GDPR
Published Date : 25/03/2019
Categories :
The General Data Protection Regulation (GDPR) Personal integrity is something Brandfarliga Arbeten believes is important and wants to protect. Therefore, we always want to strive for a high level of data protection. In this policy, we explain how we collect and use personal information. We also describe your rights and how you can assert them. You are always welcome to contact us if you have questions about how we process your personal data. Contact details can be found at the end of this text. What is a personal information and what is processing of personal data? Anything that can be attributed directly or indirectly to a physical person who is alive is covered by the term personal data. It’s not just about names and social security numbers, but also, for example, pictures and email addresses. Processing of personal data refers to what happens to the personal data in the IT systems, regardless of whether these are mobile devices or computers. This could be, for example, collection, registration, structuring, storage, processing and transfer. In some cases, even things that take place outside the IT systems can be regarded as processing. This applies when registers are involved. Personal Data Controller For the processing of personal data that takes place within Brandfarliga Arbeten, Brandfarliga Arbeten is the Personal Data Controller. What personal information do we collect about you and why? In general, we mainly process your name, your email address, your phone number and your position. Sometimes additional information can be processed, for example, if you are a Member of Parliament or a local politician, but only if you can be considered to have disclosed the information yourself. For some services, you can, but do not have to, state areas of interest. If you create a user account with us, we will also process your login details. We process your personal information in order to provide the services and products you have requested (for example, a newsletter or participation in training). We will also process your personal data to preserve and administer our relationship with you and, if applicable, to administer the agreement with you or with your employer. We can also inform you about our courses, events and other things that we consider to be in the interests of both of us. In addition, we may use your personal information to inform you about products and services that we offer and which may be of interest to you. If you are a professional user, we can also inform you about products and services from our partners. If you are a professional user, analysis and processing of the data (including for profiling) that we may receive as described above (such as information in connection with ordering services or products or participation in seminars or activities organised by us) may occur. The purpose is to provide you with more customised and relevant information. Brandfarliga Arbeten always processes your personal data in accordance with applicable legislation. We process your personal data as necessary to fulfil an agreement with you or respond to your request for service or when we have another legitimate interest to process your personal data, for example an interest in marketing our services. If Brandfarliga Arbeten needs to process your personal data for any purpose that requires your consent, we will obtain your consent in advance. It may be obligatory to provide some personal information, for example, in order for us to provide a service or to fulfil another request from you. This will then be stated or made clear in connection with the data being collected. From which sources do we retrieve personal information? Collection of your personal data takes place, for example, when you enter your information in connection with you signing up to receive newsletters, attending seminars and events, ordering services and/or products from us or contacting us. Even when the company you work for is applying for and/or is a part of a recruitment campaign, information can be collected about people in leading roles at the company. Sometimes we obtain data from third parties. Who can we share your personal information with? Personal data assistants In some situations, it is necessary for us to hire other parties to be able to carry out our work. This may be, for example, using different IT suppliers. They are to be regarded as personal data assistants to us. Brandfarliga Arbeten is responsible for drawing up agreements with all personal data assistants and providing instructions on how these can process the personal data. Of course, we check all personal data assistants to ensure that they can provide sufficient guarantees regarding the security and confidentiality of the personal data. When personal data assistants are used, this only happens for the purposes that are compatible with the purposes we ourselves have for the processing. Those who are independently responsible for personal data We also share your personal information with certain other bodies or individuals who are independently responsible for personal data. This could be the Swedish Tax Agency for example. Some information is also provided for statistical purposes. When your personal information is shared with a body or individual who is independently responsible for personal data, the organisation’s privacy policy and personal data management applies. We may also disclose personal information to our organisers to the extent that this is required for the collaboration between the organisations to function. Furthermore, we may hire suppliers and partners to carry out tasks on the Brandfarliga Arbeten’s behalf, for example to provide IT services or help with marketing, analyses or statistics. The execution of these services may mean that these recipients will have access to your personal data. Brandfarliga Arbeten may also be able to disclose personal data to third parties, such as the police or another authority, whether it concerns the investigation of crimes or if we are otherwise obliged to disclose such information by law or due to an official resolution. Where do we process your personal information? We always strive to ensure that your personal information is processed within the EU/EEA, but sometimes this is not possible. For some IT support, the data can be transferred to a country outside the EU/EEA. This applies, for example, if we share your personal data with a