Privacy Notice for Bonnier Solutions AB
Most recently revised: July 2019
This is the central Privacy Notice for Bonnier Solutions AB and for the services provided through Bonnier Solutions AB, company registration number 556748-2624 . (“we”, “us”, “our”).
This Privacy Notice sets out the ways in which we collect and use your personal data in connections with our business and other companies in the group..
We use the information we collect about the groups’ customers, suppliers and employees to enable us to run our business which includes finance and payroll services.
We are part of the Bonnier Group AB, company registration number 556576-7463.
The text below presents information about how we use personal data, how this affects your right to privacy, and how you can safeguard and exercise your rights. You can click the links in the different sections to find out more.
The personal data we collect
We collect data to help ensure our services run smoothly, and to enable us to provide you with the best possible service.
We collect information that you provide to us when you are sending invoices, when you order products or services or get employed in a company in the group.
Some information will be collected from the company that you get employed in so we can pay correct salaries to you.
We may also collect data from third parties as credit control companies. We make sure to protect data we collect from third parties in accordance with the methods described in the present Privacy Notice, and in line with any additional restrictions that apply to the source of the information.
You can make choices concerning the data we collect. If you are asked to provide personal data, you can choose to decline. However, if you choose not to provide personal data that are necessary to gain access to a product, service or function, there is a risk that you will not be able to use the product or function in question.
The information we collect depends on the context of your interactions with other Bonnier companies in the group. The data we collect may include the following:
- Name and contact details. We collect your first and last names, email address, postal address and other contact details of this kind.
- Account number. We collect bank and payment details to be able to pay invoices, salaries, expenses and other compensation.
- Special categories of information. We may collect sensitive information such as information about sick leave and trade union membership. We may also handle association membership fees and pension payments.
How we use personal data
We will use your information for the purposes to run our business and fulfill agreements between you and companies in the group.
Communication We use data to communicate with you. For example, we may contact you by email, by phone or through other channels to deal with support issues relating to invoices, payroll questions etc. received from or issued to you.
Other purposes If we intend to use personal data for a new purpose, over and above that described in this Privacy Notice, we will inform you of such use before the data are collected – or in connection with the collection – and we will ask for your permission or, where necessary, your consent. Alternatively, we will ask for your permission and/or consent after the data have been collected but before we start to use them for a new purpose.
Grounds for sharing your personal data
With a view to being able to fulfil legal obligations and agreements with you with regard to financial and payroll services (for example, paying invoices from suppliers, issuing invoices to customers, making and receiving payments, closing accounts, paying correct salaries, handling pension issues, managing company vehicles), Bonnier Solutions has a shared personal data responsibility with other companies in the Bonnier group that you have an agreement with. Bonnier Solutions and companies in the Bonnier group have a shared personal data responsibility in the following areas:
- Incoming and outgoing payments
- Supplier ledger
- Customer ledger
- Credit control
- The payroll process, including pension management, time reporting, expenses, etc.
- HR process
- Managing company cars
- Managing benefits
Disclosure of data by Bonnier Solutions AB
The personal data about you that Bonnier Solutions and companies within the Bonnier Group have collected and processed may be disclosed to suppliers and partners we commission, for example to make payments (information disclosed to banks), or to handle debt collection (information disclosed to debt collection companies).
Finally, we may need to disclose or save your data when we consider this necessary, in order to:
- comply with laws or legal processes and provide information to the police and other relevant authorities,
- manage and maintain the security of our products, including preventing or halting an attack on our system or network.
In cases in which we share information about you with other parties, we have taken steps to ensure these companies comply with our privacy requirements, and have made it clear they are not permitted to use the personal data they receive for any other purpose.
How you can check your personal data
You can read and ask for changes of personal data about yourself, and request that we delete such data, by contacting us as described in the section entitled Contact us below.
We respond to enquiries within 30 days of having received your request and verified the issue to which it pertains.
Your individual rights
Bonnier Solutions complies with actual data protection legislation in the European Union, the application of which encompasses the following rights:
- If the processing of personal data is based on your consent, you have the right to withdraw your consent to the future processing of your personal data at any time.
- You have the right to request, free of charge, an excerpt from the register (as defined in the relevant legislation), as well as access to a copy of your personal data, and to request correction and – under certain circumstances – erasure of your personal data.
