Privacy Policy

2.1 Provsvaret is normally the data controller for processing of personal data that takes place in connection with:

• visits to our website,
• marketing,
• contact requests,
• contact persons at customers and potential customers,
• supplier relationships,
• recruitment,
• communication via email, telephone, and social media,
• administration, accounting, and fulfillment of legal obligations.

2.2 For certain customer assignments, for example within drug and alcohol testing, sampling, administration, or result handling, Provsvaret may process personal data:

• as data controller, or
• as data processor on behalf of the customer,

depending on the design of the service, what has been agreed between the parties, and the specific processing.

2.3 If Provsvaret processes personal data on behalf of a customer, this is regulated, where applicable, by a separate agreement, such as a data processing agreement.

4.1 Right of access

You have the right to request information about what personal data we process about you and to receive a copy of it.

4.2 Right to rectification

You have the right to request that incorrect or incomplete personal data be corrected or completed.

4.3 Right to erasure

In certain cases, you have the right to request that we erase your personal data.

4.4 Right to restriction

In certain cases, you have the right to request that the processing of your personal data be restricted.

4.5 Right to object

You have the right to object to processing based on our legitimate interest. If you object, we will cease the processing unless we can demonstrate compelling legitimate grounds or the processing is needed to establish, exercise, or defend legal claims.

4.6 Right to data portability

When processing is automated and based on contract or consent, you have, in certain cases, the right to receive the personal data you have provided in a structured, commonly used, and machine-readable format.

4.7 How to exercise your rights

If you wish to exercise your rights, please contact us at: info@provsvaret.se

4.8 Complaint to a supervisory authority

If you believe that we are processing your personal data incorrectly, you have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY). More information is available at: www.imy.se

5.1 Purpose

We use cookies and similar technologies to:

• make the website function correctly,
• remember settings, such as language preferences,
• analyze usage and traffic on the website,
• improve the user experience,
• measure the impact of marketing,
• where applicable, customize content or advertisements.

5.2 Categories of data

We may process:

• IP address,
• approximate geographic information,
• browser data,
• device information,
• language preferences,
• user behavior on the website,
• interaction with content and forms.

5.3 Legal basis

• Necessary cookies are processed based on our legitimate interest in providing a functioning and secure website.
• Statistics, analytics, and marketing cookies are used only to the extent permitted by law and, where required, after your consent via our cookie management.

5.4 Third-party tools

If we use analytics or marketing tools from third parties, such as Google Analytics or similar services, these providers may process technical information about your use of the website in accordance with their own terms and our cookie management.

5.5 Storage period

The storage period for cookies varies depending on the type of cookie. Some cookies are deleted when you close your browser, while others are stored for a certain period or until you delete them yourself.

5.6 More information

More information about which cookies we use can be found in our Cookie Policy.

6.1 Purpose

We process personal data to:

• manage customer relationships,
• provide quotes and enter into agreements,
• plan and carry out assignments,
• communicate about products and services,
• administer support, bookings, and follow-up,
• in some cases, market relevant services to existing or former customer contacts.

6.2 Categories of data

We may process:

• name,
• email address,
• telephone number,
• position,
• employer/organization,
• address details,
• communication,
• data provided via forms, email, or telephone,
• data about previous contact with our website or marketing, to the extent permitted.

6.3 Legal basis

The processing is based on:

• contract, when processing is necessary to enter into or perform a contract,
• legal obligation, such as accounting,
• legitimate interest, for example for business communication, customer relationships, support, follow-up, and relevant B2B marketing.

6.4 Storage period

We process the data for as long as necessary to manage the customer relationship, perform contracts, provide support, follow up on business matters, fulfill legal obligations, and handle any legal claims.

7.1 Important information about roles

For such assignments, depending on the setup, Provsvaret may:

• be data controller for certain processing, and/or
• process personal data as data processor on behalf of the customer.

This means that, in some cases, the test subject should turn to the relevant customer/employer/principal for questions about personal data processing, if that party is the data controller for the assignment.

