GDPR policy for UniQuests AB
Overall
UniQuests AB (hereinafter UniQuest) values the privacy of our employees, customers and business partners. In accordance with the General Data Protection Regulation (GDPR), it is our priority to protect personal data and to ensure transparency regarding the collection, use, storage and protection of this data.
Data Protection Officer
UniQuests AB
Representative: Simon Hallberg
Contact details: info@uniquest.se
Data Protection Officer
Brightly Consulting AB
info@brightlyconsulting.se
Scope
This policy applies to all forms of processing of personal data within UniQuest, including digital and physical formats, where personal data relates to employees, potential customers and reservation systems.
Specification of personal data by category of data subjects.
- Employees
Personal data processed:
Name, address, email address and telephone number.
Social security number (for tax purposes, etc.).
Employment history, educational background and professional qualifications.
Bank details for salary payment.
Images and video material for internal use, everyone is consulted first. - People who contact us
Personal data processed:
Name and contact information (e.g., email address, phone number).
Communication preferences and feedback. I.e. things you tell us, or answers
you give us when we try to advise you on which room to book, or what time to book it
. - People who book our rooms
Personal data processed:
Name and contact details of the booking manager (email address, phone number).
Date and time of booking.
UniQuests AB
Klostergatan 4
753 21 Uppsala
Org.nr. 559070-3541
Payment information (only the fact that you will be paying for the booked service. The actual
system for managing the payment is external, and we do not collect any personal data in
connection with this).
Special requests or customizations related to the booking.
Purpose of processing personal data
UniQuest processes personal data for the following purposes.
Employees: To administer employment relationships, including payroll,
staff development and fulfillment of legal obligations.
Potential customers: To communicate about our services, offers and to create
customized experiences.
Bookers: To manage bookings of our Escape Rooms, ensure an
efficient service and provide necessary information to our customers.
Legal basis for processing
Employees: Performance of contracts and legal obligations. The processing is necessary to
perform the employment contract and comply with legal obligations (e.g. tax legislation). As an
employer, we need to pay salary to you as an employee, as well as to pay so-called
social security contributions to the Swedish Tax Agency. In addition, we need to comply with laws and regulations for accounting for
our finances, and to the extent that this requires us to save and process your
personal data, we will do so.
Potential customers: Legitimate interest. We consider that it is more important for us to
process your email address and possibly your name and/or phone number, if you email us
and tell us things, than it is for you not to have this data processed when you
voluntarily send it to us.
People who book: The processing is necessary to fulfill a contract with the customer or
to take steps at the customer's request before entering into a contract. Sure, it sounds technical, but
when you accept our terms and conditions and book an appointment, we have entered into a contract.
Security and protection of personal data
UniQuest undertakes to implement appropriate technical and organizational measures to
protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized
disclosure of, or access to, personal data.
Deletion and storage
Personal data will be stored for as long as necessary for the purposes for which it
was collected. Specifically for the booking system, this means that data will be culled and deleted
one month after the booked time has passed. For employees' and potential customers' data
specific retention periods apply based on legal requirements and business needs.
Personal data provided by the data subject to UniQuest will be deleted on the last day of
the month following the submission of the data.
Rights of the data subject.
UniQuests AB
Klostergatan 4
753 21 Uppsala
Org.nr. 559070-3541
Each data subject has the right of access, rectification, erasure, restriction of processing,
objection to processing and data portability regarding their personal data. UniQuest
shall provide a clear way for data subjects to exercise their rights.
Responsibility and supervision
The Data Protection Officer (DSA) at UniQuest has the task of ensuring that the company complies with the laws
and regulations that apply to data protection processing. UniQuest has also appointed a
Data Protection Officer (DPO) to monitor compliance with this policy and the GDPR. A DPO
is the person who tells a DSA what needs to be done.
If you have any questions or concerns about our handling of personal data, please contact our
DSA or DSO, as you see fit.
Security and protection of personal data
UniQuest is committed to taking all appropriate security measures to protect the personal data mentioned above
against unauthorized access, alteration, disclosure or destruction. This
includes physical, technical and administrative measures.
Changes to the policy
This policy may be updated to reflect new legal requirements or
changes in our processing of personal data. The latest version is always available
on our website.
Contact information
For further information or to exercise your rights, please contact us via
[contact details].
This GDPR policy is a basic framework for how UniQuest handles personal data
and ensures privacy and compliance with applicable data protection laws. It is important that
this policy is regularly reviewed and updated to ensure that it remains relevant
and effective.
This more detailed policy provides an overall account of how UniQuest handles
personal data, which is not only a legal necessity but also an important part of
building and maintaining trust among employees, customers and other stakeholders.