Personal Data Assistant who, either himself or through a subcontractor, is established or stores information in a country outside the EU/EEA. As the Personal Data Controller, we are responsible for taking all reasonable legal, technical and organisational measures to ensure that this processing take place in accordance with regulations within the EU/EEA. When personal data is processed outside the EU/EEA, the level of protection is guaranteed either through a decision of the EU Commission that the country in question ensures an adequate level of protection or through the use of so-called appropriate protection measures. These include the “Privacy Shield” use of “Binding Corporate Rules” and various contractual solutions. If you would like further information on these safeguards, please contact us. Standardised model clauses for data transmission, adopted by the EU Commission, are also available on the EU Commission’s website. For how long do we save your personal data? We never save your personal information beyond what is necessary for the respective purpose. We have prepared purging procedures to ensure that personal data is not stored for longer than is needed for the specific purpose. How long this is varies depending on the reason for the processing. Some accounting information, for example, needs to be saved for at least seven years due to legislation,, while details regarding special diets are deleted within a week after the event has ended. What are your rights as a data subject? As a data subject, you have a number of rights under current legislation. For how to proceed to manage your rights, see the section “Managing your rights” further down. Below we list the rights of the data subject. Right to transcripts (right of access) If you want to know what personal data we are processing, you can request access to the data. When you submit such a request, we may ask a number of questions to ensure that your request is handled efficiently. We will also take measures to ensure that the information is requested and submitted to the right person. Right to rectification If you find that something is wrong, you have the right to request that your personal data is rectified. You can also supplement any incomplete personal information. In some cases, you can make rectifications yourself, which we then inform you about. Right to deletion You can request that we delete the personal information we process about you, including if:
· The data is no longer necessary for the purposes for which it is being processed.
· You object to a balancing of interests we carried out based on our legitimate interest, where your reason for objection is more important than our legitimate interest.
· The personal data is processed illegally.
· The personal data has been collected about a child (under 13 years of age) for whom you have parental responsibility
· If the information has been obtained on the basis of your consent and you want to withdraw your consent
However, we may have the right to refuse your request if there are legal obligations that prevent us from immediately deleting certain personal data. It may also be the case that the processing is necessary for us to be able to determine, assert or defend legal claims. If we are prevented from deleting your personal data, we will block the personal data from being used for purposes other than the purpose that is preventing it from being deleted. Right to limitation You have the right to request that our processing of your personal data is limited. If you object to the personal information we process, you may request limited processing during the time we need to verify that the personal data is correct. If, and when, we no longer need your personal data for the stated purposes, our normal routine is to delete the data. If you need it to be able to determine, enforce or defend legal claims, you may request limited processing of the information with us. This means that you can request that we do not purge and delete your data. If you have objected to a balancing of interests of legitimate interest that we have performed as a legal basis for a purpose, you may request limited treatment during the time we need to verify whether our legitimate interests outweigh your interests in having the information deleted. If the processing has been restricted in accordance with one of the above situations, we may, in addition to the actual storage, process the data to determine, enforce or defend legal claims, to protect someone else’s rights or in the event you have given your consent. Right to object to certain types of treatment You always have the right to object to all processing of personal data based on a balancing of interests. You also always have the right to avoid direct marketing. Right to data portability You, as a data subject, have the right to data portability if our right to process your personal data is based on either your consent or the execution of an agreement with you. One prerequisite for data portability is that the transmission is technically possible and can be carried out automatically. Managing your rights Requests for transcripts or if you wish to invoke any of your other rights must be in writing and hand signed by the person to whom the transcript relates. We will answer your requests without undue delay and within 30 days at the latest. How do we process national ID numbers? As far as possible we avoid dealing with national ID numbers. In some cases, however, it is justified chiefly if we need reliable identification. Regarding the processing of national ID numbers in the form of corporate identity numbers for individual business activities, this processing is required as long as the company is a member due to the corporate identity number being a national ID number. How is your personal data protected? We work actively to ensure that personal data is processed safely. We do this through both technical and organisational protection measures. The Swedish Data Protection Authority (which is shortly changing its name to the Integrity Protection Authority) is the authority responsible for monitoring the application of the legislation on data protection. If you believe that we are acting incorrectly, please contact us or the Swedish Data Protection Authority first, see datainspektionen.se. If you have any questions about how we process personal data or have a request in accordance with the above rights, you are always welcome to contact us.