Close modal
All filters Close
Show Delete filters
IKEA
Close menu Products Rooms
Online catalogs New Ideas and inspiration Special prices
English
Page to previous sheet Products Close menu Mattresses and toppers Outdoor Sofas, armchairs and foot stools Holiday House Beds Wardrobes Bedding Cooking and eating Appliances Living room furniture Lighting and electronics Dining chairs & tables Bathroom furniture Children´s room To classes with IKEA Bedroom furniture Gaming space Desks and computer desks Home organization Home decoration Rugs Textiles Cleaning and laundry solutions Care & Repair Food & beverages Page to previous sheet Rooms Close menu
Bedroom furniture Outdoor Living room Dining Kitchen Children´s room Home office Bathroom Hallway Holiday House
Page to previous sheet Online catalogs Close menu Catalogues Shopping guides IKEA Family Magazine Fika Magazine Discover all our catalogs, guides and magazines Page to previous sheet New Close menu See what's new STOCKHOLM collection NYTILLVERKAD collection BASINGEN collection Welcome to a world of new products Page to previous sheet Ideas and inspiration Close menu Inspirations Online shopping tips All IKEA events More sustainable every day Page to previous sheet Special prices Close menu All offers IKEA Family Prices Our lowest prices New lower price Last units! A great product at a good price

PRIVACY POLICY FOR BUSINESS ASSOCIATES SARTON GROUP

 

SPECIFIC AND IMPORTANT INFORMATION ABOUT THIS DOCUMENT
Reference

POL 009 – May 2021
Document Identification

Privacy Policy for Business Associates.
Geographical Scope

Global
Classification of information

Internal Use.
Section of Other Complementary Standards

People's Guide, IConduct, Anti-Corruption and Anti-Bribery Policy, Conflicts of Interest, SARTON Group Guidelines on Data Protection and Data Processing, Privacy Policy, and handling of customer information. Data Processing Policy, Employee Privacy Policy.
Replacing Standards or Policies

None
Approval Body

Board of Directors
Date of Approval of the current text

July 25, 2023
Proposing body or department

Compliance Committee
Main responsible for monitoring

IT Departments
Author of the Document

Compliance Committee
Date of Application

July 25, 2023
Published and Accessible in

WEB, Mi Llave Allen, and Intra-Net
Version

V01

Table of Contents.

 
1.0. PURPOSE. 
        DEFINITIONS. 
2.0. SCOPE. 

3.0. PRINCIPLES AND ACTION GUIDELINES. 

4.0. MANAGEMENT PRACTICES. 

5.0 DISSEMINATION, IMPLEMENTATION AND TRAINING 

6.0. ENTRY INTO FORCE AND REVISIONS. 
        DOCUMENT VERSION CONTROL. 
 

1.0. PURPOSE.

The SARTON Group's culture as an IKEA franchisee is characterized by openness, honesty, and trust. The Privacy Policy for Business Associates (hereinafter, also the "Policy") establishes the principles and guidelines by which SARTON Canarias and its subsidiaries (hereinafter, also "SARTON", or "SARTON Group", or "THE COMPANY") will protect your data, in accordance with the applicable regulations and aligned with its ethical values defined in the People's Guide and in the Criminal Offence Prevention Plan, as well as in future Regulations and Specific Procedures created to guarantee Information Security, and in other internal regulations that may be applicable.

SARTON will ensure data protection, regardless of the form in which it is communicated, shared, projected, or stored (hereinafter, the "INFORMATION"). This protection applies both to information within the SARTON Group and to information shared with third parties.

DEFINITIONS.
1. Personal data: means any information relating to an identified or identifiable natural person ("Data Subject"); An identifiable person is a person who can be identified, directly or indirectly, with particular reference to an identification number to one or more elements characteristic of his or her physical, physiological, mental, economic, cultural, or social identity.

2. Data processing: any operation or set of operations performed on personal data, with or without automatic means, such as collection, storage, adaptation or modification, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, limitation, erasure, or destruction.

3. IT solutions: refers to the application of computer technologies and resources designed to solve problems and meet specific needs within our organization. These solutions include the use of application software, hardware systems, databases, cloud services, and IT security systems, among others.

