MCS’s Processing of Personal Data
- Background
Mainz Cleaning Systems AB (“MCS”) is company that works with selling, leasing, servicing and supporting robots that use carbon dioxide for automatic cleaning of containers. In some cases, MCS needs to process personal data. This Privacy Policy exists so that you know what personal data MCS may process, how and for what purpose such processing of your personal data may occur. - Compliance
This Privacy Policy is established to comply with the EU General Data Protection Regulation 2016/679 (GDPR). MCS regularly reviews the policy and the actual processing of personal data, to ensure that all processing of personal data is in accordance with the GDPR. - How and Why MCS Processes Personal Data
3.1 Contact with Potential Customers and Business Partners
For MCS to conduct our business, we need to process the personal data of potential customers and business partners.
(1) Categories of Personal Data
– Name
– E-mail address
– Device information about the device used to visit the MCS website
– Technical information generated through the use of the MCS website
– Workplace
– Profession-specific personal data
– Information about the data subject’s contacts with MCS
(2) Legal Basis
Personal data can be processed for the stated purpose based on consent (article 6(1)(a) GDPR). In these instances, the data subject has consented to have his or her personal data processed when filling out the contact form on MCS’s website.
Personal data can also be processed for the stated purpose because MCS legitimate interest to process the personal data (art. 6(1)(f) GDPR). In these instances, MCS has assessed that our legitimate interest overrides the data subject’s interest to not have his or her personal data processed.
(3) Origin
The personal data can be provided by the data subject himself/herself or by others in the data subject’s contact network such as employers, colleagues and business partners.
(4) Retention Period
The personal data provided via the contact form is stored for 2 years or until the data subject notifies MCS that the consent is withdrawn or that the data subject is no longer interested in the personal data processing. Personal data that is processed on the basis of MCS’s legitimate interest is retained for as long as MCS’s legitimate interest remains, which is normally no longer than 3 months.
3.2 Contractual Relationships with Customers and Business Partners
For MCS to fulfill contractual obligations to customers and partners, we need to process their personal data.
(1) Categories of Personal Data
Categories of personal data that can be processed for the stated purpose are:
– Name
– Telephone number
– E-mail address
– Place of work and profession
– Information regarding contacts with MCS
(2) Legal Basis
The processing of personal data occurs because is necessary for MCS to perform contractual obligations to a customer or business partner (article (6(1)(b) GDPR).
(3) Origin
The personal data is usually provided by the data subject himself/herself but may also be provided by others in the data subject’s network such as employers, colleagues and business partners.
(4) Retention Period
MCS stores the stated personal data for as long as it is required to fulfill the contractual obligations in question and at most 10 years thereafter.
3.3 Protecting MCS from Claims and Safeguarding MCS’s Rights
To protect ourselves from potential claims such as legal claims, complaints or insurance claims, or if necessary to safeguard our rights, MCS may need to process personal data.
(1) Categories of Personal Data
Categories of personal data that may be processed for the stated purpose are:
– Name
– Telephone number
– E-mail address
– Information about purchased goods/services
– Payment information
– Information about financial circumstances
– Information about your contacts with MCS
– Information about the course of events
– Any other personal data that is necessary to process in order for MCS to protect ourselves from legal claims or to defend our rights
(2) Legal Basis
The legal basis of the processing of personal data is the legitimate interest of MCS. (art. 6(1)(f) GDPR). When processing personal data for the stated purpose, MCS has assessed that our legitimate interest overrides the data subject’s interest to not have his or her personal data processed.
(3) Origin
The personal data may be provided by the following parties:
– The data subject himself/herself
– The data subject’s legal representative
– The data subject’s insurance company
– Public authorities
(4) Retention Period
MCS will retain the personal data for as long as it is necessary for us to protect ourselves from claims or to defend our rights.
3.4 Employment Agreements and Consultancy Agreements
To fulfill obligations following employment agreements and agreements with consultants, MCS needs to process the personal data of employees and consultants.
(1) Categories of Personal Data
Category A
– Name
– Telephone number
– E-mail address
– Contact details of relatives, “ICE”
– Bank account number
– Employer’s certificate
– Pay slips
– Absences
Category B
– Control data
– Income data
(2) Legal Basis
Category A
The processing is necessary for the purposes of fulfilling obligations arising from employment or contractual relationships with the data subject (Article 6(1)(b) GDPR).
Category B
As an employer, MCS has a legal obligation to provide the Swedish Tax Agency with employees’ control and income data (Article 6(1)(c) GDPR).
(3) Origin
Category A
The personal data originates from the data subject himself/herself and is provided to us either at the time of the conclusion of the contract or during the employment or assignment relationship. Pay slips are generated in the MCS payroll system and employer certificates are created by MCS.
Category B
The data comes from the MCS payroll system and is based on what is recorded based on the employee’s salary and work rate.
(4) Retention Period
Category A
Personal data processed based on contractual obligations are stored for as long as the contractual relationship remains and for a maximum of 10 years thereafter.
Category B
Personal data processed based on a legal obligation are processed for as long as the legal obligation exists.
4. Who Does MCS Share Your Personal Data With?
MCS sometimes uses personal data assistants for, for example, accounting, IT supplier and storage services. If MCS uses a personal data assistant, a personal data assistant agreement is always entered to ensure a high level of protection for all personal data that the assistant will process. The purpose of the sharing of data is the same as for the processing as a whole and the legal basis for the sharing is the legitimate interest of the MCS as described above.
