Cool Company values your personal data and we welcome the new law (GDPR) that will be in force from the end of May 2018. The new law is intended to strengthen your integrity protection. In this policy, we describe how we process your personal data. If you have questions, you may be able to find an answer to them in this text, or you can send a question to firstname.lastname@example.org or call our customer service.
Collection of personal information
We must collect personal data to be able to enter into agreements with clients and this may require that we collect contact information for contact persons among our company clients. For consumers personal data can for example be processed to support invoicing or when they contact customer support.
We follow current applicable law and below we describe in brief how we process personal data for clients (companies, consultants with own companies, consumers and our contact persons at partner companies).
If you would like to know more about our processing of personal data according to temporary workers, please refer to our integrity policy for temporary worker.
In order for Cool Company to be able to process personal data, we must have a legal ground, that is, a legal basis. Processing of personal data is legal, if the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. Processing is also legal if the processing is necessary for compliance with a legal obligation to which Cool Company is subject. Processing may also be done according to a balancing of interests, where Cool Company’s interest in processing information is balanced against the interest of the registrant in protection of integrity and the result is that a legitimate interest exist, or after the registrant has submitted consent to the processing. Consent is submitted separately and can always be revoked.
Which categories of personal data are processed and how do we collect them
The categories of personal data that Cool Company may need to process and save to be able to enter into agreement are:
– personal identification number
– login information
– contact information such as e-mail address and mobile number
– case history (if you have been in contact with customer support)
Personal information may be used for an invoice basis or because we need to contact you or from a customer support perspective.
We collect information in different ways, either because you or your company have created an account and provide us with information or because our temporary worker collect the information. Your personal information may, however, also be collected because you contacted us, for example through our customer support.
Cool Company saves and processes personal data that constitute invoice information for as long as required by law and this is deleted before ten years. The categories that are saved are those that are needed for legitimate aims.
Company accounts are saved until it is deleted by the company. The company is responsible for the information that the company has registered into the account so it is updated. Personal information that has come in to customer support is deleted after one year, if not needed for longer according to identified legal reasons.
If you delete your account yourself, your information is deleted quickly, and always within a month from the time you deleted the account assuming that the information is not needed for legal reasons.
If you want your information to be removed, we will do this within a month from when you submitted the request assuming that we don’t have to save the information because of our legal obligations.
Transfer to a third party country
Recipients and suppliers can be established both within the EU/EEA and in a third party country. A third party country does not apply the legislation GDPR. If Cool Company transfers your personal data to a third party country, we check that there is either an adequate level of protection in the country or that there are special guarantees that the information and your rights are protected. Sufficient guarantees can be that the transfer is regulated by special contract clauses that protect your rights or by internal company rules that are passed through. The contract clauses that are mentioned have a content that aims to ensure that the contractor shall live up to the standard that the GDPR requires and ensure that your integrity is protected.
You can find the countries that the EU-commission has decided have an adequate level of protectionhere: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfersoutside-eu/adequacy-protection-personal-data-noneu-countries_en
The standard contract clauses that the EU-commission approved and that we use may be found on:
Increased protection for your personal data
Cool Company undertakes so called appropriate technical and organizational steps to increase the protection for your personal data. Examples can be:
– internal personal information record,
– assessment of consequences,
– information minimisation,
– restricting access to personal information within the company.
We value the access to your personal data and do not let unauthorized persons gain access to this. (Cool Company has confidential agreements with consultants who work for the company).
Limitation of the rights of the registrants
You can demand your rights with respect to us to the extent that they do not constrain Cool Company’s ability to fulfil their legal obligations, or to only be performed should the information not be needed for other legal objectives. (This means that if you have requested actions such as, for example, erasure, Cool Company must still save the personal data that is considered necessary as long as applicable law or a legal reason requires. If not all registered information is considered necessary, Cool Company can still perform the desired action for the personal data that is not needed).
Contact with a data protection officer
If you need to contact our data protection representative, you can always call customer support or send an email to email@example.com. Write GDPR – DPO in the subject line and describe your issue.
Archiving of consent
Since Cool Company has the burden of proof that any consent has been collected and stored.
Legal basis for collection and processing
Fulfilment of agreement:
We process personal data to be able to enter into and fulfil contracts with our clients. The objective is to administer employment conditions and fulfil agreements with customers regarding the service that is provided under the contract. We may need to maintain contact with a client and collect contact information. An invoice for the assignment that the client ordered can contain personal data relating to the client directly, or to a contact person at the client.
