Privacy policy

1. GENERAL

This privacy policy specifies how Midsona collects, processes, discloses and stores your personal data.

The privacy policy applies to the personal data you share with us, such as when you purchase products from Midsona through the website, take part in competitions through the website, order a subscription to our newsletter and in other contacts with Midsona, such as when visiting the Midsona website or when you have a question and are in contact with Midsona or if you apply for a job with us.

The policy also describes the rights you have and how you can exercise them. You are always welcome to contact us if you have any questions.

 

2. CONTROLLER FOR PROCESSING OF YOUR PERSONAL DATA

Midsona AB (publ), corporate identity number 556241-5322, Box 21009, 200 21 Malmö (“Midsona” or “we”) (Midsona Sverige AB, Midsona Norge AS, Midsona Danmark A/S, Midsona Finland Oy, Vitalas AB, Vitalas A/S, Vitalas AS and Vitalas Oy) is the controller for the company's processing of personal data.

 

3. COLLECTION AND PROCESSING OF PERSONAL DATA

What type of data we collect and process about you depends on the capacity in which you are in contact with us.

When you order items on our website, you supply information about your contact details and payment details. If you take part in a competition on our website, you supply information on your contact details, depending on the design of the competition, and the same applies when ordering a subscription to our newsletter. If you have a question to put to us or contact us on some other matter, we collect and process the personal data supplied by you. Data on IP address and your use of Midsona’s website is normally also collected.

If you apply for a job at Midsona, we process the data you yourself share, your CV, your personal letter and other information you provide to us or to a recruitment agency engaged by us, for example testimonials and certificates. In addition, we may record notes from interviews, discussions with referees and results of any personality tests.

If you visit our website, we use cookies. Further information can be found in our policy on cookies.

A detailed list of the personal data collected and processed, the legal basis for the processing and the storage period can be found in Annex 1.

4. PURPOSE OF PROCESSING OF PERSONAL DATA

We process your personal data for different purposes depending on the capacity in which you are in contact with us. In this point a brief description is given of the purposes for which we process your personal data and a more detailed list of the aims of our processing can be found in Annex 1.

If you are in contact with us in the capacity of customer, we process your personal data for the purpose of processing your order, delivering the item ordered and handling the payment, i.e. to fulfil your agreement with you.

If you take part in a competition on our website, we process your personal data to enable us to communicate with you and in connection with the selection of prize winners and passing on any prizes.

If you order a subscription to our newsletter, we process your personal data to enable us to make the newsletter available to you.

If you apply for a job with us, we process your personal data to administer Midsona’s recruitment and supply of qualified personnel.

In other contacts with Midsona, for example in the case of a question or other contact by e-mail, we process your personal data in order to be able to communicate with you and answer your question.

 

5. HOW LONG DO WE RETAIN YOUR PERSONAL DATA?

We retain your personal data for as long as there is a customer relationship, or for as long as necessary for the particular purpose stated in this policy. More detailed information concerning storage period for the various purposes can be found in Annex 1.

 

6. WHO DO WE SHARE YOUR PERSONAL DATA WITH?

Your personal data as a customer of ours may be shared with external partners for example in customer service, debt collection and provision of newsletters. Your personal data may also be handled by an authority in the reporting of side effects.

Your personal data as a job applicant may be shared with external partners for example in recruitment and the provision of IT systems in any assessment of job applications.

 

7. WHERE DO WE PROCESS YOUR PERSONAL DATA?

Your personal data is processed only within the EU/EEA.

8. YOUR RIGHTS

You have the right to obtain access to the personal data we process about you. The data is supplied to you in the form of an extract from our filing system.

If the data we have concerning you is incorrect, you can request that we rectify it. You can also supplement any incomplete data we have concerning you.