4. Applicable Data Protection Law: The laws and regulations relating to the processing and protection of personal data applicable in the country in which IKEA is headquartered.

5. Legitimate interest: legal basis for processing personal data in situations where the organization has a valid and justified reason to process such information without obtaining the explicit consent of the data subject.

6. Data Retention: The period of time during which information and personal data collected and processed by our organization will be retained and stored in our systems or records.

7. Data Processor: any third party, natural or legal person, acting under the direct authority of our organization and who has access to and responsibility to process personal data on our behalf.
 

2.0. SCOPE.

The current policy extends to all Associates who have a business relationship with SARTON Group.
 

3.0. PRINCIPLES AND ACTION GUIDELINES.

SARTON Group Responsibilities.
1) How we respect your Privacy.
a) Our approach at SARTON Group is to be as open and transparent as possible about the processing of your information, for this:
  1. We let you know exactly what information we collect and why we collect it.
  2. We let you know what we do with your information.
  3. We protect your information and let you know how long we keep it.
  4. We let you know your choices when it comes to your personal information, including who to contact if you have questions or requests.
2) What information we collect and why we collect it.
A. Contact information and data relating to our business relationship.
We collect information for the purpose of contacting you in your capacity as our supplier's representative, and this includes:
  1. Your name, professional contact details (email, phone, etc.), your professional role, your manager’s name, and other co-workers where applicable, the team you belong to, your supplier's address, and other information about the supplier, such as the goods/services you provide, among other details.
  2. We use the information collected from both you and your employer for the purpose of identifying you and establishing business relationships. The processing of this information is carried out on a legal basis in our legitimate interest to fulfil the stated purposes.
It is important to highlight that the protection and privacy of your data is fundamental to us, and any information collected will be handled in accordance with current data protection regulations. If you have any questions or concerns about how we handle your personal data, please do not hesitate to contact us.

Data related to the use of IT solutions.
When you use our IT solutions, we process certain types of information, including:
  1. IP address, login details, password, user profile, user ID, network ID, photo, location, and alias.
The purpose of this processing is to ensure secure access to our IT solutions and to facilitate recognition and contact between our company's co-workers and you as a user. This processing of information is carried out based on our legitimate interest to fulfil the stated purposes effectively and securely.

B. Other types of data
We also process various other types of information relating to you, such as:
  1. Results of surveys you may have participated in, feedback you have provided to us regarding our business, audio, and video recordings in which you may be captured when you visit us, your signature (on provider contracts, etc.), documents and work you may have created for us, and emails you may have sent to us.
We collect the information directly from you, and our processing purposes vary depending on the type of information collected. Here are some examples:
  1. Information about survey results: This information is processed for a variety of purposes, depending on the survey conducted. It can include goals such as workplace improvement and product development to offer a more effective service tailored to your needs.
  2. Comments and audio and video recordings: This data is processed primarily for both internal and external communication and learning purposes. It helps us to improve our interaction capabilities and provide better service.
  3. Signature: We process your signature to guarantee the validity of contracts and official documents, ensuring a solid and reliable business relationship.
  4. Emails: We process emails to facilitate effective communication between both parties, ensuring a smooth and agile relationship.
  5. Documents and other work: This data is processed to execute our business relationship with you, including managing projects, deliverables, and other aspects relevant to collaboration.
All of these processing activities are carried out based on our legitimate interest in fulfilling the stated purposes, and we are committed to respecting the privacy and confidentiality of your information.

We do not sell or trade your information with third parties, but we do share it with others who can help us achieve the IKEA vision. These may be other IKEA companies, service suppliers or Business Associates. We are all committed to keeping your information safe and secure.
We may share personal information with the following types of third parties:

Inside IKEA: IKEA is a brand for many companies. Each one plays a special role in achieving IKEA vision. We may share your information with other companies that operate under the IKEA brand.

Service Suppliers: We may also share your information with IKEA's authorized service suppliers. Typically, these are companies that store information or provide IT services.

