Second Logo

Privacy Policy

Information about our processing of personal data

1 Introduction

We want you to feel safe when you provide us with personal data. We respect your privacy and work actively to process your personal data securely. In this text, we are addressing you who have a connection with us through our operations, either yourself or as a representative of such an organisation, for example a customer, supplier or partner. We also address you who visit our website or contact us in any other way.

Personal data is all information that identifies or can identify you, this applies to both data that can directly and indirectly identify you. It can be, for example, your name, your address, your social security number or a picture of you. Processing of personal data is everything that we do with your personal data, for example collecting it, using it, compiling it or deleting it. We process the data that is needed for us to be able to deliver and charge for the services that we deliver to you as well as the data that is needed to maintain contact with you.

Motum AB, org.nr. 556935-8053, is the personal data controller for the processing of your personal data in accordance with the EU Data Protection Regulation (GDPR). Telephone number: +46 20 520 052. E-mail: gdpr@motum.se.

The purpose of this text is to provide you with information about which treatments we perform in relation to you. In the introductory section, you can see who is responsible for personal data, what purposes we have for processing your data and what rights you have in relation to the processing we do. If you want to learn more about the processing we do, you can read more in section 2, where we go through what personal data we collect, how long we save the data and what legal basis we have for the various processing. There is also information about who we share your personal data with and whether we transfer your data to third countries, i.e. to a country outside the EU/EEA.

1.1 Data controller

Data controller
Motum AB, org.nr. 556935-8053, is the data controller for the processing of your personal data in accordance with the EU Data Protection Regulation (GDPR).

Contact details
Telephone number: + 46 20 520 052
Email: gdpr@motum.se

1.2 Why do we process your data?

In order for us to have the right to process your data, we need to have a purpose for the processing. We process your data in the following situations. In the section for each situation, you can read more about the purposes for which we process your data.

– Personal data processed within the framework of our customer assignments (for more information see section 2.1.1)
– Personal data for employees or contractors of our suppliers (for more information see section 2.2.1)
– Personal data processed when you contact us (for more information see section 2.3.1)

1.3 Your rights

You have the right to receive information about how we process your personal data. You have, among other things, the right to know for which purposes your personal data is processed, the legal basis for the processing, how long we process the relevant personal data, who will have access to the personal data, your rights according to the data protection regulation, if we transfer your data to a country outside the EU/EEA, that you can submit a complaint to the Swedish Authority for Privacy Protection, IMY, that you can revoke a consent you have given and contact details for the data controller and data protection officer. . We provide you with all that information in this text. If you have any questions about how we process your personal data, you can always contact us. You can find our contact details above under point 1.1.

In addition to the right to information about how we process your personal data, you also have a number of rights in relation to our processing of your personal data. Below is a list of your rights. You can also find more information about your rights on IMY’s website (www.imy.se).

  • • The right of access – you have the right to contact us to find out if we are processing your personal data. This also means that you have the right to access the personal data. This may mean that you get access to a document that contains your personal data. It may also mean that you get access to a compilation of the personal data that we process. The compilation must then be designed so that you have the opportunity to check the accuracy and legality of the data. You can find more information about the right of access on IMY’s website.
  • • The right to rectification – if the information we have about you is incorrect, you have the right to contact us and ask us to correct the information or supplement it with personal data that is relevant to the processing but is missing. You can find more information about the right to correction on IMY’s website (www.imy.se).
  • • The right to deletion – you also have the right to ask us to delete your personal data. For example, we must delete your personal data if it is no longer needed for the purposes for which it was collected, if the processing is illegal or if we have made a balance of interests and your interest in privacy outweighs our legitimate interest in processing the data. There are exceptions to the right to deletion. For example, if there is a legal requirement that requires us to keep the data or if it is still necessary to process it for the purpose we had when we collected the data. You can find more information about the right to deletion on IMY’s website. If you want us to delete your contact details, contact gdpr@motum.se.
  • • The right to restriction – in some cases, you have the right to request that we restrict the processing of your personal data. This applies, for example, if you think the information is incorrect and have requested correction. Then you can demand that we limit our processing of the data during the time that we check or investigate the correctness of the data. You can find more information about the right to restriction on IMY’s website.
  • • The right to object regarding legitimate interest – when processing takes place on the basis that the processing is necessary for purposes related to the legitimate interests of the personal data controller or a third party, according to Article 6.1 f GDPR, you have the right to object to the processing at any time. We may then only continue to process the data if we can demonstrate that there are decisive legitimate reasons that outweigh your interests, rights and freedoms. Or if the processing takes place to establish, exercise or defend legal claims.

