Second Logo

Privacy policy

Information about our processing of personal data

1. Introduction

We want you to feel safe when you provide us with personal data. We respect your privacy and work actively to ensure that your personal data is handled securely. This text is addressed to you if you have a relationship with us through our business, either personally or as a representative of an organisation, such as a customer, supplier, or partner. It also applies to you if you visit our website or contact us in any other way.

Personal data is any information that identifies or can identify you, both directly and indirectly. This may include your name, address, personal identity number, or a picture of you. Processing of personal data refers to everything we do with your personal data, such as collecting, using, compiling, or deleting it. We process the data necessary to deliver and receive payment for the services we provide to you, as well as the data required to maintain contact with you.

Motum AB, company registration number 556935-8053, is the data controller for the processing of your personal data in accordance with the EU General Data Protection Regulation (GDPR). Telephone: 020-520 052. Email: gdpr@motumengelsk.motums.wpengine.com.

The purpose of this text is to inform you about the processing we carry out in relation to you. In the introductory section, you will find information on who the data controller is, the purposes for which we process your data, and your rights in relation to the processing we perform. If you want more detailed information about the processing we carry out, you can read section 2, where we explain which personal data we collect, how long we store the data, and the legal basis for the different processing activities. There you will also find information about who we share your personal data with and whether we transfer your data to third countries, i.e. countries outside the EU/EEA.

1.1 Data controller

Data controller
Motum AB, company registration number 556935-8053, is the data controller for the processing of your personal data in accordance with the EU General Data Protection Regulation (GDPR).

Contact details
Telephone: 020-520 052
Email: gdpr@motumengelsk.motums.wpengine.com

1.2 Why do we process your data?

In order for us to have the right to process your data, we must have a purpose for the processing. We process your data in the following situations. In the section for each situation, you can read more about the purposes for which we process your data.

– Personal data processed within the scope of our customer assignments (for more information, see section 2.1.1)
– Personal data for employees or contractors of our suppliers (for more information, see section 2.2.1)
– Personal data processed when you contact us (for more information, see section 2.3.1)

1.3 Your rights

You have the right to receive information about how we process your personal data. Among other things, you are entitled to know for what purposes your personal data is processed, the legal basis for the processing, how long we process the relevant personal data, who will have access to the data, your rights under the General Data Protection Regulation (GDPR), whether we transfer your data to a country outside the EU/EEA, that you may lodge a complaint with the Swedish Authority for Privacy Protection (IMY), that you may withdraw any consent you have given, as well as the contact details of the data controller and the Data Protection Officer. We provide you with all of this information in this text. If you have any questions regarding how we process your personal data, you can always contact us. Our contact details can be found above under point 1.1.

In addition to the right to information about how we process your personal data, you also have several rights in relation to our processing of your personal data. Below is a list of your rights. Further information about your rights can also be found on IMY’s website (www.imy.se).

Right of access – you have the right to contact us to find out whether we process your personal data. This also means you have the right to access the personal data. This may mean that you receive a document containing your personal data. It may also mean that you receive a compilation of the personal data we process. The compilation must be structured in such a way that you can check the accuracy and lawfulness of the data. More information on the right of access can be found on IMY’s website.

Right to rectification – if the data we hold about you is incorrect, you have the right to contact us and request that we correct the data or complete it with personal data relevant to the processing but missing. More information on the right to rectification can be found on IMY’s website (www.imy.se).

Right to erasure – you also have the right to ask us to delete your personal data. For example, we must delete your personal data if it is no longer needed for the purposes for which it was collected, if the processing is unlawful, or if we have carried out a balancing of interests and your interest in privacy outweighs our legitimate interest in processing the data. There are exceptions to the right to erasure. For example, if there is a legal requirement for us to retain the data or if the data is still necessary for the purpose for which we collected it. More information on the right to erasure can be found on IMY’s website. If you would like us to delete your contact details, please contact gdpr@motumengelsk.motums.wpengine.com.

Right to restriction – in certain cases you have the right to request that we restrict the processing of your personal data. This applies, for example, if you believe the data is incorrect and have requested rectification. In that case, you can demand that we restrict our processing of the data while we verify or investigate its accuracy. More information on the right to restriction can be found on IMY’s website.