- You have the right to oppose the processing of your personal data.
- You have the right to request that we transfer your personal data to a different organization that will take responsibility for processing your personal data (data controller) in cases in which our right to process your personal data is based either on your consent or our complying with an agreement with you.
- You have the right to submit complaints to a data protection authority. The Swedish Data Protection Authority is the authority in Sweden that supervises how we, as a company, comply with the legislation.
When we process your personal data, we do so on an “as needed” basis with a view to operating our business, fulfilling contractual and legal obligations, protecting our systems, or fulfilling other justified interests as described in the sections entitled How we use personal data and Grounds for sharing your personal data above. When we transfer personal data outside the European Union and/or the European Economic Area, we do so based on a number of legal mechanisms, as described in the section entitled Where we store and process personal data below.
Security for your personal data
We apply a range of security technologies and security methods to protect your personal data from unwanted access, use and disclosure. For example, the personal data you supply are stored on computer systems placed in secure locations to which access is limited.
Personal data collected by Bonnier Solutions may be stored in the region where you live, in Sweden or in other countries in which Bonnier Solutions, our partners or suppliers have business operations. We adopt measures to ensure that the data we collect are processed in accordance with the information in this appendix, and pursuant to the applicable legislation in the place where the data are located.
We place great importance on maintaining the security of the computer systems and checking compliance with our own internal regulations.
Information about our regulations regarding information security and internet use are available here.
Where we store and process personal data
The personal data we collect may be stored and processed primarily in the region where you live, in Sweden or in other countries in which we have business operations. The storage locations are selected with a view to ensuring efficient functioning, improving performance, and generating redundancy with the intention of protecting data from power outages or other such problems. We adopt measures to ensure that the data we collect under this Privacy Notice are processed in accordance with the provisions of this Privacy Notice and pursuant to the applicable legislation in the place where the data are located.
Bonnier Solutions AB commissions a Processor (Cognizant), which is domiciled in India and performs services such as administrating and paying supplier invoices, issuing and handling payment of customer invoices, manual payments and accounts closings. In addition to this, we work with Tata Consulting Services (TCS), which provides IT support from countries including India. We have adopted the protective measures required in this context, for example entering into a data processor agreement with our suppliers that contains the EU’s standard contractual clauses. The Processors thereby undertake to abide by the data protection requirements defined in the new General Data Protection Regulation (the European Parliament’s and Council’s regulation (EU) 2016/679 of 27 April 2016) in the same way as if the processing of personal data were being performed in an EU country.
Our retention of your personal data
We retain personal data for as long as is necessary to complete transactions between us, or for other necessary purposes, such as complying with our legal obligations, resolving disputes and executing our agreements. As these needs may vary for different types of data and in different contexts, the actual periods of retention may vary. Criteria that determine the length of time we store data include, for example, other legislation such as the Swedish Bookkeeping Act, which stipulates that financial data must be retained for a given period.
Your personal data are deleted or anonymized as soon as they are no longer relevant for the purpose for which they were collected.
Changes to this Privacy Notice
We will update our Privacy Notice when necessary. When this Privicy Notice is updated, the date of the most recent change is altered at the very top of the Privacy Notice, and the changes are described at the bottom of the page under Change record, whereupon the changes come into effect.
If major changes are made to the Privacy Notice or to how we at Bonnier Solutions use your personal data, you will be informed via a notice on the website or through an email message before the changes come into effect, if this is required by law.
If you have any questions about the rules that apply to your personal data, wish to file a complaint or ask our Data Protection Officer a question, you can use the contact information below to get in touch with us.
Bonnier Solutions AB
Company reg. no. 556748-2624
113 90 Stockholm, Sweden
112 21 Stockholm, Sweden
Phone: +46 8 580 085 00 (lines open 08:30–16:00 Monday through Friday)
May 2018: Clarification on account of the new General Data Protection Regulation (GDPR) coming into effect on 25 May 2018. [The updated Privacy Notice will automatically come into effect for all existing customers and visitors on 25 May 2018. Your continued use of our Services from this date onwards will be covered by the new Privacy Notice.] The Privacy Notice has also been reworked to make it concise, clear and straightforward, intelligible and easier to read and understand.
July 2019: Minor updating related to HR, minor linguistic update.