COLLECTION OF PERSONAL DATA, PURPOSES OF THE PROCESSING AND LAWFUL BASIS
We may collect the following categories of personal data relating to you for the purposes of processing your personal data:
First name, last name, e-mail, telephone number. If you have applied for a spot at the MatchIT program, we might also collect the following categories of personal data:
Personal identity number, resume, cover letter and other achievements related to the internship in question.
The following processing of personal data is based on the legal ground of consent:
when you subscribe to our newsletter, we process your personal data in order for you to take part of information about our activities, news and other events happening at Ideon;
This means that we will actively seek your consent before we process your personal data. You can at any time choose to withdraw your consent, in which case we will stop processing your personal data, unless we have a statutory obligation to continue. A withdrawn consent does not affect already processed personal data.
The following processing of personal data is based on the legal ground of contract:
We use CRM systems, customer administration tools and event planning software in order to provide you with our services and maintain contact with you regarding our services;
Court of law, supervisory authority, government agency or other public body:
Upon request and only if necessary, we might disclose your personal information in order to comply with a court of law, government decision or to otherwise fulfill our statutory obligation;
Other than the actors above, we are only sharing your personal information with other actors if there is a previous special agreement with you.
If any of the above actors, as a result of the sharing of personal information, becomes a processor to us we will draft a data processor agreement with said actor which meets the requisites in the GDPR and other applicable regulations.
We never sell your personal information to any party.
WE2U, IDEON AB AND IDEON CENTER (JOINT CONTROLLERS)
In order to provide you with our best customer service and customer care; Ideon AB together with the companies WE2U and Ideon Center share personal data stored in a customer care database. The processing includes the storage, service and administration of your personal data. Regarding personal data for which the companies share the personal data processing tasks, there is a joint responsibility of said personal data processing. This means that WE2U, Ideon AB and Ideon Center has the same responsibility towards you regarding the statutory obligations of the GDPR. In light of Ideon AB, We2U and Ideon Center joint responsibility, a joint controller agreement has been drafted to ensure each party’s responsibility under the GDPR.
TRANSFER OF PERSONAL DATA TO COUNTRIES OUTSIDE EU/EEA
Ideon AB does not transfer, nor intend to transfer, your personal data outside of the EU/EEA. However, we might from time to time utilize the services of processors in the form of software- or third-party providers and where your personal data may be transferred outside of the EU/EEA. In such cases, we ensure you that the transfer of personal data is preceded by an adequacy decision or appropriate and suitable safeguards.
If you have any questions regarding the above, please contact us using the contact details above.
You, whose personal data we process, have the right to request the following from us free of charge by contacting us (see “CONTACT DETAILS FOR IDEON AB” above). If we receive such a request, we will need to secure your identity with appropriate security measures in order to prevent unauthorized persons from gaining access to your personal data. We will respond to your request without delay, but no later than one (1) month after your request was received. You are entitled to the following (a-f):
- Right of access (transcript): You have the right to receive information about which categories of personal data we process about you in the form of a written transcript. In the excerpt we describe what personal data we have about you and why we need them.
- Right to rectification: You have the right to request correction of your personal data if these are incorrect or incomplete.
- Right to erasure (right to be forgotten): You have the right to request that we delete your personal data if processing is no longer necessary, if it is based on the legal basis of consent or if the processing of personal data is performed illegally. However, deletion of your personal data does not apply to the information that we are obliged to preserve according to a legal obligation.
- Right to restriction of processing: You have the right to request that we temporarily limit the processing of your personal data. The restriction of processing of personal data could be applicable:
during the time it takes us to check that your information is accurate;
during the time it takes us to check whether our legitimate interest in the processing of personal data outweighs your interests and fundamental rights;
to enable you to establish, enforce or defend legal claims;
if the processing of personal data is illegal, but you want the processing to be limited instead of being deleted.
- Right to object: You have the right to object to the processing of your personal data that is based on our legitimate interests. If you object to such processing of personal data, we may only continue to process your personal data if our legitimate interest outweighs your rights and freedoms, or if there is an existing statutory legal obligation according to applicable data protection legislation.
