Processing of personal data
On 12/12/2018, the following policy has been established for S2 Communications AB
In most cases, it is our customer, i.e. the company, authority or organisation that uses our services and systems, that is the data controller, which means that the customer is ultimately responsible for how your personal data is processed and that your rights are exercised. If you want to know which of our customers is the data controller for your personal data, please contact us as below.
Through agreements with our customers, S2 has been commissioned and committed to process personal data on their behalf and does so as a data processor.
S2 is also in some cases itself the data controller. This applies when we collect and process personal data on our own account, e.g. in relation to employees or in connection with marketing.
We never process more personal data about you than is necessary for the purpose, and we always strive to use the least privacy-sensitive data.
The processing of our employees' and former employees' personal data is specifically regulated in an internal policy.
We care about your privacy. You should be able to feel safe when you entrust your personal data to us or our customers. Therefore, we have established this policy based on applicable data protection legislation and clarify how we work to protect your rights and privacy.
The purpose of this policy is to let you know how we process your personal data, what we use it for, who gets access to it and under what conditions, and how you can exercise your rights.
We only process personal data when we have a legal basis and as a data processor only on the express behalf of our customers. We do not process personal data unless it is necessary to fulfil our obligations under contract and law or when we are supported by a balance of interests. Here are examples of the personal data we process:
Information that you voluntarily and voluntarily provide including information about your health e.g. allergies or special diets in connection with our events
We primarily get access to your personal data from our customer in cases where we are personal data processors and otherwise by you providing it to us yourself. We may also have access in the following ways:
In most cases, we process personal data on behalf of our customers as data processors and then it is the controller who decides which legal basis applies and what personal data should be collected, for what purposes and how processing should take place.
In cases where S2 is itself the data controller, we process personal data when we have support in law, so-called legal obligation, such as requirements under the Accounting Act or with the support of agreements with a data subject (e.g. employment contract).
In some cases, we also process personal data on the basis of so-called balancing of interests. This is done primarily for marketing or information purposes.
V ad applies to such processing of personal data that is not supported by law or in a balancing of interests and which is not necessary to fulfill an agreement with you, we will ask for your consent in connection with our collection of this personal data. You have the right at any time to withdraw your consent to the processing listed above. We will no longer process your personal data or collect new ones, provided that it is not necessary to fulfil our obligations under contract or law.
We have procedures and working methods to ensure that your personal data is handled safely. The starting point is that only people within the organization who need the personal data to carry out their duties and S2's commitments should have access to it.
Our security systems are developed with your privacy in focus and very much protect against intrusion, destruction and other incidents that may pose a risk to your privacy. We have agreements with our IT providers regarding IT security to ensure that your personal data is processed securely.
We do not transfer personal data to third parties in cases other than those expressly set out in this policy and we never transfer personal data outside the EU/EEA.
We may not disclose your personal data to anyone other than the customer who is the data controller for your particular personal data unless you have consented to it, or if it is necessary to fulfil our obligations under law or is regulated in our agreement with the controller.
In some cases, personal data is transferred to our subcontractors for marketing, information and follow-up purposes, as well as for storage. See more about personal data processors/sub-processors in section 5 below.
We save your personal data according to the instructions we receive from the controller. We never save your personal data for more than 15 months from the time the relevant customer agreement has ended. .
Where we are the data controller, your personal data will not be retained for longer than is necessary for the purposes of the processing and we will otherwise delete personal data in the manner required by applicable law.
Data subjects' rights as set out below apply in relation to the controller. In cases where we process personal data on behalf of others and as a data processor, please refer to the respective customer for the exercise of the rights below. If you have any questions regarding this, you can contact us via the contact details in section 6 below.
You have the right to withdraw consent to certain processing at any time. We will no longer process such personal data or collect new and all data about you that we processed with the support of consent will be deleted.
If you wish to withdraw your consent to our processing of your personal data, you can contact us via the contact details set out in paragraph 6 below.
Request for correction or deletion
You have the right to request that your personal data be corrected or deleted. You also have the right to request that the processing of your personal data be restricted or to object to such processing in the manner provided for in the General Data Protection Regulation or other applicable privacy legislation. Following such a request, we will examine whether there are grounds for the requested amendment.
Request for registry extract
You have the right to request extracts from S2 and our registers/systems in which personal data about you is processed and in such extract to be informed about what personal data about you S2 processes and how we process it.
If you have questions about the processing of the personal data or if you feel that it is incorrect, would like to request rectification, deletion, restriction or wish to object to the processing, please contact us in accordance with paragraph 6 below.
The Swedish Data Protection Authority is the supervisory authority for the processing of personal data and data protection in Sweden. You have the right to lodge a complaint regarding the processing of personal data with the Swedish Data Protection Authority. Contact information for the Swedish Data Protection Authority can be found on www.datainspektionen.se.
The controller is ultimately responsible for how your personal data is processed and that your rights are exercised. S2 is in most cases a data processor.
We use a number of personal data processors/sub-processors. Contact us if you want to know who we are hiring. Contact details are given in paragraph 6 below.
S2 always ensures through personal data processing agreements that our processors/sub-processors process personal data in accordance with this policy.
Data Controller: S2 Communications AB, 556593-4386
Address: Odinslund 2, 753 10 Uppsala
Phone number: 018-129600
Email address: firstname.lastname@example.org