Processing of personal data
Last updated on May 28, 2018
General information on the processing of personal data in Solberg Kommunikation AB's operations (referred to below as Solberg)
This text aims to describe Solberg's processing of personal data in an open and transparent manner so that people whose personal data the company processes understand how and why their personal data is handled in our operations and what rights they have in relation to the company. For a knowledge-based company like Solberg, it is crucial that customer-related information, including personal data, as well as information about the company's employees, is treated securely and confidentially and that applicable regulations are followed.
Solberg offers communication services within Investor Relations, Sustainability, Public Relations and Brands. The majority of our customers are based in Sweden. Here you can find both listed and unlisted companies with operations in a large number of industries. Public administrations also appear on the customer list. In order for the company to be able to conduct its business, personal data needs to be handled when completing assignments.
Solberg's control of the processing of personal data
Data Protection Officer
Data protection officer at Solberg is Håkan Solberg and can be reached via the e-mail address email@example.com.
Processing of personal data in Solberg's operations:
Within the framework of the company's operations, the company carries out tasks both as a personal data controller and/or tasks as a personal data assistant. The company's guidelines for employees include information for management to assess whether individual assignments are deemed to entail a role as a personal data controller or a role as a personal data assistant.
Solberg Kommunikation AB is the personal data controller for the processing of personal data that the company carries out for its own purposes, including checks regarding the existence of conflicts of interest and independence. The company's contact information, organization number and information about representatives of the company are available on the company's website www.solberg.se.
Processing of personal data in assignment activities
Within the framework of the assignment activities, Solberg processes personal data for the purpose of fulfilling the commitments that follow from the agreements with our clients. The legal grounds for the processing in the assignment activities are primarily that the processing is necessary to fulfill a legal obligation, agreement or is permitted through a balancing of interests. Balance of interests in the assignment activities is based on a balance between Solberg's interest in being able to conduct business and comply with the commitments that follow from the agreements with the company's client and also the client's interest in Solberg being able to carry out the assignment in relation to the data subjects' potentially conflicting interests regarding the protection of their personal data . Solberg's clients often have an interest in being able to hire specialist help regarding a need that the client has - for example to fulfill its legal obligations or agreements.
Personal data that Solberg needs to access in order to carry out assignments is collected as a starting point from the client, but it also happens that personal data is collected from other parties. Personal data that is collected for use in assignments can be contact details, information about executives and other information regarding customer or supplier relationships. Those who process personal data in Solberg's commissioned operations are our employees who work in commissioned operations.
Processing of personal data during marketing activities
In order for Solberg to be able to reach the market with the company's services, marketing activities are carried out that aim to market the company, employees and the services that the company provides. Solberg processes personal data for such marketing purposes, including through invitations to seminars.
The legal grounds for such processing are either a balancing of interests or consent. The balance of interests is based on a balance between the company's interest in being able to market the business and offer the company's services to the market and the customers' interest in being able to inform themselves about Solberg's range of services and the data subjects' interest in protecting their personal data.
The personal data is collected within the company (e.g. from employees or customer registers) or from others and mainly includes information about executives. The personal data is processed in the systems and tools the company uses to manage marketing activities.
Personal data collected for marketing purposes is not saved longer than is necessary for the purpose. Data that is processed after a notification of interest is processed until the person reports that he or she is no longer interested in receiving newsletters or invitations from us. Contact details of business contacts such as existing or potential customers are normally kept as long as the company considers that the person's position or profession.
In order for the company to be able to make relevant selections regarding the sending of newsletters and invitations to events, profiling is used in such a way that selection for sending is based on information about industry segments or previous activity (such as registration for a seminar). Such profiling is limited to such data categories and aims to ensure that the content of the company's communication is relevant, of interest and beneficial to the recipient.
Processing of personal data during recruitment and regarding employees
A prerequisite for Solberg to be able to conduct business is that the company can recruit new employees and provide support to employees as well as administer conditions relating to them. This activity includes the processing of personal data, including personal data relating to persons who are or have been the subject of recruitment activities and the processing of personal data relating to current and former employees. The legal basis for this processing is a balancing of interests (recruitment and employees), fulfillment of agreements (employees) and fulfillment of legal obligations (employees). The balance of interests is based on a balance between the company's interest in being able to hire, retain and develop competent and suitable employees in the company's operations and these people's interests regarding the protection of their personal data. When it comes to the processing of personal data in connection with a recruitment process, job seekers also have an interest in being able to apply and be considered for the job in question.
In recruitment activities, the company obtains personal data from persons seeking employment with the company, either directly or via a recruitment company, and collects personal data during its own recruitment activities. Categories of personal data that are processed refer to, among other things, contact details, CV details such as competence, previous work assignments and employers and areas of responsibility. Personal data relating to job applicants is mainly collected from the job applicant. When using a recruitment company, such company may collect information about job seekers and sort out candidates to be presented to the company.
Personal data regarding existing employees is collected from the employee himself in connection with the commencement of employment. During employment, personal data is collected and used on an ongoing basis from managers, for example before and in connection with development interviews and when following up assignments and feedback from customers. Employees' personal data is also used in the day-to-day operations because information about employees is handled during tender work and execution of assignments (e.g. in e-mail correspondence with customers and with other employees).
The personal data is processed in the systems the company uses for administration and support for existing and former employees.
