Our principles on integrity
Our approach to integrity and data protection rests on three key principles. They lie at the heart of what we do regarding processing of personal data.
- Openness We have a down-to-earth approach and process personal data by being transparent, reliable and honest.
- Security Security is top priority at Monitor, and we’re constantly working to improve our tools and procedures with this in mind.
- Responsibility: We accept the responsibilities associated with processing of personal data and have a full understanding of our role as Personal Data Controller.
Privacy Policy – Monitor ERP System AB
This document provides information on how Monitor collects, saves, sorts and deletes personal data-related information, and how we use it in relation to the purposes and regulations of the General Data Protection Regulation (GDPR). The document also outlines what rights you have, and how to exercise them.
It is important to us at Monitor ERP System AB that you feel secure allowing us to handle and save your personal data, and that you are aware we do so in a legal and reliable manner in accordance with GDPR.
Personal Data Controller – Monitor ERP System AB
Monitor ERP System AB is responsible for the personal data processed, and determines the purpose and method of the processing.
Monitor Enterprise Resource Planning System AB (556071-3454)
Visiting address
Trädgårdsgatan 7
SE-824 26 Hudiksvall
Postal address
Box 264
SE-824 26, Hudiksvall
Telephone (switchboard): +46 (0)650-766 00 (08.00–17.00). Ask for the Personal Data Controller.
E-mail: gdpr@monitor.se
Data protection officer (DPO)
Contact our Data Protection Officer if you have any questions, or want to learn more about how Monitor ERP System processes your personal data.
Email: DPO@monitor.se
Phone, (switchboard): +46 (0) 650-766 00 (08:00–17:00). Ask for the Data Protection Officer.
Personal data and how we process it
Monitor ERP System AB is Personal Data Controller for processing of the data which we collect, and which you share with us. Please note! Company data may be personal data for those who have a sole proprietorship.
What type of personal data do we collect?
The personal data we collect is that which in some way is intended to identify, and which may be linked to, a certain individual, or related to an agreement with a customer – for example, the personal data we collect is: name, address, e-mail address, and phone number. This may also include information you provide during contact with us.
How do we collect your personal data?
The data we hold about you is solely that which you have provided, or that we have collected from you in the course of registrations you have made relating to Monitor ERP System AB. We do not collect any additional data about you from a third party.
How do we use your personal data?
Processing of personal data must be supported by applicable data protection regulations (GDPR), a so-called legal basis in which the purpose for processing the data must be clearly stated. Further down in the document, you can read how we process your personal data for each purpose, point by point.
How long do we save your personal data?
We never save personal data longer than we need. Some personal data is discarded immediately. Other personal data is saved for different periods of time, depending on what the data is used for and our legal obligations.
With whom do we share your personal data?
Within certain fields of business, Monitor ERP System AB may engage subcontractors. This means they may also require certain information about you, as a customer or individual. We may share your personal data with such subcontractors. These parties have the equivalent obligations regarding processing of personal data that you have agreed with us in the capacity of customer. This is regulated in a so-called Personal Data Processing Agreement.
We have approved sub-processors which include:
- Certain IT services
- Partners
- Companies within our Group
Monitor ERP System AB will not share personal data outside the Group, or sell your data to a third party.
How is your personal data protected?
We use IT systems to protect the confidentiality of, and access to, your personal data. We have taken specific security measures to protect your personal data against wrongful or unauthorized processing (e.g., unauthorized access, destruction, or damage). Only those who need to process your personal data for the purposes that have been outlined will have access to the data in question.
The location where your personal data is processed is specified in the Approved Sub-Processors document, for which there is a link in the paragraph above.
What kind of personal data is collected, and why?
To be able to provide products, services, and support/help desk, we need to collect, process, and save your personal data. Below are examples of how we collect your personal data, for what purposes we process your personal data, the legal grounds in question, and the period for which your personal data is saved in our systems.
Examples of situations in which personal data is collected/saved
1. When you make a purchase with Monitor ERP System AB
Personal data is collected, processed, and saved when you purchase a product or service from us. A purchase can be made by phone, letter, or e-mail, or during a physical meeting.
We save and process the personal data in our systems in order to be able to:
- Carry out your purchase.
- Complete the delivery of the product with the related notification, and the contact required in case delivery is delayed.
