DATA MANAGEMENT POLICY
From 25 May 2018, Sweden and the whole of the EU will have a new data protection regulation, abbreviated as GDPR. Myntauktioner i Sverige AB has adopted the following policy for handling personal data.
The purpose of this policy is to ensure that Myntauktioner i Sverige AB handles personal data in accordance with the EU General Data Protection Regulation (GDPR). The policy covers all processing operations involving personal data. The CEO has overall responsibility for the content of this policy and for ensuring that it is implemented and complied with by the business. This policy is embedded in all our employees.
Myntauktioner i Sverige AB’s customer register consists of sellers, buyers and readers of our newsletter. What data is stored depends on what the customer has agreed to. When subscribing to the newsletter, only name and email address are stored. For sales and purchases, name, address, email address and sometimes account number are stored.
We collect personal data in 3 different ways.
A: Through our newsletter, where the customer can fill in their name and email.
B: We sell, the customer then fills in their details on the submission contract.
C: For purchases, when the customer fills in their details when they sign for a bid or place a bid via our auction page.
We keep this data as long as the customer is active with us or as long as we need to comply with legal obligations. In case of inactivity or request from our customers, we delete the personal data. The register is never shared with another party.
THE LIST OF SYSTEMS IN WHICH PERSONAL DATA ARE STORED:
Websites (e.g. MailChimp)
External hard drives
Accounting software (Visma)
Personal data in physical form is stored in safe deposit boxes.
PERSONAL DATA IS USED TO:
Send final reports and invoices to customers
Paying the auction proceeds
RIGHT OF ACCESS
The customer has the right to access at any time the personal data that Myntauktioner i Sverige AB has registered about him or her, for example what information we have registered, what purposes the register serves, what categories of personal data and who the recipients of the information may be.
When distributing information and mailings to several members by e-mail, this is done with so-called “hidden recipients” so as not to reveal members’ e-mail addresses.