1. Introduction

Sodexo Pass Sweden AB (“Sodexo”, “we”, “our”, “us”) collects and stores information relating to you in accordance with this privacy notice, when you use Weekli. This privacy notice sets out, e.g. which categories of Personal Data that we process and for what purposes the Personal Data is processed.

Throughout this privacy notice the term “processing” will be used, which includes any operation involving Personal Data, including without limitation, collection, administration, storage, sharing, access to, use of, transfer and erasure of Personal Data.

“Personal Data” includes any information which directly or indirectly refers to an identified or identifiable natural person.

In addition to the Personal Data we collect directly from you, we also collect Personal Data from your employer and from publically available sources.

2.  Purposes of the processing

Creation of user accounts

We process your Personal Data in order to create and manage your user account, which includes collection of your Personal Data to create the user account for the service. Personal Data processed for this purpose includes.

Category of Personal Data
  • Name
  • Title
  • E-mail address
  • Age
  • Gender

The legal basis for the processing is a balancing of interests, where Sodexo has a legitimate interest in being able to create and manage your user account in order for Sodexo to fulfil its contractual obligations in relation to your employer. The Personal Data will be stored for the time during which you are an active user of the service.

Administration of questions and answers

We process your Personal Data in order to manage the questions that are being asked through the service and the answers that you provide. This includes distribution of questions to you, storage and aggregation of your answers, including the production of statistics of the answers you provide through the service.

Category of Personal Data
  • Name
  • Title
  • E-mail address
  • Gender
  • Age
  • Activity logs (e.g. how long it took for you to answer a specific question, how many times you have logged in and out before submitting your answers etc.)
  • Health data

The legal basis for the processing is a balancing of interests where Sodexo has a legitimate interest in being able to provide the service in accordance with an agreement with your employer. By answering the questions, you may disclose information relating to your health, which entails that special categories of Personal Data will be processed (health data). Processing of your health data will be carried out only upon your explicit consent. Your Personal Data will be processed for this purpose for the time during which you are an active user of the service and for a period of one (1) year thereafter.

Your Personal Data will within the scope of this purpose be aggregated in order to produce statistics which will be provided to your employer. Kindly note that your employer never will receive information attributable to you as an individual, but only receive statistics where your Personal Data are anonymized. The aggregation will be carried out with the same legal basis as described above.

Moreover, we will use anonymized data based on your answers in order to develop the service. Kindly note that we only use anonymized data for the development of the service, why no Personal Data will be used at the time for the development.

Communication with users

We process your Personal Data in order to communicate with you within the scope of your use of the service, e.g. in order to communicate recommendations based on your answers or in order to contact you regarding that your user account is about to be inactivated. The Personal Data processed for this purpose are:

Category of Personal Data
  • Name
  • E-mail address

The legal basis for the processing is a balancing of interests where Sodexo has a legitimate interest in being able to communicate with you regarding your use of the service. Your Personal Data will be processed for this purpose for the time during which you are an active user of the service.

Comply with legal obligations

We process your Personal Data in order to comply with legal obligations, e.g. accounting and bookkeeping obligations, and obligation under applicable data protection legislation. The Personal Data processed for this purpose are:

Category of Personal Data
Any and all Personal Data necessary in order to comply with the legal obligations.

The legal basis for the processing is to comply with legal obligations. Your Personal Data will be processed for the time necessary in order to comply with each legal obligation, e.g. seven (7) years in order to satisfy requirements to store accounting information.

Establish or defend legal claims

We process your Personal Data, if necessary, to establish and defend legal claims, e.g. in the event of a dispute or any legal proceedings.

Category of Personal Data
Any and all Personal Data necessary in order to establish or defend a legal claim.

Your Personal Data will for this purpose be stored until applicable limitation period runs out and for a period thereafter if there is an ongoing legal procedure.

3. Transfer of Personal Data

We may disclose your Personal Data to external recipients of Personal Data (both within Sweden and in countries outside the EU/EEA). Any transfer outside the EU/EEA will be subject to adequate safeguards which enables secure transfer outside the EU/EEA, in accordance with applicable legislation. A list of the countries outside the EU/EEA to which your Personal Data may be transferred is provided upon your request. You also have the right to receive information about the safeguards taken by Sodexo in order to ensure that the transfers are legal.

Data Processors:

To be displayed. Contact us for more info.

Other data controllers:

Recipient Purpose of the transfer Legal basis
Official Authorities Comply with legal obligations. Legal obligation.
External advisors Transfer to external advisors such as law firms, accounting firms or similar advisors in order to manage legal obligations or establish or defend legal claims. Legal obligation or a legitimate interest where the legitimate interest is to be able to establish or defend legal claims.
Courts of law, counterparties etc. Establish or defend legal claims. Legitimate interest in being able to establish or defend legal claims.
Law enforcement authorities, e.g. the Police. Comply with legal obligations, Legal obligation.

 

4.  Your rights

Right to rectification

Sodexo will take measures to keep your Personal Data correct, complete and up-to-date, in accordance with applicable data protection legislation. You have the right to rectify incomplete or incorrect Personal Data.

Right to object

If the processing of your Personal Data is carried out on the basis of a balancing of interests and you deem your integrity interest to overweigh Sodexo’s legitimate interest in processing your Personal Data, you have the right to, on ground relating to your particular situation, object to the processing by contacting us on the contact details below. If you object to the processing, we must be able to show a compelling reason in order to further process your Personal Data for the purpose to which you have objected.

You also have an absolute right to object to processing of Personal Data for direct marketing purposes.

Right to erasure

Under certain circumstances, such as when you have withdrawn a previously given consent and we do not have another legal basis for the processing of your Personal Data, you have the right to request erasure of your Personal Data.

Right to restriction

Under certain circumstances you have the right to restrict the processing of your Personal Data to only comprise storage of the Personal Data, e.g. during the period when we investigate if you have a right to erasure.

Right to access

You have the right to receive a confirmation from Sodexo that your Personal Data are being processed by us and, if that is the case, access your Personal Data and the following information:

  • the purposes of the processing;
  • de categories of Personal Data processed;
  • the recipients of Personal Data (especially if such recipients are located outside the EU/EEA);
  • the time during which Personal Data is processed;
  • information about the rights under applicable data protection legislation;
  • information about the source through which your Personal Data have been collected; and
  • if any automated decision-making, including profiling, takes place.

In addition to the above, you have a right to on request receive an electronic copy of your Personal Data on a commonly used electronic format.

Right to data portability

When the processing of your Personal Data is carried out on the basis of your consent or if the processing is necessary in order to fulfil or establish a contract with you, and provided that the Personal Data have been collected directly from you, you have the right to receive a copy of your Personal Data on a commonly used, machine readable format.

Right to withdraw you consent

If you have given your consent to any processing, you have the right to, at any time, withdraw your consent. You withdraw your consent by contacting Sodexo on the contact details below.

Complaints to the supervisory authority

You are welcome to contact us if you have any questions or complaints regarding the processing of your Personal Data. However, you always have the right to lodge complaints regarding the processing of your Personal Data to the Swedish Data Protection Authority.

5. Contact us

If you have any questions relating to the processing of your Personal Data, please contact us on the contact details below.

Sodexo Pass Sweden AB

Reg. no. 556649-1444

Kungsgatan 54

111 35 Stockholm

 

Phone: +46 73-542 68 83

E-mail: Allireza.Ghahremani@sodexo.com