This privacy notice applies to personal data processed by the Lundin Petroleum group of companies (“Lundin Petroleum”) including e.g. any information provided by you when you exchange emails with Lundin Petroleum employees when you access www.lundin-petroleum.com, www.lundinhistoryinsudan.com or other Lundin Petroleum websites where this notice is available (the “Websites”).
Lundin Petroleum operates in several countries through subsidiaries and affiliate companies and references in this notice to “Lundin”, the “Company”, “we” or “our” shall be references to Lundin Petroleum AB (publ), Lundin Petroleum SA or another Lundin Petroleum company that you have been in contact with. Lundin Petroleum AB (publ) is a public limited liability company registered under the laws of Sweden with registered office at Hovslagargatan 5, 111 48 Stockholm, Sweden.
References in this notice to “you” or “your” are references to customers, suppliers, agents, partners, website visitors and others Lundin may be in contact with, including any individuals employed by, representing or otherwise acting on behalf of such entities or anyone accessing the Websites.
The Websites are not directed towards, or intended for, children and we do not knowingly process personal data on children.
2 WHO IS RESPONSIBLE: CONTACT DETAILS
Each of the Lundin entities will be the “controller” as defined in the General Data Protection Regulation (“GDPR”) with respect to the processing of personal data undertaken on behalf of such individual legal entity.
Lundin is committed to ensure compliance with all applicable laws relating to data privacy. If you have any questions or requests related to our processing of your personal data or with regards to which Lundin entity that is considered the “controller” in relation to your personal data, please contact us at:
Lundin Petroleum AB (publ)
Att: Data Privacy
SE- 111 48 Stockholm, Sweden
Telephone: +46 8 440 54 50
3 PURPOSE OF THE NOTICE
The purpose of this notice is to keep you fully informed about how we collect and process your personal data. Please read this notice carefully to ensure that you are informed about how and why we use your personal data. Lundin may send you several notices and this notice shall be regarded as a supplement to other notices and is not meant to replace or override other notices you receive from Lundin, except for previous versions of this notice.
4 PURPOSE OF PROCESSING -WHAT DATA ARE USED FOR
We only process personal data about you as necessary for the administration of the relationship with you, such as e.g. the investor or customer relationship or the supplier or partner relationship.
Specifically, this may involve processing personal data such as name, address, telephone number and other contact information, national identity number, position and role, employer, account number, customer/supplier history (what was purchased when, etc.), information about meetings, communication and correspondence with Lundin representatives, logins and activity on the Lundin website, complaints and disputes, payment history, credit checks and information required for e.g. KYC, contract execution or tax purposes. In some case we will have to conduct due diligence reviews, and data from such reviews will be processed.
In general, the Company does not process special categories (sensitive) personal data related to you.
The personal data held by Lundin is normally provided by you or by the companies/organisations on whose behalf you act. Personal data about you may also be generated through your own activities in the context of the relationship between Lundin and you, including in connection with a purchase, sale or delivers to/from Lundin, or communication between you and Lundin. In some cases, Lundin may supplement such information with data from external sources, for example in connection with credit checks, agent due diligence, the collection of supplementary information on the internet, etc.
5 LEGAL BASIS
The Company will sometimes obtain your consent to the processing of personal data, and will then have legal basis to process the personal data based on your consent. Personal data may also be processed where the processing is necessary for the performance of a contract with you or your principal or in order to take steps at the request of you prior to entering into a contract. Legal basis for the processing may also be legitimate interests of Lundin, in each case ensuring that Lundin (and all other parties involved) understand the conflicts of interests that may arise as a result of the processing of your personal data. Legal basis for the processing may also be Lundin’s legal or regulatory requirement to process the data.
Furthermore, we might in some instances process your personal data where such processing is required to protect your or another person’s vital interests or where such processing is necessary for the performance of a task carried out in the public interest.
6 INFORMATION TO YOU
Lundin practices openness about its processing of personal data. You shall when relevant or required by law be informed of the processing of your personal data and this privacy notice.
7 PERSONAL DATA RELATING TO OTHER INDIVIDUALS
We might receive personal data relating to third parties from you. In those circumstances, it might not be appropriate for us to provide them with a privacy notice detailing how we use their personal data. Before sending us any personal data on third parties, you must therefore ensure that you have provided the relevant third parties with any necessary privacy notices in connection with our processing of their personal data.
8 RECIPIENTS – ACCESS RESTRICTIONS
Lundin restricts access to your data to personnel who require such access for the purposes specified in section 4 above. Lundin may also share such data with sub-suppliers and other partners and, when specifically required, with advisers, auditors, lawyers, IT consultants and others.
9 USE OF PROCESSORS AND TRANSFER ABROAD
Lundin may use suppliers (processors) to assist with the processing of the personal data about you. This may occur, for example, when IT operations or the back-up of data are outsourced to an external supplier or to other legal entities in the Lundin group. The Company may also transfer personal customer data abroad, including to non-EU/EEA countries whose data privacy laws do not offer the same level of protection as under the GDPR. The typical reasons for such transfers include the use of external data storage services. The use of processors and transfers of data abroad may also occur because the controller Company is part of the Lundin group, and that other parts of the Lundin group may assist this entity with the processing of personal data. All of Lundin’s use of processors and transfers of personal data abroad will comply with applicable statutory requirements and the Company’s guidelines. The transfer of personal data abroad will only take place if there is a legal basis for such transfer. An overview of the Company’s use of processors and transfers of personal data abroad is provided by the Company upon request.
10 USE OF THIRD PARTY LINKS
The Websites may include links or registration forms to third party websites. Clicking on those links and/or providing information in forms related to third parties may allow third parties to collect and/or share data about you. Data processed under this section are not controlled or accessible by Lundin and we encourage you to read the privacy notice on each third party website you visit or access from our website.
11 FOR HOW LONG IS DATA STORED?
Personal data related to you will only be stored for as long as necessary for the purpose of the processing, and will then be erased.
12 HOW IS YOUR PERSONAL DATA PROTECTED?
The Company has implemented the technical and organisational security measures to ensure that your personal data is processed in a secure manner. The security measures are considered adequate by Lundin. The need for additional security measures shall be evaluated on an on-going basis. To ensure that the Company’s security measures are adequate at all times to achieve secure processing of your data.
13 CHANGES TO YOUR PERSONAL DATA
Lundin is committed to ensure that the personal data we process is accurate and up to date. Please inform us if the personal data we hold on you changes during our relationship. If you wish to update your personal data please contact the Lundin employee you have regular contact with or send an e-mail to email@example.com.
14 YOUR RIGHTS
As a data subject you have the right to: (i) request access to your personal data; (ii) request rectification of your personal data; (iii) request erasure of your personal data; (iv) request restriction of processing of your personal data; (v) request data portability and (vi) object to the processing of your personal data. If the processing of the personal data is based on consent, you have the right to withdraw your consent at any time with future effect.
The Company will meet its obligations in this regard, and if you wish to exercise such rights you can contact the Company through the contact details specified in section 2 above. If you disagree with a decision or reply from Lundin in relation to your personal data or if you have other concerns in relation to Lundin’s processing of personal data, you may lodge your complaints directly to Lundin using the contact details specified in section 2 above. You may also contact your local data protection supervisory authority directly, without first complaining to Lundin, but we encourage you to contact us first and we will aim to address any concerns you may have regarding our processing of personal data as soon as possible.