INTEGRITY POLICY

What is personal data and what is meant by processing personal data?
Personal data is any kind of information that can be directly or indirectly linked to a natural person. Examples of personal data are names, social security numbers, e-mail addresses, telephone numbers, pictures and bank account details. Processing of personal data means all types of handling of personal data, such as collection, registration, storage, transfer and deletion.

What personal data do we process?
Smart processes different types of personal data depending on whether you are an employee, client or supplier.

Employees of Smart
If you are employed by Smart, we process all personal data that usually occurs within the framework of an employment. This is, for example, name, social security number, address, e-mail address, telephone number, bank account number, credit information, receipts for expenses, educational certificates and correspondence. The processing is necessary in order for us to be able to hire you and exercise our legal obligations as an employer, to be able to fulfill the agreement with the client you performed the assignment with, to be able to administer client support matters regarding you and the client, to be able to fulfill our legal obligations towards various authorities and to be able to communicate with you about what is happening in the ‘production house’ through e.g. newsletters.

Clients and suppliers:
If you are a client of ours because one or more of our employees have carried out assignments for you or if you are a supplier to us, we process, for example, name, social security number, address, e-mail address, telephone number and correspondence. We process this personal data in order to be able to fulfill our agreement with you, in order for us to be able to fulfill our legal obligations and in order to be able to secure our and the employee’s interests.

Responsible for personal data
Smart Coop, registration number 556891-3106, is responsible for the personal data processed within the company. Smart determines the purpose of the treatment and how the treatment should take place.
To get in touch with our personal data manager and data protection officer, email us at info@smartse.org and mark the email GDPR.

How and from which sources is the data collected?
We collect information about you in connection with your registration on our website. We collect the information that you enter into the system yourself. It can e.g. be name, social security number, address, e-mail address and bank details. In connection with your employment, additional information about you is also generated in our system, such as e.g. your account statements, contracts, applications, and other control information. We also collect information about you when you contact us regarding matters related to your employment with us, e.g. e-mail correspondence, sick leave, employer’s certificate, etc.

In addition to the information that you provide to us yourself or that we collect through you using our services or corresponding with us, we may also collect information from a so-called third party. Information that we collect from third parties is, for example, credit reference information from credit reference agencies and address information from public records.
We may also collect information about you by using cookies on our website.

What do we use the data for?
In order for us to process your personal data, it is required that there is support in current legislation. In order for our processing of personal data to be legal, one of the following grounds must be met:

• The processing is necessary for us to be able to fulfill the agreement with you.
• The processing is necessary for us to be able to fulfill a legal obligation that is incumbent on us.
• The processing is necessary to satisfy Smart’s legitimate interests and that your interest in privacy protection does not outweigh.

How can your personal data be shared and with whom?
We may share your data with companies or other legal entities that you, as an employee of Smart, have performed assignments with, in order to fulfill our employment agreement with you and our agreement with the customer.
We may also share your personal data with authorities who themselves decide how the information disclosed to them should be processed. When personal data is shared with authorities, their privacy policy and routines regarding processing apply. The authorities with which we may share your personal data are: State authorities, such as e.g. The Tax Agency, the Swedish Social Insurance Agency, the Swedish Social Insurance Agency, the Police and the Employment Service if we are obliged to do so by law, in order to be able to fulfill our responsibility as an employer or in case of suspicion of crime.

Principals and authorities outside the EU
If we need to transfer your personal data to third countries, we take appropriate protective measures to ensure that the level of protection is the same as within the EU. Examples of such safeguards are approved codes of conduct in the recipient country, standard contract clauses, binding company internal rules and the Privacy Shield.

How long do we store your personal data?
We save your personal data for as long as is necessary to fulfill the purpose for which the data was collected. The personal data that we have when you are employed, are a supplier or client are processed for different purposes, therefore they are also saved for different lengths of time depending on what they are to be used for and what our legal obligations look like. It can be as long as required for the assignment that you are contracted to carry out to be carried out, for us to be able to fulfill our employer responsibility towards you or as long as it is required to meet certain statutory storage times regarding, for example, bookkeeping.

How do we protect your personal data?
We take appropriate technical and organizational security measures to ensure that all information that we process is protected from unlawful or unauthorized access, but also from loss, destruction or other damage. Only the administrators who are authorized to our systems have access to your personal data and their handling of the information is strictly regulated in internal governing documents.

As a registered user, you have, according to current legislation, a number of rights linked to our processing of your personal data. Below we list your rights and what they mean. If you want to contact us regarding your rights as registered with Smart, email us at info@smartse.org and mark your email GDPR

You have the right to request information about which of your personal data we process, a so-called register extract. The request for a register extract must be made in writing, signed by you and sent to Smart Coop, Nytorgsgatan 15 A, 116 22 Stockholm. The register extract will be sent to your civil registration address.

If the personal data linked to you are incorrect, you have the right to request their correction. You also have the right to supplement with such personal data that you consider to be missing and that are relevant with regard to the purpose of the processing.

Right to erasure
You have the right to request that your personal data with us be deleted. There are certain cases when personal data must be deleted:

• If the data is no longer needed for the purposes for which it was collected.
• If the processing is solely based on consent and the consent is withdrawn by you.
• If the personal data is processed in violation of current legislation.
• If deletion is required to comply with a legal obligation.

There may be legal obligations that prevent us from deleting certain personal data. These obligations may stem from, for example, accounting legislation, tax legislation or consumer law legislation. It may also be the case that the processing is necessary for us to establish, enforce or defend legal claims.

Complaint
You have the right to object to the processing of personal data that we do based on a balance of interests. In the event of such an objection, we may only continue the processing if we can demonstrate that there are compelling, justifiable reasons why the personal data needs to be processed and these reasons outweigh your interests. We may also continue to process the data to establish, exercise or defend legal claims.

If your personal data is processed for direct marketing, you always have the right to object to the processing at any time. Direct marketing refers to all types of outreach marketing measures, e.g. via post, e-mail and SMS. If you object to direct marketing, we will stop processing your personal data for that purpose.

If you believe that your personal data is being processed in violation of current legislation, you have the right to submit a complaint to Smart or to the Swedish Data Protection Authority (formerly the Swedish Data Protection Authority).

Smart reserves the right to change and update our privacy policy if necessary. The latest version of the privacy policy will always be published on our website. In the case of changes that are of decisive importance for our processing of personal data, you as an employee will receive information about this via e-mail in good time before the update takes effect.

About cookies
A cookie is a small text file consisting of letters and numbers that is saved on your browser or device when you visit our website www.smartse.org Cookies are used to improve your user experience and to analyze how you use our service. We also use cookies to be able to target marketing to you.

If you want to read more about cookies and how they are used, you can find more information on the Swedish Post and Telecommunications Authority’s website www.pts.se