Processing of personal data
What is personal data?
Personal data is any information which directly or indirectly can be linked to your person. It may be obvious details such as your name or your social security number, but also details such as email address or phone number. Even pictures are a form of personal data, if you are clearly distinguishable in the picture.
What does processing of personal data mean?
Processing means everything that we at Complior do with your personal data. For example, when we collect, sort, or store personal data.
How do we collect your personal data?
At Complior, your personal data may be collected and registered when you for example, call us, e-mail us, order information material, leave a comment or question on our web chat, fill out a contact form, or when your company is one of our customers and our companies exchange contact information. If you contact us via a contact form or email we may send relevant marketing information to you. Please don’t send us sensitive personal data to us for example via e-mail and social media. Examples of sensitive personal data include, but are not limited to: ethnic origin, religious and political views, health status, personal identification number or union affiliations.
Who is responsible for the personal data?
Complior is a data controller for the processing of your personal data as we determine the means and purposes of the processing. We also use data processors, external suppliers, who help us with the processing.
Why do we process your personal data?
For Complior to be able to offer its services and to fulfil its commitments, we need to manage information about you. Throughout the processing of personal data, we safeguard your privacy. Below, we describe the purposes of processing your personal data, the legal grounds justifying the processing according to current data protection laws and regulations and how long we store personal data. Complior does not use personal data for profiling or automated decision-making. Automated decision-making means that we will use your personal data to make a decision without any human influence on the decision.
|What we do||Personal data |
that is used
|Legal basis||Retention |
|Identification and handling of prospects and customers for |
contact with our sales representatives.
|Name, work e-mail, phone number (work), job title, salesman’s notes.||Legitimate interest. |
of obligations in an
|For as long as we have a customer relationship with you and you do not object to the processing. The customer relationship terminates one year after the fulfilment of the obligations in the contract. We keep information about prospects for as long as we believe there is a solid interest in our products and services, which lasts no more than two years.|
|Send newsletters and information to our customers and marketing information to contacts and prospects. If the person reads the marketing information or newsletters we can also see if the person in question clicks through to our website.||Name and work email||Legitimate interest. (soft Opt-in) |
|For as long as we have a customer relationship with you and you do not object or unsubscribe (Opt-out). The customer relationship terminates one year after the fulfillments of the obligations in the contract. For those who have provided us with consent, deletion occurs in the event of termination of the subscription (Opt-out).|
|To answer questions from website visitors via our web chat, we process personal data in order to find potential prospects. If website visitors chat with us we can see the pages the person in question has visited on our website.||IP address, submittede mail address and name, country and town/city.||Legitimate interest.||Data is stored for a maximum of 6months unless the person in question has been registered as a prospect (see above).|
|Managing and contacting our customers’ contact persons.This includes, for example: case management, administration of visits, contract signing, email contact, meeting notes, meeting bookings, operational documentation.||Name, job title, email, (work), phone number (work), personal identification number (for secure identification of data center visitors).||Completion of obligations in an agreement |
|This information is stored as long as there is a service agreement between Complior and the customer. Personal identification number will be deleted when the case is completed.|
|Customer invoicing for fulfilment of obligations in service contracts and completion of other services and products such as consultation and sales of templates.||Name, telephone number, email, organization number.||Completion of obligations in an agreement. |
|We save the data as long as it is required by Swedish accounting legislation (7 years). After that, it takes a maximum of one year before the data has been deleted.|
|Managing job applications||Standard information in CV, for example name, personal identification number, picture, telephone, email, address, experience, previous occupations.||Legitimate interest |
|Personal data gathered during recruitment will be stored while the recruitment process is ongoing. If we see potential in the candidate, we can keep the data beyond this. We only do this if we get your consent, and then we keep the data for a maximum of three years.|
How long do we keep your personal data?
We will only keep the personal data if there is a purpose to retain the information. We are also required to retain personal information for a certain time according to requirements from various statutes such as Swedish accounting legislation.
Who can see your personal data?
Your personal data is only available to people who need them to perform their duties. We may also communicate information about you to our suppliers who help us with IT operations and support. Complior may also disclose necessary information to the police, the tax authorities or other public authorities if we are required to do so by law.
Where do we process your personal data?
Complior always strives to process your personal data within the EU/European Economic Area (EEA). However, in certain situations, the data can be transferred to, and processed in, countries outside of the EEA, since some of our suppliers or subcontractors are international organizations. Complior will take all reasonable legal, technical and organizational measures to ensure that your personal data is processed safely and with an adequate level of protection, both within and outside the EEA. If you want to know if or where your personal data is transferred outside the EEA, you can contact our Compliance Manager at firstname.lastname@example.org.
Your rights under the data protection regulation
You have certain rights as an individual which Complior is required to adhere to under certain circumstances. According to the General Data Protection Regulation (GDPR), you can claim the rights which are described below. To do this, contact email@example.com. To claim your rights, you must be able to identify yourself by answering some questions from our staff.
The right of access
According to the General Data Protection Regulation, you always have the right to receive information about your personal data which Complior is processing. If you send a request to firstname.lastname@example.org. Complior will send a transcript to you, containing the personal data that we process and a text that describes how we process it. It will normally take a maximum of one month to receive such a transcript.
The right to rectification and restriction
If you believe that any personal data about you is inaccurate or misleading, you can request it to be corrected or used in a more limited way in some cases. If this applies to you, please contact email@example.com. and explain what information you believe to be inaccurate and why.
The right to erasure (“right to be forgotten”)
You have the right to request deletion of your personal data stored by Complior if at least one of the following conditions is met:
- the data is no longer needed for the purpose for which it was collected
- the processing is based on consent and you withdraw your consent
- the processing concerns direct marketing, and you object to the processing
- you object to personal data processing justified by the legal basis – legitimate interest, and there is no legitimate interest that outweighs your interest
- personal data has been processed illegally
- deletion is required to comply with a legal obligation
You do not have the right to have your personal data deleted in case Complior:
Need to process the personal data for the performance of a task in the context of a contractual relationship with you, for archiving purposes, to exercise the right to freedom of expression and information, for compliance with a legal obligation or to defend legal claims.
The right to data portability
You sometimes have a right to have a copy of your personal data in a common, structured and machine-readable format, and in addition, to have your personal data transferred to another organization (if technically possible). This right is only applicable if the processing is based on consent or contractual obligation and is performed by automated means (e.g. with computers). Please contact our Compliance Manager if you would like to learn more firstname.lastname@example.org.
The right to object
You have the right to object to Compliors processing of your personal data. You may at any time object to direct marketing and Complior will then cease with the marketing. You also have a right to submit complaints to your local data protection supervisory authority.