Padlock on computer keyboard. Network Security, data security and antivirus protection PC

Privacy policy

Privacy Statement

ÅF Pöyry AB (publ) and its subsidiaries (collectively “AFRY”, “we” or “us”) is committed to protecting your privacy and keeping your personal data secure. On this page you find information on what personal data AFRY collects and how it is used and protected. Where you provide AFRY with personal data about other individuals (for example, colleagues of yours), please refer them to this Data Privacy Statement.

We process personal data in accordance with the applicable laws and regulations. Please find out more about our processing activities:

Privacy Notice for customers and business partners

This data privacy notice gives information regarding AFRY’s collection, processing, storage and sharing of personal data belonging to persons working for actual or potential AFRY customers and other business partners.

1. Categories of personal data that are concerned

The personal data that may be collected include:

  • Basic personal information, such as name, e-mail address, phone number, title or position;
  • Company information, such as details on the company you work for, including financial information, and other business related information related to your or your company’s business interactions with AFRY, such as meetings, projects and assignments;
  • Business opportunities, such as details on potential projects or assignments,  including stakeholder information, market area(s) and competence area(s);
  • Marketing related data, such as email subscription record, association with marketing campaigns and whether direct marketing has been denied.
  • IT access control data, i.e. data used if you access AFRY’s IT-systems and networks, such as IP address and any information required in order to establish and maintain a secure IT connection and to log access.

The information above may be collected in contacts with you directly or be provided to AFRY from its customers and business partners or be collected from public sources such as internet searches.

2. The purposes and legal basis of the processing activities

AFRY collects and processes personal data for legitimate business purposes, including entering into and performing business contracts with you, or the company you work for, or engaging with other business partners, marketing AFRY and its services and products, or as otherwise permitted or required by law.

The following are examples of business purposes pursued by AFRY:

  • to deliver professional services and products, including contracting, project management, planning of work and allocation of resources;
  • to conduct business planning and development, strategical reviews and statistical evaluation;
  • to issue and process invoices and payments;
  • to maintain a safe, secure and efficient use of internal information, ensure that business critical information and other assets are safe and protected;
  • to maintain good health and safety practises;
  • to investigate and prevent fraud, misconduct, infringements or other violations of legal rights and obligations;
  • to manage disputes and complaints, i.e. compensation claims, and to ensure compliance with legal obligations that AFRY are otherwise subject to.

3. Routines for storage and erasure

AFRY will process and store personal data only for as long as is necessary for the purposes that applied when collecting the data and to comply with legal obligations, resolve disputes and enforce contracts. Personal data may thus, for example, be stored during the performance of a contract up until it has been concluded and the period of limitations has expired, i.e. claims for compensation can no longer be pursued.

4. With whom we may share personal data

Personal data may be shared between the companies of the AFRY group for the purposes described in this privacy notice. Personal data that is being processed electronically by AFRY will mainly be stored on servers located in EU/EEA. Because AFRY operates globally and has customers and projects worldwide, personal data may be transferred and processed by AFRY subsidiaries and trusted suppliers and business partners outside of EU/EEA.

Personal data may be shared third party service providers, who may process data on AFRY’s behalf, such as IT service providers, subconsultants, lawyers and other external professional advisors.

Personal data may be shared with AFRY’s customers where you are a business partner and be shared with AFRY’s business partners where you are a customer, and other third parties, to the extent it is required for AFRY’s fulfilment of any actual or potential contracts with you or if its required by law or pursuant to any order of court or other competent authority or tribunal or by any applicable stock exchange regulations.

Any international transfer of personal data that takes place will be subject to appropriate security measures and all reasonable steps to ensure that your personal data is protected and maintained in accordance with this Privacy Notice and applicable data privacy laws will be taken, including using ‘standard contractual clauses’ approved by the European Commission.

5. Your rights as a data subject

In accordance with applicable data protection legislation, subject to some conditions and exceptions, you have the following rights:

  • The right to information about and access to your personal data, including the right to data portability;
  • The right to have personal data corrected or updated;
  • The right to erasure (‘The right to be forgotten’);
  • The right to restriction of processing;
  • The right to object to certain processing.

You may exercise the rights above by sending an email to privacy@afry.com. To opt-out of commercial electronic news letters and marketing, you may always click on the unsubscribe link at the bottom of the message.

You have a right to lodge any complaints regarding AFRY’s compliance with data protection laws with the appropriate supervisory authority.

6. About us

ÅF Pöyry AB (publ), corp. no 556120-6474 with the Swedish Companies Registration Office and with registered address SE-169 99 Stockholm, Sweden is the ÅF group’s main data controller. In addition, subsidiaries of ÅF AB (publ) may also be data controllers and process personal data as described in this privacy notice. Your relationship with ÅF will determine which of our group companies has access to and processes your personal data, and which of our group companies are the data controller(s) responsible for your personal information.