You have the right to “be forgotten”, i.e. to have the personal data we have concerning you erased. This right applies if

  1. the data is no longer necessary for the purposes for which it has been collected or processed,
  2. you object to processing that takes place on the basis of a legitimate interest after a balancing of interests we have done and your grounds for objecting override our legitimate interests;
  3. you object to processing that takes place for direct marketing;
  4. the personal data has been processed in an unlawful manner; and
  5. the personal data must be erased to fulfil a legal obligation we are covered by.

We have the right to deny erasure of personal data in certain situations, such as when there is a legal duty preventing us from erasing the data, or if processing of your personal data is necessary to establish, exercise or defend a legal claim we have.

You have the right, under certain circumstances, to request that the processing of your personal data be restricted to certain stated purposes. This applies, for instance, when you consider the personal data we have concerning you to be incorrect and you have requested rectification, and the restriction applies during the period of time needed to investigate whether the data is incorrect.

You have the right to object to processing of your personal data that takes place on the basis of a balancing of interests. If you make such an objection, we will continue to process your data only if we have legitimate grounds for doing so that override your interests.

You always have the right to object to processing of your personal data that takes place for direct marketing.

You have the right to data portability, which means that, under certain circumstances, you have a right to have your personal data transmitted to another controller in a structured, commonly used and machine-readable format.

If you have objections to the processing of your data, you have the right to submit a complaint to the Swedish Data Protection Authority.

9. CHANGES TO THE PRIVACY POLICY

We may make changes to the privacy policy, and the latest version of the policy is available on our website.

 

10. CONTACT DETAILS

If you have any questions about the contents of this policy or if you wish to contact us concerning our processing of your personal data, you are welcome to email us GDPR@midsona.com.

ANNEX 1

SUMMARY OF PROCESSING OF PERSONAL DATA

Purpose: To be able to handle ordering/purchasing.

Legal basis: Fulfilment of agreements.

Categories of personal data:

  • Name
  • Personal identity number
  • Contact details (e.g. address, e-mail and telephone number)
  • Payment history
  • Payment information
  • Credit information from credit reference agencies
  • Purchase information (for example what item has been ordered and whether the item is to be delivered to a different address)

Storage period: Until the purchase has been completed (including delivery and payment) and for a period of 36 months thereafter for the purpose of being able to deal with any claim and warranty cases.

Purpose: To be able to hold and manage participation in competitions and/or events.

Legal basis: Balancing of interests.

Categories of personal data:

  • Name
  • Personal identity number or age
  • Contact details (e.g. address, e-mail and telephone number)
  • Data supplied in competition entries
  • Data supplied in evaluations of events.

Storage period: During the time when the competition (including any evaluation) is in progress.

Purpose: To be able to fulfil Midsona’s legal obligations under statutory requirements, court judgments or decisions of authorities (for example the Book-keeping Act or the rules on product liability and product safety, which may require the preparation of communication and information for the general public and customers concerning product alerts and product recalls, for example in the event of an item that is defective or harmful to health, or rules on dealing with reported side effects.

Legal basis: Legal obligation.

Categories of personal data:

  • Name
  • Personal identity number Contact details (e.g. address,
  • e-mail and telephone number)
  • Payment history. Payment information
  • Your correspondence
  • Details of time of purchase, any defect/complaint
  • Health data (e.g. allergic reactions and health conditions you inform us about)

Storage period: Until the purchase has been completed (including delivery and payment) and for a period of 36 months thereafter [or [xx] months/years] if information about reported side effects is concerned].

Purpose: To be able to administer and handle recruitment and supply of qualified personnel.

Legal basis: Balancing of interests.

Categories of personal data:

  • Name
  • Personal identity number or age
  • Contact details (e.g. address, e-mail and telephone number)
  • Data supplied in job applications (e.g. CV, personal letter, testimonials and certificates)
  • Notes from interviews
  • Discussions with referees
  • Results of any personality tests

Storage period: During the period when the recruitment is in progress. The data may be retained for a longer period of time to enable it to be used in any appeal over an appointment in accordance with applicable legislation on discrimination. The data will be erased not later than two years after recruitment has ended or after a spontaneous application has been received.