misuse, and unauthorized access. Only authorized staff within the Company, which in his/her organizational role need personal data information will have access. 

The Company may disclose personal data to personal data assistants (personuppgiftsbiträden), other companies or third parties as described below, in accordance with applicable data protection legislation. 

  • To personal data assistants (personuppgiftsbiträden). The Company can hire personal data assistants for business purposes as part of its normal operation, e.g., handling of insurance matters and IT-operation to an external supplier etc. In these cases, the Company will require that appropriate technical and organizational precautions to protect personal data are in place and used, and that handling of personal data is done in accordance with instructions from the Company.  
  • To authorities, if the Company has such obligations or if the Company need to protect own- or third-party rights.  
  • To third party, in connection with a sale or other transactions as part of normal Company operation.  
  • To third party, in connection an emergency where health or security is in danger.  
  • To third party, to protect the Company’s rights, e.g., in connection with labor law disputes  
  • To authorities and/or employer organization for salary statistics. 


Storage and withdrawal of personal data
The Company will process and store employees’, temporary workers’, consultants’ and customers’ personal data for as long as necessary in relation to the purposes for which the data was collected. 

 Certain personal data will be deleted in connection with termination of employment and/or termination of agreement with the Company.  

 Other personal data will be stored for a longer period due to legal obligations for the Company to keep these personal data.  

 The personal data register will be updated on regular basis and non-valid data will be removed when the possibility to direct claims against the company expires. 

 Data provider’s rights
The data provider of personal data has the right to access his/her person data, demand corrections, reject processing and handling of his/her personal data, demand limitation to certain personal data, and demand that his/her personal data handled by the Company is deleted, in accordance with the rights followed by the Data Protection legislation. These rights may be limited by other provisions of Data Protection legislation or if such a requirement would be inappropriate in an individual case, e.g., subject to an ongoing investigation into appropriate behavior.  

The data provider has the right to withdraw the consent given for processing and handling of certain personal data.