MEAPLUS
Privacy Policy
· The Personal Data Meaplus collects about you
· How Meaplus collects your personal data
· How Meaplus uses your Personal Data
· Why Meaplus uses your Personal Data
o Overview
o Summary
o Change of processing purpose
o Maintaining and updating your Personal Data
o Website links to third parties
· Security of your Personal Data
· Breaches affecting your Personal Data
o Paper
o Access
o Erasure
o Submitting a request to enforce your rights
· SEFOS
o Overview
Introduction
Meaplus AB (Meaplus) is committed to legislative and regulatory compliance related to privacy, the responsible use of information, and the need to safeguard the privacy of our employees, Clients and users of our applications, services and websites.
Meaplus is committed to ensuring that the personal data you supply to Meaplus is processed fairly and lawfully, and with skill and care. Meaplus take their responsibilities in respect of protection of personal data extremely seriously.
This statement sets out Meaplus’ privacy policy for the collection and processing of personal information for use of applications and services provided by Meaplus including this website and any personal information provided to Meaplus for any reason.
It is the users responsibility to read and understand this privacy notice, together with any other privacy notice or fair processing notice that Meaplus may provide on specific occasions when collecting or processing personal data that is supplied to Meaplus so that all users site are fully aware of how and why Meaplus are using personal data supplied by users.
The Meaplus Data Protection Officer (DPO) is responsible for managing and maintaining this policy and answering all privacy related questions relating to the use of personal data collected Meaplus services, applications and by this website.
All questions relating to this privacy notice, the use of your personal data, to update your personal data that Meaplus has collected to ensure that it is accurate and current or to exercise your legal rights relating to the personal data collected by Meaplus should be addressed to the DPO (Jonas Olsson) at privacy@meaplus.com.
You have the right to make a complaint at any time to the Swedish Supervisory Authority (the Swedish Data Protection Authority (Dataskyddsförordningen – GDPR), which is the Swedish public authority tasked with protecting the individual’s privacy in the information society without unnecessarily preventing or complicating the use of new technology.
They can be contacted at:
Datainspektionen (Drottninggatan 29, plan 5)
Box 8114
104 20 Stockholm
datainspektionen@datainspektionen.se
or via
https://www.datainspektionen.se/kontakta-oss/
Meaplus would prefer to deal with any issues you may have relating to the processing your personal data prior to contacting the Swedish Data Protection Authority and would ask you to contact the Meaplus DPO in the first instance so we may attempt to resolve any issues to your satisfaction.
Definitions
The definitions in applicable legislation including but not limited to the General Data Protection Regulation (EU) 2016/679 and relevant Swedish Data Protection legislation shall apply and be interpreted in accordance with that legislation.
Term | Meaning |
Applicable legislation | General Data Protection Regulation (EU) 2016/679 and all Swedish legislation relating to the implementation of the GDPR in Sweden and its supporting regulations issued by the Supervisory Authority |
Supervisory Authority | The ‘Swedish Data Protection Authority’ (Dataskyddsförordningen – GDPR),’ |
‘We’, ‘us’, ‘our’ | Terms relating to Meaplus AB. |
‘You’, ‘your’ | Terms relating to the user of applications and services provided by Meaplus including this website. |
Meaplus contact details
Meaplus AB can be contacted at:
Väster Kolsva 5
731 13 Kolsva,
Sweden
DPO (Jonas Olsson) at privacy@meaplus.com
The Personal Data Meaplus collects about you
Personal data is any information which identifies a living individual, as defined by legislation. It does not include data where the identity has been removed so that the data cannot identify a living individual (i.e. it has been anonymised or pseudonymised).
Meaplus may collect, use, store and transfer different kinds of personal data about users of our applications and services including visitors to this website which includes, but may not be limited to the following, which has been grouped together to make it easier to interpret:
Data type | Description of typical personal data collected: |
Contact | email address, phone number, postal address |
Identity | first name, last name |
Marketing and communications (Marcom) | contact details for Meaplus to send requested or generic marketing communications to you |
Profile | username and password for the service, where used, to identify you as a returning authenticated and authorised user with any other profile information that you may provide |
Technical | internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website. |
Usage | information about how you use this service including entry point and exit site |
Aggregated | statistical or demographic data for any purpose. Note 1: This may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly identity a data subject. Note 2: , If Meaplus combine or connect ‘Aggregated Data’ with a user’s personal data so that it can directly or indirectly identify a data subject, it will be treated as ‘personal data’ and used in accordance with this privacy policy |
Meaplus does not collect any ‘Special Categories’ of Personal Data.
