This policy regards Littlefish AB (556514-2527) and serves the purpose of protecting the personal intregrity of our clients, suppliers and employees. The policy contains regulations and directions for the management of personal data by Littlefish, as accountable or assistant of the personal data. We find it important that you, as a client, employee or partner, know how we protect that data that we gather about you. Littlefish manages the personal data in accordance with the General Data Protection Regulation (GDPR) in a lawful and correct way.
2. What is personal data?
All kind of data that can be connected to an identified or identifiable person is personal data. Name, address and personal code number are commonly used personal data, but images and voice recordings are classified as personal data as well. Personal data can be separated into regular and sensitive data. Gathering sensitive data requires convincing reasons and the organization has to be able to account for this. Sensitive data could be political standpoints, sexual orientation, religion or ethnic origin. For more information about how we handle this kind of data, please go to chapter 3: Sensitive data.
2. Information gathering
When collecting personal data we are, according to the GDPR, obligated to inform the person in question. We are also obligated to inform about what data we are collecting and why. Below is a presentation of when we are allowed to collect data, what data we are allowed to collect, how and why we collect it and for how long we store it. In most cases, as personal data is gathered, it is for the purpose of fulfilling demands of the legislation or agreement, or demands that are necessary for the agreement with a client, employee or supplier. In case this is not being provided, we cannot reach an agreement. Littlefish is a consultant provider as a partner to SAP and Microsoft. Planfish is a digital HR-solution that has been developed by and is operated by Littlefish. The service is based on the gathering of personal data and is being managed by the client. Littlefish does not have access to this personal data and is not accountable for the management of this.
2.1 When are we allowed to gather data?
Legal basis is required for us to gather data. The personal data that is gathered with support from legal basis cannot be used for other purpose than those that was initially intended. Some of the legal basis that we use are agreements, legal obligation and balancing of interest. Consent means that we are required to provide information about what data we have collected and what it is going to be used for. This has to be approved by our employees, clients or suppliers. Agreements, for instance contracts of employment, can be used as legal basis as long as only necessary data that is needed to fulfill the agreement is incorporated. Legal obligation means that we are allowed to store personal data if it is necessary in order to fulfill legal obligation, for instance accounting obligations. Balance of interest means that we have to be able to show that there is a need for managing personal data and that this need outweighs the individual’s right to the protection of the data.
2.2 What data wo we collect and how do we collect it?
Data is commonly gathered as Littlefish is contacted through email or telephone with errands that will require further contact. Some data collection might also be necessary as clients or other parties contact with our support department. The processing of personal data occurs mainly when a contract with a customer, employee or supplier is broken. We only gather personal data that is relevant and necessary for the execution of our services and obligations. The reason is that we need access to some personal data in order to fulfill our obligations. Below is a presentation of the approach used for what data we gather and how we gather it, regarding our clients, employees and suppliers.
The data that is being gathered about our clients often regards the representative of the organization with whom we have an agreement. Personal data that is being gathered for this purpose is name, telephone number, email, organization name, organization number, professional title and organization address. When other employees of the organization contacts the support, consultants or developers of Littlefish, relevant data is stored for that specific matter. Regarding potential clients, data about the representative at the organization in question is gathered. Data that is being stored about the representative is name, telephone number and email address. The majority of the personal data is being gathered through email, telephone and business cards in cases those are handed out. Those within Littlefish who are able to gather and receive this personal data is mainly those who are relevant for the fulfillment of the agreement, for instance consultants, support consultants, developers and administration representatives. Planfish gathers personal data when an order is being placed and a representative enters the information required. Other personal data registrations are not within the control of Littlefish, and Littlefish is not accountable for the personal data that is being inserted in the system. Places where data can be stored in in our ERP systems, CRM-system and helpdesk for support.
Personal data that is managed about our employees is mainly name, personal code number, telephone number, bank information, basis for pay and compensation, address, qualifications, absence, sickness, experience and information about relatives. Personal data is mainly gathered at the time of a new employment, and as the employee and the employer sign the agreement. Those within Littlefish who can access and receive this data is mainly the CEO, the finance department and administration representatives. The personal data is managed in the ERP system and the pay system that is being used at Littlefish. The data can be stored in our ERP system and in our pay system.
The data that is being gathered about our suppliers is mainly regarding the representative of the organization which we have an agreement with. Personal data that is being managed for this purpose is name, telephone number, address, professional title and email address. The data is gathered as an agreement is reached between the supplier and Littlefish, and the gathering can occur through email, telephone or through a physical meeting. Those within Littlefish who can receive the personal data is mainly relevant employees from the sales department, consultants, support, developers and administrative representatives. The data can be stored in our ERP-system.
2.3 Why do we gather data and for how long do we store it?
Littlefish only stores personal data for as long as it is needed for the fulfillment of the occasion or agreement. Below is a presentation of why we gather data and how long we store it, regarding our clients, employees and suppliers.
