Last updated on 2020-11-18
Policy and Description of Processing Personal Data
Employees/Subcontractors
Policy: For employees and subcontractors, the following data may be processed:
Responsibility: Managers are responsible but can delegate the processing of personal data.
Instruction:
Customers
Policy: For customers, the following personal data should be processed:
Instruction: All registration of customer-related personal data should be done in HubSpot. In some cases, personal data may also need to be stored on our file server.
External Parties
Policy: For external parties, the following personal data may be processed as needed:
Responsibility: All employees and subcontractors within Selfcheck are responsible for adhering to the above when processing customer’s personal data.
Instruction: In some cases, registration of external party customer data may occur in the customer management system HubSpot when the relationship to the external party is of a customer nature.
Consent
Employees and Subcontractors
Policy: No consent is needed as we rely on Article 6.1B of the General Data Protection Regulation.
Responsibility: The manager hiring the employee or subcontractor is responsible for signing employment agreements with accompanying confidentiality agreements.
Instruction: Instruction will be provided shortly.
Customers
Policy: No consent is needed to process personal data for individuals employed by Selfcheck’s current or potential customers, if the purpose is to deliver the ordered service or product. We rely on Article 6.1F of the General Data Protection Regulation.
Responsibility: Employees and subcontractors to Selfcheck in roles with customer contact are responsible for following this policy.
Instruction: Only personal data necessary to fulfill our commitment to customers may be processed in the customer management system HubSpot.
External Parties
Policy: No consent is needed to process personal data for individuals employed by the Company’s collaborators, if the purpose is to enable a business relationship. We rely on Article 6.1F of the General Data Protection Regulation. Consent is obtained when there is a need to register personal data about an individual from a supplier. Consent is obtained by having the individual at the supplier complete a consent form – Supplier Consent, a form that will be provided shortly.
Responsibility: Respective employees and subcontractors are responsible for obtaining mutual consent when initiating collaboration with an external party. The consent is stored with the CEO at Selfcheck.
Instruction: Consent is obtained by having the individual at the supplier complete a consent form – Selfcheck Consent, a form that will be provided shortly.
Data Processing Agreement
In some cases, Selfcheck uses external parties to process personal data. In such cases, a Data Processing Agreement must be signed with the party that processes personal data on behalf of Selfcheck. Data processing refers to instances where we transfer personal data to external parties for further handling. Example: We send a file with invoices to a printing service provider for further processing.
Policy: A Data Processing Agreement must always be signed before transferring personal data to an external party for processing.
Responsibility: Selfcheck’s CEO/Person in Charge of Personal Data is responsible for signing Data Processing Agreements with external parties when necessary. Respective employees/subcontractors are responsible for notifying the CEO/Person in Charge of Personal Data when needed or when questions arise regarding this matter.
Personal Data Incident
We have a security system that highly protects against intrusions to safeguard your data. However, if an employee or subcontractor within Selfcheck suspects or knows that an intrusion has occurred in our IT system, the CEO/Person in Charge of Personal Data must be immediately informed. The CEO/Person in Charge of Personal Data must assess the situation and determine which personal data may have been compromised. Within 72 hours, the CEO/Person in Charge of Personal Data must contact the relevant authority and follow their instructions.
Your Rights as a Registered Person
You have the right to contact us at any time to see what information we have collected about you. If you have questions about the storage and use of any of the data we handle, please contact us with your requests or if any corrections to registered information are needed. Note that we will always need to retain and manage certain information to deliver the service to you.
You have the right to request your stored personal data from us and, under certain circumstances, request the deletion of your data. This is only possible if there is no legal basis to retain these data or if they have been mishandled.
Data Controller
Selfcheck AB
Organization Number: 559187-5488
Contact: Contact