Note: ‘Special Categories’ of Personal Data includes:
- personal data revealing racial or ethnic origin;
- personal data revealing political opinions;
- personal data revealing religious or philosophical beliefs;
- personal data revealing trade union membership;
- genetic data;
- biometric data (where used for identification purposes);
- data concerning health;
- data concerning a person’s sex life; and
- data concerning a person’s sexual orientation.
- race or ethnicity;
Meaplus does not collect any information about criminal convictions and offences.
Meaplus does not knowingly collect data relating to children.
How Meaplus collects your personal data;
Meaplus uses different methods to collect personal data from and about you including, but not limited to, the following interactions in a service, application and on this website:
- using an application or service will create technical and usage data which is required for the functionality of the service, application and website
- automated processes that collect Technical Data (as defined above) about your use of the service using cookies, server logs and other similar technologies;
- requesting Meaplus marketing material to be sent to you
- requesting Meaplus to contact you;
- subscribing to or attending a Meaplus service, application, event or publication;
- third party data provides that may include, but not be limited to:
- analytics providers;
- marketing database providers;
- publicly available sources.
How Meaplus uses your Personal Data
Meaplus will only use your Personal Data according to the law relating to the use of Personal Data.
Typically, this includes, but may not be limited to:
- meeting a contractual obligation for a contract that we are about to enter into or have entered into with you;
- to comply with a legal or regulatory obligation;
- to comply with our legitimate interests;
Note: Only where your interests and fundamental rights do not override those interests
Generally, Meaplus does not:
- rely on ‘Consent’ as a legal basis for processing your Personal data;
- have a ‘vital interest’ for processing your Personal Data;
- need your Personal Data to perform a public task.
You have the right to opt out from receiving any marketing material at any time by clicking the unsubscribe link in any Meaplus email you receive or by contacting the Meaplus DPO (Jonas Olsson) at privacy@meaplus.com
The section below provides details on why Meaplus processes your Personal Data.
Why Meaplus uses your Personal Data
Overview
The purposes for which Meaplus plans to use your Personal Data are summarised in the table below with the lawful bases of use and details of the legitimate interests, where appropriate.
Should you require more detailed information on any lawful basis or the basis of legitimate interests for processing your Personal data, contact the Meaplus DPO (Jonas Olsson) at privacy@meaplus.com
Summary
Purpose | Type of data as defined above | Lawful basis for processing including basis of legitimate interest |
To manage our relationship with you including use of Meaplus products | Contact Identity Marcom Technical Usage | Contractual performance; Legal obligation for compliance; Legitimate Interests (maintaining and updating your Personal Data in the product or website; ensuring functionality of Meaplus products and services; reviewing how you use this product or website). |
To administer this website | Contact Identity Technical | Legal obligation for compliance; Legitimate Interests (for operating this website, provision of administration and IT services, protecting information and website security. |
To deliver relevant website content and Marcom material to you | Contact Identity Marcom Profile Technical Usage | Legitimate Interests (to study how you use this website and request Meaplus products and services, to develop Meaplus products and services to grow the business and to continuously improve the Meaplus marketing strategy). |
To contact you after making a contact request via the website or other communications channels or for registering and managing a Meaplus product or service. | Contact Identity Marcom Profile Technical Usage | Legitimate Interests (to study how you use this website, request and use Meaplus products and services, to develop Meaplus products and services to grow the business and to continuously improve the Meaplus marketing strategy). |
To measure and understand the effectiveness and efficiency of the website used by you. | Contact Identity Marcom Profile Technical Usage | Legitimate Interests (to study how you use this website and request Meaplus products and services, to develop Meaplus products and services to grow the business and to continuously improve the Meaplus marketing strategy). |
To use data analytics to improve our website | Technical Usage | Legitimate Interests (to define types of customers for Meaplus products and services, to keep this website updated and relevant, to develop Meaplus’ business and to inform you of the Meaplus marketing strategy) |
Meaplus want to provide you with the ability of determining how we use your Personal Data, specifically regarding Marcom.
Meaplus may use your Contact, Identity, Marcom, Profile, Technical and Usage Data to make decisions on the products and services that we think you may need, want or be of interest to you and to contact you about them.
Meaplus will send you marcom that we think meets these criteria if you:
• are on a third party supplied mailing list that Meaplus has purchased;
• have requested information on some Meaplus products and services via the website or other communications channels;
• met a Meaplus representative at a marketing event, meeting or similar, expressed an interest in Meaplus products and services and provided contact details, including business cards
• purchased products or services from Meaplus.
