Statement of purpose
Benify values and takes pride in processing personal data with a high level of integrity and security. In this policy, we explain how and why Benify process personal data in the role as Controller.
Controller is the natural or legal person who determines the purposes and means of the processing of the personal data. If the controller engages an external party to process personal data on behalf of the controller, such external party act as a processor.
What is processing of personal data?
Personal data is information related to an identified or identifiable natural person or data subject. An identifiable person is someone who can be identified, either directly, for example through a personal identity number, or indirectly, through use of the data in conjunction with other information in the possession of the data controller. Certain special categories of personal data, including racial or ethnic origin, trade union membership, sexuality, physical or mental health conditions, and religious beliefs, are considered sensitive data. Such data require higher protection and safeguards. Processing personal data includes any operation or set of operations performed on personal data, whether or not by automatic means. So, processing includes disclosure by transmission, structuring, amending, storing and many other activities performed on personal data.
Benify´s processing of personal data
Below all purposes of why Benify processing personal data are listed:
• To deliver services to you as a private user (Fulfillment of agreement)
• To manage your job application/employment (Fulfillment of agreement)
• To provide customer support (Fulfillment of agreement)
• To market our services and perform customer- and market surveys (Legitimate interests)
• To communicate with you who represent an organization that is a customer, potential customer, supplier or potential supplier (Legitimate interests & Fulfillment of agreement)
• To be able to administer your visit to our premises and protect individuals / assets in the event of, for example, fire or burglary (Legitimate interests)
Benify only collect and store the personal data needed for the specific processing and erase the data when it is no longer needed.
Any processor engaged by Benify that will process personal data on behalf of Benify must enter into a data processing agreement with Benify. Pursuant to the agreement, the processor agrees to comply with instructions from Benify and applicable data protection legislation.
Rights of data subjects
According to the EU General Data Protection Regulation (2016/679) you as a data subject have the right to free information regarding the stored data on you as well as the right to correct, block or delete this data. You also have the right to submit a complaint to the relevant supervisory authority.
In order to exercise your rights, please send your request by e-mail to the following address, clearly stating your identity: firstname.lastname@example.org.
The security of personal data is important to Benify. We ensure that appropriate security measures are taken to protect personal data at all times and we follow generally accepted standards and frameworks to protect personal data. This means that personal data, for example, is protected against unauthorized access, changes or destruction.
In order to achieve a structured and strategic approach to information security, Benify has a fully implemented an information security management system according to ISO/IEC 27001 which caters to both administrative and technical security controls. Benify is certified according to the standards ISO/IEC 27001:2013, ISO/ICE 27018:2019 and ISO/ICE27701:2019. The certification process has been performed by an independent external certification body that has been accredited by an accreditation body.
For further information, see the Benify security page available on our public website.
104 51 Stockholm
Data Protection Officer