Scandinavian Business Solutions (hereinafter referred to as the “Company”) shall endeavour in complying with the applicable laws related to the General Data Protection Regulation (GDPR 2016/679) in countries where the Company operates.
This Policy sets forth the basic principles by which the Company collects, retains, transfers, discloses and disposes the Personal Data of consumers, customers, suppliers, business partners, employees, users, visitors to the website and other individuals (hereinafter referred to as the “Data Subjects”), and indicates the responsibilities of its business departments and employees while processing personal data.
This Policy applies to the Company and its subsidiary companies whether directly or indirectly controlled within the European Economic Area (EEA) or processing Personal Data of Data Subjects within the EEA.
The Company ensures that any Personal Data of Data Subjects that is transferred outside of the EU and EEA countries or an international organisation, that the legal regime is deemed to provide an “adequate” level of Personal Data protection as stipulated by the European Commission.
The Company warrants that all Personal Data of the users of its services and visitors of the website www.starta-enskildfirma.se is processed under the applicable regulations governing the protection of Personal Data (GDPR 2016/679).
Personal Data is processed only when there is a legal basis for such an act: legal obligation, contractual relationship, and user consent, protection of key user interests or legitimate interest of the Company.
This data protection policy ensures Scandinavian Business Solutions Ltd:
The following terms “Controller”,“Processor”, “Data Subject”,“Personal Data”,“Processing Activity/ies”,“Pseudonymisation”,“Cross-Border processing of Personal Data”, “Supervisory Authority” used in this document shall have the same meaning as in the European Union’s General Data Protection Regulation:
The Company shall adhere to Article 5(2) of the GDPR which stipulates that “the controller shall be responsible for, and be able to demonstrate, compliance with the principles.”
Personal Data must:
1. Be processed fairly and lawfully;
2. Be obtained only for specific, lawful purposes;
3. Be adequate, relevant and not excessive;
4. Be accurate and kept up to date;
5. Not be held for any longer than necessary;
6. Be protected in appropriate ways;
And the Company must:
7. Be Accountable;
8. Disclose information;
9. Not to transfer Personal Data outside the European Economic Area (EEA), unless that country or territory also ensures an adequate level of protection.
10. Process Data in accordance with the rights of Data Subjects;
The Company shall process Personal Data in relation to Data Subjects lawfully, fairly and in a transparent manner.
The Company shall collect Personal Data for specified, explicit and legitimate purposes and will not further process Personal Data in a manner that is incompatible with those purposes.
The Company shall keep Personal Data that is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed. The Company shall apply anonymization or pseudonymisation to Personal Data where possible to reduce the risks to the Data Subjects.
The Company strives to keep Personal Data accurate, and, where necessary, is to be kept up to date. The Company shall take reasonable steps to ensure that Personal Data is accurate, having regard to the purposes for which it is processed, and any inaccurate Personal Data shall be erased or rectified without undue delay.
The Company warrants keeping Personal Data for no longer than is necessary and only for the purposes for which the Personal Data is processed.
Taking into account the state of technology and other available security measures, the implementation cost, and likelihood and severity of Personal Data risks, the Company endeavours to use appropriate technical or organizational measures to process Personal Data in a manner that ensures appropriate security of Personal Data, including protection against accidental or unlawful destruction, loss, alternation, unauthorized access to, or disclosure.
The Company shall be responsible for and be able to demonstrate compliance with the principles outlined above.
In the event that the Company uses a third-party supplier or business partner to process Personal Data on its behalf, the Company shall ensure that this processor will provide security measures to safeguard Personal Data that is appropriate to the associated risks.
The Company shall endeavour that the supplier or business partner is to provide the same level of data protection. The Company shall ensure that the supplier or business partner shall process Personal Data only to carry out its contractual obligations towards the Company or upon the instructions of the Company and not for any other purposes.
When the Company processes Personal Data jointly with an independent third party, the Company will explicitly specify its respective responsibilities of and the third party in the relevant contract or any other legal binding document, such as the Supplier Data Processing Agreement.
The Company shall ensure that before transferring Personal Data out of the European Economic Area (EEA), adequate safeguards will be used including but not limited to the signing of a Data Transfer Agreement/Addendum, as required by the European Union. Authorisation may be obtained from the relevant Data Protection Authority where required. Furthermore, the entity receiving the Personal Data shall comply with the principles of Personal Data processing set forth in Cross Border Data Transfer Procedure.
The Company acting as Data Controller shall provide Data Subjects with a reasonable access mechanism to enable the same to access their Personal Data. The Data Subject shall be allowed to update, rectify, erase, or transmit their Personal Data, if appropriate or as required by law.
At the time of collection or before collecting Personal Data for any kind of Processing Activities including but not limited to selling products, services, or marketing activities, the Company shall inform the Data Subjects of the following:
This information shall be provided through a Privacy Notice. All Data Subjects, regardless of the type and legal basis of processing, may file a complaint against Personal Data processing to the Supervisory Authority – [email protected]
Where Personal Data is being transferred to a third country, the Privacy Notice should reflect this and clearly state to where, and to which entity Personal Data is being transferred.
The Company shall ensure that whenever Personal Data is processed, such processing is carried out based on the Data Subject's consent, or other lawful grounds. The Company shall retain record of such consent.
