Policies
Privacy policy
2. GENERAL
This privacy policy describes how Qbase AB (the "Company" or "Qbase") processes and uses personal data about you. This privacy policy further explains how Qbase processes personal data about you in your capacity as an employee, visitor to our website (www.qbase.se) and in cases where you apply for a position at Qbase (recruitment). This privacy policy also describes your rights and how you can exercise your rights towards Qbase.
You should always feel safe when you provide your personal data to us at Qbase. With this privacy policy, we want to show how the Company ensures that your personal data is processed in accordance with applicable legislation. Qbase protects your personal integrity and strives to protect registered personal data in a secure manner.
2. DATA CONTROLLER
Qbase AB, reg. no. 556962-4629 is the data controller for the processing of your personal data and is therefore responsible for ensuring that your data is processed in a correct and secure manner in accordance with applicable legislation.
3. HOW DO WE PROCESS YOUR PERSONAL DATA?
Company/organization representatives
Qbase collects and stores information about you that we need to contact you as a representative of a company/organization. The personal data we process in this context are name, position, postal address, email address and telephone number.
The purpose of collecting the information mentioned above is to ensure that agreements entered into with our customers are followed in ongoing business. The contract is then our legal basis for the processing. Processing of personal data is also necessary in our finance function to fulfill our legal obligations.
In cases where no contract has been concluded, we only process personal data with low protection value. We process data in situations like these to be able to handle requests for interest and to follow up on general questions. This enables us to evaluate, develop and improve our services. The legal basis for this processing is the balancing of interests.
Qbase employees who have access to the data need it to perform their duties.
In this process, we may also share personal data with third party service providers (so-called data processors) that we engage to perform services on our behalf (such as technical, administrative, marketing or other services) when required. Our hired processors are not allowed to use your personal data for their own purposes, which we have regulated in a so-called Personal Data Processing Agreement (PDPA).
Storage and thinning vary depending on the business relationship and thus affect the perception of storage and thinning. Some business contacts last for a longer period while others are shorter or recurring. Retaining documentation simplifies things for both the customer and us. When data is saved in this process, the legal basis is legitimate interest.
If an offer is not accepted, personal data is stored for a certain period of time in case customer contact is resumed. Emails and other documents linked to non-accepted offers are deleted annually. In this situation, it is examined whether there are reasons to store documents longer (e.g. if a new request is received). If the offer is accepted, emails and other documents are kept for the usual documentation of the parties' intentions. To manage deliveries, data needs to be retained. Documents that we no longer need to keep are deleted.
Employees
Qbase collects information about employees that is necessary to administer employment and comply with legal requirements. The personal data processed for this purpose are name, social security number, account information, postal address, email address, phone number and CV. The legal basis for the processing is contract and legal obligation.
As our employee, we may share some of your personal data with our customers and partners. This is because our customers and partners have points of contact with the service you have with Qbase.
We also share your personal data with third party service providers (so-called data processors) that we engage to perform services on our behalf (such as technical, administrative, marketing or other services) when required to administer your employment. Our data processors are not allowed to use your personal data for their own purposes, which we have regulated in a so-called Personal Data Processing Agreement (PDPA).
Your personal data may also be disclosed when required by law.
As long as you are employed by us, we will process your personal data. Upon termination of employment, personal data that is not necessary to be stored to comply with legal requirements will be deleted. Some personal data will, in order to comply with relevant accounting legislation, be retained for seven years from the end of the calendar year in which the financial year to which the information relates ended. Salary records are retained for 10 years after termination of employment in view of the statute of limitations.
Recruitment
In order to manage recruitments, Qbase will need to process personal data in the form of name, postal address, e-mail address, telephone number, CV and any other personal data submitted by applicants. Such to be able to assess suitability for the role. Processing of personal data in this context is based on a balance of interests as a legal basis.
The personal data we process in this process comes from you and stays only with the HR manager for the review of the current application.
Unsolicited applications that do not relate to an advertised post are deleted immediately or after any contact has been made with the applicant. Documents of minor or temporary importance are normally deleted immediately or after two months at the latest.
Since a position may be contested for a period of two years (e.g. under discrimination legislation), personal data relating to recruitment via the advertised position is deleted after two years. Similarly, personal data obtained through interviews are deleted after two years in order to handle any appeal from the applicant.
Visitors to the website
When you visit our website, we use cookies and in connection with this we collect IP numbers. This is done to improve your experience of visiting the website and for our statistical follow-up. For this personal data processing, we obtain consent, which is the legal basis for the processing. For more information on how we use cookies, see our Cookie Policy.
4. VHAT RIGHTS DO YOU HAVE?
As a data subject, you have rights. If you, as a data subject of Qbase, wish to exercise your rights or have questions regarding our processing of your personal data, you can contact us at: info@qbase.se
Rectification and erasure of personal data
The Privacy Policy provides information on our processing of personal data to ensure that you as a data subject can exercise your right to receive information from us. If you believe that we have processed your personal data incorrectly or that it needs to be completed, you have the right to request that we rectify it (rectification request). If you do not want us to continue processing your personal data, you also have the right to request that we erase it (request for erasure). If it is possible in relation to our purpose of the processing, the legal rules we are obliged to follow and the agreements we or our client have entered into with you as a data subject, we will rectify and erase the personal data. If you have given consent to the processing, you always have the right to withdraw the consent, which means that we must erase the personal data covered by the given consent.
