The data safeguards the protection of personal data and places great importance on protecting your privacy. For us at Datema, it is important to be open with how we process your personal data and that we provide you with information in a way that makes you understand how we will process your personal data.
Our goal is for you to feel secure when you submit your personal information to us at Datema. All processing of personal data is based on the provisions of the Swedish Privacy Protection Act.
Datema, i.e. Datema AB, Datema Mobility AB, Datema Retail Solutions AB, Datema ERP Integration AB, Datema Danmark A/S and Datema Norge AS, care for the protection of personal data and therefore take great efforts to protect your privacy. It is important for Datema to be transparent regarding how we process your personal data and that we provide information regarding how we will process your personal data in a comprehensible way. Our ambition is that you will feel safe when you provide your personal data to Datema. All processing of personal data is carried out in the light of the provisions of the Swedish and European data protection legislation.
On Datema, we have routines that ensure that we do not store unnecessary information regarding you and we minimise the storage time of such information to the greatest extent possible. For statistical purposes, we may store some data for longer periods but in such cases the data is fully anonymized.
We have an obligation to, on request, give you information about what information we have about you and how we use it. You always have the right to request that we rectify incorrect information or delete data that is not necessary. You also have the right to decline to receive information such as direct marketing through e-mail etc.
If you have any questions regarding how we process personal data, you are free to contact us on GDPR@datema.se
Responsibility for your personal data
Datema AB, Solna Strandväg 98, 171 54 Solna, Sweden, corporate identity number 556175- 8482, is the data controller for the personal data that is collected and processed by companies in the Datema company group.
If you provide information to any of our partners (i.e. by clicking on a link to any of our partners that is published on our websites) our partner is responsible for the processing of your personal data.
What personal data is processed, for what purposes, what is the legal basis and for how long is the data kept?
Registration of contact persons in the customer database
Datema do not sell products or services to individual persons, but solely to other companies, organisations or sole traders. When a company or organisation buys a service or product from us we will process the name and contact details of the person who represents the company/organization in order to administrate the purchase. This processing is based on a balance of interests for Datema’s legitimate interest to fulfil the contract with the company the contact person represents. If you are a sole trader, the legal basis is to perform our obligations following from the contract. The information that will be processed for a contact person is name, address, phone number and e-mail address to the workplace and potential information regarding role and department affiliation of the company. If you are a sole trader we will also process information regarding your national identity number based for the importance of a secure identification. The personal data will be kept for a period of twelve (12) months after the expiration of the contract.
During the contractual relationship and for a period of twelve (12) months after the completion of the contract, Datema may process name and contact details for the representatives of the company in order to produce statistics on an aggregated level, i.e. to evaluate customer satisfaction. The statistics may be stored for an extended period but will then be anonymized and hence it will not be possible to connect it to representatives for companies personally, the information does therefore not constitute personal data.
In order to provide current and potential customers direct marketing of Datema’s products and services, Datema may process name and contact details regarding contact persons of relevant companies in our CRM system. This processing is based on a balance of interests for Datema’s legitimate interest to inform current and potential customers about Datema’s product and services. Datema may provide information to the customer and its representatives by phone, e-mail, SMS and other similar means of electronic communication. Such information may also be sent to you who are a contact person for a company that is not yet a customer to us, but that we think would be interested in our products and services.
In cases where there is a contract between the data subject’s employer and Datema, the processing of personal data will be performed during the term of the contract and for a time of twelve (12) months after the expiration of the contractual relationship. Following that period, the information will be deleted unless consent is collected.
In cases where the data subject has given its consent to the processing of personal data, the processing will continue until the consent is withdrawn.
In other cases, the personal data will be deleted after six (6) months./p>
The data subjects always have the right to report that they wish to unsubscribe to this type of information.
Arranging marketing activities
If a data subject has registered its participation in an activity that Datema have invited to, Datema will process personal data to the extent necessary to arrange the marketing activity. This means that Datema process contact details in order to send out the invitation, the list of participants and material before and after the activity. The legal basis of this processing is a balance of interests based on Datema’s legitimate interest to administer and arrange activities. When participating in a marketing activity, there may be a need to process information regarding dietary requirements and special needs related to a disability. In such cases, the legal basis is consent.
After the completion of the activity, Datema may follow up the activity with marketing activities directed towards the participants. The legal basis of the processing is a balance of interests for Datema’s legitimate interest to send offers regarding Datema’s products and services to the participants. The list of participants will be stored for administration and monitoring purposes during a period of maximum three (3) months.
In relevant cases, the list of participants may also constitute a part of Datema’s bookkeeping obligation related to potential representation. In such cases, the list is stored for seven (7) years. The legal basis is compliance with a legal obligation related to bookkeeping and tax legislation.
