Cool Company values your personal data and we welcome the new law (GDPR) that will be in force from the end of May 2018. The new law is intended to strengthen your integrity protection. In this policy, we describe how we process personal data. If you have any questions, you may be able to find an answer below, or you can send a question to firstname.lastname@example.org or call our customer service.
Collection of personal data
We need to collect personal data in order to enter into agreements with Client/Self Employed. In some cases we may need to collect contact information to a point of contact at a Client/Self Employed. When doing business with Clients as consumers their personal data are processed in the invoice sent to them and if they contact our customer support.
Legal basis for collection and processing of personal data
Enter into or fulfilment of agreement:
Personal data is processed in order for us to be able to enter into and/or conclude the service agreement we sign with Client/Self Employed. As we are an employer and some of our Client order assignments from our independent contractors we are required to process personal data in these cases to protect vital interests. The purpose with this processing is, among other things, to administer employment relationships and to complete agreements with the Client regarding the service agreement. Furthermore we may need to maintain contact with the Client/Self Employed and collect name and contact details to a point of contact at the Client/Self Employed. An invoice for an assignment ordered by the Client may contain personal data related to the Client directly or to the point of contact at the Client.
Cool Company processes personal data due to obligations arising out of law or other constitution, regulations of authorities, decisions, mandatory requests or guidelines. For example, we store personal data in documents related to accounting due to provisions in the Swedish Accounting Act 1999: 1078. According to the Swedish Accounting Act, Cool Company need to keep bookkeeping/accounting material for the seventh year after the end of the calendar year at which the fiscal year ended. Bookkeeping/accounting materials may consist of agreements, correspondence and invoices.
Processing of personal data is also required since we must submit personal data to the Swedish tax authority and SCB and other authorities and governmental organizations.
Fulfilment of agreement / legitimate interest:
Cool Company process personal data when our customer support is being contacted by handling case history. This processing is performed to provide our Client/Self Employed with a better knowledge about their case, train and educate our customer support employees, improve our work methods and we do this because we believe all these aspects are important for us to be able to provide our Client/Self Employed with the best support possible. When contacting our customer support that communication can be investigated. We believe that in order to fulfill our part of the agreement we must be able to provide a qualitative customer support, which is one of the services we are paid to perform under our Client/Self Employed agreements. When it comes to prospective Client/Self Employed, we think this processing shall be done to be able to enter into an agreement with the Client/Self Employed and because it is a legitimate interest for us and the Client/Self Employed.
If and when we need to get credit information to be able to provide our service Express-pay, it is both to fulfil the agreement and in our legitimate interest that we process personal data for this purpose.
Cool Company processes personal data by analyzing and processing statistics. For statistical purposes we can use both encrypted and pseudonymized data. The aim with this processing is so that we are able to improve our business and offer our employees and Client/Self Employed good support, functionality and services.
Cool Company may process personal data with an aim of monitoring the security for all of our services so that we can discover or prevent unauthorized use of services and/or to discover and prevent fraud and virus attacks. Cool Company believes that there is a legitimate interest in maintaining security in our services, but that this is also a requirement for us to be able to fulfil our part of the agreement.
Cool Company can turn to you with direct marketing which is a legitimate interest since we will inform you about existing or new services. We may for example market both existing and new services in order to facilitate matching between independent contractor and Client or for the Self Employed. Cool Company is actively working to provide Client/Self Employed and independent contractor with the best possible user-friendliness and to develop new products that can facilitate everyday life for our Client/Self Employed and independent contractor. For this purpose, Cool Company may use personal data and certain user data already stored by us. The legitimate interest for this processing is to optimize our services and our intern processes to provide the best services for our Client/Self Employed. However if you don´t want to receive marketing from us you can always chose to opt-out from this in the marketing e-mail.
To enable for you to obtain information interesting just for you, we would like to use your personal data for profiling. If you would like us to inform you with profiled information you need to give us your consent.
Profiling means that we process personal data by collecting, saving, processing and analyzing data to provide offers that match you and your needs. Based on your profile, you will receive information about services and products that may be of interest to you, or which in different ways can make it easier for you in your professional role and relationship with us.
