Privacy & Data Protection Information

Last updated: 2026-04-01

This page explains how Uddeholms AB processes personal data when you visit our website or enter our premises. It is intended for all visitors, including those who access this page via QR‑code from our camera‑surveillance signage.

1. Data Controller

Uddeholms AB Address: Uvedsvägen 15, SE-683 85 Hagfors, Sweden

If applicable: Data Protection Officer dataskyddsombud@uddeholm.com

We are responsible for ensuring that your personal data is processed in accordance with the EU General Data Protection Regulation (GDPR) and the Swedish Camera Surveillance Act.

2. Personal Data We Collect

2.1 Information you provide voluntarily

We collect personal data only when you choose to provide it, for example through:

  • Contact forms
  • Newsletter subscriptions
  • Job applications
  • Event registrations

These data are used solely for the purpose stated at the time of collection.

2.2 Cookies

We use only essential cookies without consent. All other cookies (analytics, marketing, social media integrations) are activated only after you provide explicit consent through our cookie banner.

You may change or withdraw your consent at any time.

3. Website Analytics

We use Google Analytics to understand how our website is used.

If a third‑party analytics tool is used (e.g., Google Analytics 4), it is activated only after consent and only with:

  • IP anonymization
  • Valid transfer safeguards
  • A completed transfer risk assessment

We do not use analytics tools without a lawful basis.

4. Social Media Integrations

Embedded content or plugins from social networks (e.g., Facebook, LinkedIn, Instagram, YouTube) are blocked by default.

They load only if you consent to marketing or social‑media cookies.

When activated, these providers may receive:

  • Your IP address
  • Information about your visit
  • Information linked to your logged‑in social media account

We do not control their processing. Please refer to each provider’s privacy policy.

5. Legal Bases for Processing

We process personal data based on the following legal grounds:

PurposeLegal Basis
Responding to inquiriesLegitimate interest
Sending newslettersConsent
Handling job applicationsContract / legal obligation
Event administrationContract / consent
Website operationLegitimate interest
Camera surveillanceLegitimate interest

6. Data Retention

We retain personal data only as long as necessary for each purpose:

  • Contact inquiries: up to 12 months
  • Newsletter data: until consent is withdrawn
  • Job applications: normally 24 months (with consent)
  • Event data: until the event is completed

Camera footage: see section 7

7. Camera Surveillance on the Premises

7.1 Purpose

We use camera surveillance to:

  • Prevent and investigate security incidents
  • Protect employees, visitors, and property
  • Maintain a safe and secure environment

This processing is carried out under legitimate interest (GDPR Art. 6.1(f)) and in accordance with the Swedish Camera Surveillance Act.

7.2 Location of Cameras

Cameras are placed in areas where surveillance is necessary, such as:

  • Entrances and exits
  • Parking areas
  • Loading zones
  • Outdoor areas surrounding the facility

We do not monitor areas where surveillance is prohibited (e.g., restrooms, changing rooms, break rooms).

7.3 What Data Is Recorded

The cameras record:

  • Video footage
  • Date and time of recording
  • Vehicles and license plates (if visible)

We do not record audio.

7.4 Retention Period

Footage is stored for a limited amount of days, unless required longer to investigate an incident or comply with legal obligations.

7.5 Access to Footage

Access is strictly limited to:

  • Authorized security personnel
  • Company management (in case of incidents)
  • Police or authorities upon lawful request

Footage is never shared with unauthorized parties.

7.6 Security Measures

All recordings are stored securely with:

  • Access control
  • Logging
  • Encryption
  • Technical and organizational safeguards

8. Your Rights Under GDPR

You have the right to:

  • Access your personal data
  • Request correction or deletion
  • Object to processing
  • Request restriction of processing
  • Withdraw consent at any time
  • Request data portability (when applicable)

You may also file a complaint with the Swedish Authority for Privacy Protection (IMY).

Requests can be made using the contact details in section 1.

9. International Data Transfers

If personal data is transferred outside the EU/EEA, this is done only with:

  • Standard Contractual Clauses (SCC)
  • Additional safeguards
  • A completed transfer risk assessment

We strive to minimize such transfers.

10. Changes to This Information

We may update this page when necessary. The latest update date is always shown at the top.

Contact us for further information

Contact