Introduction
For Omstella (hereinafter referred to as "we", "our", "us"), privacy is important, and we apply and comply with Regulation (EU) 2016/679 of the European Parliament and of the Council ("GDPR") as well as the fundamental data protection principles.
In this policy, we explain how we process your Personal Data when you contact us, visit our website. We also describe your rights and how you can exercise them.
When we process your Personal Data, we will do so on the following lawful grounds: contract, legitimate interest, compliance with a legal obligation and, exceptionally, with consent.
As a Data Subject, you are welcome to contact us or our Data Protection Officer if you have any questions about how we process your Personal Data. The contact details can be found at the bottom of this Privacy Policy.
The contents of this Privacy Policy may be updated from time to time, without notice. One reason why this Privacy Policy may be updated is that it may be necessary to clarify the texts due to changes in, or new legislation or if our Processing of Personal Data changes. The latest version is always published on our website: omstella.se which is available to the public. The Data Subject is responsible for reading the content of this Privacy Policy and keeping up to date with any changes. Below you can read more about how we process your Personal Data.
1. Concepts and definitions
1.1. Processing means any operation or set of operations on Personal Data or sets of Personal Data, whether by automated means or not, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. In some cases, manual records may also be covered.
1.2. By Personal Data, we mean information that can be directly or indirectly attributed to you as an individual. Personal Data is information relating to an identified or identifiable natural person, whereby an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data or online identifiers or to one or more factors specific to the natural person's natural person; physiological, genetic, mental, economic, cultural or social identity. It is not just about names and social security numbers, it can also be about pictures and email addresses.
1.3. The Data Controller means a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data; where the purposes and means of the Processing are determined by Union law or the national law of the Member States, the Data Controller or the specific criteria for its designation may be provided for in Union or Member State law.
1.4. Processor means a natural or legal person, public authority, institution or other body that processes Personal Data on behalf of the Controller.
1.5. Data Subject means the natural person who can be directly or indirectly identified through a particular Personal Data.
1.6. "GDPR" means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the Processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
1.7. Any other GDPR-related terms not defined herein shall have the same significance in this Privacy Policy as set out in Article 4 of the GDPR.
2. When Omstella is a Data Controller
2.1. For the processing where Omstella determines the purpose and means of the processing, we are the Data Controller, and we are responsible for ensuring that the processing of the Personal Data takes place in accordance with the GDPR.
2.2. Omstella enters into a personal data processing agreement when we engage sub-consultants, external course organisers, suppliers of IT systems or similar and they process personal data on our behalf. Through the agreements, we ensure that our data processors and other organisations that process personal data on our behalf only use the data to fulfil the assignments we have given them.
3. When Omstella is a Data Processor
3.1. For those Processing, where Omstella does not determine the purpose and means of the Processing, the Processing takes place on behalf of a Data Controller, and in such cases, we act as a Data Processor for such processing and shall follow the Data Controller's instructions regarding the processing.
3.2. Omstella uses data processors for:
- to convey messages from our internal systems to customers and other recipients via e-mail and SMS, - to store, process and transfer our data via cloud services, - work on limited projects with hired staff and consultants.
3.3. In summary, your personal data may be processed by, or shared with, the following recipients where this is necessary in the ways described above: - providers of technical tools, services and support functions as;
- consulting companies, and banks.
4. Independent Controllers
4.1. We may also share your Personal Data with certain other parties that are independent Data Controllers, for example, we may disclose Personal Data to authorities such as the Swedish Tax Agency, when we are obliged to disclose such data by virtue of law or a decision by public authority or a legal obligation.
4.2. When your Personal Data is shared with an entity that is an independent Data Controller, that organisation's Privacy Policy applies to the Processing that the organisation performs in its capacity as a Data Controller.
5. What personal data does Omstella process?
5.1. The Personal Data about you that Omstella processes depends on the support we offer you or the obligations that we have to fulfil, as described above. At different stages and parts of our business, we may process the following types of Personal Data about you who have been terminated:
- name, personal identity number, contact information: telephone number, postal address and e-mail address, - as well as information about professional role, monthly salary.
6. How Personal Data is retrieved
6.1. Your application to Omstella is submitted to us by yourself or together with your Omstella affiliated employer. This is in order for us to confirm whether you are entitled to transition support from Omstella, once your application has been received. Later, the application may need to be supplemented, and you may need to provide additional information.