We may process personal data based on the fact that the processing is necessary for purposes related to our legitimate interest in:

  • • Market our services and be able to spread information to existing and new customers
  • • Administer the relationship with you regarding customer/other within the scope of our assignment
  • • Be able to analyse work done and improve our services
  • • Be able to administer agreements and fulfil obligations towards our suppliers
  • • Be able to administer the contact with you and
  • • To market our business.

You can read more about the treatments below under sections 2.1-2.3. You can find more information about the right to object on IMY’s website.

  • • The right to move your personal data – the right to move your personal data is also called the right to data portability. The right means that you have the right to access the personal data we process about you so that you can move your personal data to another recipient. This applies to data that you yourself have provided to us and that we process after you have given your consent to it or that we process to fulfil an agreement with you. You can find more information about the right to data portability on IMY’s website.
  • • The right to make a complaint to an authority – if you think that our processing of your personal data does not meet the requirements of EU data protection legislation, you have the right to lodge a complaint with a supervisory authority. In Sweden, the supervisory authority is the Privacy Protection Authority, IMY.
  • • The right to withdraw consent – if you have given your consent to any of the treatments we do, you always have the right to withdraw your consent.

2. Our personal data processing

Below is a summary of the various personal data that we collect about you and why we collect it. The compilation is based on why we carry out the processing, what purpose we have. For each purpose, we tell you what type of processing we do, which categories of personal data we use in the processing, what legal basis we have for the processing and how long we save the data. You also receive information about whether we share your data with anyone in connection with our processing and whether we make any transfer to third countries in connection with the processing.

2.1 Personal data processed within the framework of our customer assignments

Within the framework of our customer assignments, we process your data in order to be able to fulfil our assignment and to be able to have contact with you and other people connected to the assignment.

2.1.1 Purpose and legal basis for the processing

Your personal data is processed to fulfil contractual obligations for the following purposes:

  • • To be able to manage and administer invoicing, reminders and payments linked to our assignments.
  • • To be able to administer the customer relationship, for example fulfil obligations towards you as a customer, provide information, products and services.

Your personal data is processed based on our legitimate interest for the following purposes:

  • • For internal and external marketing via the intranet, websites and social media.
  • • To spread information about our business via newsletter.
  • • To be able to communicate with you via e-mail, regular mail and telephone.
  • • For analysis of our operations in order to improve our services and for general business development.
  • • For documentation, administration and handling of the assignment.

Our legitimate interest in this processing is:

    • • To market our services and be able to spread information to existing and new customers
    • • To administer the relationship with you regarding customer/other within the framework of our mission, as well as
    • • To be able to analyse work done and improve our services

2.1.2 What personal data we process about you

  • • Information about customers, employees or contractors at the customer.

Name
Social security number (private customer)
Employer
Title
Contact details (Phone, e-mail address)
Home address (private customer)
Billing information
Payment information
Picture
Film
Statements in interviews

  • • Other persons
    We process information about others that is relevant within the scope of our assignments. These people can be consultants, employees of companies with which our customer has contacts or the like.

2.1.3 Who we share your data with

We may share your personal data with suppliers who process personal data on our behalf, so-called data processors. For example, IT and system suppliers who provide development and support for our systems and cloud services.

We may also share your personal data with, for example, authorities if it is necessary due to a legal obligation.

2.1.4 How long do we process and save your data?

Your data is processed during the time it is necessary for us to be able to administer the contractual relationship on which the customer relationship is based, during the time it is necessary to exercise our rights and fulfil our obligations in relation to you/the customer you are an employee or contractor at.

Any information relating to payment and where processing is required according to the Accounting Act is processed for seven (7) years according to the Accounting Act.

2.1.5 Third Country Transfer

When distributing invoices, we use a data processor who uses Microsoft to run the service. This means that a third country transfer takes place to the USA, which takes place with the standard contract clauses as a protective measure.

