Data protection policy

What information do we collect?

Personal data that we may process is name, contact details (address, e-mail address and telephone number), social security number, billing information, login details, when you contact our support, we collect the information you provide to us in order for us to help you with your case, recorded calls, as well as IP address and other information collected via cookies and similar technologies. We also store data about which of our services you order and use and how you use them.

Visitors to our website

When you visit our website, we collect information via cookies. For more information about our cookies and how we use them, see our cookie policy.

On our website, you can get in touch with us via a form or if you want to chat with us, we use a third-party service that collects your name, email and chat history. The data may be stored and further processed for other purposes, see below.

Customer

If you are an individual or a sole trader and a customer of ours, much of the information about you that we access and process will be personal data.

• Establish your account with us and provide the services we have committed to deliver and charge you for the services, all in accordance with our contract. We will contact and communicate with you in various ways, for example when we provide you with support. We also process personal data in connection with troubleshooting and malfunctions. The processing is necessary for the performance of our contract.
• Improve existing and develop new services. The processing is necessary to fulfil our legitimate interest in product development.
• Market Binero and our services. We use direct marketing via e-mail, which you can of course opt out of, where we show you relevant product recommendations and offers.
• Fulfil our legal obligations. Your personal data is processed, including transferred and stored, to the extent necessary for us to fulfil our obligations under applicable law or other legal obligations, such as accounting or reporting to authorities.
• Protect you, Binero and others. We may process your personal data if necessary to defend or assert our, your or others' legal rights, business interests or other legitimate interests. For example, this may be necessary if you or someone else makes a claim against us. The processing is necessary for the purposes of our legitimate interest in protecting you and others and for other legitimate interests, such as our interest in defending or asserting legal claims.

Representative of the customer and user of our services

If you come into contact with Binero in your capacity as an employee of a customer of ours or a user of our services, we will process your personal data, including information about your use of our services, in order to:

• Create your user account with us and provide the services we have committed to deliver in the contract with your employer or client. We will contact and communicate with you in various ways, for example when we provide you with support. We also process personal data in connection with troubleshooting and operational disruptions. The processing is necessary for the purposes of our legitimate interest in performing the contract with your employer/client.
• Improve existing and develop new services. The processing is necessary to fulfil our legitimate interest in product development.
• Market Binero and our services. We use direct marketing via e-mail, which you can of course opt out of, where we show you relevant product recommendations and offers.

Potential customer or representative of potential customer

Your personal data will be processed by us in order for us to:

• Market Binero and the services we provide that we believe will be of interest to you or your employer. We use direct marketing via email (which you can of course easily opt out of) where we display relevant product recommendations and offers and also contact you by phone. The processing is necessary to fulfil our legitimate interest of being able to market ourselves.

Representative of the supplier or partner

If you are employed by a company that is a supplier or partner of ours, your personal data will be processed by us in order to:

• Fulfil the rights and obligations we have under the contract that your employer has entered into with us, such as carrying out administration, invoicing and payment, and for communication. The processing is necessary for the purposes of our legitimate interest in performing the contract with your employer.

Job seekers

Personal data is information collected in connection with a job application such as CV, cover letter, name, date of birth, address, telephone number, photo, gender, previous work experience, grades, education, personal characteristics and family circumstances. Personal data is also collected during any interviews, and may also be collected in connection with reference taking for employment.

Sensitive personal data will only be processed if necessary or if you explicitly consent to the processing. For example, sensitive personal data may be processed if you have a disability or other special needs that we need to take into account in the recruitment process.

Visitors to our premises or properties

We have a few premises and properties where we have camera surveillance that takes place in and around our properties, such as office premises or server rooms that are of high protection value. Cameras are installed where we have assessed that there is a need. The locations are clearly signposted at each site.

