Select language

Privacy statement

Effective as of July 2024                                                                            

Introduction

Rockwool Aktiebolag ("ROCKWOOL") is committed to safeguarding your privacy. The protection of personal data is important to us and we only process personal data in accordance with applicable data protection requirements, in particular the General Data Protection Regulation ("GDPR"). For this reason, ROCKWOOL has implemented a set of Binding Corporate Rules ("BCR"), which introduce data protection requirements to be followed by ROCKWOOL Group worldwide.   

In the context of our business activities, we, as a data controller, process personal data of our customers, suppliers, users of our websites and apps, visitors and other third parties as further described in section C.   

This Privacy Statement, we inform you about what personal data we process, how we collect it, the legal basis, the purpose of our processing and the retention period. In addition, we inform you of your rights as a data subject.  

This privacy statement is provided in a layered format so that you can navigate to the specific areas listed below.  

Table of content

A. The data controller

B. Contact

C. Information on the processing of personal data

D. Marketing and Advertising practices

E.  Transfers within ROCKWOOL Group 

F.  Disclosure and transfer to third parties

G. Your rights as a data subject 

H. Changes to this Privacy Statement

 

A. The data controller

ROCKWOOL Aktiebolag 

Box 11505  

550 11 Jönköping 

Sweden  

E-mail: dataprotection@rockwool.com  

Company registration number : 556347-9152 

B. Contact

If you have any questions about this privacy statement and/or our processing of your personal data, please contact us at  

T: + (46) (0) 365705200 

E-mail: dataprotection@rockwool.com

 

C.  Information on the processing of personal data 

Depending on your relationship with ROCKWOOL Group entities, we will process different categories of your personal data for different purposes. Below you will find an overview of what type of personal data we process, for what purposes, on what legal grounds and how long we store it in our systems.  

Who is it?

Categories of personal data

Purposes of the processing 

Legal basis

Storage times

Customers and their employees           

           

           

           

First and last name, gender, address, phone number, e-mail address, job title, and place of work. 

To carry out ordinary customer relationship i.e.: administration of payments, general communication, management of day-to-day operations in accordance with legitimate and fair business practice (incl. planning, execution. and management of the cooperation; statistics, analyses). 

Performance of a contract (Article 6(1)(b) of the GDPR). 

 

10 years after the last purchase of our products or services. 

 

 

To provide general customer service and support (including follow-up surveys). 

Legitimate interest in ensuring customer satisfaction and improving our products and services (Article 6(1)(f) GDPR). 

To gain customer insights and knowledge about how our products and services are used (e.g. by sending satisfaction surveys or market research). 

To prevent fraud.

Legitimate interests to protect the interests of the company (Article 6(1)(f) of the GDPR). 

To establish, defend or assert legal claims.

Prospective Customers and their employees

First and last name, gender, address, telephone number, e-mail address, title and place of work. 

To create business leads.

 

Legitimate interest to promote ROCKWOOL and sell our products and services (Article 6(1)(f) GDPR). 

5 years from obtained or your last interaction. 

 

For statistical purposes.

Legitimate interest in measuring the effectiveness of our activities (Article 6(1)(f) of the GDPR). 

To pursue business leads.

Take steps before concluding a contract (Article 6(1)(b) of the GDPR). 

Suppliers and their employees

First and last name, company phone number, e-mail address, title and workplace 

To carry out ordinary supplier relationship, i.e. administration of payments, general communication, management of day-to-day operations in accordance with legitimate and fair business practice (incl. planning, execution, and management of the cooperation, performing credit ratings, as well as carry out statistics, and analyses). 

Performance of a contract (Article 6(1)(b) of the GDPR) - if you are self-employed, legitimate interest in performing the contract concluded with your employer (Article 6(1)(f) of the GDPR). 

5 years from the end of the financial year to which the information relates, if the information is considered to be accounting material.   

5 years from obtained for non-accounting material if there was no activity with the supplier. 

To source and locate suppliers.

Legitimate interest in meeting business needs and conducting regular business activities (Article 6(1)(f) GDPR). 

Visitors to physical locations

First and last name, telephone number, e-mail address, place of work, license plate number, if applicable, date and time of your visit. 

To ensure the security of our physical locations and to prevent and solve crimes in our physical locations. 

Legitimate interest in ensuring the security of the premises and protecting employees, visitors and property (Article 6(1)(f) GDPR). 

30 days from the registration

CCTV recordings (photos and videos) of your activity at our physical locations. 

Legitimate interest in ensuring the security of premises/physical places and, if necessary, protecting ROCKWOOL's interests in criminal offence cases (Article 6(1)(f) GDPR) and Section 8(3) of the Danish Data Protection Act. 

30 days from the date of the visit or as long as necessary in an ongoing case. 

Receiver of e-mail and/or SMS - direct marketing.

First and last name, gender (salutation), job title, place of work, e-mail address and/or phone number. 

 

To distribute marketing communications based on the information collected and consent given. 

Legitimate interest in providing interested parties with direct marketing consent based on valid e-communication consent (Article 6 (1) (f) GDPR). 

