This Privacy Policy (the “Policy”) describes how Lifesum AB, reg. 556729-2841 (“Lifesum”, “we”, “us” or “our”), at the address Valhallavägen 117, Stockholm, Sweden, process personal data in relation to you as an employee, former employee, consultant, or job applicant.
We are responsible for the processing of your personal data as described in the Policy in the capacity of data processor. If you would like to know more about our processing of your personal data, you are welcome to contact us, e.g. via the address above or via our email address: contact@lifesum.com.
It is important to us that you feel comfortable with our processing of your personal data, and we therefore ask you to read through this Policy, which we may update from time to time. At the top of the page, you can see when the last changes to this Policy were made.
We collect your personal data from you and from others, such as the Swedish Tax Agency, our insurance companies and, where applicable, companies providing services such as occupational healthcare and job coaching. If you work with us as a consultant, we also process personal data collected from your employer.
We only process your personal data to the extent necessary in accordance with applicable data protection legislation. This inter alia means that we need to have a legal basis for the processing we carry out and the purposes for our processing of your personal data, which in our context generally mean one of the following legal bases.
Performance of a contract – the processing is necessary in order to fulfil the employment contract between you and us, or in order to take steps at your request prior to entering into the employment contract.
Performance of legal obligations and exercise of rights – the processing is necessary in order to perform legal obligations, e.g. to the extent we are subject to legal obligations in the field of employment according to law, other statutes or collective agreements, or if we are subject to court orders or decisions by other authorities which require us to process your personal data. Correspondingly, the processing of your personal data related to your employment with us may also occur when necessary in order to exercise rights within the field of employment.
Legitimate interests – the processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, provided that they are not overridden by your interests or fundamental rights or freedoms (in which case our processing is not allowed based on such legitimate interests).
In general, your personal data is processed for purposes related to human resources administration, where our legal bases for such processing activities are that the processing is necessary in order to fulfil our obligations related to your employment contract or due to the legal obligations which we are subject to as your employer.
Below, we explain more about the categories of personal data we process, for what purposes we process them and what legal bases we rely on when processing your personal data, including for how long your personal data is stored with us. In Section 4 below, there is also information about the conditions under which we can monitor your use of IT resources, such as the use of computers, mobile phones, email and the Internet.
Please note that the purpose and legal basis for processing your personal data may vary depending on whether you are an employee or a consultant, as indicated below. “X” means that the information is relevant and applies to you as an employee or a consultant, while “N/A” (not applicable) means that it is not relevant and does not apply to you or your engagement with us:
| Purpose | Categories of personal data | Legal basis | Storage period | Employee | Consultant |
|---|---|---|---|---|---|
Administer and perform obligations relating to salary and salary revision, travel and expense compensation, absence, holiday leave, other forms of leave and other benefits, including e.g. insurance and occupational pension. | Information such as:
| Performance of the employment contract with you and legal obligations for us as an employer (employees). | Information is stored for the time needed for us to be able to fulfil our commitments and obligations. Accounting information is e.g. as a starting point stored for seven (7) years after the end of the current financial year according to the Accounting Act. The information can also be stored under e.g. the time necessary to establish, assert or defend legal claims (normally no longer than ten (10) years from the date of registration of the data). | X | N/A |
Administer and perform obligations relating to salary/sick pay, absence, insurance, contacts with the Swedish Social Insurance Agency and other authorities, rehabilitation and adaption measures and assessment of work ability. | Information related to your health such as:
| Performance of the employment contract with you and legal obligations for us as an employer (employees). | Information is stored for the time needed for us to be able to fulfil our commitments and obligations. Accounting information is stored e.g. as a starting point for seven (7) years after the end of the current financial year according to the Accounting Act. The information can also be stored under e.g. the time necessary to establish, assert or defend legal claims (normally no longer than ten (10) years from the date of registration of the data). | X | N/A |
Administer and control permissions and access to premises and information in e.g. IT systems and networks. | Information such as:
| Legitimate interest, where our legitimate interest is to ensure that unauthorized access to our premises or information in our IT systems or networks does not take place (employees and consultants). | The information is stored during the time you are employed/hired with us and is then normally deleted within one (1) month. Logging information is normally stored for one (1) month from the time it is registered. | X | X |
Other personnel administrative purposes, including, where applicable, providing assistance in organizing accommodation in Sweden. | Basic information about you such as:
| Performance of the employment contract with you (employees) and our legitimate interests in conducting personnel administration (employees and consultants). | The information is stored during the time you are employed/hired with us and is then normally deleted within one (1) month. | X | X |
Perform obligations in connection with the termination of employment, such as calculating notice period and order of priority in accordance with the Employment Protection Act and determining benefits. | Information such as:
