Privacy Policy
Visma HRM Sverige AB (the "Company") is the data controller for the processing of your personal data. We are committed to protecting your privacy and ensuring that your personal data is processed in a secure and responsible manner. The Company operates under the brands Kontek, Agda PS and Lönelys.
This Privacy Policy explains how the Company collects, uses, stores and protects your personal data, as well as your rights under applicable data protection legislation, including the General Data Protection Regulation (GDPR).
What personal data do we process?
The Company may process the following categories of personal data:
-
Basic personal information such as your name, postal address, telephone number, email address and demographic information.
-
User and website traffic information, including login credentials, usernames and IP addresses.
-
Financial information, such as invoicing and payment-related information.
-
Content that you upload or share with us, including documents, comments and supporting materials.
-
Statistics regarding how users interact with our software, websites and other content.
-
Information submitted in connection with job applications.
How do we collect your personal data?
In most cases, we collect personal data directly from you or from individuals associated with one of our customers. If your employer purchases products or services from the Company, either directly or through one of our business partners, we may receive information about you from that partner.
We also use cookies and similar tracking technologies when you visit our websites to improve your experience and optimize our services.
Cookies
Cookies are small text files stored on your device when you visit a website.
The Company uses both session cookies and persistent cookies, as well as first-party and third-party cookies.
We use cookies to:
-
Ensure that our websites function properly.
-
Improve and personalize the user experience.
-
Collect website statistics through analytics tools (such as Google Analytics).
-
Measure and improve the effectiveness of our marketing activities.
Where cookies are not strictly necessary, we will request your consent before placing them on your device. You may change or withdraw your consent at any time through our cookie settings.
You can also configure your web browser to block cookies or notify you when cookies are used. Please note that some website functionality may be affected if cookies are disabled.
Why we process personal data
The Company processes personal data for the following purposes:
Sales and service delivery
-
Managing customer orders, agreements and payments.
-
Providing services directly to you, such as e-learning, webinars and reports.
-
Delivering our products and services to customers.
-
Creating and managing user accounts.
Support and service improvement
-
Improving the quality, functionality and user experience of our products, services and websites.
-
Providing customer support.
Security
-
Detecting, preventing and resolving security threats and misuse.
-
Performing maintenance and troubleshooting.
Marketing
-
Managing and distributing marketing communications.
-
Creating interest profiles to provide relevant products and services.
Recruitment
-
Managing recruitment processes and job applications.
-
Reviewing applications, conducting interviews and checking references.
When processing personal data on behalf of our customers in connection with the use of our services, the Company acts as a data processor and processes personal data only in accordance with the customer's documented instructions. Further information is available in the applicable Data Processing Agreement (DPA).
Legal basis for processing
The Company processes personal data based on one or more of the following legal grounds:
Contract
We process personal data when it is necessary to perform a contract with you or to take steps prior to entering into a contract, for example during a recruitment process or in connection with a customer relationship.
Consent
In certain situations, we process personal data based on your consent. You may withdraw your consent at any time.
Legitimate interests
The Company has a legitimate interest in processing personal data for purposes such as security, customer support, service improvements and when you act as a contact person for an existing or prospective customer.
Legal obligation
We also process personal data where necessary to comply with legal obligations.
How your personal data is shared
Within the Visma Group
The Company is part of the Visma Group. Personal data may therefore be shared between companies within the Group where necessary to support efficient operations and provide a consistent customer experience.
Outside the Company
Personal data may be shared with third parties in the following situations:
-
Business partners where necessary to provide products or services.
-
Suppliers and IT service providers.
-
Public authorities where required by applicable law or official decisions.
Sub-processors
The Company uses sub-processors, including cloud service providers and other IT suppliers, to deliver our services.
We ensure that all sub-processors process personal data in accordance with applicable data protection legislation, either within the EU/EEA or through appropriate safeguards for international data transfers.
You may request further information about our sub-processors by contacting us using the details provided below.
How long do we retain personal data?
The Company retains personal data only for as long as necessary to fulfil the purposes for which it was collected or as required by applicable law.
Business contacts
If you are a contact person for a supplier, customer or business partner, we process your name, contact details and job title for as long as you remain the designated contact person or while the business relationship exists.
Job applicants
If you apply for a position with the Company, we process information such as your name, personal identity number (where applicable), contact details and CV during the recruitment process.
Your application documents are normally retained for up to two (2) years after the recruitment process has ended in order to manage potential legal claims.
Marketing
Personal data processed for marketing purposes will normally be deleted no later than twenty-four (24) months after your most recent interaction with us.
Your rights
Under the GDPR, you have the right to:
-
Request access to your personal data.
-
Request correction of inaccurate or incomplete personal data.
-
Request erasure of your personal data.
-
Request restriction of processing.
-
Receive your personal data in a structured, commonly used and machine-readable format (data portability).
-
Object to processing, particularly where processing is based on legitimate interests or for direct marketing purposes.
-
You also have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY).