• It is a balance of interests where we have assessed that camera surveillance is needed to create a sense of security in and around our properties in order to ensure security and order.
• Personal data collected is image material with audio recording that comes from the camera surveillance that exists in some of our properties. Where this occurs, there is clear signage to this effect in and around the property. Where the footage contains an identified or identifiable natural person, this constitutes personal data. When using access cards, Binero will, for security reasons, collect and store information about entries and exits, names, telephone numbers and the card's identification number.
• In order to minimise the risk of infringement of personal privacy, we have chosen to minimise the storage time for the recorded material as much as possible. We have also ensured that only a few people at Binero have access to the recorded material and we have ongoing routines for how recorded material may be handled and disclosed. However, as a minimum, recorded material and information about the use of access cards are saved for two (2) months. The material is stored in Sweden.
• We are very restrictive about disclosing image material, but sometimes it is necessary. This means that those who can access the material, in addition to a limited circle of staff at Binero, are authorities in cases where this is required by law or government decision or to the relevant law enforcement authorities when this is required for, for example, a criminal investigation.

How do we protect your personal data?

We have a comprehensive system with several levels of security through both logical network restriction, access levels, alarms and intrusion protection of various kinds. We also work according to ‘Privacy by design’ in development, both internally and together with partners.

We are also certified according to ISO 9001 (Quality) and ISO 27001 (Data Security) and through this we work in a structured way with routines and processes to fulfil the security and quality systems that these certifications entail.

In addition, all staff are trained in data protection, and are updated annually in this.

Your rights as a data subject

Right to information

The data subject has the right to be informed when personal data is processed. Information on the processing of personal data shall be provided by us as the controller both when the data is collected and when the data subject otherwise requests it.

Right of access

The data subject has the right to contact you as the controller to find out whether or not personal data is being processed.

Right to rectification

The data subject has the right to contact us as the data controller and ask for incorrect data to be corrected. This also means that the data subject has the right to supplement any missing personal data that is relevant to the purpose of the personal data processing. The fact that we, as data controllers, must also ensure that the data is accurate and up to date is already clear from the basic principles of the GDPR.

If data is rectified at the request of the data subject, we as controllers must inform those to whom they have disclosed data of the rectification. However, this does not apply if it would prove impossible or involve excessive effort. The data subject also has the right to request information about to whom data has been disclosed.

Right to erasure

The data subject has the right to request the erasure of data, provided that the data are no longer necessary for the purpose for which they were collected or otherwise processed or if there is no legal basis for processing the data.

Right to restriction

The data subject has the right to contact you as the controller to find out whether or not personal data is being processed.

Right to object

The data subject has the right to contact you as the controller to find out whether or not personal data is being processed.

Right to data portability

In some cases, the data subject has the possibility to obtain personal data concerning you in order to use it elsewhere, for example to transfer it to another controller.

The right to lodge a complaint with a supervisory authority

The data subject has the right to lodge a complaint with the Data Protection Authority (DPA) if the DPA considers that we are processing data relating to the data subject in breach of the GDPR.

When you want to exercise your rights, please contact our Data Protection Officer as soon as possible in the first instance.

As a customer, you can log in to our portal at any time and check the information stored in your account and in most cases modify or delete the information. You have the right to ask us to delete the information we have stored about you. For some purposes, such as the Accounting Act and other relevant laws, we need to keep the information even after a request for deletion has been processed.

Trained and aware staff

We have undergone training and internal GDPR certification for all our staff in all departments, and do so on an ongoing basis once a year. We also have cutting-edge expertise and supplier/system support to keep us up to date and work actively to comply with the directives and try to facilitate this for our customers as well.

Certifications

We are certified according to the quality standard ISO 9001, environmental management ISO 14001 and the information security standard ISO 27001 and have met the stringent requirements for procedures, processes and various systems contained in these.

Other

The content of this data protection policy may change over time. We will always hold our customers' privacy in high regard and comply with all data protection laws in the EU and Sweden. If we make major changes, these will be communicated via email and in your customer portal. If you want to keep up to date, we recommend that you read this policy regularly.

Other important information about how we work with GDPR, both as a processor and controller, can be found in our data protection policy and our appendix to the data processing agreement, which describes how we process personal data as a processor. For other questions, we refer to IMY (Integritetsskyddsmyndigheten ) which has very good information and guides for working with GDPR.