| Performance of the employment contract with you and legal obligations for us as an employer (employees). | The information is stored for the time you are employed by us and for the time necessary to be able to establish, assert or defend legal claims (normally no longer than ten (10) years from the termination of your employment). | X | N/A |
Upon request, compile and issue employer certificates, references/recommendations and similar. | Information such as:
| Legitimate interests, where our legitimate interests are to be able to compile and issue employee certificates (employees), references/recommendations and similar at the request of the employee/consultant or former employee/consultant (employees and consultants). | Information relating to employment/hire period and performed work tasks, on which employee certificates, references/recommendations and similar are based, are as a starting point stored for two (2) years from the time your employment/engagement with us ended. Employment certificates, references/recommendations and similar that are prepared at your request are stored until you have confirmed that you have received this from us and are then deleted. | X | X |
To fulfil the legal requirements to negotiate with your union, issue employer certificates, fulfil obligations under the Work Environment Act and the Union Representatives (Status in the Workplace) Act. | Information (as applicable to you):
| Performance of legal obligations for us as an employer (employees). | The information is stored as a starting point for ten (10) years after we have fulfilled the current legal obligation for us as an employer. | X | N/A |
Contact your relatives/next of kin in the event of an emergency, e.g. in the event of an accident or serious illness during working hours. | Contact information for your relatives/next of kin in the form of:
| Legitimate interest, where our legitimate interest is to be able to contact and inform the relatives/next of kin you have stated, in the event that, e.g. an accident should occur or if you become seriously ill during working hours (employees and consultants). | The information is stored during the time you are employed/hired with us and is then normally deleted within one (1) month. | X | X |
Publication on our website and in other promotional materials. | Information related to your role as an employee/consultant such as:
| Legitimate interest, where our legitimate interest is to be able to market our services, skills and employed/hired workforce (employees and consultants). | The information is stored during the time you are employed/hired with us and is then normally deleted within one (1) month. | X | X |
Personnel development and being able to follow up your performance and work periodically (normally on an annual basis), planning and agreements regarding your employment/engagement with us and training related to your employment/engagement with us. | Information related to your professional qualifications and development such as:
| Legitimate interests, where our legitimate interests are to streamline and improve our business, develop your skills (employees and consultants), as well as complying with the Employment Protection Act (employees). | The information is collected prior to or in connection with each opportunity to follow up on your performance and work (e.g. interviews and training sessions) and is then normally deleted within one (1) year from the time it was collected. | X | X |
Follow up and investigate personnel matters, take measures due to negligence or other shortcomings in employment/engagement with us and, if applicable, conduct negotiations with your union. | Information of significance for an objective and correct handling of the personnel matters such as:
| Legitimate interests, where our legitimate interests are to be able to handle personnel matters concerning negligence and, where applicable, to establish, assert or defend legal claims (e.g. to be able to take legal action) (employees and consultants) and to comply with the Employment (Co-Determination in the Workplace) Act (employees). | The information is stored during the time an investigation of a personnel matter is ongoing and during the time necessary to be able to establish, assert or defend legal claims (normally no longer than ten (10) years from the termination of your employment/engagement with us). | X | X |
Selection and recruitment of candidates based on submitted application documents (such as CV and personal letter), reference taking and, where applicable, personality and intelligence tests. |
| Legitimate interests, where our legitimate interests are to evaluate your job application and you as a candidate in order to appoint our vacancies (employees and consultants). | Information collected about you in connection with you applying for a job with us is as a starting point deleted after the recruitment process has ended and is otherwise deleted no later than two (2) years thereafter. | X | X |
Determine whether the conditions for employment and work in Sweden are met, which, if applicable, includes control of citizenship and work permit/residence permit as well as notification to the Swedish Tax Agency. |
| Comply with our legal obligation to check and document the right to be in work in Sweden and to inform the Swedish Tax Agency about the employment (employees). | Information is as a starting point stored for up to five (5) years after the employment has ended, and to the extent relevant in order to e.g. provide necessary information to authorities such as the Swedish Migration Agency. | X | N/A |
As an employee with us, you must follow our rules, policies and guidelines, as applicable from time to time, on the use of computers, mobile phones, email, Internet and other IT equipment and IT tools used in the course of our business. As a general rule, we have full access to all materials and content in all IT equipment, all IT tools and all systems and networks used by you as an employee. This includes e.g. all email correspondence and all communication and Internet use that is stored with the support of or takes place via the systems and networks that we own or otherwise have at our disposal. We may monitor the contents of the IT equipment and IT tools (e.g. computer, email and mobile phone) used by you as an employee (a) for security reasons to ensure access to our IT systems and maintain IT security, (b) to maintain customer contact and similar during your absence, (c) in case of suspicion that you use IT equipment in violation of our rules, policies and guidelines, and (d) in case of suspicion of disloyal or criminal conduct. In case of serious suspicion of disloyal or criminal conduct, we may also check communications and content of private nature such as private files and emails.