We use Microsoft 365 for communication via e-mail. This means that a third country transfer takes place to the USA, which takes place with the standard contract clauses as a protective measure.

2.2 Personal data for suppliers and employees or contractors of our suppliers

When we engage suppliers, we process your personal data in connection with the business relationship that exists between us and your employer or client or that you provide to us within the framework of the business relationship.

2.2.1 Purpose and legal basis for the processing

  • Personal data is processed to fulfil contractual obligations and legal obligations for the following purposes:
  • • To be able to manage and administer payments linked to agreements.
  • • To be able to administer the supplier relationship, for example documentation, administration and handling of the assignment.

Your personal data is processed based on our legitimate interest for the following purposes:

  • • To safeguard our rights in the event of legal claims against us.
  • • To be able to communicate with you via e-mail, regular mail and telephone.

We need to carry out the treatments as above due to the contractual relationship we have with you, your employer or client. We then process your personal data with the support of a balance of interests where our legitimate interest is to be able to administer agreements and fulfil obligations towards our suppliers.

2.2.2 What personal data we process about you

The data we may process are:
Name
Social security number (Supplier with own company)
Title
Employer
Contact details (phone, e-mail address)
Billing information
Payment Information

2.2.3 Who we share your data with

We may share your personal data with other suppliers who process personal data on our behalf, so-called data processors. For example, IT and system suppliers who provide development and support for our systems and cloud services.

We may also share your personal data with, for example, authorities if it is necessary due to a legal obligation.

2.2.4 How long do we process and save your data?

We process your data during the time it is necessary for us to be able to administer the contractual relationship with the supplier, during the time it is necessary to exercise our rights and fulfil our obligations in relation to you/the supplier you are employed or contracted with.

Any information relating to payment and where processing is required according to the Accounting Act is processed for seven (7) years according to the Accounting Act.

2.2.5 Third Country Transfer

For handling supplier invoices, we use a data processor who uses Microsoft to operate the service. This means that a third country transfer takes place to the USA, which takes place with the standard contract clauses as a protective measure.

We use Microsoft 365 for communication via e-mail. This means that a third country transfer takes place to the USA, which takes place with the standard contract clauses as a protective measure.

2.3 Personal data processed when you contact us

When you contact us via e-mail, telephone or our website, we process the personal data that you provide to us in connection with the communication. We also process your personal data when you apply for a job with us, sign up for a subscription to vacant positions and when you participate in fairs and events that we participate in.

2.3.1 Purpose and legal basis for the processing

Your personal data is processed based on our legitimate interest for the following purposes:

  • • To be able to communicate with you via email, post and telephone.
  • • To be able to reach out to and recruit new employees.
  • • For documentation, administration and handling of any matter related to the communication.
  • • To be able to reach out to potential new customers through marketing via newsletters and through participation in fairs and events.
  • • To send out press releases.

When you contact us, we need to process your personal data in order to maintain communication with you. We then process your personal data with the support of a balancing of interests where our legitimate interest is to be able to administer the contact with you. We may also process your personal data when we market our services to reach new customers where our legitimate interest is to market our business.

2.3.2 What personal data we process about you

The data we may process are:
Name
Contact details (phone, e-mail address)
Other personal data that you provide in plain text
Date of birth (on connection with recruitment/expression of interest
Employer
Place of work
Title

2.3.3 Who we share your data with

We may share your personal data with suppliers who process personal data on our behalf, so-called data processors. IT and system suppliers who provide development and support for our systems and cloud services.

We may also share your personal data with, for example, authorities if it is necessary due to a legal obligation.

2.3.4 How long do we process and save your data?

We process your data for the time it is necessary for us to be able to administer the communication with you, for the time it is necessary to exercise our rights and fulfil our obligations in relation to the contact we have with you.

2.3.5 Third Country Transfer

In order to be able to provide subscription to vacant positions and the possibility to send in the spontaneous application, we use a data processor, We Select, which in turn has sub-assistants where a third country transfer to the United States takes place or may take place, which takes place with the standard contractual clauses as a protective measure.

We use Microsoft 365 for communication via e-mail. This means that a third country transfer takes place to the USA, which takes place with the standard contract clauses as a protective measure.