Until the marketing consent has been withdrawn. A copy of the marketing consent will be stored 2 years after the withdrawal for evidentiary purposes. 

Users of contact forms

First and last name, email address, phone number, what your inquiry is about, date of your inquiry. 

To communicate with you to market, promote and sell ROCKWOOL products and services and to provide support. 

If your request concerns the (potential) conclusion of a contract, the legal basis will be to take steps necessary for the conclusion of a contract or the performance of an existing contract (Article 6(1)(b) GDPR). 

If your request does not concern a contract, the legal basis will be our legitimate interest to handle your request, communicate with you, market, promote and develop our products and services (Article 6(1)(f) GDPR). 

2 years after receipt or from your last interaction if your personal data has not been used in connection with a purchase of our products or services. 

Account users

First and last name, email address, username, digital footprints, password and/or your profile activity. 

To deliver our services on our websites or in our apps to you. 

Performance of a contract for the provision of electronic services (Article 6(1)(b) of the GDPR). 

Until closing of the account.

To manage created user accounts; for statistical and analytical purposes. 

Legitimate interest to carry out statistics and analysis in order to improve the user experience (Article 6(1)(f) GDPR). 

Until closing of the account.

Visitors of social media profiles     

Information available on your profile, including your name, gender, civil status, workplace, interests, image, and your city; whether you “like” or have applied other reactions to our profile; comments you leave on our posts; content your shared with ROCKWOOL with intention of interacting; that you have visited our profile; IP address. 

To improve our products and services, including our social media profiles and pages;  
for statistical and analytical purposes; to  
communicate with you if you engage with our content (comments, reviews, messages); to re-share content shared with us. 

* platform providers may process your personal data for their own purposes – please keep in mind this is outside of our control 

Legitimate interests in being able to communicate with and direct marketing communication to you on our social media profiles, as well as our legitimate interest in improving our products and services (Article 6 (1) (f) GDPR). 

Retention periods are set by social media platform providers and can be found in their privacy policies: 

Meta (Instagram, Facebook)

Google (YouTube)

LinkedIn

X (formerly Twitter)

 

D. Marketing and Advertising practices

 

Description

When?

Categories of personal data

Purposes of processing

Legal basis

Retention periods

Cookies, pixels, social media tools and other technologies

When you visit our websites or apps and have given us your consent to cookies. 

IP address, MAC address, browser and device type, web page that led you to the website or app, keywords entered into a search engine that led you to our website, browsing history, click behavior, and use and navigation of websites and apps* 

* The categories depend on the consent given in the cookie banner. This can be changed at any time here

To run marketing activities, in particular to facilitate your use of the Sites and Apps; for service development, statistics and analytics; to deliver personalized content and search 

Legitimate interest in providing a functioning website and app, marketing, developing and providing statistics, evaluating, promoting and selling our products and services through first-party cookies (Article 6(1)(f) GDPR).  

Consent to the processing of personal data in relation to third-party marketing and statistical cookies (Article 6(1)(a) of the GDPR).  

In addition, we always obtain valid consent for cookies except for strictly necessary cookies and other technologies. 

Personal data obtained through cookies, pixels, similar technologies and social media tools are deleted as described in the cookie declaration.

Facebook custom/lookalike audiences 

When you sign up for our newsletters, create a user account and accept our cookies, pixels or similar technologies, we will in some cases send non-reversible hashed information to Facebook (Meta). 

Email address and, in some cases, information about your interest in one or more of our products 

To create audiences for subsequent advertising via Facebook. 

Legitimate interest in spreading awareness of our products and services, including to other persons who may have similar interests in our products and services (Article 6(1)(f) GDPR). 

Until you object to the processing of your personal data.

You can change settings in your Facebook account here.

Tracking of e-mail

Emails that we forward for marketing purposes based on your marketing consent or for events that you have signed-up for may contain tracking technologies that tell us whether you have received or opened the email or clicked on a link in the email. 

Tracking information about your interaction with our emails. 

To deliver personalized content, analytics and statistics. 

Legitimate interest to develop, evaluate, market and sell our products and services (Article 6(1)(f) GDPR). 

If you have consented to marketing: until the marketing consent has been withdrawn. A copy of the marketing consent will be stored for 2 years after the withdrawal for evidential purposed. 

If you did not consent to marketing: 2 years after your last interaction (e.g. from participating in the event or when clicking on e-mail). 


E. Transfers within the ROCKWOOL Group

Personal data collected may be transferred internationally between entities in the ROCKWOOL Group for the purposes for which they were gathered, provided that such transfer is not prohibited or restricted by law. All transfers between EU/EEA and non-EU/EEA ROCKWOOL entities are legalised by the ROCKWOOL Binding Corporate Rules. 

An overview of the ROCKWOOL Group is available at https://www.rockwool.com/group/privacy-statements-of-rockwool-companies/ 

F. Disclosure and transfer to third parties

 
In order to achieve the purposes described above, we may provide third parties, who provide services to ROCKWOOL entities based on a contractual relationship, with access to your personal data. These service providers are considered data processors and include: 
  • IT suppliers, 
  • Social media suppliers, 
  • Sales enablement platforms and applications (Showpad)  
  • Email suppliers,  
  • Hosting suppliers,  
  • Cookie suppliers,  
  • Webinar vendors, 
  • Customer learning platform vendors, 
  • Customer support platform vendors, 
  • Customer relation platform vendors, 
  • Contract Management System 
  • Website vendors.

