1. What is personal data?
All types of information that can be associated with an identified or identifiable natural person are personal data. Names, addresses and social security numbers are common examples of personal data, but also photos of people and audio recordings are classified as personal data. Personal data is then separated as ordinary and sensitive personal data. Sensitive personal data requires compelling reasons for being registered and this must be able to show companies. Examples of sensitive personal data may be political opinions, sexual orientation, religion and ethnic origin. More about our handling of sensitive data can be found under section 3. Sensitive Personal Data.
2. Information Gathering
When we collect personal data, according to GDPR, we are obliged to tell this to the person concerned. We are also obliged to inform about what information we collect and why. Explanations are presented below for when we may collect information, what information we may collect, how and why we collect it and how long we store it. In most cases when personal data is requested, it is based on the purpose of complying with statutory and contractual requirements or requirements that are necessary to enter into an agreement with a customer, employee or supplier. In cases where this is not provided, it may mean that we cannot enter into an agreement.
Littlefish is a consulting firm with partnerships with SAP and Microsoft. The business consists largely of providing business systems to our customers, which means that Littlefish has direct access to customers’ data, which can sometimes be personal data. This in turn means that Littlefish has a responsibility, as personal data assistant, towards the customer who is responsible for personal data
2.1 When are we allowed to collect information?
In order for us to collect personal data, a legal basis is required. The personal data collected on the basis of a legal basis may not be used for any purpose other than what it was originally intended for. Some of the legal bases used are consent, agreement, legal obligation and balance of interests.
Consent means that we must provide clear information about what information we have collected and what they will be used for. This should then be approved by our employees, customers or suppliers who submit their personal information.
Agreements, such as employment contracts, can be used as a legal basis as long as only the most necessary information required to fulfill the contract is included.
Legal obligations include that we may save personal data if they are necessary in order to fulfill a legal obligation, such as the accounting obligation.
Balance of interests means that we must be able to demonstrate a need for the handling of personal data, and that this need outweighs the individual’s right to protection of the data
2.2 What data do we collect, and how do we collect it?
Collection of personal data is usually done in cases where Littlefish is contacted via email or telephone with cases that will require further contact. Some collection of personal data may also be necessary when customers or other stakeholders call in our support with cases. The primary processing of personal data occurs when an agreement is made between a customer, employee or supplier.
We only collect personal information that is relevant and necessary for the performance of our services and assignments. The reason for this is that we need to have access to certain personal data in order to be able to perform assignments in accordance with the assignment description. Below we present the different procedures for what information we collect and how we collect it regarding customers, employees and suppliers.
The information we collect from our customers usually refers to the representative of the company with whom we have an agreement. Personal information processed for this purpose is name, telephone number, professional title, business address and email. In cases where other employees within the company contact support, consultants or developers at Littlefish, the contact information needed for the case in question is saved. For potential customers, information about the representative is collected at the company in question. Tasks saved are names, telephone numbers and email to the representative.
The majority of the personal data is collected via email and telephone contact as well as business cards in cases where this is distributed. The people within Littlefish who can receive the personal data are mainly relevant to the agreement in the sales department, consultants, support and developers and administration.
Places where data can be saved are in our business system, CRM system, support desk for support cases and / or project management system.
Personal data processed about our employees are mainly names, social security numbers, telephone numbers, bank details, documentation for compensation and benefits, address, qualifications, absence, illness, experience and development as well as information on related parties.
The personal data is mainly collected during employment and in connection with the employment contract being signed by the employee and the employer. The people within Littlefish who can receive the personal data are mainly the CEO, finance department and administration. The personal data is handled in the business system as well as the payroll system used by Littlefish.
Places where data can be saved are in our business system, payroll system and project management system.
Information collected about our suppliers usually refers to the representative of the company with whom we have an agreement. Personal information processed for this purpose is name, telephone number, address, professional title and email.
The information is mainly collected in connection with an agreement between Littlefish and the supplier, the collection can be either via email, telephone or physical meeting. The people within Littlefish who can receive the personal data are mainly relevant to the agreement in the sales department, consultants, support and developers and administration.
Places where data can be saved are in our business system.
2.3 Why do we collect data, and for how long do we store it?
Littlefish never stores personal data for longer than is necessary for processing purposes. Below we present why we collect information and how long we save it for customers, employees and suppliers.
Personal information about our customers is collected when it is relevant to the customer relationship and in accordance with what is required for the fulfillment of an existing customer agreement. The information we collect from our customers usually refers to the representative of the company with whom we have an agreement. Personal data processed for this purpose is name, telephone number, professional title, address and email and the purpose is to be able to have a dialogue with the customer and have the opportunity to administer the customer agreement. In connection with a closed customer relationship, the personal data that does not need to be saved according to legal requirements is deleted.
In cases where other employees within the company contact our support, consultants or developers at Littlefish, the contact information needed for the case in question is saved in order to be able to keep in touch. No personal data is saved after a closed case if the closed case does not proceed to further cases.