7.2 Purpose

We process personal data to the extent necessary to:

• plan and administer assignments,
• identify or distinguish persons when required,
• carry out sampling or test-related procedures,
• manage logistics, transport, laboratory contact, or reporting back,
• provide results, reports, or related documentation,
• ensure quality, follow up on, or handle support cases,
• fulfill legal or contractual requirements.

7.3 Categories of data

Depending on the nature of the assignment, we may process, for example:

• identity and contact information,
• data required for booking or administration,
• data linked to sampling or test-related documentation,
• data provided by customer, test subject, or partner,
• data needed for laboratory contact, logistics, or reporting.

7.4 Legal basis

Legal basis and role distribution depend on the individual assignment. The processing may, for example, be based on:

• contract,
• legal obligation,
• legitimate interest,
• or another applicable legal basis under data protection legislation.

When Provsvaret acts as data processor, the processing is carried out on instruction from the data-controller customer.

7.5 Storage period

Personal data linked to test-related assignments is processed only for as long as necessary to perform the assignment, fulfill agreed or legal obligations, manage quality and support, and handle any legal claims.

7.6 Recipients

Personal data may, when necessary, be shared with:

• external laboratories,
• carriers and logistics partners,
• IT suppliers,
• sampling partners,
• administrative service providers,
• and the customer or other authorized recipient according to the assignment or by law.

8.1 Purpose

• evaluate suppliers and partnerships,
• manage purchasing and contracts,
• administer ongoing business relationships,
• carry out payments and other financial administration.

8.2 Categories of data

• name,
• email address,
• telephone number,
• position,
• organizational data,
• payment or invoicing data,
• other information provided in the business dialogue.

8.3 Legal basis

• contract, when the supplier is a natural person or sole proprietor,
• legitimate interest, when you are a contact person or representative of an organization.

8.4 Storage period

We retain the data for as long as needed for the business relationship, financial administration, to fulfill legal requirements, and to handle any legal claims.

9.1 Purpose

• publish and distribute content,
• communicate with users,
• answer questions and comments,
• market our services.

9.2 Categories of data

• name or username,
• profile information,
• communication,
• images, video, or audio, if you appear in content,
• other information you publish or send to us.

9.3 Legal basis

• legitimate interest for communication and marketing,
• or consent, where relevant and required.

9.4 Storage period

We process the data for as long as it is relevant for the purpose, or for as long as it remains in the relevant channel, unless erasure is requested and can be carried out.

10.1 Purpose

• receive and evaluate applications,
• communicate with candidates,
• carry out recruitment processes,
• where applicable, retain data for future recruitments.

10.2 Categories of data

• name,
• contact information,
• CV,
• cover letter,
• references,
• education and experience information,
• other information provided in the application.

10.3 Legal basis

• legitimate interest for managing the recruitment process,
• consent if we wish to keep your application for future recruitments after the process ends.

10.4 Storage period

We retain data during the recruitment process and thereafter for as long as necessary to handle any legal claims. If you consent to continued storage for future recruitments, the data is retained for the period stated at the time of consent or until consent is withdrawn.

11.1 Purpose

• answer questions,
• manage support or feedback,
• follow up on cases,
• improve our operations.

11.2 Categories of data

• name,
• contact information,
• the content of the communication,
• data you provide yourself.

11.3 Legal basis

• legitimate interest in being able to communicate and respond to inquiries,
• in some cases contract or pre-contractual measures.

11.4 Storage period

We retain the data for as long as needed to handle the case, and thereafter only as long as there is a legitimate need or legal obligation.

12.1 Purpose

• fulfill accounting requirements,
• fulfill requirements under law, court ruling, authority decision, or regulation,
• handle legal claims.

12.2 Categories of data

• name,
• address,
• payment history,
• transactions,
• invoice documentation,
• accounting material,
• other relevant documentation.

12.3 Legal basis

• legal obligation,
• in some cases legitimate interest in establishing, exercising, or defending legal claims.

12.4 Storage period

We retain the data for as long as required by law, such as accounting legislation, or for as long as needed to handle legal claims.