data protection policy

What information do we collect?

Personal data that we may process includes your name, contact details (address, email address, and phone number), social security number, billing information, login details, and when you contact our support team, we collect the information you provide to us so that we can help you with your query, recorded calls, and IP address and other information collected via cookies and similar technologies. We also store data about which of our services you order and use, and how you use them.

visitors to our website

When you visit our website, we collect information via cookies. More information about our cookies and how we use them can be found in our cookie policy.

On our website, you can contact us via a form or chat with us using a third-party service that collects your name, email address, and chat history. This information may be stored and processed for other purposes, as described below.

customer

If you are a private individual or sole trader and a customer of ours, most of the information we collect and process about you will constitute personal data.

• set up your account with us and offer the services we have undertaken to provide, as well as charge for the services, all in accordance with our agreement. We will contact and communicate with you in various ways, for example when we provide you with support. We also process personal data in connection with troubleshooting and operational disruptions. The processing is necessary to fulfill our agreement.
• improve existing services and develop new ones. The processing is necessary to fulfill our legitimate interest in product development.
• market Binero and our services. We use direct marketing via email, which you can of course opt out of, where we show you relevant product recommendations and offers.
• fulfill our legal obligations. Your personal data is processed, including transferred and stored, to the extent necessary for us to fulfill our obligations under applicable law or other legal obligations, such as accounting or reporting to authorities.
• protect you, Binero, and others. We may process your personal data if necessary to defend or assert our, your, or others' legal rights, business interests, or other legitimate interests. This may be necessary, for example, if you or someone else makes a claim against us. The processing is necessary to fulfill our legitimate interest in protecting you and others, as well as other legitimate interests, such as our interest in being able to defend ourselves against or assert legal claims.

representative of customers and users of our services

If you come into contact with Binero as an employee of one of our customers or as a user of our services, we will process your personal data, including information about your use of our services, so that we can:

• create your user account with us and provide the services we have undertaken to deliver in the agreement with your employer or client. We will contact and communicate with you in various ways, for example when we provide you with support. We also process personal data in connection with troubleshooting and operational disruptions. The processing is necessary to fulfill our legitimate interest in fulfilling the agreement with your employer/client.
• improve existing services and develop new ones. The processing is necessary to fulfill our legitimate interest in product development.
• market Binero and our services. We use direct marketing via email, which you can of course opt out of, where we show you relevant product recommendations and offers.

potential customer or representative of a potential customer

Your personal data will be processed by us so that we can:

• market Binero and the services we provide that we believe may be of interest to you or your employer. We use direct marketing via email (which you can easily opt out of) where we show relevant product recommendations and offers, and we also contact you by phone. The processing is necessary to fulfill our legitimate interest in being able to market ourselves.

representative of a supplier or business partner

If you are employed by a company that is a supplier or partner of ours, your personal data will be processed by us so that we can:

• fulfill the rights and obligations we have under the agreement your employer has entered into with us, such as performing administration, invoicing, and payment, as well as for communication. The processing is necessary to fulfill our legitimate interest in fulfilling the agreement with your employer.

job seeker

Personal data is information collected in connection with a job application, such as your CV, cover letter, name, date of birth, address, telephone number, photo, gender, previous work experience, grades, education, personal characteristics, and family circumstances. Personal data is also collected during interviews, if applicable, and may also be collected in connection with reference checks prior to employment.

Sensitive personal data is only processed if it is necessary or if you expressly consent to the processing. For example, sensitive personal data may be processed if you have a disability or other special needs that we need to take into account in the recruitment process.

visitors to our premises or properties

We have a few premises and properties where we have camera surveillance in and around our properties, such as office premises or server rooms that are of high security value. Cameras are installed where we have assessed that there is a need. These locations are clearly marked with signs at each location.

