In short, the general principles for protecting personal data within Sweco are:
- we are transparent on how we comply with the applicable privacy legislation;
- we limit the collection and processing of personal data;
- we process (sensitive) personal data only if the processing has a clear legal ground;
- we register details about individuals limited to achieving the purpose of the processing;
- we inform individuals which personal data we collect and how these data will be used;
- we treat personal data as strictly confidential and take appropriate technical and organizational security measures to protect personal data against loss or unlawful processing;
- we keep personal data only for as long as necessary to fulfil the purposes for which it was collected or local law requires;
- if our processing of personal data is likely to pose a high risk to individuals’ rights and freedoms, we will perform a data protection impact assessment and, if necessary, take appropriate security measures;
- our systems and processes support personal data protection. We document that our systems and processes work as intended,
- where we outsource processing of personal data we impose contractual obligations to protect these data.