GDPR, Personal Data Policy, and Cookies

Responsible for Handling Personal Data

divM is the data controller for the processing of personal data described in this policy.

If you have any questions or wish to exercise any of your rights, you can contact us at Email: info@divm.se

How Do We Access Personal Data?

In addition to the data you provide directly to us or that we collect when you become a customer, contact us, or apply for employment, we may also collect personal data from a third party.
The data we collect from third parties include:

• Address information from public registers to ensure we have the correct address details for you.
• Creditworthiness information from credit rating agencies, banks, or information companies.

What Personal Data Do We Process?

The following categories of personal data may be processed:

• Contact information such as name, address, email address, phone number.
• Identification information such as personal ID number, company registration number.
• Financial data such as bank account numbers and other bank-related information.
• Employment-related data such as employment details, applications, CVs, cover letters.

How Do We Process Your Personal Data?

We process your personal data primarily to fulfill our obligations to you. Our approach is to avoid processing more personal data than necessary for the purpose, and we always strive to use the least privacy-sensitive data.

Below is information about the personal data processing activities.

Providing and Fulfilling Service/Product Agreements

We process personal data to fulfill our contract and provide services/products to you. We process personal data for administration and invoicing of services/products, for credit checks, to handle complaints and returns, to assist you with questions about your service/product when you contact our customer support, and otherwise to protect our rights and fulfill our obligations according to the agreement with you. Personal data we process in this activity include contact details, identity-related data, and financial data.

Accounting

We process your personal data to fulfill the legal obligations we have, such as the requirement to archive accounting materials according to accounting laws. Personal data we process in this activity include contact details, identity-related data, and financial data.

Marketing

We process personal data to enable marketing of products/services to you and to send newsletters regarding the products/services you are generally interested in, as well as information about the company. Furthermore, we may invite you to events related to your interests. Personal data we process in this activity include contact details.

For Employment

We process your personal data when you apply for open positions or express interest in employment with us. The company processes your personal data to assess your application and conduct the recruitment process. Personal data we process in this activity include contact details and identity-related data.

What Legal Basis Do We Have for Our Personal Data Processing?

We process your personal data to administer and provide the contracted service/product. When it comes to personal data processing to fulfill legal requirements, such as accounting laws or tax legislation, the legal basis is legal obligation.

For marketing and recruitment purposes, the legal basis is our legitimate interest. This means we believe our interest in processing your personal data for these purposes outweighs the privacy intrusion caused by the processing. This assessment has been made with particular consideration of the benefits the processing will bring to you.

For personal data related to job applications that are not part of a recruitment process or completed recruitment process, we will store your personal data for potential future recruitment needs only if you have specifically consented to this.

How Long Do We Store Your Personal Data?

We store your personal data as long as you are a customer with us and for up to 12 months afterward. Some personal data is stored for a longer period, for example, to comply with the requirements of accounting and tax laws. When the purposes of the processing have been fulfilled and the storage period has expired, your personal data will be securely deleted or anonymized so that it can no longer be linked to you.

Cookies

A cookie is a small text-based data file that a web server requests to save in your browser. Since the content of the cookie is generally sent back with every request to the website, it allows the server to track the visitor’s preferences, behavior, or identity (to the extent known). We use the following cookies on our website:

• Session cookies (temporary cookies that expire when you close your browser or device).
• Persistent cookies (cookies that remain on your computer until you delete them or they expire).
• Third-party cookies (cookies set by a third-party website. We primarily use these for analysis, such as Google Analytics and HotJar).

The cookies we use are aimed at improving the services we offer. Cookies allow the website to have better functionality and make it easier for you as a user. We also use cookies to collect and analyze behavior data based on your use of the website and services in order to improve the user experience and allow personalized communication and messaging for you as a user. We also use cookies to enable relevant marketing.

How Can You Manage Cookies?

You can change your browser settings for the use and scope of cookies at any time. You can choose to block all cookies, only accept certain cookies, or delete cookies when you close your browser. If you choose to block or delete cookies, some services may not be usable or the website may not work properly in all respects.

Who Do We Share Personal Data With?

Our approach is not to share personal data with third parties unless the data subject has consented or it is necessary to fulfill our obligations according to agreement or law. When we share personal data with third parties, we ensure that the personal data is processed in a secure manner.

• Service Providers
  To fulfill the purposes of our processing and the legal requirements we are subject to, we share personal data with companies that provide services to us. These companies can only process personal data according to the data processor agreement signed with the company and according to the instructions they receive. They may not use your personal data for their own purposes and are legally and contractually required to protect your personal data. A service provider may not share your personal data with third parties or subcontractors without our approval.
• Authorities
  We may share necessary information with authorities if we are required by law to do so. This information may include your personal data. In the event of a legal dispute, it may also be necessary to transfer information that may contain personal data to other parties in the dispute.

How Are Your Personal Data Protected?

We protect your personal data through a combination of technical and organizational solutions. We have taken specific security measures to protect your personal data from unlawful or unauthorized access. We develop procedures and working methods to ensure that your personal data is handled securely. Only those who actually need to process your personal data for their work tasks have access to it.

Your Rights

As a data subject, you have the following rights:

• You have the right to request an extract of the register where you can see the personal data we have about you.
• You have the right to request correction if we have incorrect or incomplete personal data about you.
  
  • The data is no longer needed for the purpose it was collected.
  • If the data is stored based on your consent and you withdraw your consent.
  • If the processing is based on a balancing of interests and there are no legitimate grounds that outweigh your interest.
  • If the personal data has been processed unlawfully.
  • If deletion is required to fulfill a legal obligation.
  • If you object to processing for direct marketing purposes.

The right to have personal data deleted does not apply if we are required by law (e.g., accounting laws) to retain the data.

• You have the right to data portability (the right to have your personal data moved), provided that the legal basis is consent or contract, and the data you can access relates to you, provided by you, or generated by your actions/activities.
• You have the right to request that the processing of your personal data be restricted. However, if you request a restriction of your personal data processing, it may mean that we cannot fulfill our obligations to you during the restriction period.
• You have the right to object to personal data processing based on balancing of interests. For us to continue the processing, we need to show a compelling legitimate reason for processing that outweighs your interests, rights, or freedoms. Otherwise, we can only process the data to establish, exercise, or defend legal claims.
• You always have the right to object to your personal data being used for direct marketing. If an objection to direct marketing is made, the personal data can no longer be processed for such purposes.

If you are not satisfied with the response you received from us, you have the right to file a complaint with the supervisory authority.

Best regards,

Your friends at divM.