You have been referred here because Cetasol AB (”Cetasol”, ”we” or ”us”), as personal data controller, process personal data about you. We do this because you are an important person for us and our operations. The processing takes place in accordance with applicable regulations, including the general data protection regulation (”GDPR”), and as described further below. If you have questions or queries concerning how we process your personal data or want to have advice on data protection and privacy issues, you are welcome to contact us, see contact details below. Besides ensuring that our processing of your personal data is correct and transparent in relation to you, we always endeavour to maintain a high level of security in all processing of personal data where we continuously assess and take into account both technical and organisational risks in order to optimally protect your personal data from unauthorised access, use, change and deletion.
Our processing of your data is described below in four different sections, one or several of which may affect you depending on the relationship you have with us, followed by a general description of how and what you can contact us about concerning our processing of your personal data.
- Section 1 – Networking, marketing and exchange of knowledge, describes the personal data processing which takes place in connection with our communication with and maintenance of our network of contacts for marketing and exchange of knowledge, as well as for processing of our suppliers.
- Section 2 – Job applicants, is targeted at those who have submitted or plan to submit a job application to Cetasol.
- Section 3 – Clients and client representatives’ personal data in connection with acceptance of clients and assignments as well as in execution of assignments, describes how we process you as a client. Either in the capacity of a private individual or representative for a company or other legal entity.
- Section 4 – Execution of assignments, very briefly describes the processing of data about persons other than the client or client representative that can take place under the execution of the assignments for our clients.
- Section 5 – General information and your rights, provides further information about who can gain access to your data, which rights you have as an individual and how you can contact us to find out more.
1. Networking, marketing and exchange of knowledge
Why we process (Purpose): We process your data in order to maintain our contacts and network to keep our knowledge and information about you up-to-date, and also to market our services and maintain the relationship with our suppliers.
We also process for the purpose of complying with accounting requirements in relation to suppliers and in connection with representation activities.
How we process: We collect the data and compile it, including your participation in training and seminars with us. For mailings and invitations, we use external suppliers for technical functionality within the framework of the purposes stated, such as dispatch of mails and processing of registrations for seminars, for example.
What we process: We primarily process your contact details and your role in your organisation and information.
Legal basis – Legitimate interest: In the processing detailed above we take into account and weigh up your interest in privacy in relation to our interest and purposes (as indicated above) in performing the processing. We then balance these interests, taking into account both positive and negative effects and draw the conclusion that our interest is legitimate.
Legal obligation. The Book-keeping Act places requirements on us in relation to accounting and invoicing.
Collection and distribution: The data we have about you is primarily collected from you. We share the data solely with such suppliers that are needed for execution of the processing, and within the framework of the purposes indicated above. For example: – Payment solutions (card companies, banks and other payment service providers). – Marketing (via advertising agencies, online/media agencies and distribution linked thereto, as well as social media). – IT services (companies which handle necessary operations, technical support and maintenance of our IT solutions). Storage period: We only keep your data for as long as we judge to be legitimate, taking into account what is stated above regarding legal basis and purpose, in this case, two years from the last time we heard from you.
2. Job applicants
Why we process (Purpose): We process your data in order to manage your application and to be able to evaluate, compare and match with the needs we have for resources.
We store your data as indicated below so that we can contact you if a new need should arise within the storage period.
How we process: We compile the information you submitted and compare with other candidates as well as with our needs. We check the information verbally with the references you provided, and also supplement the information with whatever data that we receive from these references.
What we process: We primarily process such information that you submitted to us in your application, i.e. your resumé and your personal letter.
We supplement this information with data from the references you have provided in order to obtain as useful picture as possible of you as a candidate.
Legal basis – Legitimate interest: In the processing detailed above we take into account and weigh up your interest in privacy in relation to our interest and purpose (as indicated above) in performing the processing. We then balance these interests, taking into account both positive and negative effects and draw the conclusion that our interest is legitimate.
Collection and distribution: The data we have about you is primarily collected from you. In connection with the application we can may collect in data from the references you give to us in the application. We do not share your application unless we have specifically requested to.
Storage period: We only keep your data for as long as we judge to be legitimate, taking into account what is indicated above regarding legal basis and purpose, in this case, 12 months from the time of your application (unless you request otherwise, which we of course will respect). If you are subsequently employed by us, the data in your application will be stored and processed in accordance with that stated in our policy for processing of employees’ personal data, which is provided solely to our employees.
3. Clients’ and client representatives’ personal data in connection with acceptance of clients and assignments, as well as execution of assignments
Why we process (Purpose): We process the data in order to perform mandatory conflict of interest checks, to execute and administer the assignment, to safeguard your interests, and for accounting and invoicing purposes.
How we process: The data can also be used for business and organisational development, market analysis, statistics and risk management.
We collect in the data, check it against our registers and store it in our systems for case and invoice management. We also compile the data in our systems for client management and client care.
The data we process about you is the data you provide to us that is of relevance for the issue in question, your role in the organisation you represent and in the respective matter. Where appropriate, we need your personal code number to correctly identify you.
Legitimate interest: Besides the processing that is necessary to meet our statutory obligations, some processing also takes place by virtue of a legitimate interest. In that respect, we take into account and balance your interest in privacy in relation to our interest and purposes (as indicated above) in performing the processing. We then balance these interests, taking into account both positive and negative effects and draw the conclusion that our interest is legitimate.
Collection and potential distribution: The data we have about you is primarily collected directly from you. In connection with acceptance of new clients, we may need to collect in data from public registers such as www.allabolag.se, UC AB and equivalent in order to supplement and confirm the data we have received from you about the activity you represent, and also about you as a person and other representatives for the organisation.
We will not provide personal data to third parties other than in cases where (i) it has been specifically agreed between us and you, (ii) when it is necessary within the framework of a particular assignment to safeguard your rights, (iii) if it is necessary to enable us to perform our statutory obligation or comply with an official decision or a decision of a court, or (iv) in the event that we engage outside service providers to perform the assignment on our behalf. The data may be surrendered to courts, authorities, counterparties and representatives of counterparties if it is necessary in order to safeguard your rights.
Storage period: We store your data only for as long as we judge it to be legitimate, taking into account that indicated above regarding legal basis and purpose; according to our Swedish guiding rules for good legal practice, over a period of ten years from the date of the case’s completion, or the longer period demanded by the case’s nature, for example, with continued advice for the same client when it is often in the client’s interest that older cases are also stored.
4. Personal data in the execution of our assignments
Within the framework of the execution of our assignments, we process data about counterparties, representatives for counterparties and other actors relevant to the assignment and the safeguarding of our client’s interests. The strict confidentiality which applies to our practice and which is detailed in the Code of Judicial Procedure means that we cannot provide any parties other than our client with any further details about this particular part of our processing of personal data. However, in other respects, this processing is also performed in accordance with applicable rules on data protection.
5. Your rights
In accordance with applicable data protection legislation, you are entitled at any time to request access to the personal data that is processed about you. You are also entitled to have incorrect personal data about you amended, to request deletion of your personal data or restriction of our processing of your personal data, exercise your right to data portability and object to processing of your personal data. If processing is based on consent, you are entitled at any time to withdraw your consent to processing. If you wish to exercise any of your rights, please contact us via the contact details below. You are also entitled at any time to submit complaints to applicable supervisory authority (Datainspektionen,www.datainspektionen.se) if you consider that your personal data is not being processed in accordance with applicable data protection legislation.
Contact us at email@example.com