Visitor identification – cookies and logs
Establishment, exercise or defence of legal claims
Datema will archive the documentation from all missions including all personal data that were processed within the framework of the mission on the basis of a balance of interests based on Datema’s legitimate interest to document the mission. In the case of a potential liability claim the archived personal data may be used to establish or exercise a legal claim or alternatively, defend Datema against such claim. The legal basis for this processing is a balance of interests based on Datema’s legitimate interest to handle such claims. If sensitive personal data (such as information regarding health) is processed, the processing is based on the necessity to establish, exercise or defend legal claims. The personal data will be stored for a period of eleven (11) years. Following that period, the personal data are deleted.
Do you have to provide your personal data to us?
We need to process certain personal data to enter into and perform under a contract to provide our products and/or services and to comply with legal requirements or other regulations. You are required to provide such personal data to us.
If you do not provide such personal data, the company you represent will not be able to enter into a contract with us. Besides contact details when entering into a contract, you furthermore need to provide the information specified above where the legal basis is to “comply with a legal obligation”.
Where do we collect the personal data?
Name and contact details to the data subjects is collected from the data subject itself, its employer and from external address registers for contacting companies.
Transfer and sharing of personal data
Datema consists of several corporate entities where products and services may be delivered in cooperation between the entities. In order to provide the best customer service possible, personal data may be shared with other entities in the Datema company group.
We do not sell your personal data to any third party. We may however share information regarding you as a contact person of the company in order to administer our operations and for instance deliver the services/products the company have ordered, provide services or arrange events. In cases where the recipient of personal data is a data processor, we have entered into a data processing agreement, which ensures that there are security measures in place to protect your personal data.
In relevant cases where Datema uses service and system providers for IT that process personal data on behalf of Datema, these providers may only process personal data on Datema’s explicit instructions. The providers are also obliged to implement appropriate technical and organisational security measures to protect the information. Banks and payment service providers may also process personal data in connection to purchases and payment of our products and services.
Datema may in relevant cases also provide personal data to other parties than the ones specified above, to comply with legal obligations and regulations, orders from public authorities and courts as well as for Datema’s legitimate interest to establish, exercise and defend legal claims.
Processing of personal data outside the EU/EEA
We always strive to process your personal data within the EU/EEA. In certain situations, however, personal data may be transferred to and processed in a country outside of the EU/EEA by a third party. In cases where personal data is processed outside the EU/EEA, there is either a decision from the European Commission that the relevant third country ensures and adequate level of protection or there are other appropriate safeguards in place in the form of standard contractual clauses, binding corporate rules or Privacy Shield, that ensures that your rights are protected.
If you wish to receive a copy of the safeguards we have taken or information where these safeguards have been made available, you can contact us by using the contact details described in the end of this policy.
Protection of your personal data
Our goal is to protect the personal integrity and implement all technical and organisational measures that are required to protect the personal data as well as ensuring that the processing is carried out in accordance with applicable legislation.
However, no technical systems are entirely guarded from intrusion. Datema have implemented all reasonable technical security measures that are required to protect the personal data against unauthorised access, manipulation or destruction.
At Datema, we only process the information that is necessary, and the processing is only carried out by persons that need access to the information to perform their tasks and to give the best service to our customers.
The data subject’s rights
At Datema, we always want to be transparent about how we process your data. If you want to get insight in how your personal data is processed, you have the right to request access to your personal data in the form of a copy. If we receive a request from you might ask for supplementary information to ensure that we provide the information to the right person. A request for access shall be signed by you.
You also have the right to request in writing that your personal data is rectified if you think that certain information about you is incorrect or misleading.
Under certain circumstances, you have the right to request erasure of your personal data. Such circumstances exist e.g. if the personal data is no longer necessary for the purpose they were collected or processed for or if you withdraw your consent which the processing is based on, and there is no other legal basis for the processing.
You have also the right to request that Datema restricts the processing of your personal data. Such circumstances are at hand e.g. if you question the correctness of the personal data or if the processing is unlawful and you do not want the personal data to be erased but instead request restriction on the use of such data.
In certain cases, you have the right to receive your personal data in a structured, commonly used and machine-readable format from Datema. You also have the right to have your personal data transferred to another company when it is technically possible (”data portability”). The right to data portability only applies for personal data you have provided to us in a structured, commonly used and machine-readable format if the processing is based on your consent or an agreement and the processing is done in an automated way.
Furthermore, you always have the right to object against the processing of your personal data that is based on a balance of interests. In certain cases, however, you cannot object against a processing activity that is based on a legitimate interest (e.g. because we need to keep your personal data). This is the case if we can demonstrate compelling legitimate grounds for continuing the processing, which weighs heavier than your interests, rights and freedoms, or if it is done for the establishment, exercise or defence of a legal claims.
At all times, you have the right to request to be unregistered from different types of direct marketing communication.
Complaints and supervisory authority
If you think that we have processed your personal data in an incorrect way you can always contact us at Datema. Datainspektionen is the supervisory authority for data protection in Sweden and you can always contact them or another competent supervisory authority. If you have questions on how we use your personal data you are welcome to contact us at: GDPR@datema.se
Datema reserves the right to update or change this policy at all times and you should regularly visit this website to view the latest version. We will inform when significant changes are made.
Last updated: 4 May 2020