GDPR: Policy for treating data

GENERAL

StiL abides by the General Data Protection Regulation (GDPR) when treating personal information.

We accomplish this by, in most cases, using contracts as the legal basis. Personal data is registered and treated when entering a contract or when administrating an active contract.

This concerns data such as:

  • Name
  • Social security number
  • Gender
  • Mailing address
  • E-mail
  • Phone number
  • Photo and fingerprint for facility access
  • Financial information (e.g. account number when entering a direct debit membership)


Our system is provided by BRP Systems and for every individual member, the following information is registered:

  • Current and previous subscriptions
  • Purchase and booking history
  • Messages sent using the system

StiL has also signed personal assistance agreements with our associates and delivery companies that in some way handle personal data on our behalf.

 

The purpose of the policy

In the current contractual situation, the purpose is to administer and maintain all parties' rights and obligations according to the contract. Memberships are personal, necessitating registering the identity of our members to be able to deliver services and products to the correct individual.

Data can also be used to offer service and services outside of what is regulated by the contract, for statistics and monitoring, and to meet other obligations by law.

If personal data is collected or used for marketing or direct marketing purposes, StiL abides by what is considered good custom in the field.

How long do we save the data?

We save the data for the time necessary to fulfil the purpose for which it was gathered or to keep our commitments, while also meeting the legal requirements for storing data, specifically concerning accounting law.

By routine, StiL deletes data when it is no longer relevant for the purpose(s) above. This occurs after two years of inactivity and is managed automatically by our system.


 

YOUR RIGHTS TO ACCESS, AMENDMENTS AND ERASURE
  • Your right to access your data. You have the right to ask for a copy of and verify all data stored by StiL pertaining to your person. USB drives to collect this data when asked for can be purchased in the reception at self cost. No private drives will be approved due to the risk of introducing viruses or malware to our system. If the data is printed and requires more than five (5) pages, an administrative fee is collected.
  • Your right to amend your data. You have the right to amend incorrect or incomplete information concerning your person.

  • Your right to be erased (“right to be forgotten”). You have the right to request a deletion of your personal data when it is no longer required to meet the purpose for which it was stored. This initially happens by making your data anonymous, which is done within 30 days of you putting in your request. After two (2) years the data is permanently deleted. There might however exist certain legal obligations for which immediately anonymising your data cannot be done. These obligations can originate from accounting or tax laws. During such circumstances, the data necessary to meet the legal obligations is saved and blocked from being used for any other purpose, while any nonessential data is erased.

To use any of these rights, contact our reception.


 

WANT TO FIND OUT MORE?

Data liability at StiL lies with Studentidrotten i Luleå, organisation number: 897000-7988.
If you want more information or wish to object to the treatment of data as stated above, please contact us by e-mail or telephone (contact info in the footer).

More information on the General Data Protection Regulation can be found at The Swedish Data Protection Authority.

Share on Facebook