Business Associates: IKEA works closely with other companies to achieve its vision. These strategic Associateships allow IKEA to learn more about people's needs and preferences, thus effectively enhancing its product range. In addition, thanks to the collaboration with companies specialized in media, marketing and social networks, IKEA is able to promote its brand and reach a wider audience, ensuring its strong presence in the market. These Associateships play a crucial role in IKEA's continued growth and success, ensuring that they can deliver exceptional products and services to their customers.
 
  • a) How we keep your personal information secure.
We protect your information from all types of threats: destruction, loss, alteration, disclosure, or unauthorized access. We do this in a variety of ways depending on where we store and use it.

International Transfers

As part of a global group of companies, we have service suppliers and Business Associates in various locations around the world. In some cases, it may be necessary to transfer your information to one of these companies outside your region.

To ensure that these transfers are carried out in a secure manner and in compliance with applicable data protection regulations, we use a variety of measures. We sometimes rely on privacy adequacy decisions issued by the relevant authorities, which means that the destination country is considered to provide an adequate level of protection for your personal data.

In cases where there is no adequacy decision, we take other measures to protect your data. One of these is the use of standard contractual clauses, which are legal agreements established with the recipient outside your region, designed to protect your personal data during the transfer.
 
  • b) How long we keep your personal data.
Our information retention policy states that we will delete your data no later than one year after no longer represent our provider, or once our relationship with such provider has expired, unless one of the following circumstances applies:
  1. (1) If applicable law requires us to retain the information for a longer period.
  2. (2) If there are special circumstances that justify data retention. These situations may include cases where the original purpose for collecting the information remains valid for an extended period. In such cases, we will process the information until the original purpose has been fulfilled.
Examples of special circumstances include:
  • If you have created documents or other work that has a relevant purpose, they may be retained indefinitely if they are part of the IKEA product range or have a valid purpose.
  • If you have participated in an audio or video recording used for co-worker training purposes, we may retain such material for a period of time as long as it remains relevant to these training purposes.
  • If you have participated in contractual negotiations through e-mails, we may retain these e-mails while the agreement is in effect, and even longer depending on the nature of the agreement.
 
  • c) Your Privacy Rights.
Your rights in relation to your personal information are important to us. Below, we provide you with information about these rights so that you can use them if you want to. If you require further details or wish to exercise any of these rights, please do not hesitate to contact us using the contact details at the end of this statement. Please note that some of these rights may not apply to your specific situation.

Right of access:

You have the right to know what personal information we process and for what purpose. Through this statement, we inform you about our processing activities. If you have questions or need more information about the information we process about you, please do not hesitate to contact us.

Right to rectification:

If you believe we have incorrect information about you, such as your name or address, you can ask us to correct it.

Right to erasure / right to be forgotten:

You have the right to ask us to permanently delete your personal information from our records. You may exercise this right if you believe that it is no longer necessary for us to retain that information or if you withdraw your prior consent to its processing.

Right to restrict processing activities:

In certain situations, you have the right to request the restriction of our processing activities. This means that we will retain your information, but temporarily stop any further processing. You can exercise this right, for example, if you have requested a correction of inaccurate information and want us to stop processing it until it is corrected.

Right to data portability:

In certain circumstances, you have the right to ask us to send you your personal information in a digital format, so that you can forward it to another entity.

Right to object:

You have the right to object to the processing of your information, including where we have a legitimate legal basis to do so. You may exercise this right if you believe that your personal interests override our legitimate interests. In addition, if you do not want us to use your information for direct marketing purposes, including profiling, we will comply with your request.

Right to file a complaint with a supervisory authority:

If you are not satisfied with the way we process your personal information, you have the right to file a complaint with the relevant national supervisory authority.
 
  • d) Who to contact?
If you have questions about our privacy statement or practices, please do not hesitate to contact us. You can contact us at: lopd@ikeasi.com

Business Associates Responsibilities.
This Privacy and Data Protection Policy (hereinafter referred to as the "Policy") sets out the principles and rules that all Business Associates ("Associates") must comply with when accessing, processing, or handling any personal data by virtue of their business relationship with SARTON Group.

