Privacy Policy

Purpose and scope of this policy

Vilja Solutions AB (hereinafter also “Vilja”, “we”, “our” and “ours”) safeguards personal integrity and always strives for high levels of data protection. With this privacy policy, we want to show how we, in the roll as a personal data protector, ensure that the personal data that we have access to through our systems, are treated in accordance to current legislation and principles for privacy protection.

As a personal data protector, Vilja is responsible for the technical and organizational security measures and ensures that the storage and access to the personal data take place securely and with integrity in focus.

Commitments

WHAT ARE PERSONAL DATA AND WHAT THE PROCESSING OF PERSONAL DATA IMPLY?

Personal data are all information that can be linked directly or indirectly, alone or together with other data to a person alive today. This means that we as a company must secure data that alone cannot identify a person, but in combination with one or more other data could do so. Processing of personal data is everything that happens with the personal data. Every action taken with personal data constitutes a processing, regardless of whether it is performed automatically or not.

Examples of common processes are collection, registration, structuring, storage, processing, transfer and deletion. All processing of personal data at Vilja occur with respect for personal integrity and with consideration of data protection legislation.

WHAT TYPE OF PERSONAL DATA ARE PROCESSED?

Vilja only collects and processes personal data that are relevant for the below stated purposes. The main categories of personal data processed are:

  • Identification information, such as name and social security number
  • Contact information, eg address, telephone number, e-mail address and the like
  • Financial information, such as account number, credit information, income, liabilities, insurance coverage, etc.

PROTECTION OF PERSONAL DATA

Vilja safeguards a high level of security for personal data and has for this purpose taken appropriate technical and organizational security measures to ensure that all information that Vilja process are protected from unauthorized access, alteration, dissemination and destruction.

WHERE ARE THE PERSONAL DATA PROCESSED?

All information concerning Vilja’s customers are processed in Sweden.

FOR HOW LONG ARE THE PERSONAL DATA STORED?

The personal data Vilja collects are processed for different purposes and are thus stored for different lengths of time depending on the intent and what obligations there are by law.

However, personal data are never stored in the form that enable the identification of a person (see also section “the right to deletion” below) for a longer period than is necessary for the purposes of the processing.

RIGHT TO ACCESS

The customer has own access to most of their own information, including information obtained via, for example, SPAR / Skatteverket, but not customer and account listings written by the institute as these are intended only for the institute. In cases where a customer requests a register extract of all information about him/her from the system, Vilja can create a CSV file (machine readable file) which is ordered via the regular support channel.

THE RIGHT OF CORRECTION

The customer has their own access to information, and has the opportunity to correct incorrect information. In cases where a customer requests a correction, an approved administrator at the institute can correct information that is incorrect. However, there are exceptional cases where information is not possible to correct, as this is obtained from a third party, for example from SPAR / Skatteverket. In these cases, the customer must turn to the 3rd party.

THE RIGHT OF DELETION (THE RIGHT TO BE FORGOTTEN)

A rule in the Data Protection Regulation is the right to be forgotten, which means that you have the right to request that your personal data are deleted if they are no longer needed for the purposes for which they were collected. However, there may be legal requirements that make it impossible to delete personal data immediately.

Vilja ensures deletion of personal data when they are no longer needed for the intended purpose.

Vilja Platform has built-in functions for anonymisation (being forgotten), which means that you “depersonalize” a customer but that you keep some information, such as the bank’s clearing number. The purpose of anonymisation is that statistics should remain in order to be able to develop and streamline operations. However, you will never be able to deduce who the information belongs to. Information about which fields are left, deleted and changed are described in our field descriptions.

CHANGES IN THIS POLICY

Vilja reserves the right to make changes to this Privacy Policy at any time insofar as the changes are necessary to meet new legal or technical requirements.

HOW TO CONTACT US

Questions regarding personal data that Vilja processes in the role of personal data protector can be answered via:

E-post: dpo@viljasolutions.com

Adress: Vilja Solutions AB Kungsgatan 26 111 35 Stockholm, Sweden

Violation of the Policy

Any perceived violation of this Policy within Vilja Solutions group or through our business relationships, such as customers or suppliers, should promptly be reported to management. Report of a violation can be reported directly to the staff’s immediate manager or directly to the CSO, CISO or other top-level management depending on the circumstances.