Of those who appear as potential customers, data is stored in order to be able to have a dialogue with the representative of the company in question. In cases where the process does not proceed to a customer agreement, Littlefish will delete the representative’s information when the final contact has been made.
Employee personal data is collected and processed to fulfill obligations under law, collective agreements and any individual agreements. Personal data processed about our employees is mainly collected for the following purposes: employment contracts, payment of wages, holidays, salary audits, compensation and benefits, personnel administration, commission, contact information to relatives in case of accidents / incidents, administration of employment benefits (pension, health insurance), reviewing performance and also more generally to ensure compliance with legal obligations (income tax, social security and all relevant employment law).
The information is mainly collected when the employment contract is signed by the employee and the employer. The people within Littlefish who can receive the personal data are mainly the CEO, finance department and administration. The data is handled in the business system, the staff portal and the salary system used at Littlefish. Upon termination of employment, the personal data that do not have to be saved in order to fulfill labor, tax and social security obligations will be deleted.
Our suppliers’ information that is collected usually refers to the representative of the company with whom we have an agreement. Personal information processed for this purpose is name, telephone number, address, professional title and email. The purpose of collecting this information is to generally be able to handle invoices and purchases and to be able to communicate with the supplier about the goods or services we have purchased from them.
The data is mainly collected when an agreement between Littlefish and the supplier is signed. The collection can take place either via email, telephone or physical meeting. Those within Littlefish who can receive personal data are mainly those who are relevant for the agreement, for administration purposes.
If you choose to apply for a job at Littlefish, we will store the information required for recruitment purposes such as name, phone number, email and resumé. The information will only be stored and handled via an e-mail address and any paper transcripts, with a basis for balancing interest. Upon completion of the recruitment process, the information is deleted in cases where the process does not proceed to an employment and any printed material that forms the basis for interviews and balances is completely eliminated on completion of the process. When hiring, personal data will be processed in accordance with points 2.2.2 and 2.3.2.
3. Sensitive Personal Data
Sensitive personal data is described as personal data that requires convincing reasons for being registered and this must be able to show companies. Examples of sensitive personal data may be political views, sexual orientation, sexual life, religious or philosophical beliefs, union membership, information such as the person’s health and ethnic origin.
Littlefish rarely processes sensitive personal information regarding our customers, employees or suppliers. The majority of the personal data required according to what is needed for various purposes within the business includes ordinary personal data. In the unique cases that Littlefish must handle sensitive personal data, they are never processed without the consent of the party concerned or without the support provided by the Data Protection Regulation.
With every processing of sensitive data, Littlefish always takes appropriate protective measures in the work of protecting each person’s sensitive personal data. The availability of sensitive personal data is limited to a few people within Littlefish, whether Littlefish acts as personal data controller or personal data assistant.
4. Visits at www.littlefish.se
In general, you can visit our website without having to provide any personal information. Regardless, some technical information such as IP address, type of browser and how you visited us will be collected. You can read more about this in the section “Cookies”.
If you, as a visitor, fill out our contact form where you ask us to contact you, your information will only be saved in an email specific for the purpose. If, after initial contact, we need to retain the information for further communication, information in the form of names, e-mails and telephone numbers will be stored in our business system, CRM system and project management system. The information you provided in the form will be deleted after first contact if no further communication is to take place.
5. Your individual rights
As a customer, supplier or employee of Littlefish you can always contact us via firstname.lastname@example.org and request removal, adjustment or withdrawal of your personal data with us. In case of such request, we will ask you to verify your identity in order to maintain security. Littlefish, acting as personal data controller, shall provide the registered person with a free copy of the personal data processed. As a registered person, you have the right to make complaints regarding our handling of personal data at the Data Inspectorate.
5.1 Deletion of personal data
The data subject always has the right to have his/her data deleted from the systems where the information is available, at any time. The request is to be sent to email@example.com. In accordance with legal requirements, certain personal data may be stored to comply with legal requirements such as the accounting obligation.
5.2 Adjustment of personal data
The data subject always has the right at any time to have his or her data adjusted or corrected in cases where current personal data being processed are incorrect or no longer relevant. Notification of adjustment or correction of stored personal data is made to firstname.lastname@example.org.
5.3 Withdrawal of personal data
The data subject always has the right to, at any time, obtain a withdrawal of the personal data stored. The registration is made to email@example.com. The data subject receives a copy of the information stored, at no charge. Furthermore, the data subject also has the right to be informed about the purposes of the current processing of personal data and those who have had the opportunity to access the personal data.
Littlefish does not disclose personally-identifiable information to third parties from cookie use.
Together with Cookies, we use Google Analytics in our analysis of visitor behavior on our site. The information used in Google Analytics consists of the IP address and then the majority of the information is anonymous, such as device, language and which browser was used