Our GDPR Policy

Last updated on 2020-11-18

GDPR Policy – Selfcheck AB

Policy and Description of Processing Personal Data

Employees/Subcontractors

Policy: For employees and subcontractors, the following data may be processed:

  • Contact details such as email, address, and phone number.
  • Social security number.
  • Pictures of the employee/subcontractor.
  • Bank account information.
  • Confidentiality agreements and consultant agreements.
  • Consultant CV.
  • Skills and competencies.
  • Sensitive personal data, if required by the scope of the assignment.

Responsibility: Managers are responsible but can delegate the processing of personal data.

Instruction:

  • Checklist upon hiring.
  • Checklist upon termination of employment.

Customers

Policy: For customers, the following personal data should be processed:

Instruction: All registration of customer-related personal data should be done in HubSpot. In some cases, personal data may also need to be stored on our file server.

External Parties

Policy: For external parties, the following personal data may be processed as needed:

  • Contact details necessary for communicating with individuals from external parties.
  • Agreements related to business relationships.
  • Confidentiality agreements.
  • Contact details such as email and phone number.
  • Title or role.
  • Sales-related information, including financial history such as sent quotes, invoices, and payments made.
  • Any free-text regarding the customer’s role and our business relationship.
  • Information provided by the customer in connection with completed training efforts.

Responsibility: All employees and subcontractors within Selfcheck are responsible for adhering to the above when processing customer’s personal data.

Instruction: In some cases, registration of external party customer data may occur in the customer management system HubSpot when the relationship to the external party is of a customer nature.

Consent

Employees and Subcontractors

Policy: No consent is needed as we rely on Article 6.1B of the General Data Protection Regulation.

Responsibility: The manager hiring the employee or subcontractor is responsible for signing employment agreements with accompanying confidentiality agreements.

Instruction: Instruction will be provided shortly.

Customers

Policy: No consent is needed to process personal data for individuals employed by Selfcheck’s current or potential customers, if the purpose is to deliver the ordered service or product. We rely on Article 6.1F of the General Data Protection Regulation.

Responsibility: Employees and subcontractors to Selfcheck in roles with customer contact are responsible for following this policy.

Instruction: Only personal data necessary to fulfill our commitment to customers may be processed in the customer management system HubSpot.

External Parties

Policy: No consent is needed to process personal data for individuals employed by the Company’s collaborators, if the purpose is to enable a business relationship. We rely on Article 6.1F of the General Data Protection Regulation. Consent is obtained when there is a need to register personal data about an individual from a supplier. Consent is obtained by having the individual at the supplier complete a consent form – Supplier Consent, a form that will be provided shortly.

Responsibility: Respective employees and subcontractors are responsible for obtaining mutual consent when initiating collaboration with an external party. The consent is stored with the CEO at Selfcheck.

Instruction: Consent is obtained by having the individual at the supplier complete a consent form – Selfcheck Consent, a form that will be provided shortly.

Data Processing Agreement

In some cases, Selfcheck uses external parties to process personal data. In such cases, a Data Processing Agreement must be signed with the party that processes personal data on behalf of Selfcheck. Data processing refers to instances where we transfer personal data to external parties for further handling. Example: We send a file with invoices to a printing service provider for further processing.

Policy: A Data Processing Agreement must always be signed before transferring personal data to an external party for processing.

Responsibility: Selfcheck’s CEO/Person in Charge of Personal Data is responsible for signing Data Processing Agreements with external parties when necessary. Respective employees/subcontractors are responsible for notifying the CEO/Person in Charge of Personal Data when needed or when questions arise regarding this matter.

Personal Data Incident

We have a security system that highly protects against intrusions to safeguard your data. However, if an employee or subcontractor within Selfcheck suspects or knows that an intrusion has occurred in our IT system, the CEO/Person in Charge of Personal Data must be immediately informed. The CEO/Person in Charge of Personal Data must assess the situation and determine which personal data may have been compromised. Within 72 hours, the CEO/Person in Charge of Personal Data must contact the relevant authority and follow their instructions.

Your Rights as a Registered Person

You have the right to contact us at any time to see what information we have collected about you. If you have questions about the storage and use of any of the data we handle, please contact us with your requests or if any corrections to registered information are needed. Note that we will always need to retain and manage certain information to deliver the service to you.

You have the right to request your stored personal data from us and, under certain circumstances, request the deletion of your data. This is only possible if there is no legal basis to retain these data or if they have been mishandled.

Data Controller
Selfcheck AB
Organization Number: 559187-5488

Contact: Contact