Responsibility:
  • a) Associates must comply with applicable privacy and data protection laws and regulations.
  • b) Associates will be considered "Data Processors" and will act in accordance with SARTON Group's instructions and this Policy.
Collection and Use of Personal Data:
  • a) Associates may only collect personal data on behalf of SARTON Group with the express and documented consent of the data subject, or where there is a legal basis to do so.
  • b) Personal data may only be used for the specific purposes agreed with SARTON Group and in accordance with the instructions provided by SARTON Group.
Data Security:
  • a) Associates will implement appropriate technical and organizational security measures to protect personal data against unauthorized access, loss, disclosure, or alteration.
  • b) Associates must immediately notify SARTON Group of any security breach or incident related to personal data.
Data Transfer:
  • a) Associates may not transfer personal data of co-workers or customers to third parties, or to any other country or jurisdiction, without the prior written consent of SARTON Group, unless there is a legal basis to do so.
  • b) If international data transfer is required, Associates will ensure an adequate level of data protection in accordance with applicable laws.
Data Retention:
  • a) Associates will only retain personal data for as long as necessary to fulfill the purposes agreed with SARTON Group or as required by applicable laws and regulations.
  • b) Upon termination of the business relationship, Associates will return or delete all personal data held by them, unless otherwise instructed by SARTON Group.
Confidentiality:
  • a) Associates must maintain the confidentiality of personal data and not use it for any purpose other than that agreed with SARTON Group.
Assistance to SARTON Group:
  • a) Associates must provide assistance to SARTON Group in exercising the rights of data subjects and in responding to any requests or complaints related to personal data.
Audits & Compliance:
  • a) Associates agree that SARTON Group or a designated auditor may conduct periodic audits to verify compliance with this Policy.
Modifications to the Policy:
  • a) SARTON Group reserves the right to modify this Policy at any time. Associates will be notified of any changes and will be asked to accept the updated terms.
  • b) Failure to comply with this Policy may result in the termination of the business relationship with SARTON Group and any other action that is permitted by applicable laws.
By accessing, processing, or handling personal data by virtue of their business relationship with SARTON Group, Associates acknowledge and accept the terms set forth in this Privacy and Data Protection Policy.
 

4.0. MANAGEMENT PRACTICES.

It is SARTON Group's responsibility to establish and review appropriate controls to ensure compliance with this Policy and its implementing regulations, including the organizational and technological mechanisms necessary to facilitate continuous monitoring of the INFORMATION managed by SARTON Group and Business Associates.

From now on, SARTON Group will measure and verify compliance with this policy through various methods, including, but not limited to, internal and external audits.
 

5.0 DISSEMINATION, IMPLEMENTATION AND TRAINING

SARTON Group undertakes to provide specific resources to ensure the effective implementation of this Policy.

The Compliance Committee expressly reserves the right to adopt, proportionately, the necessary monitoring and control measures to verify the correct use of the Systems made available to THE COMPANY's personnel, including the content of communications and devices, respecting, in all cases, current legislation and guaranteeing the dignity of the personnel. The communication and acceptance of this Policy will have the effect of prior notification to the personnel.

The assessment of a possible breach of this Policy will be determined in the corresponding procedure, in accordance with the current provisions, without prejudice to the legal responsibilities, including penalties in the labour field, which, if applicable, may be required.
 

6.0. ENTRY INTO FORCE AND REVISIONS.

This policy will be effective on the date of its approval by the Board of Directors and will remain in force until a new policy in this area is approved.

It is the Compliance Committee's obligation to periodically review this policy, as well as possible non-compliances or omissions, in order to propose, if necessary, modifications or additions to it, in the context of the continuous improvement that the compliance culture promotes.
 
DOCUMENT VERSION CONTROL.
Versión
Date
Aproval Body
Reviewer
Sumary of Changes
1 July 25, 2023 José Vega Diaz Mabel Encarnación Ramirez Creation of the document
Product added to Product removed from your favoritesgo to Your favorites list Close Close modal
The following modal has been opened: Successful processing.

Hej

You're now one step closer to the kitchen of your dreams. We will contact you to schedule the date and time of your appointment. We've sent you an email with more information and contact details.

Accept

Close modal

The following modal has been opened: An error has occurred.

Hej

Failed to send your message, please try again. An email has been sent to technical support.

Accept