Mips AB (publ) (“Mips”, “we”, “us” or “our”) is processing your personal data when you interact with us in various contexts.
We respect your privacy and duly protect the personal data we process about you. All processing of personal data is carried out in accordance with the requirements set out in the general data protection regulation (“GDPR”) and other applicable personal data protection legislation supplementing the GDPR.
We may at our own discretion update this privacy policy at any given time (see at the bottom of this page the date this policy was last updated). If material changes are made, we will provide notice on our website prior to the change becoming effective.
Throughout this privacy policy the term “processing” is used to cover all activities involving your personal data, including e.g. collecting, handling, storing, sharing, accessing, using, transferring and disposing of your personal data. The term “personal data” refers to any information relating to an identified or identifiable natural person.
Depending on in which capacity you are reading this policy, the processing of your personal data may differ. You may read this policy in the capacity as a (i) website visitor, (ii) supplier representative, (iii) customer representative, and (iv) job candidate. To make this notice more relevant to your particular situation, the notice is divided into sections with specific information related to the various roles that you may have when we are processing your personal data.
2.1 How do we collect your personal data?
We collect the data directly from you or data that is generated by you, including your devices, when visiting our website or our digital channels.
2.2 Purpose of the processing of your personal data
2.2.1 Track your use of our website and our digital channels
When you are browsing our website or our digital channels, we will process your IP address and browser user agent string to track your activity. Your personal data is processed for this purpose to administrate and improve this website, for our internal records, and for statistical analysis.
2.2.2 Communicate with you and respond to your questions or feedback, including press contacts
Where we offer you the possibility to communicate with us by asking questions or providing feedback regarding our services and our business, we will process your personal data when you submit a question, comment, feedback, or any other message, including press contacts. The purpose of the processing is to be able to communicate with you and to handle press contacts.
2.2.3 Arrange competitions and contests
We are processing your personal data when we are arranging competitions and contests. This includes carrying out the competition, reviewing responses from participants, announcing and contacting the winner on our social media platforms.
2.2.4 Visitor administration (at our premises)
We are processing your personal data when we administrate e.g. events and meetings at our premises, including keeping participation lists and ensuring that your food preferences are respected.
2.3.1 General
Where necessary in order to achieve the purposes set out in section 2.2, we share your personal data with other entities, authorities, or actors. Please note however that we, regardless of the recipients’ capacity, only will share your personal data with entrusted actors and only to the extent necessary.
2.3.2 Data processors acting on Behalf of Us
In order to fulfill the purposes of the processing of your personal data and to be able to run our business, we transfer personal data to external parties such as third-party service providers that we have engaged, as well as other partners.
These external parties will act as our data processors and may only process your personal data in accordance with our instructions and not for their own purposes. We are the data controller for the processing of personal data that these external parties carry out on our behalf. The purposes of the processing activities carried out by us are outlined in section 2.2.
2.3.3 Recipients that Act as data controllers
The personal data processed by Mips when you visit our website will not be shared with any third party that will process the personal data in the capacity as a data controller.
3.1.1 Administration of contractual relationship
Your personal data will be processed because we have a legitimate interest in administering the relationship with our customers, suppliers, and partners, and to be able to manage the overall cooperation and day-to-day activities. This also includes processing within the scope of the execution of our commercial agreements.
3.1.2 Respond to questions and requests
For the purpose of responding to questions or requests sent to us, e.g. via e-mail or phone.
3.1.3 Invoicing administration
We will process your contact information for reference purposes when we are either issuing invoices to or receiving invoices from the company that you represent.
3.1.4 Collaboration administration (only applicable to influencers and similar collaboration partners)
If you are an influencer of other collaboration partners to Mips, we will process your personal data for the purposes of managing our relationship, e.g. by posting on social media, using content for marketing purposes, campaigns, and following up on the result of various marketing activities.
3.1.5 Fulfil legal obligations
We will process your personal data where necessary in order to comply with legal obligations, e.g. accounting obligations.
3.1.6 Establish, exercise, and defend legal claims
For the purposes of establishing, exercising, and defending legal claims (for example in connection with a dispute or legal process) we may process your personal data.
3.2.1 General
Where necessary in order to achieve the purposes set out in this section 3, we share your personal data with other entities, authorities, or actors. Please note however that we, regardless of the recipients’ capacity, only will share your personal data with entrusted actors and only to the extent necessary.
3.2.2 Data processors acting on Behalf of Us
In order to fulfill the purposes of the processing of your personal data and to be able to run our business, we transfer personal data to external parties such as third-party service providers that we have engaged, as well as other partners. These external parties will act as our data processors and may only process your personal data in accordance with our instructions and not for their own purposes. We are the data controller for the processing of personal data that these external parties carry out on our behalf. The purposes of the processing activities carried out by us are outlined in section 3.
3.2.3 Recipients that Act as data controllers
The categories of recipients mentioned in the table below will process personal data in the capacity as data controllers, i.e. these recipients will determine the purposes and means of the processing without our involvement.
