Emilia Wardach AB recognises The General Data Protection Regulation (GDPR), and the requirements for Data Protection based on country, where the services are offered. Based on relevant requirements we draw below policies.
Data Protection Policy
Introduction
This policy outlines how Emilia Wardach AB (“the Company”) collects, uses, stores, and protects personal data in accordance with applicable data protection laws and best practices worldwide. The Company is committed to respecting the privacy and rights of individuals and ensuring that personal data is handled lawfully, transparently, and securely.
Scope
This policy applies to all employees, contractors, suppliers, and third parties who process personal data on behalf of the Company, regardless of their location.
Data Protection Principles
We adhere to the following principles when processing personal data:
- Lawfulness, fairness and transparency – Personal data must be processed fairly and lawfully.
- Purpose limitation – Data must be collected for specified, explicit, and legitimate purposes.
- Data minimisation – Only the data necessary for the intended purpose should be collected.
- Accuracy – Personal data must be accurate and kept up to date.
- Storage limitation – Data must not be kept for longer than necessary.
- Integrity and confidentiality – Personal data must be processed securely.
- Accountability – The Company is responsible for and must be able to demonstrate compliance with these principles.
Lawful Basis for Processing
We ensure that personal data is processed on a valid lawful basis, which may include consent, performance of a contract, compliance with legal obligations, protection of vital interests, legitimate interests, or other bases as defined by applicable laws.
Rights of Individuals
We support and uphold the following rights where applicable:
- Right to be informed
- Right of access
- Right to rectification
- Right to erasure
- Right to restrict processing
- Right to data portability
- Right to object
- Rights relating to automated decision-making and profiling
Data Security
Appropriate technical and organisational measures are implemented to protect personal data from unauthorised access, loss, misuse, alteration, or destruction.
Data Breaches
Any actual or suspected data breach must be reported to the appropriate contact person or data protection officer immediately. The Company will investigate and notify regulatory authorities or individuals as required by law.
Responsibilities
All personnel are responsible for handling personal data in compliance with this policy. The appointed data protection lead or officer will oversee compliance and provide guidance and training as necessary.
Policy Review
This policy will be reviewed regularly and updated as necessary to reflect changes in legal, regulatory, or business practices.
GDPR Compliance Policy
Purpose
This policy outlines how Emilia Wardach AB ensures compliance with the General Data Protection Regulation (GDPR) and similar data protection laws in other jurisdictions. It aims to ensure the lawful, fair, and transparent processing of personal data globally.
Responsibilities
Data Controller: Emilia Wardach AB
Data Protection Officer (if applicable): Emilia Wardach
The appointed individual or team is responsible for overseeing data protection compliance, monitoring practices, and being the primary contact for data subjects and regulatory authorities.
Lawful Basis for Processing
We process personal data only when a valid legal basis exists, including but not limited to:
- Consent
- Contract performance
- Legal obligation
- Vital interests
- Public interest
- Legitimate interests (unless overridden by fundamental rights)
Consent Management
Where consent is used as the legal basis for processing, it will be:
- Freely given
- Specific and informed
- Revocable at any time
- The Company maintains records of consent and provides simple methods for withdrawal.
Data Minimisation and Retention
We collect only data that is necessary for specified purposes and retain it only for as long as necessary in accordance with our data retention procedures.
Data Transfers
When transferring personal data across borders, we ensure that appropriate safeguards are in place to protect individual rights. These may include adequacy decisions, contractual clauses, or other legal mechanisms.
Individual Rights
We respect and respond to the rights of individuals under the GDPR and similar laws, including:
- Access to personal data
- Correction of inaccuracies
- Deletion or restriction of data
- Objection to processing
- Data portability
- Automated decision-making transparency
Security and Breach Response
We take reasonable steps to protect personal data and respond swiftly to security incidents. If a breach occurs, we will notify regulators and affected individuals where legally required.
Training and Awareness
Employees and contractors are regularly trained on data protection principles, responsibilities, and procedures to ensure compliance.
Review and Updates
This policy is reviewed periodically to ensure ongoing relevance and compliance with applicable laws and regulations.