Privacy & GDPR

The personal data we collect is that which in some way is intended to identify, and which may be linked to, a certain individual, or related to an agreement with a customer – for example, the personal data we collect is: name, address, e-mail address, and phone number. This may also include information you provide during contact with us.

The data we hold about you is solely that which you have provided, or that we have collected from you in the course of registrations you have made relating to Monitor ERP System AB. We do not collect any additional data about you from a third party.

Processing of personal data must be supported by applicable data protection regulations (GDPR), a so-called legal basis in which the purpose for processing the data must be clearly stated. Further down in the document, you can read how we process your personal data for each purpose, point by point.

We never save personal data longer than we need. Some personal data is discarded immediately. Other personal data is saved for different periods of time, depending on what the data is used for and our legal obligations.

Within certain fields of business, Monitor ERP System AB may engage subcontractors. This means they may also require certain information about you, as a customer or individual. We may share your personal data with such subcontractors. These parties have the equivalent obligations regarding processing of personal data that you have agreed with us in the capacity of customer. This is regulated in a so-called Personal Data Processing Agreement.

We have approved sub-processors which include:

• Certain IT services
• Partners
• Companies within our Group

Monitor ERP System AB will not share personal data outside the Group, or sell your data to a third party.

We use IT systems to protect the confidentiality of, and access to, your personal data. We have taken specific security measures to protect your personal data against wrongful or unauthorized processing (e.g., unauthorized access, destruction, or damage). Only those who need to process your personal data for the purposes that have been outlined will have access to the data in question.

The location where your personal data is processed is specified in the Approved Sub-Processors document, for which there is a link in the paragraph above.

Personal data is collected, processed, and saved when you purchase a product or service from us. A purchase can be made by phone, letter, or e-mail, or during a physical meeting.

We save and process the personal data in our systems in order to be able to:

• Carry out your purchase.
• Complete the delivery of the product with the related notification, and the contact required in case delivery is delayed.
• Process returning of products and complaints.
• Fulfill warranty commitments, etc.
• Send relevant information and updates about the product.

We save the following personal data: Name, address, mailing address, phone number, and e-mail address.

Legal grounds for the personal data processing: Purchase agreements and delivery agreements with customer and warranty commitments.

The personal data is saved in our ERP system for the duration of the business relationship. When this ends, under the Swedish Accounting Act (the BFL, in Sweden), we are obliged to retain the data for a further 7 (seven) years.

Personal data submitted by e-mail and letter will be immediately deleted once it has been registered in our ERP system.

Quotes
Quotes containing personal data are saved in our ERP system for the duration of the business relationship. When this ends, a purge of terminated contacts takes place annually, or in accordance with applicable accounting laws and practice.

Invoices/Orders
Personal data appears in our business documents, and is saved for the duration of the business relationship. When this ends, personal data will be deleted in accordance with applicable accounting laws and practice – currently after a period of 7 (seven) years.

Personal data is saved and processed when you contact us, or when we contact you, by e-mail. The type of personal data concerned depends on the matter you are contacting us about.

E-mails regarding general matters

• We save the following personal data: Name, e-mail address, address, and phone number.
• Legal grounds for the personal data processing: Balance of interests.
• The data is saved: On our e-mail server, as long as we have a business relationship or are engaged in an active dialog in this regard. Deletion then takes place annually.

Order confirmations

• We save the following personal data: Name, e-mail address, address, and phone number.
• Legal grounds for the personal data processing: Purchase agreement and delivery agreement.
• The data is saved: On our e-mail server, as long as we have a business relationship. When this ends, deletion takes place annually.

E-mail relating to support

• We save the following personal data: Name, e-mail address, address, and phone number.
• Legal grounds for the personal data processing: Support and Update Agreement.
• The data is saved: In our support system, for the duration of the business relationship. Deletion then takes place annually.

Personal data is processed and saved in order to be able to create and administrate personal pages in the support portal where, for example, you can track and respond to current cases, view old cases and maintain accurate contact details.

• We save the following personal data: Name, address, mailing address, e-mail, phone number, password, IP address.
• Legal grounds for the personal data processing: Support and Update Agreement.
• The personal data which is registered via the support portal is saved in our support case management system for the duration of the business relationship. When this ends, deletion of data takes place annually.

The personal data you provide when registering for one of our events is processed and saved in our event planning tool, where we use it in order to administrate, plan and invoice in conjunction with conferences, training courses and other meetings organized by Monitor ERP System AB. The information is  also used to send relevant information and updates after the completion of the event.