If you have questions regarding the privacy and security of your personal data that is being processed by ÅF, and which companies within ÅF are data controllers, please send an email to privacy@afry.com or contact our Data Privacy Manager at:

ÅF Pöyry AB (publ)
Att: Data Privacy Manager
SE-169 99 Stockholm, Sweden

[Privacy Notice Home]

Privacy Notice for candidates

This Privacy Notice gives information regarding collection, processing, storage and sharing of personal data for individually identifiable candidates. Candidates are persons not employed by AFRY that has registered a digital profile in AFRY’s systems for the purpose of interaction with AFRY preferably leading to employment. Personal data is collected when the candidate registers on our webpage and can be complemented by AFRY and candidate for as long as the relationship is active.

1. Categories of personal data that are concerned

  • Basic personal data: name, e-mail address, address, phone number and other private contact details.
  • Job resume: education, employments, assignments, competences, personal letter etc.
  • Recruitment process data: information obtained from interviews, assessments or references etc.
  • Sensitive personal data: In some cases, a candidate chooses to provide so-called sensitive personal information, such as ethnic backgrounds, sexual orientation, political opinion, religious beliefs, or professional affiliation. As a rule, we recommend not to provide this type of privacy-critical personal information. However, if a candidate still chooses to do this, we will process this information based on the candidate’s consent. This kind of data is, of course, handled with special vigilance, to protect your privacy as far as possible.

2. The purposes and legal basis of the processing activities

AFRY may collect and process candidates’ personal data due to legal obligations and/or legitimate interest of AFRY. Some of the data is processed based on consent of the candidate (e.g. data not required but still received in the CV or application letter).

Applicant information may be shared within AFRY’s Human Resource function and its other business functions (e.g. line management in relation to specific positions) to determine how well the application fits the position the employee candidate have applied for, or possible future postings. Additionally, the application data will be viewed together with additional information the applicant provides AFRY during the recruitment process (e.g. interviews, assessments, references). If applicant becomes an employee, the data may be retained and used for personnel administration including the establishment of a personnel record or other employment related purposes.

3. Routines for storage and erasure

AFRY will process and store candidates’ personal data for three years from the date of registration. After three years the candidate will receive an email, given the chance to actively give consent for us to keep their registered profile for another twelve months.

4. With whom we may share personal data

Personal data may be shared between the companies of the AFRY group for the purposes described in this Privacy Notice. Personal data that is being processed electronically by AFRY will mainly be stored on servers located in EU/EEA. Because AFRY operates globally and has customers and projects worldwide, personal data may be transferred and processed by AFRY subsidiaries and trusted suppliers and business partners outside of EU/EEA.

Personal data may be shared third party service providers, who may process data on AFRY’s behalf, such as IT service providers, subconsultants, lawyers and other external professional advisors.

Personal data may be shared with AFRY’s partners to the extent it is required for AFRY’s fulfilment of any actual or potential contracts with you or if its required by law or pursuant to any order of court or other competent authority or tribunal or by any applicable stock exchange regulations.

Any international transfer of personal data that takes place will be subject to appropriate security measures and all reasonable steps to ensure that your personal data is protected and maintained in accordance with this Privacy Notice and applicable data privacy laws will be taken, including using ‘standard contractual clauses’ approved by the European Commission.

4. Your rights as a data subject

In accordance with applicable data protection legislation, subject to some conditions and exceptions, you have the following rights:

  • The right to information about and access to your personal data, including the right to data portability;
  • The right to have personal data corrected or updated;
  • The right to erasure (‘The right to be forgotten’);
  • The right to restriction of processing;
  • The right to object to certain processing.

You may exercise the rights above by sending an email to privacy@afry.com.

You have a right to lodge any complaints regarding AFRY’s compliance with data protection laws with the appropriate supervisory authority.

5. About us

ÅF Pöyry AB (publ), corp. no 556120-6474 with the Swedish Companies Registration Office and with registered address SE-169 99 Stockholm, Sweden is the ÅF group’s main data controller. In addition, subsidiaries of ÅF AB (publ) may also be data controllers and process personal data as described in this Privacy Notice. Your relationship with ÅF will determine which of our group companies has access to and processes your personal data, and which of our group companies are the data controller(s) responsible for your personal information.

If you have questions regarding the privacy and security of your personal data that is being processed by ÅF, and which companies within ÅF are data controllers, please send an email to privacy@afry.com or contact our Data Privacy Manager at:

ÅF Pöyry AB (publ)
Att: Data Privacy Manager
SE-169 99 Stockholm, Sweden

[Privacy Notice Home]

Privacy Notice for networkers

[Privacy Notice Home]

This Data Privacy Notice gives information regarding collection, processing, storage and sharing of personal data for individually identifiable AFRY Networkers. Networkers are subconsultants or persons not employed by AFRY that has registered a digital profile in AFRY´s systems for the purpose of interaction with AFRY and/or the possibility to take on assignments for AFRY. The personal data is collected at registration in AFRY´s Network and can be complemented by AFRY and Networker as long as the relationship is active.