The processing of your personal data that may occur in connection with our monitoring of your use of IT resources according to this section, is made based on our legitimate interests of carrying out such activities and measures for the reasons stated above and, in case of (serious) suspicion of disloyal or criminal conduct, based on our legitimate interests of being able to establish, exercise or defend legal claims or to protect our business otherwise.
Information processed in connection with monitoring the content and use of the IT equipment and IT tools used by you as an employee is stored for the time necessary to carry out the measures stated above. As a general rule, our processing of the personal data concerned ceases within one (1) month thereafter, unless the personal data is necessary for a longer period of time in order to e.g. investigate and take measures in order to be able to establish, exercise or defend legal claims or to protect our business otherwise.
We have taken a number of security measures to ensure that the personal data we store is secure. For example, access to systems where personal data is stored is limited to only those of our employees and service providers who require such access in the course of their professional duties. These are also informed about the importance of maintaining the security and confidentiality of the personal data we keep. We maintain appropriate safeguards and security standards to protect your personal data against unauthorized access, disclosure or misuse. We also monitor our systems to discover vulnerabilities in order to protect your personal data.
Access to your personal data is limited to persons who require such access for the purposes described in Sections 3 and 4 above. Your personal data may therefore be shared with the following categories of third party recipients:
We strive to always process your personal data within the EU and EEA. However, we may transfer your personal data to service providers who, either themselves or by their sub-contractors, are located in or have business activities in a country outside the EU or EEA. In the event of such transfer, it will be made in accordance with applicable data protection legislation, for example by ensuring that the country in which the recipient is located ensures an adequate level of data protection according to the European Commission, or by ensuring appropriate safeguards based on the use of standard contractual clauses that the European Commission has adopted and other appropriate measures, to safeguard your rights and freedoms.
You may access a list of the countries that the European Commission has decided provide an adequate level of data protection at http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm.
You may access the European Commission’s standard contractual clauses at http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32010D0087.
You have rights in relation to us as and our processing of your personal data. Below, you will find information about your rights and how you can exercise them.
Please note that your rights apply to the extent that follows from applicable data protection legislation and that there may be exceptions to the rights where applicable. We also ask you to note that we may need more information from you in order to e.g. confirm your identity before proceeding with your request to exercise your rights.
To exercise your rights or request information about them we ask that you contact us, which is most easily done via email: contact@lifesum.com.
You have the right to obtain a confirmation as to whether or not we process your personal data. If that is the case, you also have the right to receive copies of the personal data concerning you that we process as well as additional information about the processing, such as for what purposes the processing occurs, relevant categories personal data and the recipients of such personal data.
You have the right to, without undue delay, have incorrect personal data about you rectified. You may also have the right to have incomplete personal data completed.
You have the right to obtain that we erase your personal data without undue delay in the following circumstances:
You have the right to obtain that we restrict the processing of your personal data in the following circumstances:
You have a right to object to our processing of your personal data when it is based on our or another party’s legitimate interest. If you object, we must demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms in order to be allowed to continue with our processing
If our processing of your personal data is based on the performance of a contract with you (or your consent), you have the right to receive the personal data you have provided us relating to you in an electronic format. You also have the right to have the personal data transferred from us directly to another data controller, where technically feasible.
We ask you to observe that this right to so called data portability does not cover personal data which we process manually.
If our processing of your personal data is based on your consent, you always have the right to withdraw your consent at any time. A withdrawal of your consent does not affect the lawfulness of the processing that took place based on the consent before your withdrawal.
In Sweden, the Swedish Data Protection Authority (Sw. Datainspektionen) is the authority responsible for monitoring the application of current data protection legislation. If you believe that we process your personal data in a wrongful manner, we encourage you to contact us so that we can review your concerns. You may, however, file a complaint with Datainspektionen at any time.
