Your privacy at CEVT
We value your privacy
Under the General Data Protection Regulation (GDPR) the rights and freedoms of the individuals are strengthen, and anyone using personal data is obligated to comply with, and act in accordance to, provisions and principles provided for in the regulation. You, the data subject, have a right to know about how and why we use your personal data.
In this statement we provide information about the general conditions under which we will process your personal data. You may read this statement in its stand-alone form, or as part of a more specific set of information having been provided to you by CEVT.
Who’s in charge?
CEVT is responsible for making sure that your personal data is kept secure and only used in the right way. As a Data Controller of your personal data, it is CEVT who will determine what data needs to be collected, and how it will be used, or as GDPR puts it; processed. Depending on the circumstances, we may need to process your data to support our business objectives, to enable the internal functions of the company, or to comply with regulatory requirements.
How we treat your data at CEVT
GDPR allows us to use your data for various legitimate purposes. However, when doing so we will treat your data in accordance with a series of principles designed to protect and respect your personal integrity.
Fairness and lawfulness
CEVT will use your data in a fair and lawful manner, limited to activities within the scope of our business. We strive to treat you and your data fairly, meaning that we are open about the ways in which your data will be processed, and strive to limit that processing as much as possible. We will never try to hide our processing activities or try to circumvent our obligations under GDPR. Whenever we need to use your data, we make sure that we have a legal basis for that use, e.g. that we are required by law or contract to process your data, or where the processing of your data is necessitated by other legitimate business interests.
We strive to limit our processing of your data as much as possible. This means that we only collect, use, and store data for as long as needed to achieve whatever purpose we are pursuing. When informing about these purposes, we strive to be specific and unambiguous, making sure that you can understand the reasons for why your data is needed.
At CEVT we believe in transparency. Whenever we process your data we will inform you about this in accordance with GDPR. This information is provided in different ways depending on the circumstances. If you are an employee, consultant, supplier, or other key data subject category of CEVT, you will be provided with an extensive Privacy Notice at the beginning of your relationship with CEVT. Moreover, you may be provided additional information on a regular basis containing details about specific processing purposes. Our ambition is that you at any point should be able to understand why and how we are using your data.
Security and integrity
Personal data can be sensitive. At CEVT we implement both technical and organizational safeguards designed to make sure that your data is only shared with authorized parties, that it is factually correct, and that it is protected against unauthorized or unlawful disclosure. This may include only using sufficiently secure tools for storage and transfer of data, encrypting data when needed, or adopting and implementing procedures and practices regarding the collection, use, and distribution of data within our organization.
Why we need your data
Personal data is everywhere and is a necessity to do most things nowadays. Therefore, your data may be used for varying purposes depending of the circumstances. If you are working for CEVT in any capacity, we usually need to use your data to administer your employment and/or assignment, to comply with various regulatory requirements, or otherwise to facilitate the internal functions of CEVT as a company. Whenever you start your employment and/or assignment you are provided with detailed information about these different purposes. If you’re an external party we may need your data to facilitate communication and collaboration, or to deliver products and services. Specific information regarding these cases will be provided from time to time as well.
When we can use your data
In order to process your data, we must first make sure that we have the legal right to do so. GDPR defines the criteria for allowing this.
If you have a contract with CEVT, we may use whatever data is necessary for the performance of that contract, i.e., if you are employed by CEVT we may rely on the contract in order to manage data related to your employment.
We may also process data necessary for CEVT to comply with various legal obligations, i.e. health and safety regulations.
Furthermore, we may process data necessary to pursue the legitimate interests of CEVT as a company, e.g. to enable various internal administrative or business-related functions. When relying on these interests we always assess the privacy impact of using your data. This means that we only process your data insofar as your rights and freedoms don’t override our interests.
In some cases, we may ask for you explicit consent to use your data. Whenever doing so, we make sure that you can give your consent in an informed and independent way. If you have consented to anything, you always have the right to revoke that consent at a later stage, meaning that we may no longer use your data based on that consent.
The data we collect
The types of data we use differs widely depending on the circumstances. Most commonly, we use contact details such as names, emails, and similar information necessary to enable identification and communication. If you are working for CEVT, we process additional types of necessary data such as data relating to salaries and compensation, work performance, and IT asset use. Sometimes you provide the data yourself, other times CEVT receives the data from other sources. More specific information about the types of data collected are provided to you from time to time.
Sharing your data
Sometimes we need to share your data with other parties than CEVT, e.g. to a supplier of ours if this is required for them to deliver their service, to another GEELY Group company, or to public authorities whenever required by law. We only share your data when so is needed, and when required we make sure that the receiving party is obligated to treat your data with the same care as we do.
International data sharing
We may at times need to transfer data outside the EU/EEA. This could be because CEVT has suppliers or other partners established outside the EU/EEA, or where CEVT, as a GEELY Group company, need to share information with other members of the company group.
We will only transfer your data to countries which the EU has deemed having an adequate level of data protection, or where the transferred data can be otherwise protected using appropriate safeguards. Most commonly, these safeguards will consist of using the EU commission’s Standard Contractual Clauses (“SCC”).
Retention of data
We will only store your data for as long as is needed to achieve whatever purpose we’re pursuing. We strive to define retention periods for all data and implement procedures for making sure that data is not stored for unnecessarily long periods of time. Other times, our retention of your data will be determined on a case-by-case basis, taking into considerations the principle of data minimization.
GDPR gives you, the data subject, several rights regarding your data. These include, as applicable, the right to access your personal data processed by us, the right to have incorrect data corrected, the right to have certain data deleted, the right to restrict the processing of data in certain circumstances, the right to object to the processing of data, as well as the right to data portability.
If you have any questions or concerns regarding the way we process your personal data, or if you want to exercise any of your rights, please contact us at firstname.lastname@example.org. If you rather visit us, or contact us by post, see the contact details below. If you feel we somehow have misused your data, you may contact the Swedish data protection authority (Datainspektionen) to file a complaint. Visit their website for more information.
Attn. Data Protection Officer
China-Euro Vehicle technology (CEVT)
Theres Svenssons gata 7
SE-417 55, Göteborg, Sweden