Privacy policy

Individual customers and individual representatives of corporate customers,
24 Center Sverige Ab, 25/5 2018

Data controller

24 Center Sverige Ab
Forsbyvägen 6
741 40 Knivsta

Personal data that to be processed

Data categories: 24 Center Sverige Ab's individual customers and individual representatives of corporate customers.

The following personal data is always collected from a one-time customer:

The following personal data is also collected from one-off customers where necessary:

Information collected from contract customers includes information from one-off customers plus the following data:

Purpose and reasons for processing

24 Center Sverige Ab processes personal data so that it can implement the agreements it has entered into with its customers. With the consent of the data subject, 24 Center Sverige Ab also uses the personal data it collects for marketing purposes.

Processing criteria under the GDPR are as follows:

Beneficiary categories

The company's internal positions are described in the disclosure statement.

Accountant: (True Value Accounting) information necessary for accounting to Partners.

In addition, software or online services from Accountor Finago and Hubspot are currently used.

In addition, the information is transmitted to LINK Mobility Oy, whose SMS interface forwards SMS from the 24 Center's system to the operators' networks and partners/customers.

The contractual changes required by the GDPR will be implemented by the above-mentioned processor outside 24 Center Sverige Ab.

Retention period for personal data

Personal data is stored for the time required for the implementation of the contractual unit and for the duration of the customer relationship. For one-time customers, the customer relationship begins when the customer orders the service from 24 Center Sweden Ltd and ends when the customer or 24 Center Sweden Ltd requests it. For contract customers, the customer relationship lasts as long as the associated contract. In addition, the storage shall be extended by a maximum of ten years from the receipt of the data, if the data subject has consented to the use of his data for marketing purposes, unless the data subject withdraws his consent earlier.

If the information becomes redundant or obsolete, the information may be archived in an archive accessible to the CEO of 24 Center Sverige Ab, provided that the exercise of the data subject's rights does not require the complete deletion of the information. In such a case, appropriate safeguards are taken.

Furthermore, an annual review is carried out to determine whether there is a legitimate basis for processing all personal data, and any additional data should be deleted.

The data subject's rights of the data subject

The data subject has the following rights:

In all matters relating to their rights, the data subject must contact the CEO of 24 Center Sverige Ab, whose contact details can be found above.

Right of opposition

According to Article 21 of the GDPR, the data subject has the right to object to the processing of his or her personal data in such a way that the controller cannot process them when certain conditions are met. For example, the processing of personal data for direct marketing purposes can be objected to. In matters relating to the exercise of the right to object, the data subject is invited to contact the CEO of 24 Center Sverige Ab.

Withdrawal of consent

The data subject may withdraw his or her consent to the use of his or her personal data for marketing purposes at any time. This is achieved by contacting the CEO of 24 Center Sverige Ab.

Right to complain to the the supervisory authority

According to Article 77 of the GDPR, the data subject has the right to lodge a complaint with the supervisory authority (in Sweden, the Swedish Data Protection Authority) if he or she considers that the processing of personal data infringes this Regulation.

Mandatory provision of information

Only the information required for the above criteria will be collected and therefore the information is mandatory and necessary for the conclusion of the contract. In the case of personal data processed on the basis of consent, the provision of information is of course optional.

Safety incidents

The CEO of the company handles security breach notifications to the authority and the data subject as required by the GDPR.

Risk to the rights and freedoms of the data subject

The risk to the rights and freedoms of the data subject is estimated to be moderate. The case is managed by an appropriate and compliant data protection administration. The risk assessment has been made in the company's information disclosure statement.