Right to object regarding legitimate interest – when processing is based on the necessity of processing for purposes related to the data controller’s or a third party’s legitimate interests, pursuant to Article 6.1(f) GDPR, you have the right to object to the processing at any time. We may then only continue to process the data if we can demonstrate compelling legitimate grounds which override your interests, rights, and freedoms, or if the processing is carried out to establish, exercise, or defend legal claims.

We may process personal data on the basis that such processing is necessary for our legitimate interest in:

  • Marketing our services and disseminating information to existing and potential customers
  • Administering our relationship with you as a customer/other party within the scope of our assignment
  • Analysing completed work and improving our services
  • Administering agreements and fulfilling obligations towards our suppliers
  • Managing contact with you, and
  • Marketing our business.

You can read more about the processing in sections 2.1–2.3 below. More information on the right to object can be found on IMY’s website.

Right to data portability – the right to transfer your personal data is also referred to as the right to data portability. This right means you are entitled to receive the personal data we process about you so that you can transfer it to another recipient. This applies to data you have provided to us and which we process on the basis of your consent or to fulfil an agreement with you. More information on the right to data portability can be found on IMY’s website.

Right to lodge a complaint with a supervisory authority – if you believe our processing of your personal data does not comply with EU data protection legislation, you have the right to lodge a complaint with a supervisory authority. In Sweden, the supervisory authority is the Swedish Authority for Privacy Protection (IMY).

Right to withdraw consent – if you have given consent to any of the processing activities we carry out, you always have the right to withdraw your consent.

2. Our processing of personal data

Below is a summary of the different types of personal data we collect about you and the reasons why we collect them. The summary is based on the purpose of the processing. For each purpose, we explain the type of processing we carry out, the categories of personal data we use in the processing, the legal basis for the processing, and how long we retain the data. You will also receive information on whether we share your data with any party in connection with our processing, and whether we transfer your data to a third country in connection with the processing.

2.1 Personal data processed within the scope of our client assignments

Within the scope of our client assignments, we process your data in order to fulfil our assignment and to maintain contact with you and other persons connected to the assignment.

2.1.1 Purpose and legal basis of the processing

For the following purposes, we process personal data in order to fulfil contractual obligations:

  • To manage and administer invoicing, reminders, and payments related to our assignments.
  • To administer the customer relationship, for example, to meet obligations towards you as a client, and to provide information, products, and services.

For the following purposes, we process your personal data on the basis of our legitimate interest:

  • For internal and external marketing via the intranet, website, and social media.
  • To share information about our business through newsletters.
  • To communicate with you via email, post, and telephone.
  • For analysis of our business in order to improve our services and for general business development.
  • For documentation, administration, and management of the assignment.

Our legitimate interest in this processing is:

  • To market our services and share information with existing and new customers
  • To administer the relationship with you as a client/other party within the scope of our assignment
  • To analyse completed work and improve our services

2.1.2 Which personal data we process about you

  • Data concerning customers, employees, or contractors engaged by the customer.

Name
Personal identity number (private customer)
Employer
Job title
Contact details (telephone, email address)
Home address (private customer)
Invoicing details
Payment information
Image
Video
Statements in interviews

  • Other persons
    We process data about other individuals relevant within the scope of our assignments. These individuals may be consultants, employees of companies with which our client has contacts, or similar.

2.1.3 Who we share your data with

We may share your personal data with suppliers who process personal data on our behalf, so-called data processors. For example, IT and system providers that deliver development and support for our systems and cloud services.

We may also share your personal data with, for example, public authorities if this is necessary due to a legal obligation.

2.1.4 How long do we process and retain your data?

We process your data for as long as is necessary to administer the contractual relationship on which the customer relationship is based, and for as long as is necessary to exercise our rights and fulfil our obligations towards you/the customer by whom you are employed or engaged.

Any data relating to payments, where processing is required under the Swedish Bookkeeping Act, is processed for seven (7) years in accordance with the Bookkeeping Act.

2.1.5 Third-country transfer

When distributing invoices, we use a data processor that relies on Microsoft to operate the service. This means that a third-country transfer takes place to the United States, which is carried out with standard contractual clauses as a safeguard.

We use Microsoft 365 for communication via email. This means that a third-country transfer takes place to the United States, which is carried out with standard contractual clauses as a safeguard.

2.2 Personal data concerning suppliers and employees or contractors engaged by our suppliers

When we engage suppliers, we process your personal data in connection with the business relationship between us and your employer or principal, or which you provide to us within the scope of the business relationship.