- Process returning of products and complaints.
- Fulfill warranty commitments, etc.
- Send relevant information and updates about the product.
We save the following personal data: Name, address, mailing address, phone number, and e-mail address.
Legal grounds for the personal data processing: Purchase agreements and delivery agreements with customer and warranty commitments.
The personal data is saved in our ERP system for the duration of the business relationship. When this ends, under the Swedish Accounting Act (the BFL, in Sweden), we are obliged to retain the data for a further 7 (seven) years.
Personal data submitted by e-mail and letter will be immediately deleted once it has been registered in our ERP system.
Quotes
Quotes containing personal data are saved in our ERP system for the duration of the business relationship. When this ends, a purge of terminated contacts takes place annually, or in accordance with applicable accounting laws and practice.
Invoices/Orders
Personal data appears in our business documents, and is saved for the duration of the business relationship. When this ends, personal data will be deleted in accordance with applicable accounting laws and practice – currently after a period of 7 (seven) years.
2. Correspondence by e-mail during customer relationships
Personal data is saved and processed when you contact us, or when we contact you, by e-mail. The type of personal data concerned depends on the matter you are contacting us about.
E-mails regarding general matters
- We save the following personal data: Name, e-mail address, address, and phone number.
- Legal grounds for the personal data processing: Balance of interests.
- The data is saved: On our e-mail server, as long as we have a business relationship or are engaged in an active dialog in this regard. Deletion then takes place annually.
Order confirmations
- We save the following personal data: Name, e-mail address, address, and phone number.
- Legal grounds for the personal data processing: Purchase agreement and delivery agreement.
- The data is saved: On our e-mail server, as long as we have a business relationship. When this ends, deletion takes place annually.
E-mail relating to support
- We save the following personal data: Name, e-mail address, address, and phone number.
- Legal grounds for the personal data processing: Support and Update Agreement.
- The data is saved: In our support system, for the duration of the business relationship. Deletion then takes place annually.
3. When you register in our Support portal
Personal data is processed and saved in order to be able to create and administrate personal pages in the support portal where, for example, you can track and respond to current cases, view old cases and maintain accurate contact details.
- We save the following personal data: Name, address, mailing address, e-mail, phone number, password, IP address.
- Legal grounds for the personal data processing: Support and Update Agreement.
- The personal data which is registered via the support portal is saved in our support case management system for the duration of the business relationship. When this ends, deletion of data takes place annually.
4. When you sign up for one of our events
The personal data you provide when registering for one of our events is processed and saved in our event planning tool, where we use it in order to administrate, plan and invoice in conjunction with conferences, training courses and other meetings organized by Monitor ERP System AB. The information is also used to send relevant information and updates after the completion of the event.
- We save the following personal data: Name, date of birth, address, postal address, e-mail, phone number, title, dietary requirements, special needs.
- Legal grounds for processing of personal data: to provide the service/solution purchased by the customer.
- The personal data registered when you sign up to our events is gathered in our event planning tool and saved for the duration of the business relationship. When this ends, deletion of data takes place annually.
5. When you visit our website
Cookies – we collect data on how our visitors use our website. We do this in order to improve our website, so that you, the visitor, can enjoy the best possible user experience.
Many of the functions we use on the website are dependent on the fact we save cookies. The storage period is specified in the cookie settings, which you can find on the website. However, you may delete them whenever you wish by following the instructions on how to delete cookies in your browser. We also collect information from the IP number you use, as visitor, in order to maintain statistics and carry out analysis so we can tailor content and make it more relevant for our visitors.
We use cookies from other online services – so-called third-party cookies – in order to gain information about how our website is used, and help us to improve its navigation, content, and offers. See the complete list under 'Open Cookie Settings' on our website.
6. Optional: Product statistics
Send usage statistics to Monitor.
The system setting Send usage statistics to Monitor determines whether statistics on the use of Monitor ERP, and hardware (client and server) are sent to Monitor ERP System AB.
Statistics are collected by Monitor in order to pursue improvements in ongoing product development work. Data is collected in accordance with the GDPR. Data is anonymized, which means Monitor is unable to directly identify specific users and personal data without being given access to the customer’s database. The data collected does not contain the values entered by the users, and only indicates that something has been entered. Monitor saves the data collected for a maximum of 120 days before it is converted into a non-identifiable format.
