ActiWay’s processing of personal data
The secure processing of personal data has always been a matter of course here at ActiWay and it is important that you, both as customer and data subject, feel secure in how ActiWay handles personal data securely.
ActiWay provides a web-based system, the “ActiWay System” which employers use to administrate the wellness allowance for their employees. As Personal Data Processor, ActiWay is responsible for the personal data that ActiWay processes on the customer’s behalf. The services that ActiWay provides are personal and to make sure that they are used by the appropriate person, ActiWay is required to process personal identity numbers and other personal data in order to comply with the Swedish Tax Agency's regulations and directives.
Personal Data Controller
ActiWay mainly handles personal data on behalf of its customers, and thereby is the Data Controller for the personal data that ActiWay processes on their behalf. ActiWay can also handle a limited amount of personal data directly on behalf of the data subject and is thereby the controller for them with respect to this data.
Personal Data Processor
ActiWay acts as Personal Data Processor on behalf of its customers and the personal data that is processed on the customer’s behalf is always processed in accordance with their instructions. ActiWay concludes Data Processing Agreements with its customers in order to regulate and guarantee the secure handling of personal data.
For ActiWay to deliver its service, sub-processors need to be engaged. ActiWay concludes agreements with all its sub-processors in order to ensure the secure and reliable processing of personal data. The sub-processors that ActiWay engages never use more personal data than they need for the purpose, which means that many sub-processors use only a limited number of personal data categories.
ActiWay’s processing of personal data
There are always legal grounds for the personal data that Actiway processes, and in most cases personal data is processed to fulfil agreements that have been concluded. ActiWay can also process personal data by consent, due to statutory requirements, legal claims or if there is a legitimate interest.
ActiWay always strives to handle a minimum of personal data and therefore never processes more data that it needs for the purpose.
For how long is personal data saved?
ActiWay processes personal data as long as required to deliver its service as contracted, provided there are legal grounds and a purpose for the processing, and as long as required by current laws and regulations. Data is also sorted and erased continuously to ensure that no personal data is processed if it no longer serves a purpose.
The right to be forgotten and the correction of personal data
As a data subject you have the right to have the personal data that ActiWay processes on your behalf or on the basis of legitimate interests corrected or deleted, provided there are no legal impediments to such correction or deletion. To request the correction or deletion of personal data that ActiWay processes on behalf of another Data Controller, you should direct your request for correction, deletion or extract to that controller. ActiWay must also assist the Data Controller with correction or deletion of personal data that ActiWay stores on their behalf provided there is no legal impediment.
Extracts from registers and data portability
As a data subject you have the right to request the personal data that we process on your behalf, or on the basis of legitimate intersts and have them presented in a structured, machine-scanned format. If you, as a Data Subject, require information about the personal data that ActiWay processes on behalf of another data controller, you should direct your request for an extract to that controller. ActiWay must also assist the Data Controller by providing such register extracts for the personal data that ActiWay processes on the behalf of that data controller.
Secusity in the system ActiWay always strives to make our systems as secure as possible, so that everyone who uses the ActiWay system feels secure in doing so. You can read more about the security in our system here.
Why does ActiWay process personal data?
All data that is processed in the ActiWay System is processed and stored in Sweden. Furthermore, some sub-processors that ActiWay engages, process data in other EU/EEA countries. One of ActiWay’s sub-processors processes data in a Third country, i.e. a country outside the EU/EEA. However, this sub-processor only uses personal data to a limited extent and the personal data of regular users who have access to benefits are not processed there. Where the sub-processor stores data in a third country, ActiWay makes sure, through agreements, that the personal data processed is protected and processed in accordance with the GDPR.
The right to object to the processing of personal data for direct marketing As a data subject you have the right to object to the processing of protected data for direct marketing. You can do this by unsubscribing directly in the e-mail from ActiWay.
The right to revoke your consent If ActiWay processes your personal data on the basis of consent, you can, at any time, revoke such consent to the continued processing of your personal data.
Want to know more?
If you want to know more about how ActiWay handles and processes personal data or if you wish to exercise your rights in accordance with the GDPR, you are welcome to contact ActiWay’s DPO Fredrik on Fredrik@actiway.se.