Privacy & GDPR

Here you can read about how we process data about you when you visit our website, and processing of data in Monitor ERP in order to comply with the GDPR.

Our principles on integrity

Our approach to integrity and data protection rests on three key principles. They lie at the heart of what we do regarding processing of personal data.

  • Openness We have a down-to-earth approach and process personal data by being transparent, reliable and honest.
  • Security Security is top priority at Monitor, and we’re constantly working to improve our tools and procedures with this in mind.
  • Responsibility: We accept the responsibilities associated with processing of personal data and have a full understanding of our role as Personal Data Controller.

Privacy Policy – Monitor ERP System AB

This policy provides information on how Monitor collects, saves, sorts and deletes personal data related information, and how we use it in relation to the purposes and regulations of the General Data Protection Regulation (GDPR). It also outlines what rights you have, and how to exercise them.

It is important to us at Monitor ERP System AB that you feel secure allowing us to handle and save your personal data, and that you are aware we do so in a legal and reliable manner in accordance with the GDPR.

Personal Data Controller – Monitor ERP System AB

Monitor ERP System AB is responsible for the personal data processed, and determines the purpose and method of the processing.

Monitor Enterprise Resource Planning System AB (556071-3454)

Visiting address
Trädgårdsgatan 7
SE-824 26 Hudiksvall

Postal address
Box 264
SE-824 26, Hudiksvall

Telephone (switchboard): +46 (0)650-766 00 (08.00–1700). Ask for the Personal Data Controller.

E-mail: gdpr@monitor.se

Personal data and how we process it

Monitor ERP System AB is Personal Data Controller for processing of the data which we collect, and which you share with us. Please note! Company data may be personal data for those who have a sole proprietorship.

What type of personal data do we collect?

The personal data we collect is that which in some way is intended to identify, and which may be linked to, a certain individual, or related to an agreement with a customer – for example, the personal data we collect is: name, address, e-mail address, and phone number. This may also include information you provide during contact with us.

How do we collect your personal data?

The data we hold about you is solely that which you have provided, or that we have collected from you in the course of registrations you have made relating to Monitor ERP System AB. We do not collect any additional data about you from a third party.

How do we use your personal data?

Processing of personal data must be supported by applicable data protection regulations (GDPR), a so-called legal basis in which the purpose for processing the data must be clearly stated. Further down in the document, you can read how we process your personal data for each purpose, point by point.

How long do we save your personal data?

We never save personal data longer than we need. Some personal data is deleted immediately. Other personal data is saved for different periods of time, depending on what the data is used for and our legal obligations.

With whom do we share your personal data?

Within certain fields of business, Monitor ERP System AB may engage subcontractors. This means they may also require certain information about you, as a customer or individual. We may share your personal data with such subcontractors. These parties have the equivalent obligations regarding processing of personal data that you have agreed with us in the capacity of customer.

This is regulated in a so-called Personal Data Processing Agreement. We have approved sub-processors which include:

  • Certain IT services
  • Partners
  • Companies within our Group

Monitor ERP System AB will not share personal data outside the Group, or sell your data to a third party.

How is your personal data protected?

We use IT systems to protect the confidentiality of and access to your personal data. We have taken specific security measures to protect your personal data against wrongful or unauthorized processing (e.g., unauthorized access, destruction, or damage). Only those who need to process your personal data for the purposes that have been outlined will have access to the data in question.

The location where your personal data is processed is specified in the Approved Sub-Processors document, for which there is a link in the paragraph above.

What kind of personal data is collected, and why?

To be able to provide products, services, and support/help desk, we need to collect, process, and save your personal data. Below are examples of how we collect your personal data, for what purposes we process your personal data, the legal grounds in question, and the period for which your personal data is saved in our systems.

Examples of situations in which personal data is collected/saved

1. When you make a purchase with Monitor ERP System AB

Personal data is collected, processed, and saved when you purchase a product or
service from us. Purchases can be made by telephone, letter, e-mail or physical meeting.

We save and process the personal data in our systems in order to be able to:

  • Carry out your purchase.
  • Complete the delivery of the product with the related notification, and the contact required in case delivery is delayed.
  • Process returning of products and complaints.
  • Fulfill warranty commitments, etc.

We save the following personal data: Name, address, mailing address, phone number, and e-mail address.

