Legal & Privacy

Privacy Policy

Sistec AB is committed to the protection of personal data and processes personal data in accordance with GDPR.

Last updated: 2025-04-30

Data controller: Sistec AB, org.nr 559186‑0548

Address: Gustavslundsvägen 151 G, 167 51 Bromma

Section 1

Introduction

Sistec AB is committed to the protection of personal data and processes personal data in accordance with the EU General Data Protection Regulation (GDPR). This privacy policy describes how personal data is processed within Sistec's various services and what role Sistec has in each processing activity.

This policy concerns the processing of personal data within the framework of business customer relationships.

Section 2

Overview - Sistec's Roles Under GDPR

Sistec processes personal data in different roles depending on the service:

Right to Work Services (RTW): Sistec acts as a data processor.
Booking, payment and administration: Sistec acts as an independent data controller.
ID verification via ID scanner connected to ID06: Processing takes place under a third party's data controllership.

Section 3

Booking, Payment and Administration

3.1 What personal data is processed

Personal data that may be processed in connection with booking, payment and administration includes, for example:

name
contact details
company affiliation
organization number
booking and payment information
integrity.s3.s3_1_list.5
integrity.s3.s3_1_list.6
integrity.s3.s3_1_list.7
integrity.s3.s3_1_list.8
integrity.s3.s3_1_list.9
integrity.s3.s3_1_list.10
integrity.s3.s3_1_list.11
integrity.s3.s3_1_list.12
integrity.s3.s3_1_list.13
integrity.s3.s3_1_list.14
integrity.s3.s3_1_list.15
integrity.s3.s3_1_list.16
integrity.s3.s3_1_list.17
integrity.s3.s3_1_list.18
integrity.s3.s3_1_list.19
integrity.s3.s3_1_list.20
integrity.s3.s3_1_list.21
integrity.s3.s3_1_list.22
integrity.s3.s3_1_list.23
integrity.s3.s3_1_list.24
integrity.s3.s3_1_list.25
integrity.s3.s3_1_list.26
integrity.s3.s3_1_list.27
integrity.s3.s3_1_list.28
integrity.s3.s3_1_list.29
integrity.s3.s3_1_list.30
integrity.s3.s3_1_list.31
integrity.s3.s3_1_list.32
integrity.s3.s3_1_list.33
integrity.s3.s3_1_list.34
integrity.s3.s3_1_list.35
integrity.s3.s3_1_list.36
integrity.s3.s3_1_list.37
integrity.s3.s3_1_list.38
integrity.s3.s3_1_list.39
integrity.s3.s3_1_list.40
integrity.s3.s3_1_list.41
integrity.s3.s3_1_list.42
integrity.s3.s3_1_list.43
integrity.s3.s3_1_list.44
integrity.s3.s3_1_list.45
integrity.s3.s3_1_list.46
integrity.s3.s3_1_list.47
integrity.s3.s3_1_list.48
integrity.s3.s3_1_list.49
integrity.s3.s3_1_list.50
integrity.s3.s3_1_list.51
integrity.s3.s3_1_list.52
integrity.s3.s3_1_list.53
integrity.s3.s3_1_list.54
integrity.s3.s3_1_list.55
integrity.s3.s3_1_list.56
integrity.s3.s3_1_list.57
integrity.s3.s3_1_list.58
integrity.s3.s3_1_list.59
integrity.s3.s3_1_list.60
integrity.s3.s3_1_list.61
integrity.s3.s3_1_list.62
integrity.s3.s3_1_list.63
integrity.s3.s3_1_list.64
integrity.s3.s3_1_list.65
integrity.s3.s3_1_list.66
integrity.s3.s3_1_list.67
integrity.s3.s3_1_list.68
integrity.s3.s3_1_list.69
integrity.s3.s3_1_list.70
integrity.s3.s3_1_list.71
integrity.s3.s3_1_list.72
integrity.s3.s3_1_list.73
integrity.s3.s3_1_list.74
integrity.s3.s3_1_list.75
integrity.s3.s3_1_list.76
integrity.s3.s3_1_list.77
integrity.s3.s3_1_list.78
integrity.s3.s3_1_list.79
integrity.s3.s3_1_list.80
integrity.s3.s3_1_list.81
integrity.s3.s3_1_list.82
integrity.s3.s3_1_list.83
integrity.s3.s3_1_list.84
integrity.s3.s3_1_list.85
integrity.s3.s3_1_list.86
integrity.s3.s3_1_list.87
integrity.s3.s3_1_list.88
integrity.s3.s3_1_list.89
integrity.s3.s3_1_list.90
integrity.s3.s3_1_list.91
integrity.s3.s3_1_list.92
integrity.s3.s3_1_list.93
integrity.s3.s3_1_list.94
integrity.s3.s3_1_list.95
integrity.s3.s3_1_list.96
integrity.s3.s3_1_list.97
integrity.s3.s3_1_list.98
integrity.s3.s3_1_list.99
integrity.s3.s3_1_list.100
integrity.s3.s3_1_list.101
integrity.s3.s3_1_list.102
integrity.s3.s3_1_list.103
integrity.s3.s3_1_list.104
integrity.s3.s3_1_list.105
integrity.s3.s3_1_list.106
integrity.s3.s3_1_list.107
integrity.s3.s3_1_list.108
integrity.s3.s3_1_list.109
integrity.s3.s3_1_list.110
integrity.s3.s3_1_list.111
integrity.s3.s3_1_list.112
integrity.s3.s3_1_list.113
integrity.s3.s3_1_list.114
integrity.s3.s3_1_list.115
integrity.s3.s3_1_list.116
integrity.s3.s3_1_list.117
integrity.s3.s3_1_list.118
integrity.s3.s3_1_list.119
integrity.s3.s3_1_list.120
integrity.s3.s3_1_list.121
integrity.s3.s3_1_list.122
integrity.s3.s3_1_list.123
integrity.s3.s3_1_list.124
integrity.s3.s3_1_list.125
integrity.s3.s3_1_list.126
integrity.s3.s3_1_list.127
integrity.s3.s3_1_list.128
integrity.s3.s3_1_list.129
integrity.s3.s3_1_list.130
integrity.s3.s3_1_list.131
integrity.s3.s3_1_list.132
integrity.s3.s3_1_list.133
integrity.s3.s3_1_list.134
integrity.s3.s3_1_list.135
integrity.s3.s3_1_list.136
integrity.s3.s3_1_list.137

