Privacy Policy
Your privacy is very important for us at PBM Sweden AB (“PBM”). In our capacity as a data controller we, therefore, ensure that applicable law regarding data privacy is complied with when we process your personal data. By way of this privacy notice (“Privacy Notice”), we want to inform you about how we ensure that your personal data is processed in accordance with applicable law.
Material scope
This Privacy Notice applies to PBM’ processing of personal data in relation to you as a user of PBM’s service Flow (“service”) and to you who visit the webpage www.kbtflow.se.
Our use and sharing of your personal data
Personal data is any information that directly or indirectly can be referred to you as a natural person. Information regarding you which we may process is for example your social security number, e-mail address, personal entry code that is attributable to your employer's organization and information regarding which of our courses you have started and which parts you have completed.
The processing of personal data includes different types of actions. Each action conducted with respect to the personal data constitutes processing, regardless of whether it is automatic or not. Examples of common ways of processing are; to collect, register, organize, structure, store, adapt, transfer and delete personal data.
At PBM, we use your personal data to be able to provide our services in the best and most appropriate way.
We use your personal data for purposes such as:
-
administration and carrying out our obligations to you in order to provide you with our services;
-
performing aggregate analyses based on data;
-
improving and developing new products and services, and maintaining and managing our webpage and other related services;
-
administration and fulfilment of obligations as well as to safeguard our legal rights; and
-
to enable mergers, divestitures, restricting, reorganization, dissolution and other sale or transfers of PBM assets.
We do not use your personal data for any other incompatible purpose, and we only keep your personal data for as long as necessary.
For more detailed information about how we process personal data for each purpose, please read the tables below.
For more information about how and why we process personal data, please read the tables below.
How do we collect your personal data?
The personal data we process about you is mainly the information you have provided us with by registering a user account and by using our service. PBM also use cookies from which we collect data to be able to improve and provide our services and to analyze the usage statistics. In our cookie notice, we provide you with further information on how we use cookies. You will find the cookie notice here.
For how long we keep your personal data?
We only keep your personal data for as long as it is necessary to achieve the purposes for which they were collected in accordance with this Privacy Notice. When we no longer need your personal data, we remove the data from our systems, databases and backups. In the tables below, you will find more information about for how long we keep your personal data for different purposes.
We may be required to keep your personal data for other reasons, such as to comply with legal obligations or to safeguard our legal interest, or for any other important public interest.
With whom do we share your personal data with?
PBM may share your personal data with third parties such as our IT service provider Gleesys and other companies that we cooperate with to conduct our business. Regarding information provided by cookies, we will share your personal data with among others Google Inc. We may also in certain cases be required to share your personal data with public authorities or other third parties in connection with audits, court proceedings or similar reasons.
Your personal data from our tests and surveys will never be shared except being stored on the Swedish
We will not sell your personal data to any third party.
Where do we process your personal data?
PBM processes your personal data primarily within the EU/EEA. In some cases, we may transfer your personal data to a country outside of the EU/EEA. If personal data is transferred to any such country, we will ensure that your personal data is protected and that the transfer is carried out in accordance with applicable law.
When carrying out any transfer to a country that lacks an adequacy decision by the European Commission, we will use the standard contractual clauses (SCC) issued by the European Commission as legal basis for the transfer. In order to enable you to effectively exercise your rights pursuant to the SCC’s, amongst other, you have the right to obtain a copy of the SCCs’ and to be notified about the identity of the receivers.
We protect your personal data
You shall always feel safe when providing us with your personal data. Therefore, PBM has implemented appropriate security measures to protect your personal data against unauthorized access, alteration, and erasure. In the case of a security breach that may significantly affect you or your personal data, e.g., when there is a risk of fraud or identity theft, we will contact you and inform you of what you can do to reduce this risk.
Your rights
Our responsibility for your rights
PBM is in the capacity as data controller responsible for ensuring that you can exercise your rights and that your personal data is processed in accordance with applicable law. You may at any time contact us to exercise your rights. You will find our contact details in the end of this Privacy Notice.
PBM is responsible for responding to your request to exercise your rights within one month from our receipt of your request. We are entitled to extend this period by two months when necessary, considering the complexity of your request or if we have received a large number of requests. We will inform you of any such extension within one month of receipt of your request, together with the reasons for the delay and information about your right to lodge a complaint with a supervisory authority.
All information and communication, and all actions we carry out, is at no cost for you. If the action you request is manifestly unfounded or excessive, we are entitled to charge you an administrative fee to provide you with the requested information or carry out the requested action or refuse to meet your request.
Your right to access, rectification, erasure, and restriction of processing
You have the right to request:
-
Access to your personal data. This means that you have the right to request information on our use of your personal data. You also have the right to request a copy of the personal data being processed by us, at no cost. However, we may charge you a reasonable administrative fee to provide you with additional copies of such information. If you make your access request by electronic means such as email, we will provide you with the information in a commonly used electronic format.
-
Rectification of your personal data. We will at your request, or at our own initiative, rectify, anonymize, erase or complement personal data that you or we discover is inaccurate, incomplete or misleading. You also have the right to complete the personal data with additional data if relevant information is missing.
-
Erasure of your personal data. You have the right to request that we erase your personal data if we do no longer have an acceptable reason for processing the data, such as if the personal data is no longer necessary for the purposes for which it was collected, or you object to the processing of your personal data based on our legitimate interest and there is no overriding legitimate ground for the processing. Further, if we use your personal data based on your consent, and you withdraw your consent, we will erase your personal data.