Legal grounds for the personal data  processing: Purchase agreements and delivery agreements with customer and warranty commitment.

The personal data is saved in our ERP system for the duration of the business relationship. When this ends, under the Swedish Accounting Act (the BFL, in Sweden), we are obliged to retain the data for a further 7 (seven) years.

Personal data received by e-mail and letter is deleted immediately once transferred to our
ERP system.

Quotes
Quotes containing personal data are saved in our ERP system for the duration of the
business relationship. When this ends, a purge of terminated contacts takes place annually, or in accordance with applicable accounting laws and practice.

Invoices/Orders
Personal data appears in our business documents, and is saved for the duration of the business relationship. When this ends, personal data will be deleted in accordance with applicable accounting laws and practice –
currently after a period of 7 (seven) years.

2. Correspondence by e-mail during customer relationships

E-mails regarding general matters

  • We save the following personal data: Name, e-mail address, address, and phone number.
  • Legal grounds for the personal data processing: Balance of interests.
  • The data is saved: On our e-mail server, as long as we have a business relationship or are engaged in an active dialog in this regard. Deletion then takes place annually.

Order confirmations

  • We save the following personal data: Name, e-mail address, address, and phone number.
  • Legal grounds for the personal data processing: Purchase agreement and delivery agreement.
  • The data is saved: On our e-mail server, as long as we have a business relationship. When this ends, deletion takes place annually.

E-mail relating to support

  • We save the following personal data: Name, e-mail address, address, and phone number.
  • Legal grounds for the personal data processing: License, Support, and Update Agreement.
  • The data is saved: In our support system, for the duration of the business relationship. Deletion then takes place annually.
3. When you register in our Support portal

Personal data is processed and saved in order to be able to create and administrate personal pages in the support portal where, for example, you can track and respond to current cases, view old cases and maintain accurate contact details.

  • We save the following personal data: Name, address, mailing address, e-mail, phone number, password, IP address.
  • Legal grounds for the personal data processing: Support and Update Agreement.
  • The personal data which is registered via the support portal is saved in our
    support case management system for the duration of the business relationship. When this ends, deletion of data takes place annually.
4. When you sign up for one of our events

The personal data you provide when registering for one of our events is processed and saved in our event planning tool, where we use it in order to administrate, plan and invoice in conjunction with conferences, training courses and other meetings organized by Monitor ERP System AB.

  • We save the following personal data: Name, date of birth, address, postal address, e-mail, phone number, title, dietary requirements, special needs.
  • Legal grounds for processing of personal data: to provide the service/solution purchased by the customer.
  • The personal data registered when you sign up to our events is gathered in our event planning tool and saved for the duration of the business relationship. When this ends, deletion of data takes place annually.
5. When you register to subscribe to our newsletter

Personal data is processed and saved in order to be able to send information and news via our newsletter.

  • We save the following personal data: Name, e-mail address, postal code.
  • Legal grounds for the personal data processing: Legitimate interest.
  • The personal data is registered via the e-commerce platform and saved on our own servers, in Sweden. The personal data is saved with the option to unsubscribe directly in the newsletter, or by getting in touch with the company.
6. When you visit our website

Cookies – we collect data on how our visitors use our website. We do this in order to improve our website, so that you, the visitor, can enjoy the best possible user experience.

Many of the functions we use on the website are dependent on the fact we save cookies.
We save cookies for 24 months, however, you may delete them whenever you wish by following the instructions on how to delete cookies in your browser. We also collect information from the IP number you use, as visitor, in order to maintain statistics and carry out analysis so we can tailor content and make it more relevant for our visitors.

We use cookies from other online services – so-called third-party cookies – in order to gain information about how our website is used, and help us to improve its navigation,
content, and offers. These cookies enable you to use social media functions, such as “liking” on Facebook, and other updates direct from our website. We use the following services for analysis and statistical purposes: Google, Piwik PRO, Facebook, LinkedIn and Leadfeeder.

7. Optional: Product statistics

Send usage statistics to Monitor

The system setting Send usage statistics to Monitor determines whether statistics on the use of Monitor G5, and hardware (client and server) are sent to Monitor ERP System AB.

