GDPR
PRIVACY POLICY – CONROY MEDICAL
Conroy Medical Aktiebolag (556385-6771) (the “Company”, “Our”, “Us” or “We”) is strongly committed to protecting personal data entrusted to Us by you. Further, We are committed to compliance with applicable legislation, including the General Data Protection Regulation.
This policy outlines Our processing of personal data in terms of collection, usage, disclosures, erasures and safeguards in relation to Our business operations.
Included is also a brief summary of your rights in relation to personal data
processed by Us.
Who is responsible for the processing of your personal data?
It is We who are responsible for the processing of personal data described in this policy. This means that We are considered as the Controller within the meaning of GDPR.
This policy is applicable when We process your personal data in relation to your visit to Our website, when We operate Our business towards you as representative of a customer, contractor or supplier and when We act as an employer or conduct recruiting activities for open positions with the Company.
What type of personal data are We collecting and processing?
In relation to business partners, We may process the following personal data:
– Contact information; including name, address, phone number and e-mail.
If applicable and We are so required under applicable law, We may also process information regarding your date of birth, national ID-number and/or passport number.
– Business details; including company name, employment type, education and contract information.
In relation to employees, We may process the following personal data:
– Personal information; including name, data of birth, national ID-number and/or passport number, address, phone number and e-mail.
– Employment information; including job title, employment history, employment type and education.
– Financial information; bank details, payroll and tax information.
– Health information; sick-absence and medical certificates where required
by law.
In relation to prospective employees, We may process the following information:
– Personal information; including name, data of birth, national ID-number
and/or passport number, address, phone number and e-mail.
– Employment information; CV, employment history, employment type and
education.
How do We collect personal data?
As a rule, We collect personal data directly from you by way of information you provide Us. However, We may also collect personal data gathered from your employer or a contractor to Us or to your employer. Further, We may, from time to time, also collect personal data from open data bases if necessary to complete, update or review personal data already processed by Us.
On what legal grounds do We process personal data?
In relation to business partners, We process personal data in order to discharge and monitor contractual obligations with contractors, customers, and suppliers, and with reference to Our legitimate interest to conduct and market Our business operations. Further, We may process personal data in order to fulfill legal obligations laid upon Us in law, e.g. money laundering regulation, import- or export regulation etc. We may, from time to time, ask for your consent to process personal data in order to distribute marketing material to you by way of e-mail or
phone.
In relation to employees, We process personal data in order to discharge and monitor contractual obligations under employment agreements. Further, We may process personal data in order to fulfill legal obligations laid upon Us in law, e.g. employment, social security, tax or labor law.
In relation to prospective employees, We process personal data with reference to Our legitimate interest to recruit appropriate and qualified personnel to the Company.
How do We use your personal data?
In relation to Our business partners, We use the personal data processed in order to manage contracts and business relationships, to communicate regarding
products, orders and services, to manage billing and payments, and to market Our products and services.
In relation to employees, We use the personal data processed in order to manage payroll, benefits, the employment contract and to comply with employment, social security, tax or labor law.
In relation to prospective employees, We use the personal data processed in order to evaluate job application and communicate regarding recruitment.
How may We share personal data?
We may share your personal data with IT service providers in order to manage payroll, logistics, invoicing and management of customer relations. We may also share data with Our business partners in order to comply with contract fulfilment and discharge Our obligations under Our agreements.
Further, We may also share your information with authorities where required by law.
Between Us and any party who acts as Processor to Us, i.e. having an assignment to process personal data on Our behalf, appropriate documentation are established and agreements are entered into ensuring adequate data protection safeguards.
Sharing of personal data outside of EU/EES
If We transfer your personal data outside of the European Union (EU) or the European Economic Area (EEA), We will ensure that appropriate safeguards are in place, e.g. standard contractual clauses as adopted by the EU commission are applicable or the transfer is otherwise executed to countries deemed as having adequate data protection laws as determined by the EU commission.
What rights do I have in relation to your processing of personal data?
Under the GDPR, you have the following rights:
– Access: You have the right to request a copy of the personal data processed by Us.
– Rectification: You have the right to request correction of inaccurate personal data.
– Erasure: You have the right to request deletion of your personal data (the right to be forgotten).
– Restriction: You have, under certain conditions, the right to request limitation of the processing of your personal data.
– Portability: You have the right to receive information and your personal data in a structured and commonly used format.
– Objection: You have the right to object to Our processing of personal data which is based on Our legitimate interest.
– Withdraw consent: Provided that you have given your consent for Us to process your personal data, you may withdraw such consent at any time.
If you wish to exercise any of the above rights. Please contact us using the contact information listed below.
How long do We retain your personal data?
We keep your personal data for as long as it is required and necessary considering the applicable legal grounds for the processing. In relation to Our business partners, We keep data under such time an agreement is in force between the Company and your employer or otherwise a business relation persists. In relation to Our employees, We keep personal data during the employment and for an appropriate time thereafter in order to ensure that We, as well as you, have discharged all duties under the employment agreement and under applicable law. In relation to prospective employees, We keep personal data during the recruitment process and may keep for a time thereafter provided
that a legitimate interest persists.
Contact information and supervisory authority
If you are unhappy with Our processing of your personal data, you may lodge a complaint with the supervisory authority Integritetsskyddsmyndigheten (IMY) through e-mail es.ym1742364047i@ymi1742364047 or phone +468-657 61 00.
Further, you may reach out to Us directly through e-mail es.yo1742364047rnoc@1742364047ofni1742364047 or phone +468-594 202 50.
________________________
This privacy policy is effective from 2018-05-01