INFORMATION ON THE PROCESSING OF PERSONAL DATA
1 Introduction
Regulation (EU) 20916/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free flow of such data (GDPR) comes into force on 25 May 2018. One of the main purposes of GDPR is to protect the personal integrity. Privacy issues are very important in our business and we strive for safe, secure and legal processing of personal data. Processing personal data is not an end in itself and we therefore try to process as little personal data as possible, for as short a time as possible and where the data becomes available to as many as possible.
2. What is personal data?
What constitutes personal data is defined in the GDPR and it also applies here. Simply put, a personal data is any kind of data that can in some way directly or indirectly identify a physically living person, e.g. name, picture, phone number, social security number, e-mail address or IP address.
3. What types of personal data are processed?
– Contact details (name, address, postal address, phone number, email address and IP address).
- Payment information (information about payment for our products and services, study materials, course fees or the like).
– Social security number.
4. What is the reason (purpose) behind the treatment?
We must have a legitimate, specific, predetermined and clear purpose, i.e. a legitimate reason for us to process your personal data. We process the data for the following purposes: 1) Contacts and communication, i.e. to be able to contact you and leave messages or otherwise communicate with you.
2) Provision of products or services, i.e. to fulfill our obligations to provide products or services to you under any contract or other agreement we have with you.
3) Execution of various actions: i.e. to take such actions as become relevant in connection with our provision of products or services to you, such as invoicing you and taking payment or to carry out various things that you have asked us to do.
4) Marketing: i.e. in order to be able to market our products and services.
5) Survey and Statistics: i.e. to see how you use our products and services and make assessments to improve the products and services or how they are provided;
6) Investigation of your visits to our website: i.e. to see and assess how you use our website and improve the website based on this.
7) Fulfillment of legal obligations: i.e. to fulfill various obligations that we have according to law or other constitution, e.g. accounting, reporting and declaration, or for providing information to various authorities.
5. Legal basis for the processing
In order to process your personal data, we must have a legal basis for this and what these legal grounds may be are listed in the GDPR. For our processing of your personal data, it is one of the following legal grounds that gives us the right to the processing:
1) Consent: Before certain processing of personal data, we may ask for your consent. Consent is voluntary, i.e. in such cases, you decide for yourself whether you want us to process your personal data and you can notify us at any time that you withdraw your consent, after which we may no longer process the personal data. Keep in mind that without being allowed to process your personal data, we may not be able to carry out such measures as you have asked us to do.
2) When the processing is necessary for certain legally specified measures: Even without your consent, it may in some cases be permitted for us to process your personal data.
- This is the case if the processing must take place in order for us to fulfill a contract or other agreement with you. Otherwise cannot provide the products or services to you. We must be able to know to whom and where the provision should take place. We also need to know which products or services apply and the measures needed for us to be able to carry out what we promised.
- This is also the case if we have a legal obligation to take certain measures and where the measures cannot be taken if we do not process your personal data, e.g. your personal data may be included in our invoices or in our accounting, reporting and declaration, and which we are obliged by law to submit to authorities or other organisations.
- This may also be the case if in individual situations we need to use your personal data for an interest that must be considered more important than your interest in the data not being processed. On this basis, we may use your personal data to provide you with information, e.g. about our products or services and also to market these (if you do not want any marketing, you can simply let us know and you will not receive this).
6. Social security number
Social security number counts as a special category of personal data that may only be used under special conditions and where there is a special need. We therefore do not use the social security number as any general identity information and our systems or our processing are not structured
7. Cookies
By cookies it is understood that various data are stored in or retrieved from a user's terminal equipment. This happens i.a. so that the user does not have to enter the same information every time he visits the websites or so that he can navigate the website more easily. For such reasons, we may use cookies to facilitate your searches in our systems and services. In such cases, this must be apparent when you visit our website and you have the option in such cases to deny us the use of cookies.