Cool Company processes personal data because of the liabilities that arise through law or other statutes, regulations of authorities, decisions, requests or guidelines. Personal data and the documents that are required in the Accounting Act is stored for as long as required. Documentation for bookkeeping and accounting may consist of agreements, written correspondence and invoices. Processing of personal data is required since we for example must submit personal data to the UK Tax Agency and other authorities and national organizations.
Fulfilment of agreement/legitimate interests:
Cool Company processes your personal data by handling case history to be able to offer you customer service and to continually train our employees and improve our work methods to be able to offer the best possible support. When you contact us, the communication can be a reason for analysis. We expect that to be able to fulfil our part of the agreement, we should be able to offer good customer support. For new clients or even maybe a future client we think this processing shall be done to be able to enter into an agreement with the client and because it is a legitimate interest for us and the client.
If and when we need to get credit information to be able to provide our service Express-pay, it is both to fulfil the agreement and in our legitimate interest that we process personal data for this purpose.
Cool Company processes personal data by analyzing and processing statistics. For this processing, we can use both encrypted and pseudonymised data. The aim with this processing is so that we are able to improve our business and offer our employees and clients good service, functionality and services.
Cool Company may process personal data with an aim of monitoring the security for all of our services so that we can discover or prevent unauthorised use of services and/or to discover and prevent fraud and virus attacks. Cool Company believes that there is a legitimate interest in maintaining security in our services, but that this is also a requirement for us to be able to fulfil our part of the agreement.
Cool Company can turn to you with direct marketing which is a legitimate interest since we will inform you about existing or new services. We market both our existing and new services which can be for the purpose to enable more work opportunities for you or to facilitate your daily activities when you are employed by us. Cool Company actively works to be able to offer clients and our temporary workers the best possible ease of use, and to develop new products that can facilitate the day to day for our clients and temporary workers. Cool Company can use your personal data that we have stored and certain user data for this purpose. The legitimate interest for this processing is to optimize our services and processes to provide the best services for our clients and our temporary workers over the long term. You always have the possibility to request that we do not send marketing information to you.
To enable for you to obtain information interesting just for you, we would like to use your personal data for profiling. For this we need your consent. Profiling means that we process personal data by collecting, saving, processing and analyzing data to bring out offers that match you and your needs. From your profile you get information about services and products that may be of interest for you, or that facilitate your work role and your relation to us in some way. You must be at least 18 years of old to provide consent. You do not need to provide consent to use the service and/or become a temporary worker. You can also revoke consent after the fact under your account settings.
Recipients and contractors
Cool company may share personal data with recipients. It can be different suppliers of IT systems and case management systems.
Cool Company also provides your personal data to other recipients such as authorities, if we are obligated to provide your personal data according to law or a decision by an authority.
Cool Company has when required by law an agreement with the recipient of personal data.
Cool Company has a page on Facebook and an Instagram account where we communicate with the visitors who choose to comment. It is optional to comment, follow and communicate with us at these social medias. We use these forums to spread information about us, inform about news and it is also a part of our customer support.
The Personal Data collected on our Facebook page and our Instagram account is the visitor’s username if the visitor publish a comment (username constitute Personal Data if it consists of their name) and if the comment itself contains Personal Data this is of course also collected. However, we must strictly advise our visitors to not include any Personal Data in comments on these forums. We refer questions of a personal character to our regular customer support.
Your rights and how you utilize them
According to the law you have certain rights you can make use of. In most cases you can use your rights without any cost. We will answer a request from you without unnecessary delay, most often this occurs within a month.
Your rights mean that you can,
– get a verification of whether we process your personal data (and if so your personal data is processed in accordance with what is mentioned here),
– get a copy of the personal data that we process,
– object to processing or request so called data portability,
– limit processing of your personal data,
– have your personal data corrected,
– have your personal data deleted, or
– request a revocation of consent (this does not affect the legality of processing on the basis of consent before this was recalled).
To revoke consent regarding profiling you can unclick the box you checked when you submitted consent. You can find the box at the following link: https://app.coolcompany.com/dashboard/settings(requires that you log in). If you want to utilise any of your other rights, you can send in an email to firstname.lastname@example.org
You always have the right to complain to the regulating authority if you are of the opinion that our processing of your personal data is incorrect.
Correction of personal data
If you change your name, address or contact information, or noticeable incorrect information, it is your responsibility to change your information in the account so that this is updated and correct. Cool Company always wants to have correct information about you and will do what we can so that your information is updated. If your personal data is subject to correction or deletion, Cool Company will notify the recipients of your personal data, provided that Cool Company finds it possible and not unreasonably burdensome.