Statistics are collected by Monitor in order to pursue improvements in ongoing product development work. Data is collected in accordance with the GDPR. Data is  anonymized, which means Monitor is unable to directly identify specific users and personal data without being given access to the customer’s database. The data collected does not contain the values entered by the users, and only indicates that something has been entered. Monitor saves the data collected for a maximum of 120 days before it is converted into a non-identifiable format.

The data collection includes the procedures that are opened and closed, what parts of the procedures are used and updated, and how long updates take. The data collection also includes details of the hardware and software used, such as processors, memory, and disks. More specifically, the following information is collected:

  • Error messages.
  • How long a procedure takes to open.
  • How long a procedure takes to close.
  • How long a user-initiated operation takes.
  • For how long the Monitor server’s service has been running.
  • Times when events in the system take place.
  • Current database.
  • Current company ID.
  • Current warehouse.
  • Current user ID.
  • Current user’s session ID.
  • Current language.
  • Current client type.
  • .NET-version of the client and server.
  • Monitor version
  • Monitor system ID.
  • URLs requested by clients on the Monitor server.
  • Application of Check Delivery Time function (system setting).
  • Power plan settings in Windows.
8. When you contact us to apply for a vacant position, LIA (Learning in work), APL (Workplace-based learning), thesis projects, or in similar cases

Personal data you provide in applications when registering in our recruitment system. Your application is processed through a candidate profile which collects the information you have provided in your application.

We save the following personal data: Name, date of birth, gender, e-mail address, phone number, address. The attached files, CV, covering letter and other documents are also saved. Answers to selection questions, where relevant, in the application form and notes recorded over the course of the recruitment process (in interviews, or when taking references, for example), will also be saved.

Legal grounds for the personal data processing: Legitimate interest in connection with the recruitment process.

We save and process personal data in order to:

  • Process your job application and carry out the recruitment process.
  • To let you know about positions with us that match your profile.

Applications including selection questions

  • Based on your answers to the selection questions in the application form, you may be rejected if you fail to meet the mandatory requirements in the specification of requirements. These mandatory requirements are stated in the job advertisement.

If you have any questions, get in touch with the person specified in the advertisement.

Who views the data?

  • Data provided will be available to HR, and those within the organization involved in recruitment.
  • If your identity is protected, you should get in touch with the person specified in the advertisement. You should also exercise caution regarding the information you provide in your application. With this in mind, only provide information that is relevant to the position in question.

Data is saved as specified below:

  • For registration of an open application, your data is saved for 12 (twelve) months. You will then be asked if you wish to update your information and continue to be available to Monitor in order to match with vacancies within the organization. If you decline, the information about you will be deleted from Monitor’s databases.
  • In the case of other registrations relating to applications to Monitor ERP System AB, your data will be saved for 24 months, and Monitor may contact you even when the application process is completed.

Your rights

If you would like to find out more about what personal data we process about you, please contact us to gain access to your data. We are responsible for ensuring the personal data we process is correct, and as an individual/customer, you may also add information which is missing, or other relevant details.

Right to access

You may request an excerpt from the register showing the personal data that is held about you. This is sent to the address that is registered with us.

Right to correction

We are responsible for ensuring the personal data we process is correct. If you discover the personal data about you is not correct, you are entitled to ask for it to be corrected. Bear in mind that there is data which you can change yourself, by registering in the support portal.              

Right to deletion

Personal data is saved as long as required, depending on the purpose.

As a candidate seeking work, your data will be saved for a maximum of 24 (twenty-four) months, but may be deleted earlier – as specified below – if required.

As a customer of Monitor ERP System AB, certain data, depending on the type, may be saved for up to 7 (seven) years after the relationship ends. Invoice information and invoice bases are saved for as long as is required by law, for example, under the Swedish Accounting Act. As a customer, you have the right, without delay, to have your personal data deleted if any of the following conditions apply:

  • If the data is no longer required for the purposes for which it was processed.
  • If the processing is solely based on your consent, and you withdraw this consent.
  • If you oppose the processing of personal data which takes place after a balance of interests, and there is no justified reason carrying more weight than your interest.
  • If personal data has not been processed according to the regulation.
  • If deletion of data is required in order to fulfill a legal obligation.

If personal data is deleted, we will notify the parties to whom we have submitted your personal data that deletion has taken place.