• We save the following personal data: Name, date of birth, address, postal address, e-mail, phone number, title, dietary requirements, special needs.
• Legal grounds for processing of personal data: to provide the service/solution purchased by the customer.
• The personal data registered when you sign up to our events is gathered in our event planning tool and saved for the duration of the business relationship. When this ends, deletion of data takes place annually.

Cookies – we collect data on how our visitors use our website. We do this in order to improve our website, so that you, the visitor, can enjoy the best possible user experience.

Many of the functions we use on the website are dependent on the fact we save cookies. The storage period is specified in the cookie settings, which you can find on the website. However, you may delete them whenever you wish by following the instructions on how to delete cookies in your browser. We also collect information from the IP number you use, as visitor, in order to maintain statistics and carry out analysis so we can tailor content and make it more relevant for our visitors.

We use cookies from other online services – so-called third-party cookies – in order to gain information about how our website is used, and help us to improve its navigation, content, and offers. See the complete list under 'Open Cookie Settings' on our website.

Send usage statistics to Monitor.

The system setting Send usage statistics to Monitor determines whether statistics on the use of Monitor ERP, and hardware (client and server) are sent to Monitor ERP System AB.

Statistics are collected by Monitor in order to pursue improvements in ongoing product development work. Data is collected in accordance with the GDPR. Data is anonymized, which means Monitor is unable to directly identify specific users and personal data without being given access to the customer’s database. The data collected does not contain the values entered by the users, and only indicates that something has been entered. Monitor saves the data collected for a maximum of 120 days before it is converted into a non-identifiable format.

The data collection includes the procedures that are opened and closed, what parts of the procedures are used and updated, and how long updates take. The data collection also includes details of the hardware and software used, such as processors, memory, and disks. More specifically, the following information is collected:

• Error messages.
• How long a procedure takes to open.
• How long a procedure takes to close.
• How long a user-initiated operation takes.
• For how long the Monitor ERP server’s service has been running.
• Times when events in the system take place.
• Current database.
• Current company ID.
• Current warehouse.
• Current user ID.
• Current user’s session ID.
• Current language.
• Current client type.
• .NET-version of the client and server.
• Monitor ERP version
• Monitor ERP system ID.
• URLs requested by clients on the Montior ERP server.
• Application of Check Delivery Time function (system setting).
• Power plan settings in Windows.

Personal data you provide in applications when registering in our recruitment system. Your application is processed through a candidate profile which collects the information you have provided in your application.

We save the following personal data: Name, date of birth, gender, e-mail address, phone number, address. The attached files, CV, covering letter, any test results and other documents are also saved.

Answers to selection questions, where relevant, in the application form and notes recorded over the course of the recruitment process (in interviews, or when taking references, for example), will also be saved.

Legal grounds for the personal data processing: Legitimate interest in connection with the recruitment process.

We save and process personal data in order to:

• Process your job application and carry out the recruitment process.
• To let you know about positions with us that match your profile.

Applications including selection questions

• Based on your answers to the selection questions in the application form, you may be rejected if you fail to meet the mandatory requirements in the specification of requirements. These mandatory requirements are stated in the job advertisement.

If you have any questions, get in touch with the person specified in the advertisement.

Who views the data?

• Data provided will be available to HR, and those within the organization involved in recruitment.
• If your identity is protected, you should get in touch with the person specified in the advertisement. You should also exercise caution regarding the information you provide in your application. With this in mind, only provide information that is relevant to the position in question.

Data is saved as specified below:

• For registration of an open application, your data is saved for 12 (twelve) months. You will then be asked if you wish to update your information and continue to be available to Monitor in order to match with vacancies within the organization. If you decline, the information about you will be deleted from Monitor’s databases.
• In the case of other registrations relating to applications to Monitor ERP System AB, your data will be saved for 24 months, and Monitor may contact you even when the application process is completed.

Video recording takes place at all points where entry and exit are made; all these points are marked with surveillance signs.

The purpose and legal basis for video surveillance is a legitimate interest in ensuring the business’ security by means of perimeter protection.

The recordings are stored for approximately 20 days and are then overwritten with new footage. Recording only occurs when motion is detected.

You may request an excerpt from the register showing the personal data that is held about you. This is sent to the address that is registered with us.

We are responsible for ensuring the personal data we process is correct. If you discover the personal data about you is not correct, you are entitled to ask for it to be corrected. Bear in mind that there is data which you can change yourself, by registering in the support portal.        

