Updated 22 November 2018
At Modular Management Group AB (‘MM’, ‘we’, ‘us’), data integrity is important for our customers, visitors to our websites and for ourselves. Our goal with this policy is to describe, in a clear and transparent manner, how we collect, use, show, share and store your personal information, so that you can feel confident that your data is in safe keeping.
All personal data handling at MM is managed in accordance with the Swedish Personal Data Act (PUL) and the EU General Data Protection Regulation (GDPR).
Personal Data Responsibility
You can always contact us regarding your data on email@example.com or via letter to Modular Management Group AB, Kungsgatan 37, 111 56 Stockholm, Sweden.
Collection of Data
What is Personal Data?
Personal data is all information that can be directly or indirectly traced to a living person. Examples of personal data include name, ID number, address, email address and telephone number.
How do we Collect Personal Data and Which Data do we Collect?
MM collects personal data in several ways, primarily from you directly.
Information collected through personal contact
We collect data when you contact us, for example via the web, email, telephone or other means. We collect data, for example email address and telephone number, so we can suitably answer your questions and deal with your request or case. We do not collect or handle data without a qualified reason or purpose.
Data collected when you subscribe to our blog
If you choose to subscribe to the MM blog, we collect your name and your email address in order to send out the blog.
Data collected during use of our digital services
When you use our websites, apps and other digital services we collect data about your use of the service. This data may include personal information, such as your IP-number. We also collect information on how you navigate when using the service, which searches you make, and which pages you are interested in, all in order to give you the best possible information and service during your dialogue with us.
Handling and Storage of Data
Marketing and Personalization
If you have registered for our newsletter, we use your data to send the newsletter to you and to customize the content. This involves your email address as well as your user behavior and preferences. With this data we can share the information and know-how that we believe and hope you have the most interest in, and benefit of.
On our websites we plan to use information about our users for so-called personalization. This means that we use the data we have collected about you and your web usage in order to influence how the website looks for you. We also use personalization in our communication via social media and web advertising on online platforms other than modularmanagement.com.
Use of your personal data may also be required in order to fulfil our requirements in accordance with laws and regulations, for example regarding security and accounting.
Date Retention Period
We handle your personal data for the period allowed according to relevant law, regulation, praxis or authority decision. For example, data may be stored longer if it necessary as regulated by purchasing laws, consumer protection laws or accounting laws. Personal data is stored and used in MM IT systems. If you subscribe to our newsletter, your contact details will be stored as long as you choose to continue to receive the newsletter.
MM Technical and Organizational Activities for Secure Handling of Your Data
We continuously act to fulfil the principles of ‘privacy by design’ and ‘privacy by default.’ We also continuously evaluate data handling risks, take necessary measures to reduce the risks, and train staff in data security questions. If you have any direct questions regarding how we work with the Swedish Personal Data Act (PUL) and the EU General Data Protection Regulation (GDPR), please contact firstname.lastname@example.org.
Contractual Partners and IT Suppliers
We use a number of different IT services and systems. In some of these we store and handle personal data. We are committed to your personal integrity and the security of your data in all such instances. Some systems are installed locally, where only our personnel have access to the data, and in these instances, we do not share data with third parties.
Some IT services and systems are cloud based, or installed at suppliers, which means that we transfer data to the supplier. In these cases, the supplier is our data processor and handles data based on our requirements, in accordance with our instructions.
Internal IT Systems
Internally, we handle personal data in our customer database and in our sales and planning system. These systems are designed to deliver the services you have ordered, or are due to order, and in order to deal with questions and customer care in accordance with the provision of these services. All the data collected in these systems will be handled.
Web Analysis Companies
We use external suppliers for personalization and analysis of user behavior on our websites, and for user feedback. These companies use personal data as data processors for our purposes. This data primarily includes cookies and is dealt with on an anonymous and aggregated level.
We use Microsoft Office products and system services for our internal work. This means your data is handled by Microsoft as our chosen data processor. Data is stored by Microsoft in a cloud service within the EU. In the event of a comprehensive IT incident, data may be transferred to a non-member country outside of the EU/EEA. This transfer will only occur for data protection reasons.
Email Addresses and Communication Preferences
If you choose to give us your e-mail address, we will communicate with you via e-mail. We do not share your e-mail address with others outside the Modular Management Group of companies. You can stop the delivery of future promotional e-mail by following the specific instructions in the e-mail you receive.
Links to Other Sites
Our websites may contain links to other sites. Modular Management is not responsible for the privacy practices or the content of other websites outside the Modular Management Group.
Necessary Use of Personal Data and Use Supported by Consent
Personal data handling is necessary for us to fulfill our contractual agreement with you, or to fulfill legal requirements that may be necessary without your consent.
In cases where there is no contractual agreement, and consent is given by you, you can at any time withdraw your consent by contacting us as detailed above. If you withdraw your consent, we will delete all personal data and stop data handling as detailed by your prior consent. It may be the case that data is handled both as supported by consent, and because the handling is necessary and/or supported by other regulations. This means that even if you withdraw your consent, and the data handling that was agreed ends, your data may still need to be retained by us for other purposes.
Your Right to Know What Personal Data We Store
If you want to know what data we have registered about you, please apply to find out at the address given above. Register records are shared on request and they are free of charge to access once per year.
How Can I Apply for a Record of my Data?
You can write to MM to ask for a register record. NOTE: You must send a written postal request in this case, because it needs to include your signature. You cannot therefore just send an email. Mark the written letter with ’Data Record – Attention MM Data Processor.’
The legal support for this right to your personal data records can be found in §26 of the Swedish Personal Data Act (PUL).
You can apply for your data record by writing as follows:
Subject: Data Record – Attention MM Data Processor
I hereby request information in accordance with §26 of the Swedish Personal Data Act (PUL).
(Place and Date)
(Name, ID Number and Address)
Right to Control Your Personal Data
You have the right to request that your personal data is deleted, complemented or corrected. You also have the right to request that the use of your data is limited to certain purposes or not used, for example, in direct advertising or so-called digital profiling.
If You Want to Make a Claim
Individuals who wish to claim that a company is not compliant with §26 of the Swedish Personal Data Act (PUL) should address their claim to the Swedish Data Protection Authority. More information is available on the Swedish Data Protection Authority website.