1. Categories of personal data that are concerned

The personal data that may be collected include:

  • Basic personal data: name, date of birth/personal identification number, e-mail address, nationality, gender, address, phone number and other private contact details, ID number in AFRY system, country of residence, and when needed other basic personal data;
  • Networker Company data (when applicable): Company name, VAT number, homepage, F-tax verification (timestamp & performed by);
  • Sales responsible (when applicable): Name, e-mail & phone number;
  • Performing and planning work: Availability, information supporting quality assurance process and applications for available assignments, picture, searchable CV data (e.g. education, employments, assignments, competences etc.) that may be communicated to AFRY Customers;
  • Business administration: ID number in AFRY system, AFRY sales responsible, working time, travel expenses, contact information to next of kin and when needed other personal data necessary for business administration;
  • Communication: personal data needed for access to AFRY´s IT-systems and networks, i.e. e-mail address/usernames for logging in and using the services available in AFRY portal but also other types of personal data logged in connection with the use of IT-systems and networks;
  • Security: date of birth, personal identification number, your picture used for keycards within AFRY or externally and when needed other personal data necessary for security reasons.

2. The purposes and legal basis of the processing activities

AFRY may collect and process networkers’ personal data for the following purposes. The list is not exhaustive but is intended to describe AFRY ´s need to process the networkers’ personal data.

  • administration and handling of the relationship with AFRY, maintaining of a networker data register;
  • management, contracting, planning of work, assignments, projects and workforce, planning and allocation of resources;
  • evaluation and monitoring of performance; 
  • payments and processing of compensation for work performed;
  • data for insurance purposes;
  • give the networker access to AFRY information systems, maintain a safe, secure and efficient use of internal information, ensure that business critical information and other assets are safe and protected; 
  • health and safety;
  • monitoring the use and application of internal policies and other regulations, protect AFRY property, material as well as intellectual property rights, prevent fraud and other illegal activities; 
  • managing disputes and complaints, i.e. compensation claims, act according to other legal requirements that AFRY might have to apply as a result of assignments performed for AFRY.

The legal base consists of AFRY being obligated according to legal requirements and other regulations to process personal data in a specific order, i.e. in relation to the tax authorities or insurance companies or in order to correctly register working time. The legal base might also consist of a balancing of interests giving AFRY the legitimate interest to process the data.

The legal base for the processing of data of a person registering to AFRY’s Partner Network is consent given at time of registration in AFRY systems as well as fulfilment of obligations in the contracts when performing assignments for AFRY.

3. Routines for storage and erasure

AFRY will process and store networkers´ personal data for as long as is necessary for the purposes that applied when collecting the data.

Personal data will be stored during the time period required due to legal obligation for AFRY to maintain the data, for example in order to verify correct tax deductions or for AFRY to be able to protect its rights as a contract party. The personal data will be erased according to schedule when it is no longer needed and when it isn’t possible networkers´ or authorities to claim compensation from AFRY according to contracts. AFRY might also have a need to save certain personal data that is connected to certain projects and therefore need to be saved during the lifecycle of the project.

4. With whom we may share personal data

Personal data may be shared between the companies of the AFRY group for the purposes described in this Privacy Notice. Personal data that is being processed electronically by AFRY will mainly be stored on servers located in EU/EEA. Because AFRY operates globally and has customers and projects worldwide, personal data may be transferred and processed by AFRY subsidiaries and trusted suppliers and business partners outside of EU/EEA.

Personal data may be shared with third party service providers, who may process data on AFRY’s behalf, such as IT service providers, subconsultants, lawyers and other external professional advisors.

Personal data may be shared with AFRY’s customers and other third parties to the extent it is required for AFRY’s fulfilment of any actual or potential contracts with you or if its required by law or pursuant to any order of court or other competent authority or tribunal or by any applicable stock exchange regulations.

Any international transfer of personal data that takes place will be subject to appropriate security measures and all reasonable steps to ensure that your personal data is protected and maintained in accordance with this Privacy Notice and applicable data privacy laws will be taken, including using ‘standard contractual clauses’ approved by the European Commission.

5. Your rights as a data subject

In accordance with applicable data protection legislation, subject to some conditions and exceptions, you have the following rights:

  • The right to information about and access to your personal data, including the right to data portability;
  • The right to have personal data corrected or updated;
  • The right to erasure (‘The right to be forgotten’);
  • The right to restriction of processing;
  • The right to object to certain processing.

You may exercise the rights above by sending an email to privacy@afry.com. To opt-out of commercial electronic newsletters and marketing, you may always click on the unsubscribe link at the bottom of the message.

You have a right to lodge any complaints regarding AFRY’s compliance with data protection laws with the appropriate supervisory authority.

6. About us

ÅF Pöyry AB (publ), corp. no 556120-6474 with the Swedish Companies Registration Office and with registered address SE-169 99 Stockholm, Sweden is the AFRY group’s main data controller. In addition, subsidiaries of ÅF AB (publ) may also be data controllers and process personal data as described in this Privacy Notice. Your relationship with AFRY will determine which of our group companies has access to and processes your personal data, and which of our group companies are the data controller(s) responsible for your personal information.

If you have questions regarding the privacy and security of your personal data that is being processed by AFRY, and which companies within AFRY are data controllers, please send an email to privacy@afry.com or contact our Data Privacy Manager at:

ÅF Pöyry AB (publ)

Att: Data Privacy Manager

SE-169 99 Stockholm, Sweden