• It is a balancing act where we have assessed that camera surveillance is necessary to create a sense of security in and around our properties in order to ensure safety and order.
• Personal data collected consists of image material with audio recording from the camera surveillance system installed in some of our properties. Where applicable, there are clear signs indicating this in and around the property. In cases where the image material contains an identified or identifiable physical person, this constitutes personal data. When using access badges, Binero will, for security reasons, collect and store information about entry and exit, name, telephone number, and the badge's identification number.
• To minimize the risk of invasion of privacy, we have chosen to minimize the storage time for the recorded material as much as possible. We have also ensured that only a few people at Binero have access to the recorded material, and we have ongoing procedures for how recorded material may be handled and disclosed. However, recorded material and information about the use of access badges will be stored for at least two (2) months. The material is stored in Sweden.
• We are very restrictive when it comes to disclosing image material, but sometimes it is necessary. This means that, in addition to a limited group of Binero employees, the only parties who can access the material are authorities in cases where this is required by law or by an official decision, or to relevant law enforcement authorities when this is necessary for a criminal investigation, for example.

How do we protect your personal data?

We have a comprehensive system with multiple security levels through logical network restrictions, access levels, alarms, and various types of intrusion protection. We also work according to "Privacy by design" principles in our development, both internally and together with our partners.

We are also certified according to ISO 9001 (Quality) and ISO 27001 (Data Security), which means that we work in a structured manner with routines and processes to comply with the security and quality systems that these certifications entail.

All staff are also trained in data protection and receive annual updates on this.

your rights as a data subject

right to information

The data subject has the right to obtain information when personal data is processed. Information about the processing of personal data shall be provided by us as the data controller both when the data is collected and when the data subject otherwise requests it.

right of access

The data subject has the right to contact you as the data controller to find out whether personal data is being processed or not.

right to correction

The data subject has the right to contact us as the data controller and request that incorrect information be corrected. This also means that the data subject has the right to supplement any missing personal data that is relevant to the purpose of the personal data processing. The fact that we, as the data controller, must also ensure that the data is accurate and up to date is already clear from the basic principles of the Data Protection Regulation.

If data is corrected at the request of the data subject, we, as the data controller, must inform those to whom the data has been disclosed that the data has been corrected. However, this does not apply if it proves impossible or involves a disproportionate effort. The data subject also has the right to request information about to whom the data has been disclosed.

right to erasure

The data subject has the right to request erasure of data, provided that the data is no longer necessary for the purpose for which it was collected or otherwise processed, or if there is no legal basis for processing the data.

right to restriction

The data subject has the right to contact you as the data controller to find out whether personal data is being processed or not.

right to object

The data subject has the right to contact you as the data controller to find out whether personal data is being processed or not.

right to data portability

In certain cases, the data subject has the right to obtain personal data concerning them for use elsewhere, for example to transfer the data to another data controller.

the right to lodge a complaint with a supervisory authority

The data subject has the right to lodge a complaint with the Swedish Data Protection Authority (IMY) if they believe that we are processing data about them in violation of the General Data Protection Regulation.

If you wish to exercise your rights, please contact our data protection officer as soon as possible.

As a customer, you can log in to our portal at any time to check the information stored in your account and, in most cases, change or delete it. You have the right to ask us to delete the information we have stored about you. For certain purposes, such as due to accounting laws and other relevant laws, we must retain the information even after a request for deletion has been processed.

trained and knowledgeable staff

We have undergone training and internal GDPR certification for all our staff in all departments, and do so on an ongoing basis once a year. We also have cutting-edge expertise and supplier/system support to keep us up to date and work actively to comply with the directives and try to make this easier for our customers as well.

certifications

We are certified according to the ISO 9001 quality standard, ISO 14001 environmental management standard and ISO 27001 information security standard, and we have met the strict requirements for procedures, processes and various systems contained in these standards.

other

The content of this data protection policy may change over time. We will always uphold our customers' privacy and comply with all data protection laws within the EU and Sweden. If we make any major changes, these will be communicated via email and in your customer portal. If you want to stay up to date, we recommend that you read this policy regularly.

Other important information about how we work with GDPR, both as a processor and controller, can be found in our data protection policy and our appendix to the personal data processing agreement, which describes how we process personal data in our capacity as a personal data processor. For other questions, please refer to the IMY (Swedish Data Protection Authority), which has excellent information and guides for working with GDPR.