Where you have not opted out of receiving Marcom from Meaplus.
You have the right to opt out from receiving any marketing material at any time by clicking the unsubscribe link in any Meaplus email you receive or by contacting the Meaplus DPO (Jonas Olsson) at privacy@meaplus.com
However, even if you opt out of receiving Marcom from Meaplus, we may still hold your Personal Data is provided to us as a result of purchasing products and services from us or some other relevant interaction where we are required to keep that data in accordance with our record retention schedule based on legislative requirements for record retention.
Change of processing purpose
Meaplus shall only use your Personal Data for the purposes for which it was collected. Should Meaplus consider that it should be used for another purpose, we may use it if Meaplus consider that the new purpose is compatible with the original purpose.
Should you have any questions on this change of processing purpose, please contact the Meaplus DPO (Jonas Olsson) at privacy@meaplus.com for details.
Note: Where required or permitted by legislation within the jurisdiction, Meaplus may process your Personal Data without your knowledge or consent.
Maintaining and updating your Personal Data
Privacy legislation requires Meaplus to ensure that your Personal Data is accurate and up to date.
Obviously Meaplus cannot ensure this without your assistance, so we ask you to advise the Meaplus DPO (Jonas Olsson) at privacy@meaplus.com of any changes to your Personal Data that we hold.
In addition, we Meaplus contact you on a regular basis to ensure that the Personal Data we hold is accurate and current.
If your Personal Data is to be shared outside the EEA, then Meaplus will ensure a similar degree of protection, as we provide, is provided to protect your Personal Data afforded to it by ensuring at least one of the following safeguards is implemented:
Use of specific model contractual terms agreed by the EU to protect that Personal Data;
In the US, model contractual terms may be used or the supplier Is part of the ‘Privacy Shield’ or its successors.
Meaplus uses third parties (acting as Data Processors) based in the EEA and outside it who provide IT and system administration services.
All third parties engaged by Meaplus shall have specific contracts in place to meet, as a minimum, the requirements of Articles 28 – 34 of GDPR and other applicable legislation.
In summary, no Data Processor can process your Personal Data for their own purposes and shall only process it on written instructions from us and only in accordance with our written instructions.
Meaplus will only disclose to any third party your Personal Data in accordance with your authorisation for its use unless we are required to do so by law. If this is the case, then Meaplus will co-operate with those instructions and provide assistance to law enforcement and Supervisory Authorities as required by law.
Should you have any questions on how your Personal Data is shared by Meaplus, contact the Meaplus DPO (Jonas Olsson) at privacy@meaplus.com.
Website links to third parties
This website may include links to third-party websites, plug-ins and applications as well as embedded content.
If you ‘click’ on these links or enable connections to the remote site, then this may allow that third party to collect your Personal Data.
Meaplus does not control these third parties and are not responsible for how they process and store your Persona Data.
Meaplus strongly recommend that you read and understand any Privacy Policy of all websites you visit before providing your Personal Data to them.
Security of your Personal Data
Meaplus has put in place appropriate technical and organisational information security measures to ensure appropriate controls are in place to protect your Personal Data to the required level as determined by risk assessment.
These controls will protect your Personal Data against accidental or unauthorised:
• Access;
• Modification,
• Erasure;
• Modification.
As part of the Meaplus information security controls in place, all access to your personal Data is restricted to those ‘with a need to access’ based on a justified and documented business case and is subject to regular review to ensure continued business need.
These users are only permitted to access and process your Personal Data on Meaplus’ instructions and all are subject to relevant Confidentiality Agreements or Non-Disclosure Agreements as appropriate.
Meaplus has implemented the relevant parts of ISO / IEC 27001:2013 to implement accepted good practice for information security.
Breaches affecting your Personal Data
Meaplus has a defined information security breach process in place to handle any information security breaches, incidents or adverse events that may occur.
Where this may involve your Personal Data there are specific procedures Meaplus has put in place to deal with any actual or suspected Personal Data breach.
Meaplus will advise the Swedish Supervisory Authority within 72 hours of discovery of the breach where the breach is likely to result in a risk to the rights and freedoms of the Data Subject(s).
Additionally, where the breach is likely to result in a high risk to the rights and freedoms of the Data Subject(s), Meaplus shall communicate the details of the Personal Data breach to the Data Subject(s) without undue delay.
Meaplus will retain all data and information it processes in line with legal and regulatory requirements.
Meaplus will only retain your Personal Data for as long as necessary to fulfil the purposes for which it was collected.
