GDPR & Data protection
Our processing of personal data
Mindelon AB (“Mindelon”), corporate identity number 556161-7779 (“we”, “us” and “our”), with address P.O. Box 8064, SE-163 08 Spånga, Sweden, and its subsidiaries, is the data controller for the processing of your personal data.
Personal data we process regarding you
Your personal data have in most cases been collected either directly from you when in contact with Mindelon, or from your employer in connection with the business relationship between us and your employer. We may also collect personal data regarding you from other sources. The personal data we process are typically name and job title, and contact details such as email address, phone number and company address.
Purpose and lawful basis for processing your personal data
Business contacts (i.e. customers, suppliers, business partners)
When you contact us for business purposes we will process your personal data for the purpose of providing the services and products as stipulated by the contract. This processing is carried out on the basis to fulfil our contractual obligations towards you.
Your personal data may also be processed in accordance with the contract for the purposes of handling orders, invoices, payment and administration of the contractual relationship, handling deliveries and for other informative purposes.
We also process your personal data on the basis of a balance of interests between your interests of integrity and our legitimate interest of being able to market our products and services. This processing may include sending newsletters, information about our courses, seminars and other events, and other direct marketing activities. We always offer you the possibility to unsubscribe to our direct marketing.
When we process personal data concerning you as a business contact for bookkeeping purposes, e.g. invoicing or payment of services or products, we carry out this processing on the basis of legal obligations according to the Swedish Accounting Act (or the equivalent legislation in other countries).
We only process your national identification number in situations where it is necessary for the purposes of the processing or for positive identification, e.g. if you are a sole trader.
Potential business contacts
We process your personal data when you contact us or when you have asked us to contact you. The purpose of our processing is to help you with questions regarding our company, or regarding our services and products. This processing is carried out on the basis of a legitimate interest. Our legitimate interest is to assist future business contacts and other interested parties by answering questions and provide information.
We may also process your personal data for the purpose of direct marketing that is relevant for you as a professional. This processing is carried out on the basis of a legitimate interest. Our legitimate interest is to inform potential customers about such services and products that might be of interest for them and thereby support our future businesses. This processing may include sending newsletters, information about our courses, seminars and other events, and other direct marketing activities. We always offer you the possibility to unsubscribe to our direct marketing.
When you are using any of our websites we may process personal data in the form of your IP address by using Cookies.
Our use of CCTV cameras
At some of the properties where we have operations, for example the Mindelon office in Spånga, we have installed CCTV cameras with the aim of preventing criminal attacks such as break-ins and vandalism. At the properties affected there are information signs which state that CCTV is in operation. The cameras are set up so that they are only activated by movement in the immediate vicinity of the premises. The recordings are kept for a few weeks after which they are automatically erased.
Who may get access to your personal data?
Your personal data may be shared with a small number of external parties who process your personal data on our behalf, i.e. personal data processors. Our data processors are for instance our IT and system providers. We have entered personal data processor agreements with all external parties processing personal data on our behalf in order to ensure that the data is processed in accordance with the applicable data protection legislation.
Due to legal obligations, we may also transfer your personal data to recipients other than personal data processors, for instance certain public authorities. These recipients are independent data controllers when processing personal data.
Transfers of personal data to third countries or international organisations
We and our personal data processors, as a general rule, only process your personal data within the EU/EEA. In cases where personal data are processed outside the EU/EEA, there is either a decision from the European Commission that the relevant third country ensures an adequate level of protection, or appropriate safeguards, e.g. standard data protection clauses, binding corporate rules, or Privacy Shield, to ensure that your rights and integrity are protected.
How do we protect your personal data?
We, and in relevant cases the personal data processors that are working on our behalf, have taken several security measures to protect the personal data that is being processed. We have firewalls and anti-virus software to protect and prevent unauthorised access to our networks and systems. Our employees have strict instructions to process all personal data in accordance with applicable laws and regulations. Only a limited number of employees have access to the systems where personal data are being stored and passwords and usernames are required to access these systems.
How long do we keep your personal data?
We do not process your personal data for a longer period than is allowed by applicable law, regulation, case law or authority decision.
Personal data that we process in order to fulfil our agreement with you are normally processed for the period that it is necessary for us to be able to fulfil all our obligations towards you. To comply with legal obligation or if we have the right to do so on the basis of a legitimate interest, we may keep your personal data for a longer period in accordance with what is stated below.
Any information concerning payments where processing is required in accordance with the Swedish Accounting Act is being processed as stipulated by law for seven years. (Different retention periods may apply in different countries, according to national legislation.) We may also process some information regarding your purchase in accordance with applicable legislation for purchase of goods and services and consumer protection.
Personal data that is processed on the basis of a legitimate interest with the purpose to perform direct marketing activities may be processed for a period of up to 24 months after our last business contact or until you notify us that you do not wish to receive our marketing communications anymore. Any personal data that is processed on the basis of a consent is being processed until you withdraw your consent.
In accordance with applicable data protection regulation, you have the right of access to the personal data we process about you, and the right to request rectification of your personal data. In certain circumstances, you are entitled to request the erasure or restriction of your personal data or object towards our processing of your personal data. Furthermore, you are entitled to receive the personal data concerning you in a structured, commonly used format.
You have the right to fully or partially withdraw any given consent regarding the processing of personal data at any time. You also have the right to object to the processing of your personal data for direct marketing purposes.
If you have any complaints regarding our processing of your personal data you have the right to lodge a complaint to the applicable national Data Protection Authority (in Sweden, The Swedish Authority for Privacy Protection, IMY, www.imy.se).
If you wish to exercise your rights in accordance with what is stated above or otherwise wish to contact us regarding our processing of your personal data you may contact us by e-mail gdpr(at)mindelon.com or mail to:
P.O. Box 8064,
SE-163 08 Spånga, Sweden