Personal data is saved as long as required, depending on the purpose.

As a candidate seeking work, your data will be saved for a maximum of 24 (twenty-four) months, but may be deleted earlier – as specified below – if required.

As a customer of Monitor ERP System AB, certain data, depending on the type, may be saved for up to 7 (seven) years after the relationship ends. Invoice information and invoice bases are saved for as long as is required by law, for example, under the Swedish Accounting Act. As a customer, you have the right, without delay, to have your personal data deleted if any of the following conditions apply:

• If the data is no longer required for the purposes for which it was processed.
• If the processing is solely based on your consent, and you withdraw this consent.
• If you oppose the processing of personal data which takes place after a balance of interests, and there is no justified reason carrying more weight than your interest.
• If personal data has not been processed according to the regulation.
• If deletion of data is required in order to fulfill a legal obligation.

If personal data is deleted, we will notify the parties to whom we have submitted your personal data that deletion has taken place.

You have the right to object to the processing of your personal data which we perform on the basis of balance of interests. You must then specify which processing you object to. If we deem that such processing shall still take place, we must show that there are other interests carrying more weight. If the personal data is processed for the purposes of direct marketing, you are entitled to object to this processing at any time.

You have the right to request a temporary limitation of the processing of your personal data. Processing may be limited in the following situations:

• When you consider your personal data not to be correct, and you have requested a correction in our registers. You can then request that the processing of your personal data should be limited for the duration of the investigation.
• When the data processing is illegal, but you object to your personal data being deleted and instead request that the use of this data should be limited.
• When you need your personal data to be able to confirm, enforce, or defend legal claims, even if we no longer require your personal data for the purposes of our processing.
• When you have objected to the processing of your personal data we are allowed to keep processing your data for the duration of the investigation.

You have the right to obtain the personal data which you have submitted to us yourself, in order to use this data elsewhere. This applies in cases where you have provided your consent to the data processing, or if the processing is required for us to be able to provide services to you according to the agreement in effect between us. On the other hand, you do not have the right to move your personal data if we are processing it due to a balance of interests or legal obligations.

If you consider your personal data is being processed in breach of current rules and regulations, you should report this to Monitor ERP System AB as soon as possible. You may also file a complaint to the Swedish Authority for Privacy Protection, which is responsible for monitoring the application of the legislation.

If a personal data incident occurs, we are obliged to report it to the Swedish Authority for Privacy Protection. A personal data breach may be an incident which leads to accidental or illegal destruction, loss, or change of your personal data. It could also be an event which leads to unauthorized access to the processed personal data. The incident must be reported to the Swedish Authority for Privacy Protection within 72 hours of detection.

For all questions regarding processing of personal data, see the contact details below (if nothing else is specified):

E-mail: gdpr@monitor.se

By phone: +46 (0)650–766 00 (08.00–17.00). Ask for the Personal Data Controller.

By letter:
Monitor ERP System AB
Box 264
SE-824 26 Hudiksvall

As a private person you are entitled to obtain information about the data we process about you. Requests must be made in writing and signed personally, including the name, address and phone number. Write “GDPR” on the envelope to ensure it is processed correctly.

Send the request to:

Monitor ERP System AB
P.O. Box 264
SE-824 26 Hudiksvall

Questions in this area are handled as regards other questions relating to personal data cases (see above). The excerpt is sent to the address we have registered no later than one month after your application is received.

Personal data is registered and changed in Monitor in the following procedures (not all are standard procedures):

• Company information
• Update tool
• Update supplier
• Register inquiry
• Register purchase order
• Update customer
• Register quote
• Register customer order
• Register invoices directly
• Update seller
• Register stock order
• Register nonconformity
• Update employee
• Users

Besides the information found directly on customers, suppliers, employees, orders, etc., there is/there may be personal data in the following functions:

• Internal instructions
• Free text fields
• Linked documents, PDF, XML files, text files, etc.
• Adaptations (your own database fields, etc.)

The right to obtain a register extract (read more on the Swedish Authority for Privacy Protection (IMY) website) is managed most easily by retrieving data on your customers, suppliers or employees via Monitor’s list functions, which exist for all registers.

If you wish to delete data for customers, suppliers, personnel, or contacts, you can do so via the Register procedures using the Delete (F6) command. Personal data which is linked to a quote, order, purchase or invoice should probably not be deleted, as this is a legally binding document and must be handled in accordance with applicable laws and regulations.

For more information on the General Data Protection Regulation (GDPR), visit the Swedish Authority for Privacy Protection website.