MCS may also share personal data with legal representatives, authorities and the judiciary if the data is important as evidence or as a basis for, for example, a police report or a dispute. The purpose of the sharing of data is the same as for the processing as a whole and the legal basis for the sharing is the legitimate interest of the MCS as described above.
MCS may also share your data with public authorities following an order from a public authority to disclose the data. In such cases, the purpose of the processing is to disclose your information to comply with a legal obligation incumbent on the Business. The legal basis for processing is legal obligation under Article 6(1)(c) GDPR.
5. Your Rights Under GDPR
As a data subject you have a number of rights. The rights you have in relation to the processing of ypur personal data are described below. For more information on your rights, please click here to visit the website of the Swedish Data Protection Authority. To excersice your rights you can contact MCS’s data protection officer (“DPO”). Please find the contact details to our DPO in section 7.
5.1 The Right to Have Your Data Erased (“Right to Be Forgotten”)
In certain cases, you have the right to have your personal data erased. The right to have your data deleted applies in the following situations:
– If the personal material is no longer necessary for the purposes for which they were collected or otherwise processed.
– If you, as a data subject, object to the processing of personal data and there are no compelling legitimate grounds for us to continue the processing
– If the personal data has been illegally processed.
However, the controller is not obliged to erase your data if, for example, the processing is necessary for the controller to comply with a legal obligation or if the processing is necessary for the establishment, exercise or defense of legal claims. This means that you do not have the right to have recorded material on you deleted if the controller, for example, needs the material to make a police report or share the personal data with an authority after the MCS has been ordered to submit the material.
5.2 The Right to be Informed
You have the right to be informed about how MCS processes your personal data. You can receive this information through this Privacy Policy or by contacting our DPO.
5.3 The Right to Access Your Personal Data
You have the right to know whether MCS is processing your personal data, how that personal data is processed and to receive a copy of which of your personal data MCS is processing. For you to have access to your personal data, you need to identify yourself.
5.4 The Right to Object to the Processing
You have the right to object to MCS processing your personal data. Personal data processing may then only continue if there are compelling legitimate grounds for MCS to continue processing your personal data. If there are no such grounds, the processing of your personal data must cease. In such case, MCS will either encrypt or delete your personal data.
5.5 The Right to Lodge a Complaint with the Data Protection Authority
You always have the right to lodge a complaint with the Swedish Data Protection Authority. To find contact details for the Data Protection Agency, please follow this link. For information on how to complain about unauthorized processing of your personal data, please see the contact details to our DPO in section 7.
5.6 The Right to Data Portability
You have the right to receive a copy of your personal data in a structured, commonly used, and machine-readable format, and, where technically feasible, have that data transmitted directly to another controller.
6. MCS Cares About Your Safety
MCS cares about your security and has implemented a range of technical and organizational security measures to protect your personal data. Saved personal data is regularly deleted. No more people than necessary have access to stored personal data. Anyone who accesses stored personal data must not unauthorizedly disclose or exploit circumstances about individuals’ personal circumstances.
7. Contact
To exercise your rights as a data subject, or if you have other questions related to this Privacy Policy, please contact Mainz’s DPO using the details below. To contact the Swedish Data Protection Authority, please click here.
Contact Details for Mainz’s Data Protection Officer
Phone number: +46 76 863 55 77
E-mail address: info@mainz.se
MCS’s Use of Cookies
1. How we use cookies
We Use Cookies to:
- Understand and save user’s preferences for future visits.
- Keep track of advertisements.
- Compile aggregate data about site traffic and site interactions in order to offer better site experiences and tools in the future. We may also use trusted third-party services that track this information on our behalf.
2. Types of Cookies We Use:
- Essential Cookies: These cookies are essential to provide you with services available through our website and to enable you to use some of its features. They help to authenticate users and prevent fraudulent use of user accounts. Without these cookies, the services that you have asked for cannot be provided, and we only use these cookies to provide you with those services.
- Functionality Cookies: These cookies allow our website to remember choices you make when you use our website, such as remembering your login details and remembering the changes you make to other parts of our website which you can customize. The purpose of these cookies is to provide you with a more personal experience and to avoid you having to re-enter your preferences every time you visit our website.
- Analytics and Performance Cookies: These cookies are used to collect information about traffic to our website and how users use our website. The information gathered does not identify any individual visitor. It includes the number of visitors to our website, the websites that referred them to our website, the pages they visited on our website, what time of day they visited our website, whether they have visited our website before, and other similar information. We use this information to help operate our website more efficiently, to gather broad demographic information and to monitor the level of activity on our website.
- Advertising Cookies: These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.
3. Your Choices Regarding Cookies
If you prefer to avoid the use of cookies on our website, first you must disable the use of cookies in your browser and then delete the cookies saved in your browser associated with this website. You may use this option for preventing the use of cookies at any time.
If you do not accept our cookies, you may experience some inconvenience in your use of our website and some features may not function properly.
4. Contact
If you have any questions or complaints regarding MCS’s use of cookies, please contact our DPO using the following contact details:
Phone number: +46 76 863 55 77
E-mail address: info@mainz.se