GDPR – Personal data policy

As of May 25, 2018, the Personal Data Act (PUL) has been replaced by the new General Data Protection Regulation (GDPR). The purpose of the GDPR has been to protect people from having their privacy violated when their personal data is processed. The GDPR places higher demands on how we as an organization process your personal data and gives you better opportunities to influence our handling.

In this policy, we describe why we process your personal data, what personal data we process, the legal basis on which we support the processing and how long the data is stored. We also describe how you can influence the processing by exercising your rights. We also provide you with information on where to turn if you are not satisfied with our processing. It is important that you read and understand the privacy policy. You are always welcome to contact us if you have any questions.

We can be reached in the following ways:

Post: Svensksundsvägen 5, 111 49 Stockholm

Telephone: 08-599 08 430

E-mail: info@toymuseum.se

What the change means for you

In short, the GDPR means that…

you have the right to receive more detailed information about how we process your personal data. We provide you with such information in the privacy policy below,

…you will have the possibility, under certain conditions, to request that your personal data be transferred or that we restrict processing,

…you will have enhanced possibilities to access your personal data and, under certain conditions, to have them corrected or deleted,

…you can agree or object to certain processing we carry out, for example for sending information such as email newsletters.

1. information on personal data

In this privacy policy, we, with organization number 559067-4874, are called the Company and are the data controller. Personal data is information by which we can directly or indirectly identify you, e.g. your name, your telephone number, your e-mail address.

2. processing of personal data

Everything we do with your personal data is considered processing. This applies regardless of whether we use automated systems or not. We process your personal data in connection with the sending of information, payments, handling of complaints, in order to comply with applicable legislation such as the Accounting Act, to send newsletters, etc.

3. personal data processed

The personal data we collect about you is customer data. This is information such as your name, e-mail address, telephone number, address details and other information provided by you.

4. What the data is used for

In order for us to process your personal data, we must have specified an explicit and legitimate purpose for the processing. The personal data must not then be processed in a way that is incompatible with the original purpose. In addition, we must have a legal basis to process personal data.

We base the processing of personal data we carry out on the following legal grounds and consent:

a) Processing of your personal data is necessary for the conclusion or performance of the contract with you (the housing association you represent in your capacity as a board member, auditor or trustee).

b) the processing of your personal data is necessary for compliance with a legal obligation, e.g. to keep personal data for accounting purposes

c) We assess, after a so-called balance of interests, that our interests in processing your personal data outweigh your right to privacy.

In order to perform the contract with you, we need to process and manage your personal data. Below are examples of the purposes for which we process your personal data and the legal basis on which we do so.

Provision of services

We process your personal data to the extent necessary for us to identify you as a customer. We also need to process your personal data in order to be able to charge you in accordance with the agreement and to be able to take debt collection measures if this is necessary to ensure that our claim is paid.

Legal basis of the above as follows: Performance of contract under point 1 and Legitimate interest under point 3. Our legitimate interest for the processing in this part is that we secure payment under the contract with you.

Other communication about services

We process personal data in the context of other communications with you, for example to provide you with information. This may, for example, take the form of newsletters sent by email. We also process personal data that we receive from you when and if you have chosen to respond to customer surveys that we have sent to you or that you have taken part in in another way.

Legal basis of the above as follows: Performance of contract according to point 1 and Legitimate interest according to point 3. Our legitimate interests for processing personal data in customer surveys is that we want to get your opinions to improve our offer based on it.

Compliance with laws

We process your personal data in order to fulfill our statutory obligations, such as the requirements of the Accounting Act on the storage of accounting material.

Legal basis of the above as follows: Legal obligation under point 2.

5. How we collect the data

We collect personal data when you register on our website, when you contact your financial manager, by telephone or by visiting us in person.

6. How long the data is stored

We do not keep personal data about you for longer than we need to for the purpose for which we process it. Therefore, we never store personal data just because it is “good to have”, but always for a defined purpose supported by law or contract.

As the data we collect is processed for different purposes, it is also stored for different periods of time. It may therefore be the case that personal data about you is stored in one system, but deleted in another.

7. to whom the data is disclosed

In some situations, we share your personal data with others. Below we describe when and why we do this. We would like to emphasize that we never pass on your personal data unless this is necessary for us to carry out any of the processing operations listed above, for which we have a purpose and for which there is a legal basis. We also do not sell your personal data to others.

Suppliers and other data processors who process personal data on our behalf

We use various suppliers to enable us to provide our services. When we use suppliers to process personal data on our behalf, we contractually stipulate that the supplier (processor) may only process personal data for purposes that we determine and on specific instructions from us. This means that our suppliers are not allowed to do anything with your personal data that we have not explicitly told them to do. We also require that the supplier’s handling of personal data is secure and accurate.

8. your rights

You have the right to receive information about how we process your personal data. This policy provides you with such information. If you have any further questions about our processing of personal data, please contact us. You can find our contact details at the bottom of this policy.

In addition to the right to information, you also have other rights in relation to your personal data. For example, you can influence our processing by requesting access, rectification, erasure and restriction. You also have the right to object to certain processing that we carry out and to request your personal data or request that it be transferred.

Your right to erasure requires that the data is no longer needed for the purpose for which it was collected, if the processing is based on a balancing of interests and there are no legitimate grounds that override your interest, if the personal data has been processed unlawfully, or if you object to processing for direct marketing purposes. The right to erasure does not apply if we are obliged by law (e.g. the Accounting Act) to retain the data.

You have the right to request, free of charge and once a year, extracts, rectification, erasure and/or restriction of the personal data we process about you. As it is important that we do not disclose your personal data to anyone else, such a request must be made in writing and signed by you. In addition, specify what the request is for. Send the request in a letter to us stating your name and social security number, your address and a copy of a valid ID document signed by you.

The extract from the register will be sent to you within 30 days of receiving the request. If the extract is extensive so that we need more time or if for some reason we cannot fulfill your request, we will let you know.

Please send your request to us: Svensksundsvägen 5, 111 49 Stockholm.

9. Safety and security

We protect your personal data through a combination of technical and organizational solutions. Access systems are required for access to all of our systems that handle personal data. Our employees, processors and sub-processors must comply with our internal information security policy.

10. cookies

We use so-called cookies on the website www.toymuseum.se The purpose is for the website to work as well as possible, to give you access to certain functions and to receive information about visits to the website. A cookie is a small text file that is stored on the visitor’s computer and contains information. There are two types of cookies: permanent cookies that save a file on the visitor’s computer until the file is deleted, and session cookies that disappear when you close your browser. Third-party cookies are also used on our website for e.g. Google Analytics.

We use cookies to improve the website experience in the following ways:

  • Checks how the website is used by looking at traffic patterns.
  • Collects and analyzes behavioral data based on website and service usage in order to improve the user experience.

11. complaints

If you believe that we are processing your personal data in breach of the applicable rules, you should notify us as soon as possible. You can also contact the Data Protection Authority directly to lodge your complaint.

12. damages

If you have suffered damage because your personal data has been processed in breach of the applicable rules, you may be entitled to compensation. In such cases, you may, upon written request, seek compensation from us or bring an action for damages in court.

13. Data controller

The Company is the controller and responsible for the personal data processed under the Company brand. We determine the purposes of the processing and how it is carried out. We also decide how personal data is processed when we use subcontractors.

14. contact details

Familjeupplevelser i Bergrummet AB
Svensksundsvägen 5
111 49 Stockholm
08-599 08 430
info@toymuseum.se