Personal data obtained in connection with recruitment is normally kept for a maximum of two years after the end of the recruitment activity if the person has not been employed. Some personal data regarding employed employees is deleted after the termination of employment, while other personal data is kept for a longer period of time (e.g. to be able to provide certain information to the Social Insurance Agency after the termination of employment and according to legal requirements).
Hiring of personal data assistants
When Solberg fulfills tasks as a personal data assistant when handling personal data on assignment, it happens that Solberg engages sub-assistants for the processing of personal data. Who these subcontractors are can be seen from the agreement drawn up with the client/the person in charge of personal data (personal data subcontractor agreement). In an agreement with Solberg, the subcontractors have undertaken to notify Solberg of any subcontractors hired and the replacement of such subcontractors. Information about which assistants are hired for a specific assignment is provided on request.
Rights of data subjects
The right to information
According to the regulations on the processing of personal data, the data subject has the right to receive information when his or her personal data is processed. Information about the processing must be provided both when data is collected, or shortly thereafter when the data is not collected from the data subject, and when the data subject requests it. In addition, there are certain occasions when special information must be given to the registered person, for example if there is a data breach or the like.
Information must be provided, among other things, about the contact details of the data controller, the legal basis for and the purpose of the processing.
This document includes, among other things, such information that Solberg has to provide to the persons whose personal data is processed in the business.
A request for access to information is reported to firstname.lastname@example.org.
Right to erasure
According to the regulations on the processing of personal data, a registered person has the right to contact the company and ask that the data relating to him or her be deleted.
A request for deletion is reported to email@example.com.
Right to limitation of treatment
In some cases, the persons whose personal data is processed have the right to demand that processing be restricted. Restriction means that the personal data is marked so that it may only be processed for certain limited purposes in the future.
A request for restriction of processing of personal data is reported to firstname.lastname@example.org.
Right to withdraw consent
Persons whose personal data is processed with consent as a legal basis have the right to withdraw consent.
A withdrawal of consent is reported to email@example.com.
Right to object
In certain cases, an individual has the right to object to the personal data controller's processing of their personal data. This right applies, among other things, to personal data that is processed after a balance of interests and includes the right to object to profiling.
Objection to the processing of personal data is sent to firstname.lastname@example.org.
Basic principles for personal data processing at Solberg
Legality, correctness and transparency
Personal data must be processed in a legal, correct and transparent manner so that the data subject understands how his or her data is processed and why.
Prerequisites for a legal and correct processing of personal data are that Solberg's employees have knowledge of which requirements apply, support through guiding documentation and access to employees with knowledge regarding the regulation of personal data processing to answer questions.
Solberg's guidelines include recommendations to employees regarding legality and correctness in various types of processing of personal data, including in assignment activities and when using e-mail.
The principle of openness means that the data subjects have access to information about how and why their personal data is processed. Solberg's employees must also demonstrate that the company's intranet has access to information about how the company processes personal data.
The principle of purpose limitation means that personal data may only be processed for clearly stated purposes and that they may not be processed at a later stage for any other incompatible purpose.
The starting point for Solberg's compliance with purpose limitations is that the employees when processing personal data have knowledge of the purposes for processing personal data and the prohibition against processing personal data for incompatible purposes and that these purposes are documented. This gives employees the opportunity to comply with and work to ensure that the principle of purpose limitation is complied with when processing personal data.
The principle of data minimization means that more or more sensitive personal data than is needed to fulfill the purpose may not be processed.
The starting point for Solberg's compliance with task minimization is that employees have knowledge of the principle of task minimization. The employees are hereby given the opportunity to limit Solberg's use of personal data to nothing other than what is needed to fulfill the purpose of the processing of the personal data. In addition, Solberg's guidelines include recommendations for employees regarding the minimization of personal data, for example when using e-mail and when keeping assignment documentation.
The principle of correctness means that the personal data that the company processes must be correct and, if necessary, updated.
The starting point for Solberg's compliance with the principle of correctness is that the employees have knowledge of the principle of the requirement for correctness and the opportunity to correct any inaccuracies or work to have any inaccuracies corrected through the company's routines.
It is clear from Solberg's guidelines and routines that employees who discover inaccuracies in personal data must correct these or work to ensure that the company is given the opportunity to correct the inaccuracies.
In this way, the employees are given knowledge that any incorrect personal data must be corrected and access to a routine to work for Solberg's correction of any incorrect personal data.
The principle of storage minimization means that personal data must not be stored in an identifiable state for a longer time than is necessary for the purpose of the processing.
Solberg's compliance with the principle of storage minimization takes place by establishing internal rules for storage, which include deadlines for deletion in various areas.
Privacy and Confidentiality
The principle of integrity and confidentiality means that personal data must be protected with appropriate technical and organizational measures so that it does not become accessible to unauthorized persons, destroyed or accidentally deleted.
Solberg's compliance with the principle of integrity and confidentiality takes place by establishing internal rules for information security and regulation of confidentiality with all employees and sub-consultants.
The principle of accountability means that the person in charge of personal data must be responsible for and be able to demonstrate that the principles for personal data processing are complied with.
- Internally and externally inform about the company's rules and procedures for handling personal data.
- determine and update data protection strategy (risk policy)
- document procedures for data protection
- carry out impact assessments if necessary
- appoint a data protection officer.