In addition to what is described above, your personal data will generally not be transferred to third parties without your consent. However, in certain circumstances and by law, it may be necessary to transfer your personal data to e.g. the following categories of controllers 

Categories of recipients

Type of personal data

Legal basis

Public authorities, law enforcement authorities, courts, lawyers, and external auditors.

Relevant information in relation to a specific dispute, including in some cases purchases made. 

 

Article 6(1)(f) of the GDPR (legitimate interest). 

Article 6(1)(c) of the GDPR (legal obligation to report descriptions of damage to authorities). 

 

Payment acquirers.

Payment information.

Article 6(1)(b) (contracts) of the GDPR. 

Personal data may also be transferred to third parties with your prior cookie consent as set out in our Cookie Policy and the cookie consent wording. 

If we transfer your personal data to recipients (both controllers and processors) located in a third country for which the European Commission has not adopted an adequacy decision, such transfer will be based on the Data Privacy Framework (for companies based in the United States) or the European Commission's Standard Contractual Clauses (for other countries), a copy of which you can obtain by contacting us as described above. 

ROCKWOOL is committed to taking appropriate security measures to protect your personal data and our website has security measures in place to protect against the loss, misuse and/or alteration of the personal data under our control. 

Cooperation with social media platform providers.

Facebook, Instagram and LinkedIn

For Facebook and Instagram (owned by Meta), ROCKWOOL together with the social media providers are joint controllers of the processing of personal data collected in connection with your interactions with the profiles, including posting on an interaction with the ROCKWOOL page profiles. However, Meta acts as a processor on behalf of ROCKWOOL when Meta processes your personal data for the purpose of creating audiences (lookalike and custom audiences). 

For LinkedIn, ROCKWOOL is jointly responsible with the platform provider for the processing of personal data for statistical purposes.  

ROCKWOOL and the LinkedIn, Instagram and Facebook providers have entered into data protection data sharing agreements. Under these agreements, the entities (e.g. ROCKWOOL) and the social media providers are each responsible for the data associated with the processing carried out. An overview of the division of responsibilities can be found here: 

·         LinkedIn: https://legal.linkedin.com/pages-joint-controller-addendum

·         Meta: https://www.facebook.com/legal/controller_addendum/.

YouTube

ROCKWOOL also uses Google as a data processor in connection with its use of YouTube and in this context also shares certain information about your interactions, interests, etc. with YouTube for the purpose of optimizing the marketing and service, including our videos, on YouTube. 

Twitter

ROCKWOOL is the data controller for the processing of personal data in relation to the management of its account on X (Twitter), and X (Twitter) is a separate data controller for the personal data it processes. However, in certain situations, X (Twitter) will act as a processor for ROCKWOOL, for example when custom audiences are uploaded to the platform. 

G. Your rights as data subject

  1. Right of access (Article 15 of the GDPR), i.e. the right to obtain confirmation as to whether we are processing your personal data.  
  2. Right to rectification (Article 16 of the GDPR), i.e. the right to have inaccuracies in your personal data corrected and completion incomplete personal data.  

  3. Right to erasure (Article 17 of the GDPR), i.e. the right to have your personal data deleted without undue delay. Keep in mind that this is not an absolute right and that some exceptions apply. 

  4. Right to restriction (Article 18 of the GDPR), i.e. the right to restrict further processing of your personal data if any of the conditions set out in Article 18(1) of the GDPR apply.  

  5. Right to data portability (Article 20 of the GDPR), i.e. the right to receive your personal data in a structured, machine-readable format for your own use or to have it transferred by us directly to another controller.  

  6. The right to object (Article 21 of the GDPR) allows you to object to the processing of your personal data where the legal basis for such processing is our legitimate interest (Article 6(1)(f) of the GDPR). This is not an absolute right and in some cases we may override your request and inform you of the reasons for this. This applies, among others, when we process your data for marketing purposes based on the legitimate interest rule. 

  7. Right to withdraw consent (Article 7(3) GDPR) when processing is based on it. If you withdraw your consent, we will cease processing your personal data, unless and to the extent that further processing or storage is permitted or required by applicable data protection laws or other applicable laws and regulations. 

  8. Right to lodge a complaint (Article 77 of the GDPR) with a competent supervisory authority if you consider that we have violated your right to the protection of personal data. 

     

    Integritetsskyddsmyndigheten 

    Box 8114 

    104 20 Stockholm 

    imy@imy.se 

H. Changes to this Privacy Statement

Due to technical developments, new processing activities, and/or amendment of legal requirements we reserve the right to adjust this Privacy Statement. To the extent the changes of the Privacy Statement are regarded as material and significant, you will be informed hereof on our website or/and through our e-mail signatures when corresponding with one of ROCKWOOL’s employees. An up-to-date version of this Privacy Statement will always be available at www.rockwool.com/group/privacy-statement.