Personal data handled by Kebni AB (the Company)
The Company may handle the following personal data about the employees, temporary workers, consultants, suppliers, and customers. The personal data may be collected during instances related to the Company’s normal operation, such as, but not limited to:
Basic personal data
Full name, birth data, social security number, nationality, gender, office telephone/mobile phone number, workplace address, home address, and other relevant private contact data, employment number, bank- and account data, organization, date of employment, time for expired employment, work position, employment rate, employment time, blue collar / white collar work, and when necessary other relevant personal data.
Communication
Personal data necessary to give employees, temporary workers, and consultants, suppliers, and customers access to the Company IS/IT system and network, e.g., internet addresses, work e-mail, IP-addresses, and usernames for login, but also other types of personal data which are logged when using the IS/IT system and Company network.
The purposes with handling personal data
The Company may collect and handle personal data for the purposes listed below. The list is not exhaustive, but the purpose is to give a view of the need for the Company to collect and handle personal data.
Legal body for handling of personal data
The legal body for handling personal data is fulfilment of the employment agreement or other relevant consultant, supplier, or customer agreements. The legal body also consists of the fact that the Company, in addition to laws constituted by collective agreements or other regulations demanding handling of personal data, is obliged to process personal data in a certain way, e.g., in relation to the Swedish Tax Agency office or insurance companies. The legal body can also be constituted by the Company’s right to carry out processing of data after a balance of interests. In addition, the Company may handle personal data after consent from the employee.
If the processing of personal data is required to fulfil an agreement or a legal obligation, the employee, temporary worker, and consultant cannot object. If the processing of data takes place after a balancing of interests, an objection to the processing is examined in the individual case.
How personal data is protected and who has access
The Company applies appropriate technical and organizational safety precautions to protect personal data against loss, misuse, and unauthorized access. Only authorized staff within the Company, which in his/her organizational role need personal data information will have access.
The Company may disclose personal data to personal data assistants (personuppgiftsbiträden), other companies or third parties as described below, in accordance with applicable data protection legislation.
Storage and withdrawal of personal data
The Company will process and store employees’, temporary workers’, consultants’ and customers’ personal data for as long as necessary in relation to the purposes for which the data was collected.
Certain personal data will be deleted in connection with termination of employment and/or termination of agreement with the Company.
Other personal data will be stored for a longer period due to legal obligations for the Company to keep these personal data.
The personal data register will be updated on regular basis and non-valid data will be removed when the possibility to direct claims against the company expires.
Data provider’s rights
The data provider of personal data has the right to access his/her person data, demand corrections, reject processing and handling of his/her personal data, demand limitation to certain personal data, and demand that his/her personal data handled by the Company is deleted, in accordance with the rights followed by the Data Protection legislation. These rights may be limited by other provisions of Data Protection legislation or if such a requirement would be inappropriate in an individual case, e.g., subject to an ongoing investigation into appropriate behavior.
The data provider has the right to withdraw the consent given for processing and handling of certain personal data.