This day, 2022-03-22, the following policy has been established for Megasol Technologies KB (”Megasol”).
We respect your privacy, and you should be able to feel safe when you entrust us with your personal data. Therefore, we have established this policy based on current data protection legislation to clarify how Megasol work to defend your rights and your integrity.
The purpose of this policy is to inform you about how we process your personal data, what we use it for, who will get access to your personal data and under what conditions and how you can exercise your rights.
In most cases, the data controller is the Megasol client that use our services and systems , which means that the client has the ultimate responsibility for the processing of your personal data and the preservation of your rights.
Megasol has, through agreements with our clients, been commissioned to and has undertaken to collect and process personal data on their behalf and fulfills this task in the capacity of a data processor.
In some cases, Megasol itself operates as a data controller. This applies when we collect and process personal data for our own account, such as in relation to employees or in connection with marketing our services.
We do not process more personal data than is necessary for the purpose, and we always strive to use the least privacy-sensitive information.
The processing of employee’s and former employee’s personal data is specifically regulated in an internal policy.
3.1 What types of personal data do we process?
Megasol only processes personal data when we have legal grounds and, when we operate as a data processor, with explicit instructions from our client. We do not process personal data in any other case than where it is required to fulfill our obligations under law and agreements or based on legitimate interests.
Here are examples of the types of personal data that we process:
• E-mail address
• Phone number
• Personal identity number
• Account number and other bank-related information (including credit scoring and payment history)
• Information that you publish yourself or otherwise provide to us voluntarily
Megasol does not process personal data that is considered sensitive in accordance with GDPR, unless you volunteer such information to us. Sensitive information is, for example, information regarding politics, religion, genetics, or health.
3.2 How do we access your personal information?
We can also access your personal data through public registers.
3.3 In what ways and for what reasons do we process your personal data?
In most cases, Megasol processes personal data on behalf of our clients in the capacity of data processor. The data controller is then responsible for determining which specific legal grounds are applicable as well as what personal data to collect, for which purposes, and how the personal data is to be processed.
In cases where Megasol itself is the data controller, we mainly process personal data with the support of law, so called legal obligation, for example in order to comply with requirements under the Swedish Accounting Act, or with the support of an agreement with an individual.
In some cases, Megasol may also process your personal data based on legitimate interests. This will primarily be relevant when we need to process personal data for advertising or marketing purposes.
Regarding such processing of personal data which is not directly necessary to comply with applicable laws and which does not have another legal ground as described above, we will collect your consent in connection with the retrieval of such personal data. You may withdraw your consent at any time for such processing.
3.4 Is your personal data processed in a safe way?
We have routines and procedures for managing your personal data in a safe way. Only persons who need personal data to perform their duties and Megasol’s commitments shall have access to personal data.
Megasol’s security systems are developed with your integrity in focus and to protect, to a great extent, against intrusion, destruction and other incidents that could endanger your privacy.
3.5 When do we share your personal data?
We may not disclose your personal data to anyone other than the client who is the data controller for your personal information unless you have given your consent, or where it is necessary to comply with our statutory obligations, or is governed by our agreement with the data controller.
In some cases, personal data is transferred to our subcontractors for marketing-, information- and follow-up purposes and for storage. See more about data processors/sub-processors in section 5 below.
We do not transfer personal data to third parties in cases other than those expressly stated in this policy. We do not transfer personal data to recipients outside the EU/ESS.
3.6 Retaining and deleting personal data
We retain your personal information according to the instructions we receive from the data controller.
Where Megasol is the data controller, your personal data will not be retained for longer than what is necessary to fulfill the purpose of the processing. We will delete personal data in accordance with applicable law. We also have routines for periodic thinning of personal data.
4 Your rights
4.1 When we are data processor
The rights for individuals as set out below apply in relation to the relevant data controller. In cases where Megasol processes personal data on behalf of others and as data processor, please contact the respective data controller for the exercise of your rights below. If you have any questions regarding this, you can contact us via the contact details in section 6 below.
4.2 When we are controller
4.2.1 Right to be informed
You have the right to be informed about how Megasol process your personal data. We do this through this policy regarding the processing of personal data, and by answering questions from you.
4.2.2 Request for a registry extract
You are entitled to request extracts from Megasol and our registries/systems in which personal data about you is processed and, in such extracts, to be informed of what personal data about you Megasol is processing and how we process this data.
4.2.3 Request for rectification, erasure or restriction of personal data, or objection to our processing of personal data
You are entitled to request that personal data about you is rectified or erased. You also have the right to restrict the processing of your personal data or object to such processing in accordance with the General Data Protection Regulation or national privacy laws. Following such a request, Megasol will examine whether there is reason to implement the requested change.
To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time by contacting us via the contact information set forth in section 6 below. Withdrawal will not affect the lawfulness of processing before the withdrawal.
4.2.4 Right to data portability
You can request for a copy in a machine-readable format of the information that concerns you and that we process to fulfill an agreement with you, or based on your consent.
4.2.5 The Swedish Authority for Privacy Protection
The Swedish Authority for Privacy Protection (DPA) is the supervisory public authority for processing of personal data and data protection in Sweden. You are entitled to lodge complaints regarding the processing of personal data to the DPA. Contact information for the DPA can be found on https://www.imy.se/en.
5 Controller of personal data and our processors
The data controller is ultimately responsible for how your personal data is processed and that your rights are protected. Megasol is in most cases a data processor.
Megasol always ensures through personal data processing agreements that our data processors/sub-processors only process personal data in accordance with this policy.
6 Contact details
Megasol Technologies KB, 969693-1956
Address: S:t Persgatan 6, SE-753 20 Uppsala, Sweden
E-mail address: firstname.lastname@example.org