PRIVACY STATEMENT
Below, we describe how we – MetaProvide Holding Ekonomisk Förening (below referred to as “MetaProvide”) process personal data in relation to you.
Please note that this Privacy Statement applies to processing for which MetaProvide is the controller. For example, if you contact a provider of wellbeing services (“Wellbeing Provider”) through our service, the provider is often the controller of your data even though some of it might be stored in our service. In such case and if you are unsure of who is the controller, we recommend contacting both us and the provider to ensure that we can meet your request.
In this Privacy Statement, we outline
what personal data we may process and the purposes of the processing of this personal data. We also explain
how we may process this personal data. Lastly, we explain
your choices and rights in relation to the processing. Therefore, we kindly ask you to read our Privacy Statement carefully and familiarise yourself with its content.
Who is the controller of personal data?
MetaProvide Holding Ekonomisk förening, reg. no. 769639-8416
Address: Hänninge 504, 243 91 Höör
E-mail address:
gdpr@metaprovide.org
PROCESSING ACTIVITIES
PERSONAL DATA FOR WICH THE WELLBEING PROVIDER IS THE CONTROLLER
We may store different personal data in relation to you as a customer of a Wellbeing Provider which provides its services through Adminly. For example, to book a session, you are asked to provide your name, contact information etc. In addition, the Wellbeing Provider may store personal data they retrieve about you on our platform. In relation to such data, each Wellbeing Provider is the controller of the personal data, and we are a processor.
Should you have any questions about such personal data, please contact your Wellbeing Provider. You can also contact us and we will help you to contact the correct provider.
Personal data in relation to external stakeholders
If you have a business relationship with MetaProvide, or are the contact person at a company which has a business relationship with MetaProvide, we may need certain information to facilitate our business relationship with you. Such information may include:
- Name.
- Personal identity number/organisation number.
- Address.
- Phone number.
- Agreement details.
- Payment information.
- Photo.
The purpose with the processing is to maintain our business relationship with you and pursue our interests in relation to you. The processing is based on our legitimate interest (Art. 6.1(f) GDPR).
MetaProvide may also want to publish your name and photo on the MetaProvide website to inform of our donors and collaborators. The processing is based on your prior consent (Art. 6.1(a) GDPR).
The data will be stored for as long as long as necessary for us to fulfil the purpose of the processing. Certain personal data, which is necessary for accounting purposes, will be stored up to and including the seventh year following the expiry of the calendar year in which the accounting year was closed, in order to comply with Swedish accounting legislation.
Personal data in relation to Wellbeing Providers using Adminly
If you are a Wellbeing Provider using Adminly to provide your services we may process different personal data in relation to you or your employees, as stated below.
ACCOUNT DATA
To administer your account, we may process certain data for you to be able to log in to our services, to reset passwords, send calendar invites, etc. Such data includes:
- Name.
- E-mail address.
- Username.
The purpose of the processing is to be able to administer your account. The processing is based on our legitimate interest (Art. 6.1(f) GDPR).
The data will be stored for as long as you have an account and 30 days thereafter.
INTERVIEW DATA
As you may know, we like to conduct interviews over video with you to get to know how to improve our products. We will store these interviews in a database to access at a later stage. These videos may include the following personal data:
- The name of the person being interviewed.
- Audio- and video recordings or pictures of the person being interviewed.
- Contact information.
- Any other data that you provide during the interview.
The purpose of this processing is to identify you and to help improve our products. The processing of this personal data is based on your prior consent (Art. 6.1(a) GDPR and Art. 9.1(a) GDPR).
We may also want to post such interviews in form of testimonials on our website to market our products. The processing of your personal data in this case is based on your prior consent (Art. 6.1(a) and Art. 9.1(a) GDPR).
The data will be stored for as long as we have your consent, or at a maximum of 5 years. Testimonials will be stored for as long as we have your consent.
USER-GENERATED CONTRIBUTIONS
As a user of Adminly, you may be provided the opportunity to create, post, display, transmit, perform, publish, distribute or broadcast content and material to us (so-called “Contributions”). Such Contributions may include personal data, such as pictures or recordings of the individuals involved as well as other information provided as part of the Contribution.
The purpose of this processing is to improve our products and engage with our user-base, as well as showcasing user-cases and other material on our website. The processing of this personal data is based on the data subject’s prior consent (Art. 6.1(a) and Art. 9.1(a) GDPR.
The data will be stored until no longer needed for the purpose or until the data subject withdraws its consent, whichever occurs first.
ADMINLY PLATFORM CLIENT DATA
To provide our services, we need to store certain data about the Wellbeing Providers using the Adminly Platform. Such data includes:
- Name.
- Interests/business area.
- Contact information.
- Address.
- Payment details.
- Photos.
The purpose of the processing is to be able to provide our services to you. If any of this data is not provided, we might not be able to offer all our services to you as a Wellbeing Provider. The processing is based on our legitimate interest (Art. 6(f) GDPR).
The data will be stored for as long as long as necessary for us to fulfil the purpose of the processing, or at a maximum of 2 years after the expiry of our contract.
Certain personal data, which is necessary for accounting purposes, will be stored up to and including the seventh year following the expiry of the calendar year in which the accounting year was closed, in order to comply with Swedish accounting legislation.
