ROUTINE FOR HANDLING PERSONAL DATA

ROUTINE FOR HANDLING PERSONAL DATA IN ACCORDANCE WITH GDPR - DEMEX AB

On 25 May 2018, the new EU regulation GDPR (General Data Protection Regulation) will enter into force. This replaces the Swedish Personal Data Act. Much is the same, but the requirements for how we as a company may process personal data are tightened.

demex

Content

1. What is considered a personal data?

  1. Any information relating to an identified or identifiable natural person. An identifiable natural person is someone who can be identified, directly or indirectly, especially by reference to an identifier such as:
    • Name
    • Identification number (personal ID number*)
    • Location data (address)
    • Online identifiers
    • Alternatively, one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
    *Regarding the customer’s personal ID number, this is generally not a necessary piece of information that Demex requires for its operations. However, it may be needed in certain cases, such as when contacting the Enforcement Authority (Kronofogden). Personal ID numbers may only be collected and used when Demex has a need for them. Demex will not store this information in a customer register but will delete it when the contact with the Enforcement Authority has concluded.

1.1 What personal data does Demex handle and when?

1.1.1 When a customer contacts Demex for an order, quote, warranty issue, etc. When Demex is contacted in connection with sales, the following information provided by the customer is handled:

  • Name and contact details such as email address
  • Order details (which item, quantity, and price)
  • Billing information

Demex processes the customer’s personal data to:

  • Identify the customer
  • Send goods to the correct address
  • Prevent fraud
  • Notify the customer about shipments
  • Keep statistics on purchases
  • Bill correctly

1.1.2 When a customer contacts Demex for questions about the product range, suppliers, etc. Demex handles the customer’s personal data to provide feedback to stakeholders and offer Demex products.

1.1.3 When a customer participates in any of Demex’s market surveys and/or subscribes to newsletters and marketing Demex handles the customer’s personal data to gather information on how Demex can best ensure that the product range is suitable for existing and potential customers, and thus send relevant offers and promote news and products that the customer has subscribed to or shown interest in. Demex also processes personal data about those who subscribe to our newsletter. The personal data is collected directly from you. The data may also be generated in connection with emails or visits to the website. The personal data is processed based on your consent (legal basis) provided along with the information. Please also see our separate cookie policy at https://www.demex.se/cookies/.

Marketing is sent via email, SMS, or other similar digital channels and by post. Demex may also send invitations to events. The use of our website (e.g., page visits and time spent on the site) is analyzed together with purchase history and personal data in order to offer relevant marketing.

2. How long does Demex retain personal data?

2.1 Customers/Businesses
Data is retained until the year the person last contacted Demex or until a request for deletion of the data is made.

2.2 Private Individuals
Demex processes information about private individuals when they purchase, for example, dog kennels. Demex retains the information in case the customer needs to supplement their dog kennel with additional products. When private individuals shop from Demex, a credit check is conducted with UC.

3. To whom does Demex disclose personal data?

  • Shipping companies during the delivery of goods
  • Suppliers during warranty issues
  • The billing service “Klarna,” which Demex uses
  • Dropbox, Google Drive, and email services have their own agreements ensuring that the servers where the data is stored are within the European Union’s borders. Otherwise, Demex cannot use these services for storing personal data.
  • Demex has its own server for our email dispatches.
  • Demex has agreements with accounting firms or a company that manages customer registers for sending out communications, which regulates how personal data should be handled.
  • Suppliers for CRM systems
  • Suppliers for printing and distribution
  • Suppliers for case management systems
  •  

4. HOW DOES DEMEX PROTECT PERSONAL DATA?

Dropbox, Google Drive, and email services have their own agreements ensuring that the servers where the data is stored are within the European Union’s borders. Otherwise, Demex cannot use these services for storing personal data.
Demex has its own server for our email dispatches.
Demex has agreements with accounting firms or a company that manages customer registers for sending out communications, which regulates how personal data should be handled.
If there is an incident where personal data is disclosed in an unintended manner, it must be reported to the Data Inspectorate.
Demex conducts an inventory of its registered personal data annually. Regardless of how you registered with Demex, you can always change your information or request to be removed from Demex’s records by emailing info@demex.se or calling 010-555 44 47.
Demex hopes that customers will contact us if they believe we are not following the rules of the data protection regulation. There is also an opportunity to complain about our handling of personal data. This can be done to the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY).

5. CUSTOMER'S RIGHTS

5.1 Access to personal data
Customers have the right to receive confirmation of whether Demex is processing their personal data and to obtain an extract of which data Demex processes.

5.2 Request for rectification
Customers can request that incorrect data be rectified.

5.3 Deletion of personal data
Customers can request the deletion of all or parts of their personal data from Demex’s system, and Demex commits to fulfilling the request. Demex cleanses its records of personal data that is no longer needed during inventory, e.g., data about individuals who are no longer customers.

5.4 Inquiry about the retention of personal data
For existing customer data that requires consent, Demex can either delete the data or obtain consent from the customer with the following message: “You are in our register because you are or have been a customer of ours, and we want to provide you with relevant information regarding orders or quotes. If you no longer wish to be in our register, please contact us for action.” For new customers, Demex will request consent to store their personal data with the following statement: “In order for us to handle orders for you, we will need your consent to store your personal data, which falls under GDPR. By giving your consent, you allow us to store your data. If at any time you do not wish to remain in our databases, you can contact us to delete the collected data.”

5.5 Sanction fees
If Demex has stored or disclosed personal data incorrectly, there is a risk that Demex may be subject to a sanction fee.

Offertförfrågan

Fyll i dina uppgifter här så kontaktar vi dig inom kort.

GDPR Policy

Namn(Required)
Samtycke
This field is for validation purposes and should be left unchanged.