To exercise your rights, please contact us at dpo.hrmse@visma.com
Contact us
Visma HRM Sverige AB, Långgatan 19, SE-341 32 Ljungby
Sweden
Telephone: +46 (0)372 89 000
Email: dpo.hrmse@visma.com
If you have any questions about how we process your personal data, or if you wish to exercise your rights under applicable data protection legislation, please contact us using the details above.
We handle all questions and complaints confidentially and will make every effort to respond promptly and appropriately.
What personal data does Kontek process?
Personal data that Kontek may process about you are:
- Basic personal data such as name, address, phone number, email and demographics
- User and web traffic information such as login ID, username and IP address
- Financial information such as billing-related information
- Content you have uploaded or shared, such as documents, comments and submissions
- Statistics showing how users use our software and consume content we offer
- Information via job applications
How do we collect your personal data?
In general, Kontek collects personal data directly from you or other people connected to our customer. If the customer you work for purchases products or services from Kontek or through a partner company, we may collect information about you from the partner company.
We also use cookies and other tracking technologies when you use Kontek websites to optimize your experience with Kontek, our products and our websites.
Cookies are small files that are stored by your browser when you visit web pages. There are two main types of cookies, session cookies and "persistent" cookies. Session cookies are only stored during your visit and are deleted when you close your browser. Other cookies are stored and recognize you when you visit the website again. We use both session cookies and permanent cookies on kontek.se.
The cookies help to distinguish between different users and how they navigate the site. This information is important to us at Kontek so we can improve and customize the site for our different users. Cookies are used on many websites to give a visitor access to various functions and thus a better experience of the visit to the website.
How to avoid cookies
If you want to avoid cookies, you can set your browser to automatically refuse cookies or to inform you that a website contains cookies. More information on how to do this can be found in your browser's help section. In the event that you do not refuse cookies, we will assume that you consent to the processing of personal data via cookies when you use our website.
Cookie policy
At kontek.se, we use both first-party and third-party cookies* for various purposes. Some of the cookies placed on your computer are deleted, as mentioned earlier, when you leave our website (session cookies) while others remain on your computer so that the website recognizes you from time to time if you return with web visits (permanent cookies).
-
At kontek.se we use cookies to facilitate the use of the website and make the pages load as quickly as possible on your computer (first-party session cookies).
-
Via the analysis tool Google Analytics (first-party session and permanent cookies), statistics are collected on how our visitors move around the website, such as how long the visit takes, which pages are visited, which browser is used, etc. The data collected via cookies cannot be linked to the identity of a specific user. In addition, we use cookies to streamline and follow up our sales campaigns.
*Definition of first-party and third-party cookies
All cookies have a sender in the form of a domain name. A first-party cookie is a cookie where the cookie has the same domain name sender as the website, i.e. the cookie is set by the website the user is visiting, while a third-party cookie is a cookie where the sender comes from a different domain than the one the user is visiting. In other words, the cookie has a domain name sender that is different from the URL of the website.
Why we process personal data
Kontek's privacy policy applies when Kontek processes your personal data for various purposes when you interact with us, such as;
Buying and delivering
-
Managing customer orders, contracts and payments
-
Offering services directly to you, such as e-learning, webinars and reports
-
Offering products and services to our customers.
-
Create and manage accounts for users of our services
Support and improvement
-
Improve and develop the quality, functionality and user experience of our products, services and Kontek websites, and provide our customers with a pleasant customer journey.
-
Provide customer support for our products and services
Security and safety
Detecting, remediating and preventing security threats and abuses, and performing maintenance and troubleshooting.
Marketing and promotion
-
Manage and send marketing material
-
Create interest profiles to promote relevant products and services
Recruitment
- To manage recruitment processes and job applications
- Evaluate submitted documents, conduct interviews and call references
Information on how personal data is processed in one of our many services is described in the respective data processing agreement. In these cases, Kontek acts as a data processor and processes the data on behalf of and under instructions from the customer.
Legal basis for processing your personal data
Kontek processes personal data on several legal bases.
Contract with you
We process your personal data based on a legally binding contract with you, e.g. when you apply for a job at Kontek. Processing your personal data such as CV, application and references is necessary for Kontek to be able to handle requests from job applicants before entering into a contract.
Your consent
Kontek may process your personal data based on consent. You always have an opportunity to withdraw your consent after the consent is given.
Legitimate interest
Kontek has a legitimate interest when we process your personal data for security, support and improvement or when you act as a contact person for an existing or potential customer. Your personal data is processed from a business perspective in a way we believe does not conflict with your rights and freedoms as a private individual.
Furthermore, Kontek processes your personal data based on a legitimate interest if you sign up for a webinar or download content from our websites. The legitimate interest is to assist you with accurate content, conduct webinars, market and administer your requests.
How your personal data is shared
Within the Group
As Kontek is part of the Visma group of companies, it is important to us that we provide you with the best possible overall experience. To maintain an overview and have insight, Kontek may share your personal data between companies within the Visma group.
