Purpose and scope of this policy
As a personal data protector, Vilja is responsible for the technical and organizational security measures and ensures that the storage and access to the personal data take place securely and with integrity in focus.
WHAT ARE PERSONAL DATA AND WHAT THE PROCESSING OF PERSONAL DATA IMPLY?
Personal data are all information that can be linked directly or indirectly, alone or together with other data to a person alive today. This means that we as a company must secure data that alone cannot identify a person, but in combination with one or more other data could do so. Processing of personal data is everything that happens with the personal data. Every action taken with personal data constitutes a processing, regardless of whether it is performed automatically or not.
Examples of common processes are collection, registration, structuring, storage, processing, transfer and deletion. All processing of personal data at Vilja occur with respect for personal integrity and with consideration of data protection legislation.
WHAT TYPE OF PERSONAL DATA ARE PROCESSED?
Vilja only collects and processes personal data that are relevant for the below stated purposes. The main categories of personal data processed are:
- Identification information, such as name and social security number
- Contact information, eg address, telephone number, e-mail address and the like
- Financial information, such as account number, credit information, income, liabilities, insurance coverage, etc.
PROTECTION OF PERSONAL DATA
Vilja safeguards a high level of security for personal data and has for this purpose taken appropriate technical and organizational security measures to ensure that all information that Vilja process are protected from unauthorized access, alteration, dissemination and destruction.
WHERE ARE THE PERSONAL DATA PROCESSED?
All information concerning Vilja’s customers are processed in Sweden.
FOR HOW LONG ARE THE PERSONAL DATA STORED?
The personal data Vilja collects are processed for different purposes and are thus stored for different lengths of time depending on the intent and what obligations there are by law.
However, personal data are never stored in the form that enable the identification of a person (see also section “the right to deletion” below) for a longer period than is necessary for the purposes of the processing.
RIGHT TO ACCESS
The customer has own access to most of their own information, including information obtained via, for example, SPAR / Skatteverket, but not customer and account listings written by the institute as these are intended only for the institute. In cases where a customer requests a register extract of all information about him/her from the system, Vilja can create a CSV file (machine readable file) which is ordered via the regular support channel.
THE RIGHT OF CORRECTION
The customer has their own access to information, and has the opportunity to correct incorrect information. In cases where a customer requests a correction, an approved administrator at the institute can correct information that is incorrect. However, there are exceptional cases where information is not possible to correct, as this is obtained from a third party, for example from SPAR / Skatteverket. In these cases, the customer must turn to the 3rd party.
THE RIGHT OF DELETION (THE RIGHT TO BE FORGOTTEN)
A rule in the Data Protection Regulation is the right to be forgotten, which means that you have the right to request that your personal data are deleted if they are no longer needed for the purposes for which they were collected. However, there may be legal requirements that make it impossible to delete personal data immediately.
Vilja ensures deletion of personal data when they are no longer needed for the intended purpose.
Vilja Platform has built-in functions for anonymisation (being forgotten), which means that you “depersonalize” a customer but that you keep some information, such as the bank’s clearing number. The purpose of anonymisation is that statistics should remain in order to be able to develop and streamline operations. However, you will never be able to deduce who the information belongs to. Information about which fields are left, deleted and changed are described in our field descriptions.
CHANGES IN THIS POLICY
HOW TO CONTACT US
Questions regarding personal data that Vilja processes in the role of personal data protector can be answered via:
Adress: Vilja Solutions AB Kungsgatan 26 111 35 Stockholm, Sweden
Violation of the Policy
Any perceived violation of this Policy within Vilja Solutions group or through our business relationships, such as customers or suppliers, should promptly be reported to management. Report of a violation can be reported directly to the staff’s immediate manager or directly to the CSO, CISO or other top-level management depending on the circumstances.