The data collection includes the procedures that are opened and closed, what parts of the procedures are used and updated, and how long updates take. The data collection also includes details of the hardware and software used, such as processors, memory, and disks. More specifically, the following information is collected:
- Error messages.
- How long a procedure takes to open.
- How long a procedure takes to close.
- How long a user-initiated operation takes.
- For how long the Monitor ERP server’s service has been running.
- Times when events in the system take place.
- Current database.
- Current company ID.
- Current warehouse.
- Current user ID.
- Current user’s session ID.
- Current language.
- Current client type.
- .NET-version of the client and server.
- Monitor ERP version
- Monitor ERP system ID.
- URLs requested by clients on the Montior ERP server.
- Application of Check Delivery Time function (system setting).
- Power plan settings in Windows.
7. When you contact us to apply for a vacant position, LIA (Learning in work), APL (Workplace-based learning), thesis projects, or in similar cases
Personal data you provide in applications when registering in our recruitment system. Your application is processed through a candidate profile which collects the information you have provided in your application.
We save the following personal data: Name, date of birth, gender, e-mail address, phone number, address. The attached files, CV, covering letter, any test results and other documents are also saved.
Answers to selection questions, where relevant, in the application form and notes recorded over the course of the recruitment process (in interviews, or when taking references, for example), will also be saved.
Legal grounds for the personal data processing: Legitimate interest in connection with the recruitment process.
We save and process personal data in order to:
- Process your job application and carry out the recruitment process.
- To let you know about positions with us that match your profile.
Applications including selection questions
- Based on your answers to the selection questions in the application form, you may be rejected if you fail to meet the mandatory requirements in the specification of requirements. These mandatory requirements are stated in the job advertisement.
If you have any questions, get in touch with the person specified in the advertisement.
Who views the data?
- Data provided will be available to HR, and those within the organization involved in recruitment.
- If your identity is protected, you should get in touch with the person specified in the advertisement. You should also exercise caution regarding the information you provide in your application. With this in mind, only provide information that is relevant to the position in question.
Data is saved as specified below:
- For registration of an open application, your data is saved for 12 (twelve) months. You will then be asked if you wish to update your information and continue to be available to Monitor in order to match with vacancies within the organization. If you decline, the information about you will be deleted from Monitor’s databases.
- In the case of other registrations relating to applications to Monitor ERP System AB, your data will be saved for 24 months, and Monitor may contact you even when the application process is completed.
8. When visiting the headquarters in Hudiksvall
Video recording takes place at all points where entry and exit are made; all these points are marked with surveillance signs.
The purpose and legal basis for video surveillance is a legitimate interest in ensuring the business’ security by means of perimeter protection.
The recordings are stored for approximately 20 days and are then overwritten with new footage. Recording only occurs when motion is detected.
Your rights
If you would like to find out more about what personal data we process about you, please contact us to gain access to your data. We are responsible for ensuring the personal data we process is correct, and as an individual/customer, you may also add information which is missing, or other relevant details.
Right to access
You may request an excerpt from the register showing the personal data that is held about you. This is sent to the address that is registered with us.
Right to correction
We are responsible for ensuring the personal data we process is correct. If you discover the personal data about you is not correct, you are entitled to ask for it to be corrected. Bear in mind that there is data which you can change yourself, by registering in the support portal.
Right to deletion
Personal data is saved as long as required, depending on the purpose.
As a candidate seeking work, your data will be saved for a maximum of 24 (twenty-four) months, but may be deleted earlier – as specified below – if required.
As a customer of Monitor ERP System AB, certain data, depending on the type, may be saved for up to 7 (seven) years after the relationship ends. Invoice information and invoice bases are saved for as long as is required by law, for example, under the Swedish Accounting Act. As a customer, you have the right, without delay, to have your personal data deleted if any of the following conditions apply:
- If the data is no longer required for the purposes for which it was processed.
- If the processing is solely based on your consent, and you withdraw this consent.
- If you oppose the processing of personal data which takes place after a balance of interests, and there is no justified reason carrying more weight than your interest.
- If personal data has not been processed according to the regulation.
- If deletion of data is required in order to fulfill a legal obligation.
