We treat your personal data with respect. It belongs to you and we have only “borrowed” it from you for a limited time. That is why we will always be open about the information that we collect, why we collect it and how long we retain it. That is really all you need to know, but if you want to dig down into the details, we explain things in more depth below.
Personal data controller: Ylva Sandberg
What is personal data?
Any information that can be linked to a living person is personal data. Two obvious examples are your name and e-mail address, but IP addresses and photographs are also included. A description of someone’s appearance, behaviour or movements which allows that person to be identified is also personal data.
Some examples of personal data:
- Phone number
- E-mail address
- IP address
- Picture of a person
- Title, department and company
You can contact us and ask us to extract, correct or delete your personal data. If you change providers, you can also export your personal data to one of our competitors. You must consent to our use of your data for marketing or profiling purposes – and you can withdraw your consent at any time.
You can also…
- ask for a copy of all your personal data
- have your personal data removed
- have incorrect data amended
- take your personal data with you
- opt out of targeted marketing
- decline to be profiled
In some cases, we have to save information, to comply with the Swedish Accounting Act, for example.
What we save from our initial contact
When we deal with you for the first time, we may record your name, phone number and e-mail address. When you call us, your number is automatically saved on the phone you call to, and when you write to us, your e-mail address is saved in our e-mail system.
If we do not already have it from the initial contact, we will ask for your name so we know who is communicating with us. Where we meet face to face, we will save the information you consent to us storing, perhaps by giving us your business card. The same is true if you send us a physical letter.
If you visit our website, we will save anonymised details of your IP address, location data, the device and browser you are using, when you visited and which pages you looked at.
If we do not stay in contact and do not do any business together, we will purge this data after a year.
What we save if we do business together
If we enter into a commercial transaction of any kind, whether it is a customer-supplier relationship or some sort of mutual collaboration, we will need to save a bit more information about you.
The things we may save are…
- your name
- your address
- your e-mail address
- your phone number
- your company registration number
- your title, department and company name
- products or services ordered
- your IP address
Where it is relevant to our relationship, we may also save images and videos.
Why do we collect personal data?
We collect this data so we can use it to communicate with you (contact details), send you relevant information (newsletters), handle orders (order processing) or satisfy legal requirements when we do business together (accounting).
We collect data in order to…
- be able to communicate with you
- maintain good customer service
- handle enquiries
- handle orders
- handle staff matters
- handle sub-contractors
- manage our accounts
- send newsletters that you have requested
- send information that you have requested
But also to…
- produce anonymised statistics on our visitors’ behaviour, so we can make the user experience on our website even better and more secure.
- market or publicise our products and services via text, e-mail, social media, telephone or letter while we have an active business relationship.
- make you relevant offers and suggestions, based on what you or others with similar behaviour patterns have been interested in before.
- send notice of major changes to our terms and conditions, policies or organisation.
How do we collect personal data?
We mainly collect personal data directly from you. If we need more information, we may supplement our records with information from the Swedish Companies Registration Office or your company’s website, for example. We also collect personal data if you subscribe to our newsletter
We collect personal data from…
- you personally
- your organisation’s website
- newsletter requests on our website
- “cookies” on our website
- the Swedish Companies Registration Office, the Swedish Tax Agency or other public authorities
- social media
- our website
Where do we store personal data?
We keep the number of places where we store personal data to a minimum. There is some data that we have to store, because of the Swedish Accounting Act for example, and other information that we need to fulfil contracts. We use most of the personal data to keep in touch with our customers, suppliers and business partners.
We save personal data in…
- our business management and accounting system, Monitor
- our payroll system, Kontek
- our e-mail system
- contact lists on our phones
- distribution lists for newsletters in MailChimp
- job applications that we receive
- a project folder on the server
- a backup system in the cloud
- social media
- the web analysis tools Clicky and Google Analytics
How long do we retain your personal data?
We will retain your personal data while it relevant to our relationship (balance of interests), for as long as we have agreed with each other (by contract or consent), or as long as we are required to do so by the authorities (statutory requirements). If you call us, send us an e-mail or visit our website, we will purge all your personal data a year after our last contact with you. We will delete contracts five years after completion.
This purge may sometimes take the form of anonymisation.
If you unsubscribe from our newsletter, for example, your personal data will be deleted immediately.
We protect your personal data
All of our records are protected with locks or passwords, for example. This is true of our IT systems, our web provider and our cloud solutions for things like backup. We have procedures for purging personal data from our systems, which run at varying intervals depending on the type of data. We are required to keep some personal data for up to ten years.
In some cases, the purge involves anonymising the personal data.
Your personal data will never be “re-used” in a way that you have not agreed to beforehand. Nor will we share personal data with third parties without consent. If we transfer data to countries outside the EU, we protect the data with binding agreements.
In the unlikely event of our systems being hacked, we will inform the Swedish Data Protection Authority within 72 hours. If the attack affects anyone in our records, we are required to inform that person of it.
Personal data controller
Our personal data controller is Ylva Sandberg. Please contact her if you have any questions about your personal data and our records. Ylva can also tell you who else in our company has access to your personal data.