2.2.1 Purpose and legal basis for the processing

  • To fulfil contractual obligations
  • To manage and administer payments related to agreements
  • To administer the supplier relationship, for example, documentation, administration, and management of the assignment

For the following purposes, we process your personal data on the basis of our legitimate interest:

  • To safeguard our rights in the event of legal claims made against us
  • To communicate with you via email, post, and telephone

We need to carry out the above processing due to the contractual relationship we have with you, your employer, or your principal. We then process your personal data on the basis of a balancing of interests, where our legitimate interest is to be able to administer agreements and fulfil obligations towards our suppliers.

2.2.2 Which personal data we process about you

The data we may process are
Name
Personal identity number (supplier with sole proprietorship)
Job title
Employer
Contact details (telephone, email address)
Invoicing details
Payment information

2.2.3 Who we share your data with

We may share your personal data with other suppliers who process personal data on our behalf, so-called data processors. For example, IT and system providers that deliver development and support for our systems and cloud services.

We may also share your personal data with, for example, public authorities if this is necessary due to a legal obligation.

2.2.4 How long do we process and retain your data?

We process your data for as long as is necessary to administer the contractual relationship with the supplier, and for as long as is necessary to exercise our rights and fulfil our obligations towards you/the supplier by whom you are employed or engaged.

Any data relating to payments, where processing is required under the Swedish Bookkeeping Act, is processed for seven (7) years in accordance with the Bookkeeping Act.

2.2.5 Thrid-country transfer

For the management of supplier invoices, we use a data processor that relies on Microsoft to operate the service. This means that a third-country transfer takes place to the United States, which is carried out with standard contractual clauses as a safeguard.

We use Microsoft 365 for communication via email. This means that a third-country transfer takes place to the United States, which is carried out with standard contractual clauses as a safeguard.

2.3 Personal data processed when you contact us

When you contact us via email, telephone, or our website, we process the personal data that you provide to us in connection with the communication. We also process your personal data when you apply for a job with us, subscribe to job vacancy notifications, and when you participate in fairs and events in which we take part.

2.3.1 Purpose and legal basis of the processing

For the following purposes, we process your personal data on the basis of our legitimate interest:

  • To communicate with you via email, post, and telephone
  • To reach and recruit new employees
  • For documentation, administration, and handling of any matter arising from the communication
  • To reach potential new customers through marketing via newsletters and participation in fairs and events
  • To distribute press releases

When you contact us, we need to process your personal data in order to maintain communication with you. We then process your personal data on the basis of a balancing of interests, where our legitimate interest is to be able to administer the contact with you. We may also process your personal data when we market our services to reach new customers, where our legitimate interest is to promote our business.

2.3.2 Which personal data we process about you

The data we may process are
Name
Contact details (telephone, email address)
Other personal data that you provide in free text
Date of birth (in connection with recruitment/expressions of interest)
Employer
Place of work
Job title

2.3.3 Who we share your data with

We may share your personal data with suppliers who process personal data on our behalf, so-called data processors. For example, IT and system providers that deliver development and support for our systems and cloud services.

We may also share your personal data with, for example, public authorities if this is necessary due to a legal obligation.

2.3.4 How long do we process and retain your data?

We process your data for as long as is necessary to administer the communication with you, and for as long as is necessary to exercise our rights and fulfil our obligations in relation to the contact we have with you.

2.3.5 Third-country transfer

To provide subscription services for job vacancies and the possibility to submit unsolicited applications, we use a data processor, We Select, which in turn uses sub-processors where a third-country transfer to the United States takes place or may take place, carried out with standard contractual clauses as a safeguard.

We use Microsoft 365 for communication via email. This means that a third-country transfer takes place to the United States, which is carried out with standard contractual clauses as a safeguard.

The Motum Group is Sweden’s largest independent lift and door supplier. Together, we are 400 employees from north to south, servicing, modernising, and installing new lifts and doors. Sustainability is a core value at Motum, and we place great emphasis on ensuring that our solutions are beneficial for both people and the environment. To provide our customers with maximum choice, we work exclusively with open systems.

Motum AB, c/o ITK AB, PO Box 11034, SE-161 11 Bromma, Sweden
E-mail: info@motumengelsk.motums.wpengine.com

Web by Redkite