3.2 Purpose and legal basis

The purposes of the processing are to:

administer bookings
process payments
communicate with the customer
fulfil contracts and legal obligations

The legal basis for the processing is contract and, where applicable, legal obligation.

3.3 Sharing of data

Personal data collected in connection with bookings is not shared with external parties, apart from technical suppliers who process data according to Sistec AB's instructions, such as providers of payment, IT and booking systems.

3.4 Storage

Personal data is stored only for as long as necessary to fulfil the purposes of the processing and in accordance with applicable legislation, such as the requirements of the Swedish Bookkeeping Act.

Section 4

Right to Work Services

4.1 Division of roles

When providing Right to Work services, Sistec processes personal data on behalf of the customer. The customer is the data controller and Sistec is the data processor.

4.2 Agreements and instructions

The processing is carried out in accordance with the commercial agreement between the parties and the data processing agreement applicable in the individual customer relationship. Sistec applies a standardised data processing agreement, but may in some cases process personal data under the customer's own processing agreement. Sistec processes personal data only in accordance with the customer's documented instructions.

4.3 Data subjects' rights

In RTW services, the customer is responsible for fulfilling data subjects' rights under GDPR. Sistec assists the customer in accordance with the applicable processing agreement.

Section 5

ID Verification via ID Scanner Connected to ID06

When visiting Sistec's offices, ID verification may be carried out using an ID scanner that is technically connected to the ID06 system.

Personal data processed in this context:

is read directly into the ID06 system,
is processed under a third party's data controllership.

Sistec AB does not have a data processing agreement or any other data processing arrangement with ID06 AB and is not responsible for third-party processing, storage or deletion of personal data in their system.

5.1 Information to data subjects

Questions about the processing of personal data in connection with ID verification and registration in the ID06 system should be directed to ID06 AB. Processing of personal data in this system takes place in accordance with ID06 AB's own privacy policies and terms.

Section 6

Security

Sistec takes appropriate technical and organisational security measures to protect personal data, including access control, staff training and secure IT environments.

Section 7

Data Subjects' Rights

Rights under GDPR are exercised against the appropriate party depending on the processing:

For RTW services: against the customer as data controller.
For booking, payment and administration: against Sistec AB.

Requests can be sent to dpo@sistec.se.

8. Changes to the Policy

This privacy policy may be updated. The version in effect at any given time is published on Sistec's website.

9. Contact

Questions about personal data processing can be directed to:

Sistec AB
Email: dpo@sistec.se