Last updated: 2024-11-17The trust that our users place in us to manage data and personal information is one of Flowmeets' most valuable assets. This data protection policy outlines how we handle our customers' personal data and why our users can feel secure storing data and personal information with Flowmeets.
1. IntroductionFlowmeets' top priority is to ensure the safe and secure handling of personal data and other information. This is achieved through careful technical implementation of the service and strict internal regulations. Flowmeets' data protection policy summarizes our guidelines and procedures for managing personal data. This document outlines our processes and policies designed to meet both internal and legal requirements, whether we or our customers manage personal data in our service. All policies are endorsed by the board, management, and employees. Flowmeets has assigned internal responsibility to implement and ensure compliance with this and other policies. This and other policies are updated regularly in line with changes in applicable laws or industry standards. Contact us at
peter@wingr.se if you have any questions about this document.
2. Roles
-
Data Controller: The entity that manages personal data. In Flowmeets' case, it is the organizations using Flowmeets' digital services.
-
Data Processor: The entity that assists in processing personal data. In this case, it is Flowmeets along with our service providers.
3. Why This Policy ExistsThis data protection policy ensures that Flowmeets:
- Complies with applicable laws and industry standards for data protection.
- Safeguards the rights of employees, customers, and partners.
- Is transparent about how we handle data protection.
- Has clear procedures for protecting personal data.
4. LegislationThe General Data Protection Regulation (GDPR) has been in effect as law in Sweden and the rest of the EU since May 25, 2018. This regulation replaces the Personal Data Act (PuL).
- According to GDPR, a data processor must:
- Process personal data only under the instructions of the data controller.
- Engage other processors (services) only with the approval of the data controller.
- Keep records of the types of personal data processing activities conducted.
- Ensure an appropriate level of security.
- Establish a data processing agreement with the data controller.
- Have procedures for handling personal data breaches.
- Assist the data controller in fulfilling their obligations.
Flowmeets fulfills these obligations through agreements with our customers and internal regulations.
5. Internal RegulationsIn addition to the Terms of Service and Service Conditions, Flowmeets has implemented internal regulations. These routines and policies ensure that Flowmeets meets applicable requirements both as a data controller and data processor:
- Data Protection Policy (this document)
-
Procedure for Assisting with Data Requests
- Procedure for Reporting Data Breaches
- Procedure for Updating Policies and Agreements
- Privacy Policy
- Information Security Policy *
-
IT Security Policy *
-
Non-Disclosure Agreement *
*Separate documents.
6. Procedures
Procedure for Assisting with Data Requests:If a third party requests a data extraction, Flowmeets is obligated to assist our customers (who are the data controllers) in the matter. We primarily refer to the search function implemented in the service along with our standard template for data request responses, which Flowmeets provides upon request.
Procedure for Data Requests:If Flowmeets is contacted regarding a data request in its role as a data controller, this must be handled promptly.
Procedure for Reporting Data Breaches:Flowmeets continuously monitors its service as well as other processors' services for potential incidents. Suspected incidents should be reported by users to
peter@wingr.se, as stated in the service's terms and conditions.
If a data breach is confirmed and Flowmeets is acting as a data processor, this must be promptly reported to the data controller. The data controller must report the incident to the Data Inspection Board within 72 hours, provided it is likely that the breach could result in a risk to the rights and freedoms of individuals.
If a breach is confirmed where Flowmeets is the data controller, Flowmeets must report it to the Data Inspection Board within 72 hours.
Procedure for Updating Policies and Agreements:The documents listed above must be reviewed in August every two years, starting in 2024, or as soon as there is a clear reason to do so.