Right to object

You have the right to object to the processing of your personal data which we perform on the basis of balance of interests. You must then specify which processing you object to. If we deem that such processing shall still take place, we must show that there are other interests carrying more weight. If the personal data is processed for the purposes of direct marketing, you are entitled to object to this processing at any time.

Right to limitation

You have the right to request a temporary limitation of the processing of your personal data. Processing may be limited in the following situations:

  • When you consider your personal data not to be correct, and you have requested a correction in our registers. You can then request that the processing of your personal data should be limited for the duration of the investigation.
  • When the data processing is illegal, but you object to your personal data being deleted and instead request that the use of this data should be limited.
  • When you need your personal data to be able to confirm, enforce, or defend legal claims, even if we no longer require your personal data for the purposes of our processing.
  • When you have objected to the processing of your personal data we are allowed to keep processing your data for the duration of the investigation.

If the processing of your personal data is temporarily limited, we will notify the parties to whom we have submitted your personal data that such temporary limitation is in effect.

Right to data portability

You have the right to obtain the personal data which you have submitted to us yourself, in order to use this data elsewhere. This applies in cases where you have provided your consent to the data processing, or if the processing is required for us to be able to provide services to you according to the agreement in effect between us. On the other hand, you do not have the right to move your personal data if we are processing it due to a balance of interests or legal obligations.

Complaints and reporting of problems

If you consider your personal data is being processed in breach of current rules and regulations, you should report this to Monitor ERP System AB as soon as possible. You may also file a complaint to the Swedish Authority for Privacy Protection, which is responsible for monitoring the application of the legislation.

If a personal data incident occurs, we are obliged to report it to the Swedish Authority for Privacy Protection. A personal data breach may be an incident which leads to accidental or illegal destruction, loss, or change of your personal data. It could also be an event which leads to unauthorized access to the processed personal data. The incident must be reported to the Swedish Authority for Privacy Protection within 72 hours of detection.

Contact details when you wish to exercise your rights

For all questions regarding processing of personal data, see the contact details below (if nothing else is specified):

E-mail: gdpr@monitor.se

By phone: +46 (0)650–766 00 (08.00–17.00). Ask for the Personal Data Controller.

Mail:
Monitor ERP System AB
Box 264
SE-824 26 Hudiksvall

Request access to personal data

As a private person, you are entitled to obtain information about the data we process about you. Requests must be made in writing and signed personally, including the name, address and phone number. Write “GDPR” on the envelope to ensure it is processed correctly.

Send the request to:

Monitor ERP System AB
Box 264
SE-824 26 Hudiksvall

Questions in this area are handled as regards other questions relating to personal data cases (see above). The excerpt is sent to the address we have registered no later than one month after your application is received.

Monitor ERP and the General Data Protection Regulation (GDPR)

This information is intended for Monitor users with responsibility for personal data.

Gathering and processing of data in Monitor ERP

Those responsible for personal data must ensure their companies gather and process all personal data in the company’s Monitor installation.

To ensure you can gain an overview of your data and be able to review information in advance, we’ve compiled the procedures and functions affected:

Gathering of personal data

Personal data is registered and changed in Monitor in the following procedures (not all are standard procedures):

  • Company information
  • Update tool
  • Update supplier
  • Register inquiry
  • Register purchase order
  • Update customer
  • Register quote
  • Register customer order
  • Register invoices directly
  • Update seller
  • Register stock order
  • Register nonconformity
  • Update employee
  • Users

Besides the information found directly on customers, suppliers, employees, orders, etc., there is/there may be personal data in the following functions:

  • Internal instructions
  • Free text fields
  • Linked documents, PDF, XML files, text files, etc.
  • Adaptations (your own database fields, etc.)
Excerpt from the register of personal data

The right to obtain a register extract (read more on the Swedish Authority for Privacy Protection (IMY) website) is managed most easily by retrieving data on your customers, suppliers or employees via Monitor’s list functions, which exist for all registers.

Deleting personal data

If you wish to delete data for customers, suppliers, personnel, or contacts, you can do so via the Register procedures using the Delete (F6) command. Personal data which is linked to a quote, order, purchase or invoice should probably not be deleted, as this is a legally binding document and must be handled in accordance with applicable laws and regulations.

More information on GDPR

For more information on the General Data Protection Regulation (GDPR), visit the Swedish Authority for Privacy Protection website.