You must be 18 years old to be able to give us a consent. You do not need to provide us with a consent to be able to use our services and/or become an independent contractor. You can also revoke consent under your privacy settings.
What categories of personal data are processed and how do we collect them?
The categories of personal data Cool Company need to process and store for signing up for an account are the following:
– personal security number,
– login details,
– contact information such as e-mail address and mobile number, and
– case history (only after contact with customer support)
Personal data can be used in invoices or if we need to get in touch with you or if you contact customer support.
We collect information in different ways, either because you or your company have created an account and provide us with information or because our independent contractor collect the information during the assignment in order to fulfil the agreement. Your personal information may, however, also be collected because you contacted us, for example through our customer support.
Bookkeeping material such as invoices are stored for more than seven years in accordance with law, these are however deleted within ten years. The categories that are saved are those that are needed for legitimate aims.
Company accounts are saved until deleted by the company. The company is responsible for keeping the information that the company has entered into the account up to date.
Personal data received for customer support will be deleted after one year as a main rule and no longer than three years if not needed for identified legal purposes longer than three years.
Recipients and suppliers
Cool Company share personal data with different recipients. For example, we may use different suppliers of IT systems.
Cool Company also share personal data to with other recipients, such as authorities, if we are required by law to disclose personal data to them.
Cool Company has when required by law an agreement with the recipient of personal data.
Transfer to a third party country
Recipients and suppliers can be established both within the EU/EEA and in third party countries. A third party country does not apply the legislation GDPR. If Cool Company transfers your personal data to a third party country, we check that there is either an adequate level of protection in the country or that there are special guarantees that the information and your rights are protected. Sufficient guarantees can be that the transfer is regulated by special contract clauses that protect your rights or by internal company rules that are passed through. The contract clauses that are mentioned have a content that aims to ensure that the contractor shall live up to the standard that the GDPR requires and ensure that your integrity is protected.
You can find the countries that the EU-commission has decided have an adequate level of protection here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfersoutside-eu/adequacy-protection-personal-data-noneu-countries_en
The standard contract clauses that the EU-commission approved and that we use may be found on:
Increased protection for personal data
Cool Company undertakes so called appropriate technical and organizational steps to increase the protection for personal data, such measures could be:
– internal personal data record (Records of processing)
– data protection impact assessments,
– personal data information minimization,
– restricting access to personal data within the company.
Cool Company value the access to personal data and we do not allow unauthorized persons to gain access to this information. (Cool Company has confidential undertakings signed by consultants working for the company).
The registered rights and how to require these
A registered can always use the rights stipulated by law. Most often, the registered are allowed to require an action in accordance with the rights listed below free of charge. Cool Company will answer a request without unnecessary delay, usually within a month.
– get a verification of whether we process their personal data or not (and if so the personal data is processed in accordance with what is mentioned herein),
– get a copy of the personal data that we process,
– object to processing or request data portability,
– limit processing of personal data,
– correct the personal data,
– delete personal data, or
– request a revocation of consent (this does not affect the legality of processing on the basis of consent before this was recalled).
Revoke a consent is made under account settings. When it comes to the other rights these are required by sending an e-mail to email@example.com. You are always entitled to file complaints to the supervisory authority, datainspektionen, in Sweden if you think our processing of your personal data is incorrect.
It is your responsibility to keep your data under your account settings updated so we are able to use correct information. Cool Company will, if your personal data is subject to correction or deletion, notify the recipients under us about this, provided that Cool Company finds it possible and not unreasonably burdensome. We will also do what we can to process only updated personal data about you.
Personal data controller
Cool Company Skandinavien AB Org. no. 556432-8390, Riddargatan 7A 114 35 Stockholm, Phone number: 010-330 30 11 E-mail: firstname.lastname@example.org
Contact with data protection officer at Cool Company
If you need to get in touch with our data protection officer, you can always call customer support or send an email to email@example.com.
Archiving of consent
Any consent will be filed due to the burden of proof.