If personal data is deleted, we will notify the parties to whom we have submitted your personal data that deletion has taken place.
Right to object
You have the right to object to the processing of your personal data which we perform on the basis of balance of interests. You must then specify which processing you object to. If we deem that such processing shall still take place, we must show that there are other interests carrying more weight. If the personal data is processed for the purposes of direct marketing, you are entitled to object to this processing at any time.
Right to limitation
You have the right to request a temporary limitation of the processing of your personal data. Processing may be limited in the following situations:
- When you consider your personal data not to be correct, and you have requested a correction in our registers. You can then request that the processing of your personal data should be limited for the duration of the investigation.
- When the data processing is illegal, but you object to your personal data being deleted and instead request that the use of this data should be limited.
- When you need your personal data to be able to confirm, enforce, or defend legal claims, even if we no longer require your personal data for the purposes of our processing.
- When you have objected to the processing of your personal data we are allowed to keep processing your data for the duration of the investigation.
Right to data portability
You have the right to obtain the personal data which you have submitted to us yourself, in order to use this data elsewhere. This applies in cases where you have provided your consent to the data processing, or if the processing is required for us to be able to provide services to you according to the agreement in effect between us. On the other hand, you do not have the right to move your personal data if we are processing it due to a balance of interests or legal obligations.
Complaints and reporting of problems
If you consider your personal data is being processed in breach of current rules and regulations, you should report this to Monitor ERP System AB as soon as possible. You may also file a complaint to the Swedish Authority for Privacy Protection, which is responsible for monitoring the application of the legislation.
If a personal data incident occurs, we are obliged to report it to the Swedish Authority for Privacy Protection. A personal data breach may be an incident which leads to accidental or illegal destruction, loss, or change of your personal data. It could also be an event which leads to unauthorized access to the processed personal data. The incident must be reported to the Swedish Authority for Privacy Protection within 72 hours of detection.
Contact details when you wish to exercise your rights
For all questions regarding processing of personal data, see the contact details below (if nothing else is specified):
E-mail: gdpr@monitor.se
By phone: +46 (0)650–766 00 (08.00–17.00). Ask for the Personal Data Controller.
By letter:
Monitor ERP System AB
Box 264
SE-824 26 Hudiksvall
Request access to personal data
As a private person you are entitled to obtain information about the data we process about you. Requests must be made in writing and signed personally, including the name, address and phone number. Write “GDPR” on the envelope to ensure it is processed correctly.
Send the request to:
Monitor ERP System AB
P.O. Box 264
SE-824 26 Hudiksvall
Questions in this area are handled as regards other questions relating to personal data cases (see above). The excerpt is sent to the address we have registered no later than one month after your application is received.
Monitor ERP and the General Data Protection Regulation (GDPR)
This information is intended for Monitor users with responsibility for personal data.
Gathering and processing of data in Monitor ERP
Those responsible for personal data must ensure their companies gather and process all personal data in the company’s Monitor installation.
To ensure you can gain an overview of your data and be able to review information in advance, we’ve compiled the procedures and functions affected:
Gathering of personal data
Personal data is registered and changed in Monitor in the following procedures (not all are standard procedures):
- Company information
- Update tool
- Update supplier
- Register inquiry
- Register purchase order
- Update customer
- Register quote
- Register customer order
- Register invoices directly
- Update seller
- Register stock order
- Register nonconformity
- Update employee
- Users
Besides the information found directly on customers, suppliers, employees, orders, etc., there is/there may be personal data in the following functions:
- Internal instructions
- Free text fields
- Linked documents, PDF, XML files, text files, etc.
- Adaptations (your own database fields, etc.)
Excerpt from the register of personal data
The right to obtain a register extract (read more on the Swedish Authority for Privacy Protection (IMY) website) is managed most easily by retrieving data on your customers, suppliers or employees via Monitor’s list functions, which exist for all registers.
Deleting personal data
If you wish to delete data for customers, suppliers, personnel, or contacts, you can do so via the Register procedures using the Delete (F6) command. Personal data which is linked to a quote, order, purchase or invoice should probably not be deleted, as this is a legally binding document and must be handled in accordance with applicable laws and regulations.
More information on GDPR
For more information on the General Data Protection Regulation (GDPR), visit the Swedish Authority for Privacy Protection website.