- Right to data portability: You have the right to obtain the personal data you have provided us in a structured, generally used and machine-readable format, if the processing is based on a consent or an agreement and if it is technically possible. You also have the right to request that we transfer your personal data directly to another controller.
LODGE A COMPLAINT TO THE SUPERVISORY AUTHORITY
If you applied and got accepted to the MatchIT program, which we carry out together with our business partners and/or government bodies. This means that we will process necessary personal data required for the performance of your contract. In order for us to carry out the matchmaking with other companies we might need to share your personal data with involved parties (read more under: “Recipients of personal data”).
The following processing of personal data is based on the legal ground of legitimate interest:
when you attend one of our events, we process your personal data in order to register your attendance and send you information related to the event;
When you contact us through email, regarding matters related to Ideon, we process your personal in order to help you with your inquiry.
If you wish for us to delete above-mentioned information you may object to the processing of personal data. Read more about how you may do so below under “Your Rights”.
COMMENTS ON NEWS ARTICLES OR BLOG POSTS BY IDEON
The following processing of personal data is also based on the legal ground of legitimate interest:
when you comment on one of our news articles or blog posts, we process your personal data on our website in order to identify you as the commentator.
Note that if you decide to comment on our news articles or blog posts your comment will be available for other visitors of our news articles and/or blog posts. In order to comply with applicable legislation, we might moderate your comment if we deem that it is in violation with said legislation. If you wish for us to delete above-mentioned information you may object to the processing of personal data. Read more about how you may do so below under “Your Rights”.
RECRUITMENT PLATFORM (TEAMTAILOR)
We may process personal information about you to comply with legal obligations. For example, to comply with the Discrimination Act (sw: Diskrimineringslagen) or the Accounting Act (sw: Bokföringslagen) or other statutory obligation which require processing of personal data. If necessary, your personal information may also be processed for the establishment, exercise or defense of legal claims.
Your personal information can, in an aggregated form, be used for market and customer analysis, market research, statistics and business follow-up relating to the purchase of goods and services. If we use your personal data for above-mentioned activities, we will ensure that your data is anonymized using appropriate and suitable safeguards.
Personal data is collected and processed for as long as there is an existing relation with the natural person based on the newsletter subscription and/or the attendance on one of our events. Thereafter for an additional period of six (6) months. If you want to withdraw your consent for our newsletter subscription or object to the continuous processing based on the personal information of your attendance of our events you may do so by contacting us (read more about this below under “Your Rights”).
For personal data collected and processed through your application and acceptance to the MatchIT program, we process your personal data during the matchmaking period and thereafter for an additional period of six (6) months.
For personal data collected and processed through your comments on our website and/or your email correspondence with us, we process your personal data for as long as there is a legitimate interest for us to keep in contact with you and/or enable your comments on our website. If you want to object to further processing of personal data based on the above purposes, you may do so by contacting us (read more about this below under “Your Rights”).
Personal data may be stored for a longer period if it is considered necessary to comply with statutory obligations or for the establishment, exercise or defense of legal claims.
SECURITY AND CONFIDENTIALITY
Technical and organizational measures
We ensure you that only personnel who need your personal data have access to these and then only in order to fulfill their duties (authorization). Our staff has good knowledge of data protection legislation and has undergone special education in handling personal data in a correct and appropriate manner. Furthermore, our staff is up-to-date on the latest in data protection management and legislation. We also have a close cooperation with our legal representative whom is qualified in manners regarding the GDPR and data protection legislation.
All employees have at Ideon, through their employment contract, signed a confidentiality agreement regarding the processing of personal data by us. Ideon is responsible for ensuring that confidentiality covers all information regardless of whether the information has been provided in written or oral form.
RECIPIENTS OF PERSONAL DATA
From time to time we will need to share your personal information with other actors in order to fulfill our obligations to you or other competent public authority. We do this only when it is deemed to be necessary. The actors are briefly described below. Please contact us if you have any further inquiries regarding the information below.
Business partners and cooperative partners:
For matchmaking projects such as MatchIT, there are many co-actors involved in order to successfully deliver our services to you. In such circumstances we might need to share your personal data with these actors. For example, we might share your personal identity number to the government body in charge for the project in order to identify you as the participant and identify the number of hours worked;