Where retention of your Personal Data is not covered by legislation or regulation, Meaplus will determine retention periods based on the amount, nature, and sensitivity of that Personal Data, the potential risk of harm from unauthorised processing of the Personal Data.
Meaplus may anonymise your Personal Data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
All paper copies of your Personal Data are classified as ‘Confidential’ in Meaplus and disposed of using either cross cut shredding in the office or via a specialised third party disposal company to ensure that your Personal Data cannot be reconstituted and read (i.e. disclosed to an unauthorised party).
Where Personal Data is held on electronic media and it is to be deleted according to the retention schedule or is requested to be deleted by the Data Subject, it is securely deleted from the media on which it was held, unless there is a legislative or regulatory reason for retaining it (e.g. a ‘Legal Hold’, contemplation or, or actual, legal proceedings etc.).
Physical electronic media is either security wiped if it is to be reused in Meaplus or disposed of via a specialised third party disposal company to ensure that your Personal Data cannot be forensically recovered and read (i.e. disclosed to an unauthorised party).
Meaplus will respond to requests from Data Subjects as soon as is practicable and at the latest within one month.
That period may be extended by two further months where necessary, considering the complexity and number of the Data Subject’s request(s). Meaplus shall inform the Data Subject of any such extension within one month of receipt of the request, together with the reasons for the delay and keep you updated of the progress of your request.
Where Meaplus does not intend to comply with any requests, these shall also be responded to within a month.
Submitting a request to enforce your rights
To enforce your rights, contact privacy@meaplus.com.
Meaplus may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights), including proof of Powers of Attorney or similar.
This is a security measure to ensure that your Personal Data is not disclosed to any person who has no right to receive it.
’Cookies’ are small text files that are stored by the browser on your computer or mobile phone. They are widely used to make websites work, or work more efficiently, as well as to provide information to the owners of the site, i.e. Meaplus.
Websites can read from and write to these files, allowing them recognise user preferences or returning visitors.
Note 1: Cookies are not software programs, they cannot carry or spread malware.
Note 2: Data collected by cookies is anonymised based on IP addresses and do not contain any Personal Data, per se.
There is one type of cookie on the Meaplus website:
Strictly necessary cookies
Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
Cookie Name |
Description |
More information |
Expires |
Elementor |
A random unique number or string of letters and numbers. |
Elementor Used in context with the website’s WordPress theme. The cookie allows the website owner to implement or change the website’s content in real-time. |
Persistent |
|
|
|
|
SEFOS
SEFOS is an add-in to Outlook Office 365 that makes it possible to protect the information communicated through e-mail using strong encryption. This, in turn, creates the conditions for being able to send person or sensitive information via Microsoft Outlook Office 365.
In order to use SEFOS, each organization wanting to use it needs to be registered in a SEFOS node through Meaplus, or an authorized partner.
SEFOS is installed as an add-in to Outlook’s local or web-based email client.
The installation can easily be managed centrally through the Office 365 admin centre.
SEFOS user organisations decide which login method is to be allowed.
Information sent to one or more recipients is encrypted through the organization’s SEFOS node and then sent as an attached encrypted file using strong encryption throughout the transmission process until it arrives at the recipient(s) email account(s).
SEFOS is a secure pipeline for transmission of emails, with attachments from the originator to the recipients, and as such does not process Personal Data per se apart from the registration of the users and the transmission of an encrypted email.
The registration process for SEFOS is covered by the Meaplus Privacy Policy above.
The use of Outlook is covered by the Microsoft Privacy Policy as defined at https://privacy.microsoft.com/en-gb/privacystatement.
The use and setup of Outlook within an organisation will be subject to the configuration that the organisation makes for this and the organisational privacy policy, supporting procedures and the organisational record retention schedule.
Meaplus will use registration information for SEFOS to advise registered users of product and service updates or for marketing purposes.
All use of any Personal Data or other information relating to SEFOS under Meaplus’ control shall be managed according to this Privacy Policy.
If you have any concerns about Meaplus’ use of your Personal Data, you can make a complaint to us at:
Meaplus AB
Väster Kolsva 5
731 13 Kolsva,
Sweden
DPO (Jonas Olsson) at privacy@meaplus.com.
You can also complain to the Swedish Data Protection Authority (Dataskyddsförordningen – GDPR), which is the Swedish public authority tasked with protecting the individual’s privacy in the information society without unnecessarily preventing or complicating the use of new technology.
They can be contacted at:
Datainspektionen
(Drottninggatan 29, plan 5)
Box 8114
104 20 Stockholm
datainspektionen@datainspektionen.se
or via
https://www.datainspektionen.se/kontakta-oss/