Privacy policy

Data controller and contact details

Nordbex AB
Org.nr 559314-9023
Jan Stenbecks Torg 17, 164 40 Kista, Sweden
Phone: +46 70 894 96 05
Email: info@nordbex.com

If you have questions about this policy or want to exercise your rights, contact us using the details above.

What personal data we collect

We collect personal data depending on how you interact with us.

A) When you contact us (forms, email, phone)
We may process:

Name
Email address
Phone number
Company and role (if provided)
The content of your message and any information you choose to share
Communication history

B) When you apply for a job (CV upload and application details)
We may process:

Name and contact details
CV, cover letter, and supporting documents you upload
Information you provide about education, work experience, skills, and qualifications
Notes and assessments relevant to the recruitment process
References, if you provide them or ask us to contact them

Please avoid including sensitive personal data in your application unless it is necessary. Sensitive data includes information about health, political opinions, religious beliefs, or trade union membership.

C) When you use our website (cookies and similar technologies)
Depending on your cookie choices, we may process:

Device and browser information
IP address and approximate location derived from it
Website usage data (for example pages visited, clicks, time on page, referral source)
Cookie identifiers

Why we process personal data and our legal basis

We process personal data for the purposes below and rely on the following legal bases under GDPR.

Responding to enquiries and requests
Purpose: to reply to messages, handle requests, and maintain communication.
Legal basis: legitimate interests, and in some cases steps taken at your request prior to entering into a contract.

Recruitment and job applications
Purpose: to evaluate candidates, manage the recruitment process, and communicate with applicants.
Legal basis: legitimate interests, and steps taken at your request prior to entering into an employment contract. In some situations, legal obligations may apply.

Operating, securing, and improving our website
Purpose: to operate the website, prevent misuse, and keep systems secure.
Legal basis: legitimate interests.

Analytics and performance measurement
Purpose: to understand how the website is used and improve content and user experience.
Legal basis: consent for non-essential cookies where required.

Cookies, consent, and analytics tools

We use Cookiebot by Usercentrics as our consent management platform. Cookiebot helps us collect, manage, and document cookie consent.

We also use:

Google Analytics 4 (GA4) for website analytics
Google Tag Manager (GTM) to manage website tags
Google Search Console (GSC) to monitor website performance in Google Search

Non-essential cookies and similar technologies are used only if you give consent through the cookie banner. You can change or withdraw your consent at any time via the cookie settings on the website.

Who we share personal data with

We may share personal data with:

Authorized employees and contractors who need access to perform their work
Service providers that help us run the website, manage forms, provide IT services, or provide analytics and consent management (processors)
Authorities or other parties when required by law, or when needed to protect our legal rights

We do not sell your personal data.

International transfers

Some service providers may process personal data outside the EU/EEA. Where this occurs, we use appropriate safeguards, such as the European Commission’s Standard Contractual Clauses, and additional measures when required, to protect your personal data.

How long we keep personal data

We keep personal data only as long as necessary for the purpose it was collected for, and then delete or anonymize it, unless we must keep it longer due to legal obligations.

Retention is determined by criteria such as:

Whether the communication or case is ongoing or completed
Legal obligations (for example accounting or compliance requirements)
The need to document decisions and protect against potential legal claims

Security

We use appropriate technical and organizational measures to protect personal data against loss, misuse, unauthorized access, and alteration. Access to personal data is limited to those who need it for their work.

Your rights under GDPR

You have the right to:

Access your personal data
Rectify inaccurate personal data
Request erasure of personal data, in certain cases
Restrict processing, in certain cases
Object to processing based on legitimate interests, in certain cases
Data portability for data you provided, where applicable
Withdraw consent at any time when processing is based on consent (this does not affect processing already carried out)

To exercise your rights, contact us at info@nordbex.com. We may need to verify your identity before fulfilling your request.

You also have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY).

Changes to this policy

We may update this Privacy Policy when needed, for example if our processing changes or legal requirements change. The latest version is published on this page with an updated date.