Processing of personal data
This day, 2018-12-12, the following policy has been established for S2 Communications AB (”S2”).
In most cases, it is our client, i.e. the company, authority or organization that uses our services and systems, who is the controller, which means that it has the ultimate responsibility for the processing of your personal data and the preservation of your rights. Please contact S2 in accordance with section 6 below to find out who is the controller regarding your personal data.
S2 has, through agreements with our clients, been commissioned to and has undertaken to process personal data on their behalf and fulfills this task in the capacity of a processor. In some cases, S2 itself operates as a controller. This applies when we collect and process personal data for our own account, such as in relation to employees or in connection with marketing.
We do not process more personal data than is necessary for the purpose, and we always strive to use the least privacy-sensitive information.
The processing of employee’s and former employee’s personal data is specifically regulated in an internal policy.
We protect your privacy and you should be able to feel safe when you entrust us with your personal data. Therefore, we have established this policy based on current data protection legislation to clarify how we work to defend your rights and your integrity.
The purpose of this policy is to inform you about how we process your personal data, what we use it for, who will get access to it and under what conditions and how you can exercise your rights.
What types of personal data do we process?
We only process personal data when we have a legal ground and, when we operate as a processor, only when we have explicit instructions from our client. We do not process personal data in any case other than when they are required to fulfill our obligations under law and agreements or based on legitimate interests. Here are examples of the types of personal data that we process:
- E-mail address
- Phone number
- Personal identity number
- User name
- Photos / pictures / movies / sound recordings
- Debit- and credit card number, account number and other bank-related information
- Information that you publish yourself or otherwise provide to us voluntarily including details regarding your health, for examples information on allergies or special diets in accordance with our events
How do we access your personal information?
We will primarily get access to your personal information from our client in cases where we are a processor and otherwise by you providing the personal data to us. We can also get access through the following ways:
- Information which you provide us with directly
- Information that is registered when you visit our website
- Information we receive from public registers
- Information that we receive when you answer surveys and other polls and investigations
- Information we receive when you sign up for our events or seminars
- Information that we receive when you sign up for newsletters and other mailings
- Information that we receive when you contact us, seek employment with us, visit us or in other ways seek contact with us
In what ways and for what reasons do we process your personal data?
In most cases, we process personal data on behalf of our clients in the capacity of processor. The controller is then responsible for determining which legal ground is applicable as well as what personal data to collect, for which purposes and how to process them.
In cases where S2 itself is the controller, we mainly process personal data with the support of law, so called legal obligation, for example in order to comply with requirements under the Accounting Act, or with the support of an agreement with an individual (such as an employment contract).
In some cases, we may also process your personal data based on legitimate interests. This will primarily be relevant when we need to process personal data for advertising, marketing or information purposes.
Regarding such processing of personal data which is not directly necessary to comply with applicable laws and which does not have another legal ground as described above, we will collect your consent in connection with the retrieval of such personal data. You may withdraw your consent at any time for such processing as described above. We will then no longer process your personal data or obtain any new data, if it is not necessary to fulfill our obligations under a contract or law.
Is your personal data processed in a safe way?
We have routines and procedures for managing your personal data in a safe way. Only persons who need personal data to perform their duties and S2’s commitments shall have access to personal data.
Our security systems are developed with your integrity in focus and to protect, to a great extent, against intrusion, destruction and other incidents that could endanger your privacy. We have agreements with our IT providers regarding IT security to ensure that your personal data is processed safely.
We do not transfer personal data to third parties in cases other than those expressly stated in this policy and we never transmit personal data outside the EU/EEA.
When do we share your personal data?
We may not disclose your personal data to anyone other than the client who is the controller for your personal information unless you have given your consent or where it is necessary to comply with our statutory obligations or is governed by our agreement with the controller
In some cases, personal data is transferred to our subcontractors for marketing-, information- and follow-up purposes and for storage. See more about processors/sub-processors in section 5 below.
Retaining and deleting personal data
We retain your personal information according to the instructions we receive from the controller. We will never process (save) your personal data longer than 15 months from when the relevant client agreement expires.
Where we are the controller, your personal data will not be retained for longer than what is necessary in order to fulfill the purpose of the processing and we will delete personal data in accordance with applicable law.
4 Your rights
When we are processor
The rights for individuals as set out below apply in relation to the relevant controller. In cases where we process personal data on behalf of others and as processor, please contact the respective controller for the exercise of your rights below. If you have any questions regarding this, you can contact us via the contact details in section 6 below.
When we are controller
To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time by contacting us via the contact information set forth in section 6 below. Withdrawal will not affect the lawfulness of processing before the withdrawal.
Request for rectification or erasure
You are entitled to request that personal data about you is rectified or erased. You also have the right to restrict the processing of your personal data or object to such processing in accordance with the General Data Protection Regulation or national privacy laws. Following such a request, we will examine whether there is reason to implement the requested change.
Request for a registry extract
You are entitled to request extracts from S2 and our registries/systems in which personal data about you is processed and, in such extracts, be informed of what personal data about you that S2 is processing and how we process this data.
If you have questions regarding the processing of your personal data or if you find that any data is incorrect, want to request rectification, erasure, restriction or objection to the processing please contact us in accordance with section 6 below.
The Swedish Data Protection Authority
The Swedish Data Protection Authority (DPA) is the supervisory public authority for processing of personal data and data protection in Sweden. You are entitled to lodge complaints regarding the processing of personal data to the DPA. Contact information for the DPA can be found on www.datainspektionen.se/in-english/contact-us/.
5 Controller of personal data and our processors
The controller is ultimately responsible for how your personal data is processed and that your rights are protected. S2 is in most cases a processor of personal data.
S2 hires a number of personal data processors (sub-processors). Contact us according to section 6 below if you want to know which personal data processors we are hiring.
S2 always ensures through personal processing agreements that our processors / sub-processors only process personal data in accordance with this policy.
6 Contact details
Controller of personal data: S2 Communications AB, 556593-4386
Address: Odinslund 2, SE-753 10 Uppsala, Sweden
Phone number: +46 18 12 96 00
E-mail address: firstname.lastname@example.org