Outside Kontek
Kontek may also share your personal data with external third parties in the following contexts:
-
Business partners
Kontek may share your personal data with our partners where it appears legitimate from a business perspective and in accordance with applicable data protection laws. -
Public authorities
Law enforcement and other authorities may request access to personal data from Kontek. In these cases, Kontek will hand over the information if a court order exists to support this.
When does Kontek use sub-processors?
Kontek uses sub-processors to process personal data. These are usually cloud service providers or other IT providers.
When Kontek uses sub-processors, Kontek signs Data Processing Agreements (DPA) with them to protect your privacy. All sub-processors are located within the EU/EEA.
You can always request an overview and more detailed information about Kontek's sub-processors. How to contact Kontek can be found at the bottom of this document.
How long is your personal data stored?
Kontek will only retain your personal data for as long as necessary to fulfill our contractual obligations. When we process your personal data on other legal grounds, such as legitimate interest, the information is kept for as long as it is necessary to fulfill the purpose of the processing.
Consequently, your personal data may be subject to different retention policies based on the type of data and the purpose of collecting it.
Below we mention some examples:
Contact persons
If you are Kontek's contact person at a company that is a supplier, customer or partner of ours, we use your data as follows.
In order for Kontek to fulfill these agreements with your employer, we need to have the details of the contact person(s) to contact to discuss and manage the contractual relationship. We will collect and process your name, contact details (such as phone number and email address) and position or title, and record them in our systems. We will process the data for as long as you are the designated contact person for Kontek for the company you are employed by. We will stop processing when you are no longer the contact person, or when the company you are employed by ends its relationship with Kontek.
We also use your data to market Kontek's services to the company you are employed by.
Job applicants
If you apply for employment with us here at Kontek, we process your personal data as follows.
When you apply for employment with Kontek, you submit certain information, in the form of name, social security number, contact details and CV. Your application may also contain other information, which you voluntarily add to it.
We need to process this information in order to assess your application. Kontek has a legitimate interest in reviewing potential employees, the information is necessary for a possible contractual relationship between us and you, in the form of an employment contract, and Kontek has legal obligations to fulfill in application procedures.
The data will be processed by Kontek's HR department and by the person in charge of the department you have applied for, in order to be able to make an employment decision regarding the current vacancy.
We will keep your data for two years in relation to your application for the position in question. We need to do this in case someone claims that Kontek has not complied with applicable law in the recruitment process, for example if someone claims to have been discriminated against and Kontek needs to defend itself against such a claim. The data will then only be used for this purpose.
Marketing purposes
Another example is contact information stored for marketing purposes, including leads or potential customers. Such personal data will be deleted no later than 24 months after the last recorded activity.
For further information regarding deletion, please contact Kontek (contact details can be found in the last section of this document).
Your rights
As a data subject, you may invoke the following rights in relation to Kontek's processing of your personal data:
-
Right of access: you have the right to request a copy of the personal data we process (about you).
-
Right to rectification: You also have the right to request Kontek to correct inaccurate personal data concerning you. If you have a user account with Kontek for a Kontek Service, this can usually be done under "your account", "your profile", or equivalent for the relevant Kontek Service.
-
Right to erasure: You can request Kontek to erase data about you.
-
Right to restriction (of processing): You can ask us to restrict the processing of your personal data.
-
Right to data portability. You can ask us to provide you or others with your personal data in a structured, commonly used and machine-readable format.
-
Right to object: You have the right to object to our processing of your personal data on the basis of legitimate interest or direct marketing purposes. You also have the right to object to our processing of your personal data for the performance of tasks carried out in the public interest or in the exercise of official authority or on the basis of legitimate interests.
Please note that there may be certain exceptions or limitations to the above rights that may apply depending on the specific circumstances of your situation. In such cases, we will provide you with detailed information about the applicable exception or limitation and assist you in exercising your rights to the fullest extent possible, in accordance with applicable laws and regulations. Please use dpo@kontek.se to submit requests under this section.
Amendments
We encourage you to review Kontek's Privacy Policy regularly. If Kontek makes significant changes to this policy that materially alter our privacy practices, we may also notify you by other means, such as email or through our website, before the changes take effect.
The Privacy Policy is revised annually. Last updated: 2023-11-20.
How to contact us
Kontek is a Swedish company that is part of a group that has legal entities, business processes, management structures and technical systems that cross borders. Kontek delivers software and services to both public and private organizations in Europe. Kontek's head office is located in Ljungby.
Head office: Långgatan 19, 341 32 Ljungby, Sweden.
Telephone: +46 372 89 000
We value your opinion. If you have any comments or questions about our privacy policy, other privacy issues or about a possible personal data breach, please send them to dpo@kontek.se.
We handle questions and complaints confidentially. Our representative will contact you to address any questions or concerns and to describe the options available to resolve them. We aim to ensure that complaints and queries are resolved in a fair and appropriate manner.
Finally, you also have the right to lodge a complaint with the Data Protection Authority (IMY ) regarding the processing of your personal data.