DIGITAL SIGNATURES
To access our services you may digitally sign certain documents through our digital signature provider. In such cases, we may process the following personal data:
- Name.
- E-mail address.
- IP address.
The purpose of the processing is to provide digital signatures for your benefit. The processing is based on our legitimate interest (Art. 6(f) GDPR).
The data will be stored for as long as long as necessary for us to fulfil the purpose of the processing and to pursue our legal interests.
Personal data in relation to our Waiting List
At our website, we have a waiting list that you as a new Wellbeing Providers can sign up to. We will then contact you when you can test our product. To facilitate the waiting list, we need to process the following data:
- E-mail address.
- Country of origin.
The purpose of the processing is to send you an update when you are able to test our product. The processing is based on your prior consent (Art. 6.1(a) GDPR).
The data will be stored for as long as we have your consent, or until you have accepted an offer you to test our product.
Personal data in relation to our Newsletter
We have a newsletter that you can sign up to at our website or when becoming a Wellbeing Provider at Adminly. To be able to send our newsletter, we need to process the following personal data:
The purpose of the processing is to market our product and services. The processing is based on your prior consent (Art. 6.1(a) GDPR).
The data will be stored for as long as we have your consent.
Personal data in relation to our Contact Form
If you contact us through our Contact Form at our website, we need some information to be able to reply to your question or request. When you contact us we may store the following personal data:
- E-mail address.
- Any other personal data you voluntarily provide us when contacting us.
The purpose of the processing is to respond to your question or request. The processing is based on our legitimate interest (Art. 6(f) GDPR).
The data will be stored until we have responded to your question or request.
Personal data in relation to donors
If you donate money to us through the MetaProvide website, we may process certain data to see who has donated to us and to follow up on the donation. Thus, when you donate money to us, we may process the following personal data:
- Name.
- E-mail address.
- Sum of donation.
- Agreement details.
- Photo.
The purpose of the processing is to facilitate the payment and follow up on the donation. The legal ground for the processing is our legitimate interest. (Art. 6(f) GDPR).
MetaProvide may also want to publish your name and photo on the MetaProvide website to inform of our donors and collaborators. The processing is based on your prior consent (Art. 6.1(a) GDPR)
The data will be stored for 7 years after the donation.
Personal data in relation to job applicants
If you apply for a job/freelancing assignment, we will need certain information about you to be able to process the application, for instance:
- Name.
- E-mail address.
- Telephone number.
- CV.
- Cover letter.
- Photo.
The purpose of the processing is to administer your application. The legal ground for the processing is our legitimate interest (Art. 6(f) GDPR).
The data will be until we have processed your application and a period of 6 months after the application period.
Personal data in relation to website visitors
If you visit any of the MetaProvide websites we will gather certain information through the use of cookies. We will only use cookies that are strictly necessary for the website to function properly, and will ask for your consent before placing any other cookies. The legal ground for the processing is our legitimate interest (Art. 6(f) GDPR).
CATEGORIES OF RECIPIENTS
Recipients of the personal data include our website hosting provider, our service provider for transactional e-mails, E-signature providers as well as external advisors and competent authorities. If you have any specific questions about recipients of the personal data, please contact us at the e-mail address stated below.
THIRD COUNTRY TRANSFERS
Your personal data is stored within the EU/EEA and is not transferred to a third country.
YOUR RIGHTS
As a data subject, you have certain rights in relation to our processing, which are described below.
The right to receive confirmation
You have the right to receive confirmation on whether we process personal data about you, and get access to such personal data. You also have the right to obtain information regarding the personal data and how we process it.
The right to rectification
You have the right to have inaccurate personal data concerning you rectified. Depending on the purposes of the processing, you also have the right to have incomplete personal data about you completed.
The right to restriction
In some circumstances you have the right to restrict our processing of your personal data. For example, if you object to the accuracy of the personal data we process about you, you can require that we restrict the processing of your personal data until we have verified the accuracy of the personal data.
The right to deletion
Under some circumstances, you have the right to have personal data concerning you deleted, for example if the personal data is no longer necessary in relation to the purposes for which it was collected or if the personal data have been unlawfully processed.
The right to make objections
Where the legal basis for the processing is our legitimate interest, you are entitled to object to the processing at any time. If you do this, we must provide compelling legitimate grounds for the processing which outweigh your interests, rights and freedoms, in order to proceed with the processing of your personal data.
The right to object to direct marketing
You have the right to object to our processing of your personal data for direct marketing. If you object, we will no longer process your personal data for that purpose.
The right to withdraw your consent
Where the processing is based on your consent, you are entitled to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
The right to data portability
You have the right to receive the personal data relating to you and that you have provided to us, in a commonly used electronic format. You also have the right to transmit that data to another controller.
The right to file a complaint
If you have any comments on our processing of your personal data, you are welcome to contact us. You also have the right to lodge a complaint to the Swedish Data Protection Authority (Sw. Integritetsskyddsmyndigheten) or any other relevant European Data Protection Agency.
ADDITIONS AND AMENDMENTS
We may at any time amend or complement this privacy statement. If we make any amendments or additions, we will publish the amended policy on our website and inform you. In such case, we kindly ask you to carefully review the updated privacy statement.
CONTACT US
If you have any questions or wish to enforce your rights as described above, you are welcome to contact us at
gdpr@metaprovide.org.