We collect your personal data from:
4.2.1 Managing the recruitment process
Your personal data will be processed by us within the scope of the general management of the recruitment process. Processing activities included in this process are e.g. collection of your personal data, review of CVs and cover letters, conducting interviews, evaluating you as a candidate, and communicating with you within the scope of the recruitment process.
4.2.2 Review and assessment of personality and abilities
Conduct personality and ability tests (for certain positions) to assess and evaluate job candidates’ suitability for applied positions.
4.2.3 Concluding the employment agreement
We will process your personal data in conjunction with the conclusion of the employment agreement with you e.g., when collecting references. Your personal data will also be processed in the employment agreement that we conclude and upon the initiation of the onboarding process.
4.2.4 Evaluate and follow-up the recruitment process
Create reports and statistics of e.g. the number of applications per position.
4.2.5 Establish, exercise and defend legal claims
For the purposes of establishing, exercising and defending legal claims (for example in connection with a dispute or legal process) we may process your personal data.
4.2.6 Fulfil legal obligations
Besides legal obligations within the field of employment, we will process your personal data for the purposes of fulfilling legal obligations related to work permit checks, including storage of related documentation.
4.3.1 General
Where necessary in order to achieve the purposes set out in this section 4, we share your personal data with other entities, authorities, or actors. The categories of recipients mentioned in section 4.3.2 will process personal data on our behalf of us in the capacity of data processors (i.e. such actors will only process your personal data in accordance with our instructions). The categories of recipients mentioned in section 4.3.3 will process personal data in the capacity of data controllers, i.e. these recipients will determine the purposes and means of the processing without our involvement. Please note however that we, regardless of the recipients’ capacity, only will share your personal data with entrusted actors and only to the extent necessary.
4.3.2 Data processors acting on Behalf of Us
In order to fulfill the purposes of the processing of your personal data and to be able to run our business, we transfer personal data to external parties such as third-party service providers that we have engaged, as well as other partners. These external parties will act as our data processors and may only process your personal data in accordance with our instructions and not for their own purposes. We are the data controller for the processing of personal data that these external parties carry out on our behalf. The purposes of the processing activities carried out by us are outlined in this section 4.
4.3.3 Recipients that Act as data controllers
We may transfer or disclose personal data to recipients located outside the EU/EEA (third country), mainly in situations where we are using third-party data processors that will process data in a third country, or if we share personal data with a group company located outside the EU/EEA.
When we transfer or disclose your personal data to a recipient in a country outside of the EU/EEA, we will always ensure that appropriate safeguards have been taken (such as the EU Commission’s standard contract clauses, including other supplementary safeguards as necessary in each case) to protect the personal data. Further, we are regularly carrying out risk assessments to assess what supplementary measures that need to be taken to protect the personal data subject to the transfer or disclosure.
You are entitled to request to receive a copy of any documentation demonstrating that appropriate safeguards have been taken in order to protect your personal data during a transfer to a third country.
If you would like further details about the processing of your personal data and whether your personal data is transferred to a third country, please contact us on the contact details as set out below under section 7.
Access
You may request confirmation whether or not personal data is processed and, if that is the case, access your personal data and additional information such as the purposes of the processing. You are also entitled to receive a copy of the personal data undergoing processing. If the request is made by electronic means the information will be provided in a commonly used electronic format if you do not request otherwise.
Object to certain processing
You have the right to object to the processing of your personal data based on a legitimate interest for reasons which concern your particular situation. In such a situation, we will stop using your personal data where the processing is based on a legitimate interest, unless we can show that the interest overrides your privacy interest or that the use of your personal data is necessary in order to manage or defend legal claims.
Rectification
You have at any time the right to have inaccurate personal data rectified, as well as, taking into account the purposes of the processing, the right to have incomplete personal data completed which relates to you.
Erasure
You may have your personal data erased under certain circumstances, such as when your personal data is no longer needed for the purposes for which it was collected. However, we cannot delete your personal data if we e.g. are obligated under the law to keep the data.
Restriction of processing
You may ask us to restrict the processing of your personal data to only comprise storage of your personal data under certain circumstances, such as when the processing is unlawful, but you do not want your personal data erased. If the processing of your personal data has been restricted we may only, besides storing the data, process your personal data with your consent, or in order to establish, exercise or defend legal claims or to defend the rights of others.
Withdrawal of consent
You have the right to at any time withdraw your consent to the processing of personal data to the extent the processing is based on your consent.
Data portability
You may ask to receive a machine-readable copy of the personal data processed on the basis of your consent or on the basis that the processing is necessary in order to perform an agreement with you, and which personal data have been provided to us by you (data portability) and ask for the information to be transferred to another data controller (where possible).
Complaints to the supervisory authority
You acknowledge that you always have the right to lodge complaints pertaining to the processing of your personal data to the Swedish Authority for Privacy Protection (IMY) or any other relevant authority.
If you have any questions or concerns regarding the processing of your personal data, please contact us on the contact details set forth below.
The data controller for your personal data is:
Mips AB (publ), reg. no. 556609-0162
Kemistvägen 1B
18379 Täby
Email: privacy@mipsprotection.com