The Company shall provide Data Subjects with different options to provide their consent and must inform and ensure that their consent (apart from whenever consent is used as the lawful ground for processing) can be withdrawn at any time.
Personal Data will only be processed when explicitly authorised by the Company.
It is in the Company’s remit to decide whether to perform the Data Protection Impact Assessment for each data processing activity following the Data Protection Impact Assessment Guidelines.
Upon request, Data Subjects have the right to have their Personal Data erased by the Company. The Company acting as a Controller will take all necessary actions (including technical measures) to inform third-party Data Processors to comply with the request.
Data Subjects have the right to receive, upon request, a copy of the Personal Data they provided to the Company in a structured, commonly used and machine-readable format and to transmit such Data to another Controller, for free. The Company shall endeavour to ensure that such requests are processed within one month, subject that it is not excessive and does not affect the rights of other individuals’ Personal Data.
When the Company receives requests to dispose of Personal Data records by Data Subjects, The Company shall ensure that these requests are handled within a reasonable time frame. The Company shall keep record including a log of these requests.
The Company shall also strive in obtaining adequate disposal mechanisms to ensure no Personal Data is leaked outside of the organisation.
The Company shall maintain the accuracy, confidentiality and relevance of Personal Data based on the processing purpose. The Company shall ensure that adequate security mechanisms designed to protect Personal Data will be used to prevent Personal Data from being stolen, misused or abused, and to prevent Personal Data breaches.
The Company shall be responsible for the requirements in this section and that any present and future collection, retention, transfer, disclosure and disposal methods are compliant with relevant law, good practices and industry standards.
The Company shall ensure appropriate Personal Data processing from all its employees and all those who have access and process data on behalf of the Company.
Everyone who works for or with the Company has some responsibility for ensuring that Personal Data is collected, stored and handled appropriately. Each team that handles Personal Data must ensure that it is handled and processed in line with this Policy and data protection principles.
However, these people have key areas of responsibility:
Use of Web Page: (www.starta-enskildfirma.se)
The Company collects information from the visitors and users of the website in order to better understand the needs of users and to improve their products and services.
The following data is collected for the above stated purposes:
While registering a user the Company shall collect the following information:
We may collect personal identification information from Users in a variety of ways, including, but not limited to, when Users visit our site, register on the site, place an order, subscribe to the newsletter, respond to a survey, fill out a form, and in connection with other activities, services, features or resources we make available on our Site. Users may be asked for, as appropriate, name, email address, mailing address, phone number, credit card information, and social security number. Users may, however, visit our Site anonymously. We will collect personal identification information from Users only if they voluntarily submit such information to us. Users can always refuse to supply personally identification information, except that it may prevent them from engaging in certain Site related activities.
The Company shall provide its users with user support through an online chat with an agent. Username and email address shall be necessary to sign up for online chat. The data collected in this manner shall be processed exclusively for the purpose of providing user support.
The Company, in compliance with the given consent, may periodically notify Data Subjects of the new benefits of The Company. The Data Subject may always decide to decline from receiving the above notifications and may cancel the service by sending an e-mail to [email protected]
Personal Data is also passed on to trusted partners (Data Processors) for the purpose of providing user support, information system maintenance or similar needs. The Company shall keep the Data Subjects informed and ensure that these trusted partners will abide with the mandatory data protection measures.
Prior any Personal Data transmission the Company shall ensure that the legal regime is deemed to provide an “adequate” level of Personal Data protection as stipulated by the European Commission.
During such data transmission the Company shall take all appropriate organizational, technical and legal protection measures.
When the Company learns of a suspected or actual Personal Data breach, the Company shall perform an internal investigation and take appropriate remedial measures in a timely manner. Where there is any risk to the rights and freedoms of Data Subjects, the Company will notify the relevant Supervisory Authorities without undue delay and, when possible, within 72 hours from when it learns of such breach.
The administration department or other relevant department is responsible for auditing how well business departments implement this Policy.
Any employee who violates this Policy will be subject to disciplinary action and the employee may also be subject to civil or criminal liabilities if his or her conduct violates laws or regulations.
This Policy is intended to comply with the laws and regulations in the place of establishment and of the country in which the Company operates. In the event of any conflict between this Policy and applicable laws and regulations, the latter shall prevail.
Requests, complaints or inquiries relating to processing and protection of Personal Data can be sent to the e-mail address [email protected] or by calling +47 21899237
In accordance with the applicable legal regulations governing the protection of Personal Data, each request/inquiry will be resolved without undue delay and at the latest within 30 days of receipt.
When contacting and posting such requests, we will invest reasonable efforts to confirm your identity and to prevent unauthorized Personal Data processing.
As the Company evolves, there may be the need to update this Policy to keep pace with changes to the website, software, services, business and Applicable Laws. The Company will however, always maintain its commitment to respect the Data Subject's privacy. The Company ensures that it will notify the Data Subjects with any material changes under this Policy by email (the most recent email provided by the Data Subject) or post any other revisions to this Policy along with their effective date, in an easy-to-find area of the website.
This document was updated on 25/5 -2018 and is effective from that date.
Contact: Samir Mdalla
Email [email protected]
Company Address: Ground Floor, Skye Apartments, 355 Rue D'Argens, Gzira, GZR1362, Malta