The privacy of you, our employees as well as our customers and collaborators are important to us. We want you as a registered user to feel that your personal information is handled safely. The aim of this document is to inform you about how we collect and process your personal data, for what purposes we collect data, and for how long the data are saved.
What is personal data?
Personal data refers to any information that directly or indirectly relates to an individual. Examples of personal data are names, social security numbers, e-mail addresses, phone numbers, pictures and IP numbers. Processing of personal data refers to any operations performed on personal data, such as collection, registration, storage, transfer and deletion.
What personal data does Smart Coop handle?
We processes many different personal data, depending on the whether you are an employee, a costumer or supplier.
If you are a Smart employee, we process the personal data that are standard in the context of an employment. This includes, for example, name, social security number, address, e-mail address, phone number, bank account number, credit statement, expense receipts, training certificates and email correspondence. The processing is necessary in order to enable us to employ you and exercise our legal obligations as an employer, in order to fulfil the contract with the customer who made use of your services, in order to manage client support matters regarding you and your customer (customer service), in order to fulfil our legal obligations towards different authorities and in order to market our services to you.
Customers and suppliers:
As a customer or a suppliers, we will, for example, process your name, social security number, address, e-mail address, telephone number and correspondence. We process these personal data in order to fulfil our contract with you, in order to fulfil our legal obligations, and in order to be able to assert our legal interests and the legal interests of our employees.
What do we use the data for?
- A corresponding current legislation, a so-called legal basis, is required in order to allow us to process your personal information. For our processing of personal data to be legal, at least one of the following requirements needs to be met:
- The processing is necessary in order for us to fulfil a legal obligation.
- The processing is necessary to meet the legitimate interests of Smart, and your interest in privacy protection does not override ours.
- The processing is necessary in order for us to fulfil the contract we have entered into with you.
How and from which sources does Smart collect the data?
We collect your data when you register on our website and create an invoice. We collect the information that you enter into the system yourself. That can be, for example, your name, social security number, address and e-mail address. In your employment with Smart additional information about you will be generated in our system, such as your salary specifications, your and other control details. We also collect information about you when you contact us regarding matters relating to your employment with us, such as your correspondence, sick notes, training certificates, etc.
Personal data controller
Smart AB, organization number 556892-3106, is the controller of the personal data processed within the company. Smart determines the purpose of the processing and the way in which processing is conducted. You can contact us on firstname.lastname@example.org and mark your email GDPR.
Who Smart might share your personal data with?
In some cases we may share your personal data with other legal entities.
We might, when applicable, share your personal data with government authorities, who in turn, decide on how to process the information provided to them. When personal data are shared with other independent personal data controllers, their respective privacy policies and procedures apply.
The independent personal data controllers we may share your personal data with are:
Government authorities, such as the Tax Agency (Skatteverket), the Social Insurance Agency (Försäkringskassan), the police and the the unemployment agency (A-kassan and Arbetsförmedlingen) if we are required to by law, in order to fulfil our employer responsibilities, or whenever there is suspicion of a crime.
Companies or other legal entities that you as employees have performed tasks for, in order to fulfil our employment contract with you and our contract with the customer.
Personal Data Processors
In order to be able to offer our services and fulfil our obligations according to the contract entered into with you, we will share some of your personal data with companies that support us with marketing, IT solutions, debt collection matters, etc. These companies are personal data processors, and we sign an agreement with them to ensure that they only process your information according to our instructions and for the purpose they were collected for.
Suppliers and Costumers outside the EU
Some of our suppliers operate outside this area, in a so-called third country. If we transfer your personal data to third countries, we take precautions to ensure that the level of protection is the same as within the EU/EEA region.
How long does Smart keep your personal data?
We keep your personal data for as long as it is necessary to fulfil the purpose for which the data was collected. The data we collect and which is generated when you use our services are processed for different purposes, therefore they are also kept for different time periods, depending on what they are used for, and depending on our legal obligations. They could, for example, be kept as long as is necessary to comply with certain statutory retention times relating to, for example, accounting.
How do we protect your personal data?
We take appropriate technical and organisational security measures to ensure that all information we process is protected from unlawful or unauthorized access, but also from loss, destruction or other damages. Only the administrators who have the authorization to access our systems have access to your personal data, and their handling of the information is strictly regulated by internal policies.
Your rights as registered user
As a registered user, current legislation bestows you with a number of rights linked to our processing of your personal data. Below please find your rights as well as their implications. Please contact us if you wish to exercise your rights on email@example.com and mark your e-mail GDPR
Right of access
You have the right to request information about which of your personal data we process. To request information about your personal data please do so in writing, signed the document and posted it to Smart Coop, Nytorgsgatan 15A, 116 22 Stockholm. The registry extract will be sent to the address at which you are registered (folkbokföringsadress).
Right to rectification
If the personal data linked to you are inaccurate, you have the right to request a rectification. You also have the right to have incomplete personal data completed that are relevant to the purpose of the processing. You also have the option of updating your data on our website when you are logged in.
Erasing Personal Data
You have the right to request that your personal data be erased. There are some cases in which personal data must be erased:
The data collected are no longer required for its original purpose
If personal data are processed in violation of current legislation;
If erasure is required to comply with a legal obligation;
There may be legal obligations that prevent us from erasing certain personal data. These obligations may stem from, for example, accounting, tax or consumer law. It may also be the case that the processing is necessary for the establishment, exercise or defense of legal claims.
Right to restriction of processing
You may, in some cases, request that the personal data processing by us be restricted. This means that personal data are marked to be used for specific limited purposes only.
The right to restriction applies, for example, if you have requested a rectification of your personal data. In these cases, you may also request that our processing of personal data be restricted during the investigation of the accuracy of personal data. You may also exercise this right if you object to processing conducted with the legal basis provided by a balance of interests, and you want the processing to be restricted during the investigation of whose legitimate interest is overriding.
Right to object
You have the right to object to us processing personal data based on the balance of interests. In case of such an objection, we may continue processing only if we can demonstrate compelling legitimate grounds for the processing of personal data which override your interests. We may also continue to process the data for the establishment, exercise or defense of legal claims.
If you believe that your personal data are processed in violation of current legislation, you have the right to lodge a complaint with Smart or the Data Protection Authority Dataskyddsmyndigheter
A cookie is a small text file consisting of letters and numbers that is stored on your browser or device when you visit our website. Cookies are used to improve your user experience and to analyze the ways in which you use our service.
To learn more about cookies and how we use them, you can find more information on the Post and Telecom Authority website at www.pts.se.