However, there might be requirements under applicable law, or other compelling reasons, that prevents us from immediately erase your personal data. In such case, we will stop using your personal data for any other reasons than to comply with the applicable law, or the relevant compelling reason.
-
Right to restrict processing. This means that we temporarily restrict the processing of your personal data. You have the right to request restriction of the processing e.g., when the processing is unlawful and you do not want the personal data to be erased or when PBM, in its capacity as data controller, does no longer need the personal data for the purposes for which it was collected, but you require us to retain the information for the establishment, exercise or defense of a legal claim.
Your right to object to the processing
You have the right to object to the processing of your personal data when such processing is made with a legitimate interest as the legal basis. If you object to such processing, we will only continue with the processing if we have a compelling legitimate reason for the processing that outweighs your interests, rights or freedoms, or if continued processing is necessary for the establishment, exercise or defense of a legal claim.
Your right to withdraw your consent.
When we need your consent in order to process your personal data, you always have the right to withdraw such consent at any time by contacting us. You will find our contact details at the end of this Privacy Notice.
Your right to lodge a complaint with the supervisory authority
You have the right to lodge a complaint regarding our processing of your personal data with the supervisory authority.
Amendments to this Privacy Notice
PBM has the right to amend this Privacy Notice at any time. The latest version will always be available on our website kbtflow.se.
If the changes are not purely linguistic or have no impact on your interests, rights or freedoms, PBM will inform you of any changes to the Privacy Notice with reasonable prior notice. If you do not consent to these changes, you have the right to object to the processing before the changed Privacy Notice enters into effect.
Detailed list of PBM’s processing of personal data within the scope of this policy
____
Purpose: Administration and carrying out our obligations to you in order to provide you with our services.
Personal data: User information such as your social security number and email address, work-related information such as the name of you place of work and sensitive information such as data concerning health.
What we do: We process your personal data to provide you with our services, to contact you and offer you notifications and facilitate login and use of our services. Further, PBM process data concerning your health for our service to work. This type of sensitive data might include what courses you have started, and which steps you have completed. Considering the sensitive nature of the data, we have implemented a high level of technical and organisational security measures in order to keep your personal data safe.
Legal basis: Performance of a contract. When we process data concerning health, we base the processing on your consent.
Retention period: Your personal data is kept during the time you actively use the service. If you haven’t used the service for a period of 6 months, your information will be deleted.
Your rights: When our processing of your personal data is based on your consent you have, among other things, the right to withdraw your consent at any time.
____
Purpose: Improving, developing, maintaining, and managing our webpage and services.
Personal data: Usage information such as cookie information, browsing pattern and behaviour on our website and device information such as your IP address, operating system, and device settings.
What we do: We analyse and process your personal data to improv, develop, maintain and manage our website and services.
For this purpose, we also use third party tracking services that employ cookies and page tags (also known as web beacons or web bugs) to collect aggregated data about visitors to our websites. For more information about our use of cookies and similar techniques, please read our cookie policy.
Legal basis: Consent.
Retention period: Your personal data is kept during a period of 24 months.
Your rights: When our processing of your personal data is based on your consent you have, among other things, the right to withdraw your consent at any time.
____
Purpose: Administration and fulfilment of obligations as well as to safeguard our legal rights.
Personal data: All the above.
What we do: We process your personal data to comply with our legal obligations under applicable law, e.g., legislation regarding accounting, audit and tax. In case of a dispute, we are entitled to process your personal data to establish, exercise or defend the legal claim.
Legal basis: Compliance with a legal obligation. In case of a dispute, we are entitled to process your personal data with legitimate interest as legal basis since we assess that our interest in safeguarding our interests in a dispute overrides your interest of protection of your privacy.
Retention period: Your personal data is kept for as long as necessary to comply with applicable legal obligation or to establish, exercise or defend a legal claim in case of a dispute.
Your rights: You have, among other things, the right to object to processing of your personal data based upon a legitimate interest as legal basis.
____
Purpose: To enable mergers, divestitures, restricting, reorganization, dissolution and other sale or transfers of PBM assets.
Personal data: All the above.
What we do: In case of a merger, divestiture, restricting, reorganization, dissolution, or other sale of transfer of PBM’s assets we may need to process your personal data in order to enable such transfer.
Legal basis: Legitimate interest. Processing is necessary for the purposes of our legitimate interests of enabling mergers, divestitures, restructuring, reorganization, dissolution and other sale or transfers of PBM’s assets, which we assess overrides your interest in protection of your personal data.
Retention period: The personal data will be processed as long as necessary to fulfil the purpose with the processing. Personal data that is transferred to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of PBM’s assets will not be stored by PBM after such transfer unless required to fulfil any of the other purposes set out above.
Your rights: You have, among other things, the right to object to processing of your personal data based upon a legitimate interest as legal basis.
Contact details
If you have any questions regarding this Privacy Notice, our processing of your personal data, or if you want to exercise your rights, you can contact us in any of the following ways:
PBM Sweden AB, org. nr. 556365-3681
Adress: Linnégatan 14, 114 47 Stockholm
E-post: niclas.nordstrom@qnister.com (DPO PBM)
Webbplats: https://pbm.se/