For us, it is important that the personal data that you entrust to us is handled in a safe and lawful manner. We ensure that your personal data is always protected and that the processing complies with prevailing data protection rules. In this policy we will inform you how we process your personal data.

Who is Responsible for Your Personal Data?

Scutus is the data controller when processing your personal data.

Client

What personal data do we process and what legal basis allows us to process personal data?

Scutus collects personal data directly from you.
Scutus process personal data such as name, phone number and e-mail.

Your personal data is processed to meet legal responsibilities, to enter or execute a contract with you, or is based on legitimate interests.

For which purposes do we process personal data?

We process personal data in order to:

  • Provide quotations
  • Enter and execute contracts
  • Communicate during the assignment
  • Administer invoicing

Supplier

What personal data do we process and what legal basis allows us to process personal data?

Scutus collects personal data directly from you.

Scutus process personal data such as name, phone number and e-mail.

 Your personal data is processed to meet legal responsibilities, to enter or execute a contract with you, or is based on legitimate interests.

For which purposes do we process personal data?

We process personal data for the following purposes:

  • Obtain quotations
  • Enter and execute contracts
  • Pay invoices

Who has access to personal data?

Scutus co-workers have access to your personal data. We also share personal data with external parties who provide services to us, such as accounting firms, and IT and hosting providers.

How long do we store your personal data?

We will only retain personal data for as long as necessary. In general, when the contract has expired, there is no reason to retain personal data related to the assignment. There are important exceptions. To meet legal responsibilities, we retain personal data for 7 years (accounting and tax regulations) and 10 years (statute of limitations).

Disclosure of personal data to third parties

When Scutus transfer your personal data to an outside third party, for instance when engaging accounting and IT operations services, a processing data agreement is put in place between Scutus and the supplier to secure a safe and lawful processing of your personal data. Scutus never sells your personal data to a third party.

Transfer of data to a third country

Scutus does not transfer personal data outside of EU/EEA.

Your rights under the general data regulation protection

The right of access

You have the right to ask for and receive information about your personal data that we process.

The right to rectification, erasure or limitation

If your personal data is not correct or incomplete, you have the right to have the data rectified. In certain circumstances you have the right to have your personal data erased, for instance if the data is no longer necessary or if the legal basis is consent and the consent has been revoked.

For each request we make an evaluation if you have the right to rectify or erase the data. While your request is processed, you have the right to request limitation of processing the personal data you consider inaccurate or incomplete.

The right to object

You have the right to object to the processing of your personal data, if the legal basis is legitimate interests.

The right to data portability

You have the right to transfer personal data to another party, if the legal basis for processing the data is contract or consent.  

The right to withdraw a consent

You can withdraw your consent at any time, if the legal basis for the data processing is based on your consent. Such withdrawal does not impact the lawfulness of the personal data processing prior to the withdrawal of the consent.

The right to automated decision-making

You have the right to not be the subject of a decision that is only based on automated decision-making, including profiling and which may entail legal consequences.

This is not applicable if:

(a) such data processing is necessary for entering into or performance of a contract

(b) such data processing is permitted under legislation

(c) the legal basis is consent

The right to lodge a complaint to the Swedish Data Protection Authority

If you consider that the data processing is in contravention of the General Data Protection Regulation, you have the right to lodge a complaint about how we process your personal data to the Swedish Data Protection Authority,