6.2. In summary, we process Data provided to us in the following ways:
in an application to Omstella from you or your employer and you,
in subsequent supplements to the application from your employer or you,
and from you while your case is being processed.
6.3 You can easily log in or create an account on our website (https://www.omstella.se/sv/logga-in/), as:
a) a private person can log in to apply for transition or skills support by logging in. If this is the first time you log in, you will be asked to create your account. You can either log in with Bank ID or Freja.
b) company representative, you can register an application for transition support for a dismissed employee. If this is the first time you log in, you will be asked to create your account. You can either log in with Bank ID or Freja.
7. Recipients of Personal Data
7.1. In order for other organisations to be able to provide supplementary information or carry out their assignments for Omstella, they sometimes need to process (access) your Personal Data. For all collaborations, organisations and situations, permission to process Personal Data is required. This is required in order for the processing of the data to be limited to the staff who need to process the Personal Data to carry out their work.
7.2. Sometimes Omstella needs to get help from other operators in order to be able to fulfill our commitments. For example, it can be about suppliers and partners who help us create and maintain our IT infrastructure.
8. Where does Omstella process the Data Subject's Personal Data?
8.1. As a general rule, your Personal Data is processed within the EU or EEA.
Omstella only uses Data Processors who have reliable IT and information security work.
8.2. In cases where our Data Processors process Personal Data outside the EU/EEA, they have undertaken, through the EU Commission's standard contractual clauses or other security measures, to maintain an IT and information security that corresponds to the standard in the EU/EEA. As a Data Subject, you can take advantage of the European Commission's standard contractual clauses.
9. Retention of personal data
9.1. When you are in transition (have been made redundant) and receive support from Omstella, your Personal Data will be processed while you are receiving transition support and are entitled to post-protection. When your right to post-protection no longer applies, your Personal Data will only be retained if it is required by law. For example, it may be information that is noted in invoices or other accounting documents, which according to the Book-keeping Act must be retained for seven years.
9.2. When you receive skills support (are in employment), your data is processed while you are receiving skills support. When you no longer take part in the skills support, your personal data will only be stored if it is required by law.
9.3. Authorities and boards provide information to authorities and boards when we are required to provide the information in order to comply with a legal obligation or to protect our interests in legal proceedings.
9.4. IT suppliers - we may use certain specialist suppliers for the maintenance and development of our systems.
10. Technical and organisational security measures
10.1. We take and implement various technical and organisational security measures with a focus on the privacy of the Data Subjects. The measures are intended to protect against intrusion, misuse, loss, destruction and other alterations that may pose a risk to privacy (in accordance with the principle of integrity and confidentiality).
11. What are your rights as a Data Subject?
11.1. One of the purposes of the GDPR is to protect the fundamental rights and freedoms of individuals, in particular their right to the protection of Personal Data. The GDPR gives you, as a private individual, clear rights in relation to those who process your Personal Data. The purpose is for your Personal Data to be processed transparently and to give you control over your Personal Data. Your rights include:
- that Omstella deletes Personal Data that you believe should not be processed ("the right to be forgotten")
- that Omstella rectifies data that you believe is incorrect (the "right to rectification")
- that Omstella limits its Processing of your Personal Data to storage, for example if you do not want it to be deleted yet ("the right to restriction of processing")
- that you receive information about the Processing and a copy of the Personal Data that is being processed - in electronic format, or paper copy - ("right of access" and "right to data portability").
- and that you have the right to object to Omstella's processing of your Personal Data (the "right to object").
11.2. As regards the right to restriction and erasure, these rights require assessments on a case-by-case basis and may sometimes be limited. The final decision on how to apply the exercise of erasure and restriction in the individual case is made by Omstella's management in consultation with Omstella's Data Protection Officer.
11.3. As a Data Subject, you always have the right to lodge a complaint with the supervisory authority, the Swedish Authority for Privacy Protection, IMY (imy@imy.se ) if you believe that Omstella is processing your personal data incorrectly according to the GDPR.
12. Who can you contact?
12.1. As a Data Subject, you have the right to contact Omstella's Data Protection Officer to exercise your rights, or to ask questions about the information you have received.
Data Protection Officer: dag@wetterberg-advokat.se
Collective Agreement Foundation Omstella
E -mail: kontakt@omstella.se
Box 16355103 26, STOCKHOLM
Phone: 010-182 11 20