Right to object
When we process your personal data, you have the right to object to the processing at any time. If we cannot demonstrate that there are compelling legitimate grounds to continue processing the data, we must cease processing. The right applies when personal data is processed after a balance of interests, to perform a task in the public interest or as part of the exercise of public authority.
Right to restriction of processing
In certain cases, you have the right to request the restriction of the processing of personal data. If you are involved in a legal dispute and thus need your personal data as evidence, you can also request that we do not delete your personal data, even though we no longer need it or have no legal basis for continued processing (request for restriction). You also have the right to request restriction when you ask us to rectify or erase your personal data. However, as mentioned above, there are restrictions on when we can correct or delete it.
Access to your personal data - extract from the register
You also have the right to be informed of the processing operations we carry out on you (known as a register extract). A register extract must include a description of the purpose, the categories of personal data being processed and the legal basis for the processing. This type of information is described at a general level above (see the heading "how we process personal data"). The purpose of the register extract is to give you an overview of the processing operations you may be involved in so that you understand where your personal data is processed (however, the right to access documents containing your personal data is unconditional).
5. TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES
Qbase only processes personal data within the EU/EEA area (so-called third country) or countries that maintain a so-called adequate level of protection. Should your personal data be processed in a country outside the EU/EEA, we will inform you. In such cases, the processing is carried out in accordance with data protection legislation, such as by taking so-called appropriate protection measures.
6. CONTACT US
Qbase is responsible for the proper processing of your personal data. It is important to us that you have confidence in how we process your personal data. If you have questions or comments about how we process personal data or want to exercise your rights towards us as a data controller, please contact us.
Contact details
E-mail: info@qbase.se
Qbase AB
Vanadisvägen 43
113 23 Stockholm
7. CONTACT THE DATA PROTECTION AUTHORITY, IMY
If you have comments on our processing of your personal data, you always have the right to contact IMY. Of course, you can do this without contacting us first, but we naturally appreciate that you also submit your comments to us so that we can include them in our continuous improvement work.
Contact details
Telephone: 08-657 61 00
E-mail: imy@imy.se
Data Protection Authority
Box 8114
104 20 Stockholm
For more information on the General Data Protection Regulation (GDPR), please visit the Authority's website.
Quality policy
Our customers and other stakeholders can expect:
- That we have a dynamic approach to adapting to our customers' needs. We ensure that our services are at the forefront by constantly monitoring the world around us.
- Building long-term partnerships where we contribute to our customers' success by combining a high level of expertise with a personalized customer relationship.
- That we have a high level of expertise and a great understanding of our clients' business.
- That we are available, accessible and respond quickly to our customers.
- That we keep our promises and take a high level of customer responsibility characterized by honesty and knowledge.
- That we have a high level of trust in our customer relations, creating a dialog that promotes innovation and improvement for both parties.
- Adapting to customer needs and shaping our offer to suit the customer.
Each employee undertakes to
- Meet customer requirements and other applicable stakeholder requirements including applicable laws and regulations.
- Contribute to the continuous improvement of the quality management system and our services.
Information security policy
We will meet the information security requirements of our customers and other stakeholders.
We do this by:
- To ensure that confidential information in documents and IT systems does not fall into the wrong hands or is shared with unauthorized persons.
- To ensure that personal data is processed in accordance with the GDPR - See Privacy Policy.
- Protecting the privacy of our customers by complying with applicable secrecy and confidentiality requirements.
Each of our employees undertakes to
- Comply with current laws and regulations and other applicable binding information security requirements.
- Respect their obligation to report information security incidents.
- Contribute to the continuous improvement of information security.
Health and safety policy
We work consciously to create commitment, individual development and opportunities for our employees. We do this by:
- Allowing employees to be transparent and involved in the company's operations and development.
- To promote a good psychosocial work environment where all employees feel valued and respected.
- Being sensitive to unhealthy workloads.
- To comply with current health and safety legislation.
All staff should be aware of this policy. It is our motto that all employees should feel motivated, do a good job and develop further.
Environment and sustainability policy
Through its core business, Qbase has a great opportunity to create significant improvements in sustainability in the world around it, including by:
- To implement management systems that improve our customers' work on the environment, health and safety and sustainability in general.
- To contribute to increased knowledge through training in areas such as the environment, work environment and sustainability in general.
- To actively monitor sustainability and the environment in their immediate surroundings.
- To contribute to the economic sustainability of start-ups and established companies through our services.
Internally, Qbase works to minimize its environmental impact by, among other things, being a virtually paperless work environment.
Each of our employees also commits to:
- Comply with current laws and regulations and other applicable binding requirements.
- Contribute to the continuous improvement of our sustainability work by developing our service portfolio and carrying out more assignments in this area.