8. Marketing
We may process your personal data in our marketing and in such cases this takes place after a balance of interests. In such cases, only personal data that can be considered non-sensitive, such as your contact details but also information about which products or services you have chosen from us, is processed. With the use of such information, we may inform you about or offer you other educations or courses with us that we believe may be of interest to you.
We may also use your email address or phone number for direct marketing. If you do not want us to use your email address or phone number for direct marketing, you can notify us and request that we stop marketing.
9. Duration of the treatment
There is no self-serving purpose for us in saving your personal data. Therefore, we will only keep the personal data for as long as it is reasonably necessary for any of the purposes stated above. This means that we remove or de-identify your personal data when we no longer need it for any such purpose and to fulfill any of the legal grounds listed above.
The storage period may in and of itself vary depending on the purpose and the legal basis. We can e.g. by law be obliged to retain information for a certain longer period of time and then we may not remove the information earlier than this allows. Due to the nature of the agreement with you, we would e.g. may also need to save the personal data for some additional time after the termination of the agreement in order to be able to safeguard rights or fulfill obligations towards you that apply even after this time.
10. Security and protection of personal data
In order to protect your personal integrity, we take various measures to protect your personal data and to meet the requirements for security in the processing of personal data that apply according to law. Therefore, we have special routines and rules regarding data protection which mean that we have taken various physical, technical, administrative and organizational security measures.
We store or send your personal data in a secure manner and our personnel, through our systems and routines for authorization control, only have access to such personal data as they need to perform their work.
We log events in our IT systems to be able to check which user identity has taken different actions at different times and also follow up the logging to detect and remedy deviations.
11. Disclosure of personal data
We do not sell your personal data to anyone else, but we may disclose your personal data to the following categories of recipients:
– Suppliers, both within and outside the EU/EEA, such as e.g. provides IT services to us, or manages our contacts, our payment matters or handles our bookkeeping or accounting.
– Banks or other payment intermediaries, when you identify yourself with a Bank ID, pay with a card or with other digital or electronic means of payment such as e.g. Swish.
- Other recipients when it follows from an obligation in law or other constitution or authority decision that we must disclose the information to.
12. Personal data assistant
In some cases, we may hire someone else as our personal data assistant for the processing of the personal data. In that case, we will ensure that the personal data assistant has the same obligations as we ourselves have and we take full responsibility towards you for the personal data assistant's actions with your personal data. Such recipients who process your personal data for us must always enter into a personal data processing agreement with us so that we can ensure that your data is handled correctly and securely. We take special protective measures if we hire suppliers who process your personal data outside the EU/EEA on our behalf. In such cases, we can e.g. enter into agreements with such standardized model data transfer clauses as adopted by the European Commission and which are available on the European Commission's website.
When your personal data is disclosed to recipients who are independent personal data controllers, such as authorities or banks, their rules apply to the processing of personal data they carry out such as their privacy policy and information on personal data processing.
13. Your rights
By law, you have certain different rights regarding the processing of your personal data. If you want to use any of your rights, you can contact us via the contact details below.
You have the right by law and the conditions stated therein to:
- get access to or information about the processing of your personal data, which means that you have the right to receive confirmation of whether we are processing your personal data
- receive register extracts, which means that you have the right to receive an extract with your personal data that we process
- request rectification, which means you have the right to have incorrect personal data corrected if for any reason we are required by law to retain it
- request to be deleted (right to be forgotten), which means that you have the right to have your personal data deleted under certain circumstances
- object to such processing of your personal data that we carry out after a balance of interests and to processing for direct marketing, you can also request that the processing be limited
- request data portability, which means that you can demand that personal data be moved from us to another company, authority or organization, but this right only applies to data that you yourself have provided to us.
14. Contact information
You can reach us as follows:
Share Production SP
Loreen Vallin
+46762483380
Shareproduction.net
If you want to know more about data protection legislation and your rights, you can read more at EUR-Lex. If you want to complain about our processing of your personal data, please contact us. You can also complain to the supervisory authority (the Data Protection Authority or the Data Protection Authority).