Personal data about our clients is gathered when it is relevant for the client relationship and when it is required for the fulfillment of existing agreements. Data regarding our clients is mostly concerning the representative of the organization which we have an agreement with. Personal data that is being gathered for this purpose is name, telephone number, organization name, organization number and email. The purpose with this gathering is for us to be able to stay in contact with the client and to handle the administrative tasks of the agreement. This process occurs at the beginning of the client relationships, as the personal data of the representative of the organization is gathered. The following data gathering conducted by the organization occurs through Planfish and is being managed by representatives of the organization. As a client relationship comes to an end, all relevant data that is not legally required for us to save is being deleted. When other employees within the organization contact the support, consultants or developers of Littlefish, the data required for the matter is being stored in order to maintain further contact. No personal data is stored if the errand ends and if no further contact will be required for that errand. Data about potential clients is being stored with the purpose with having a dialogue with the representative of the organization in question. If the process does not lead to an agreement, Littlefish will delete the data of the representative as the matter is closed.
The personal data of the employees is collected and managed to fulfill out obligations towards the law, collective agreements and any individual agreements. Personal data regarding our employees is mainly gathered for the following purposes: employment agreements, payments of wages, vacation, pay review, compensations and benefits, employee administration, commission, contact information to relatives in case of accident, administration of employment benefits (pensions, life insurance and health insurance), performance review, but also for general matters, like ensuring the fulfillment of legal obligations (income tax, social security regulations and all other relevant labor law legislation). The data is mainly gather as the employment agreement is being signed by the employee and the employer. Those within Littlefish who can access and receive this data is mainly the CEO, the finance department and administration representatives. The data is managed in the ERP system, the employee portal (Planfish) and the pay system that is being used by Littlefish. As an employment terminates, all data that is not required for the purpose of fulfilling obligations within labor law, tax and social security will be deleted.
The data that is being gathered about our suppliers is mainly regarding the representative of the organization with which we have an agreement with. Personal data that is being managed for this purpose is name, telephone number, address, professional title and email address. The purpose of this gathering is to manage invoices of the supplier and for the communication regarding the product or service that we purchase from the supplier. The data is mainly gathered as an agreement is signed between Littlefish and the supplier. The data can be gathered through email, telephone or through physical meetings. Those within Littlefish who can receive the data is mainly employees within the administrative department who are relevant for the agreement.
Should you choose to apply for a job at Littlefish, we will store the data needed for the recruitment process, like name, telephone number, email and CV. The data will be managed through an email address or through the recruitment tool in Planfish. At the termination of a recruitment process, the data is deleted in those cases when the process does not lead to an employment, and all material that was used during the recruitment process will be deleted. If the process leads to an employment, the personal data will be managed in accordance to chapter 2.2.2 and 2.3.2.
3. Sensitive data
Sensitive data accounts for personal data that needs convincing reason for being used, and the organization has to be able to show these reasons. Examples of sensitive data could be political standpoints, sexual orientation, religious of philosophical belief, membership in any trade union, information about the employee’s health or ethnic origin. Littlefish rarely manages sensitive data regarding clients, employees or suppliers. The majority of the personal data that is required for the agreements of the business consists mostly of regular personal data. In those unique cases, when Littlefish has to manage sensitive data, the data will not be managed without the consent of the party in question or without concern to the regulations of the General Data Protection Regulations (GDPR). When managing sensitive data, Littlefish will always take protective measures to protect every person’s sensitive personal data. The accessibility to the sensitive data is limited to a few people at Littlefish, no matter if Littlefish acts as an accountable or assistant.
4. Visit littlefish.se and planfish.app
5. Your individual rights
As a client, employee or supplier of Littlefish, you can always contact us at firstname.lastname@example.org to make adjustments or to find out what data we have stored about you. In case of a request like this, we will ask you to verify your identity. As accountable for personal data, Littlefish will provide the registered individual with a free copy of the personal data that is stored about the individual in question. As registered in our system, you have the right to make complaints about our management of your personal data to the Data Inspection Board (Datainspektionen).
5.1 Deleting personal data
You have the right to, at any time, have your data deleted from the systems where this data can be found. These requests should be sent to email@example.com. In accordance to legal requirements, some personal data could be stored in order to fulfill lawful requirements, like accounting obligations.
5.2 Adjustment of personal data
You have the right to, at any time, have your personal data adjusted or corrected if these are not correct or accurate. These requests should be sent to firstname.lastname@example.org
5.3 View personal data
You have the right to, at any time, get a report of the personal data that is stored about you. These requests should be sent to email@example.com. You will then receive a free copy of the data that is stored about you. In addition, you also have the right to know about the purpose of the storage of the data, and who has been given access to the data.
7. Changes in the policy
This integrity policy belongs to LittleFish AB. The policy applies from 2019-09-01. The content of the policy is being reviewed on a regular basis to make sure that the content is accurate. We have the right to change the policy, but will not decrease the rights that are stated without asking for approval from the concerned parties. Changes in the policy will be announced at www.littlefish.se or through email.