Vis-a-vis the company’s stakeholders, customers, suppliers, consumers, employees and society at large, Lipidor AB wishes to take responsibility for and respect human rights, follow local and international laws, rules and regulations.
Pursuant to the new Data Protection Regulation (abbreviated as GDPR), that comes into force on May 25, 2018, the rights of privacy of the individual will be significantly strengthened. This implies that businesses, organizations and companies throughout the EU and the EEA will have increased responsibilities and obligations with respect to the personal data of individuals that they process in various ways in the course of their activities.
It will only be lawful to process personal data if the processing satisfies some of the requirements stated in the legal text. However, it is important to point out that intention of the Act is not to prohibit the processing of personal data but rather to regulate and control when, where and why the processing of personal data is necessary within an activity/business.
The law states that: “[…]the data controller must implement appropriate technical and organizational measures to ensure and demonstrate that processing is carried out in accordance with this Regulation”. Here below is a description of how we apply this within our activities/business.
You can always contact us regarding privacy and data protection issues by sending an e-mail to us at: firstname.lastname@example.org
Lipidor AB is the instance that controls the processing of personal data for our customers, partners and employees.
In those cases Lipidor AB uses controllers to process personal data, e.g. travel companies, municipalities and county councils etc., this collaboration must be pursuant to Article 28 in the Act. Lipidor AB is only responsible for hiring controllers who provide sufficient guarantees that privacy will be maintained and that the Data Protection Regulation will be adhered to.
What personal data do we process?
Among other things, we process your personal data in conjunction with you using our services on Lipidor AB’s website and/or in e-mails to any of our employees. Depending on the purpose of our contact with you, it may be relevant for us to obtain information about you. For example, it may be your name, address, telephone number and/or other historical information about orders or previous e-mail conversations in order for us to be able to provide you with customized solutions with respect to you contacting us or we contacting you.
We also obtain information via cookies on our web pages. It can also be personal data in the form of such things as your language settings, which subpages you have visited, other browser settings and IP-address.
If you are employed at Lipidor AB, in addition to your name, address and telephone number, we will also process more sensitive information such as national identity number, bank information, next of kin, number of children, possible diseases and disorders or other relevant information that we, as an employer consider that we need for your employment. The processing of this personal information has support in the law and is controlled with strengthened regulatory requirements.
Salary statements are processed in paper format until the persons concerned parties have signed them; only then are they scanned and saved electronically on Lipidors’s database. The physical salary statement is destroyed.
No personal data is saved together with the documentation in connect with complaints and deviations. Any photographs taken of patients must always be taken in such a way that it is not possible to identify an individual.
When do we process your personal data?
In connection with some of our products and services, there may also be bookings, orders, user ID, passwords and other information that you have provided in connection with a selected service.
For example, we process information about you:
• when you use any of our services on our web pages
• when you are/wish to become a subscriber to our newsletter
• when you contact us via our contact form
• when you apply for a job with us
• when you get employment with us
• when developing our products and services
• to compile statistics for an analysis
• to process complaints and deviations
• to ensure information security, and
Compliance with laws
• for archival and accounting purposes
• to reach out to employees with internal information. This is situation-specific and processing will be based and what is deemed to be relevant in the individual situation. As far as possible, information will be transmitted digitally. However, since all employees at Lipidor AB do not have access to computers and the Intranet, we have to find other ways of communication to convey information. For this purpose, we have a bulletin board in own common staff areas as the chosen means of communication. The personal data that may be processed for this purpose can, among other things, consist of names and telephone numbers but also e-mail addresses. Please note that no personal data other than names, telephone numbers and e-mail addresses will be processed via this channel. One the processing has fulfilled its purpose (to inform), the information will be deleted (destroyed) or, if necessary, archived as soon as possible.
How is the information stored?
Information that has been obtained via a form on our web pages www.lipidor.se or otherwise, will be stored in our CRM system and in MailChimp, which, among other things, is used for automated marketing.
If you e-mail directly to any of us at Lipidor AB, even these e-mails will also be covered by the Act. Personal data in an e-mail conversation will be saved for as long as the matter requires. Then, once the matter is finalized, any personal data will be removed, provided that none of the other requirements for “processing personal data” applies.
For employees, your personal data will be saved in several different systems and in several departments depending on what we need your personal data for. Please contact us for a complete list of where your personal information is registered.
What do we use your personal data for?
In order for us to be allowed to use personal data, this must always be supported in the Data Protection Regulation (GDPR), a so-called legal basis.
Thus, there is an explicit responsibility to specify the purpose of the processing of personal data and consideration must be taken as to what personal data is considered necessary for the purpose.
We use personal data minimization is such a way that only the most necessary information is collected and processed at each individual processing session. The personal data must be deleted once the purpose for processing has been fulfilled. However, where other rules are applied in compliance with Article 89 of the Act, further use of personal data may be made in archival, accounting and deviation processing etc.. In accordance with the law,processing of your personal data may also take place after interests have been balanced or with your consent.
How long will we save your personal data
We will only save your personal data for as long as is necessary to accomplish our agreed commitments to you and as long as this is required pursuant to statutory storage times. Normally, this means that Lipidor AB will save customer information for no more than one year from your last customer contact with us. However, we will save information that is needed for accounting, processing of complaints and deviations as well as for archival purposes for up to eight to ten years. Please note, however, that the only purpose of this processing of personal data is for that specific purpose and should therefore only be used on the basis of that purpose.
We save personal data about our employees for as long as employment is active. After this, the information is save for as long as the Employment Protection Act stipulates that we must save the information.
To whom do we provide personal data
We sometimes hire subcontractors in order to deliver our products and services and maintain a good working environment. This means that even these need access to your information, or parts of the information about you that we are responsible for. However, our subcontractors may not use data about you for any purpose other than for providing the service for which we have hired the subcontractor to perform. Their use must always be based on the conditions that we as the data controller specify.
However, according to applicable legislation and based on regulatory decisions etc., when requested, we are obliged, for example, to provide your personal data to the police.
In cases where you have provided sensitive information such a medical history, current state of health, the cardinal rule is that your personal information is covered by professional secrecy. Personal data is stored and processed in accordance with is stipulated in the Act when processing sensitive personal data.
If you have given your consent, we may, even in cases other than those specified in the paragraphs above, disclose your information to companies, organizations or individuals outside of Lipidor AB.
You have the right to demand transparency into our processing of your personal data. You can also demand corrections, limitations or the removal of personal data in accordance with the Data Protection Regulation.
When the processing of personal data is based on consent, you may retract your consent at any time.
If you believe that Lipidor AB has not fulfilled your rights in accordance with the Data Protection Act, you have the right to appeal to the supervisory authority in question. You do this by sending a complaint to the Swedish Data Protection Authority. Contact information can be found at: http://www.datainspektionen.se
Lipidor AB (CIN 556779-7500)
Karolinska Institutet Science Park
171 65 Stockholm
In order to read more about the new “GDPR” Compliance Act or the Data Protection Regulation, see the Swedish Data Protection Authority’s webpage datainspektionen.se