Statement of purpose
Benify values and takes pride in processing personal data with a high level of security. In this policy Benify demonstrates how we process personal data.
Personal data definition
The legal definition of personal data is; information from which the individual concerned can be identified, either directly or through use of the data in conjunction with other information that is in, or is likely to come into, the possession of the data controller.
Sensitive personal data includes e.g. data subject´s racial or ethnic origin, trade union membership, physical or mental health condition or sexual life and religious beliefs.
How we process personal data
Benify Group’s products are, in short, a total compensation tool through which Benify manages employee remuneration (foremost benefits) and digital advice on pension. When processing personal data Benify assists the client to fulfill their obligations, e.g. that they in some way ensure that all employees actually get their compensation and to fulfill other obligations in their employment agreements.
Benify Group is Data processer, since we process personal data about the end-user from Data controller (our clients). When processing personal data legislation imposes certain requirements of how this is to be done, in orders to secure individuals right to privacy and safe routines in the processing. The product that Benify provides incurs a lot of contact with personal data. Benify only processes personal data within the EEA.
To be able to process personal data on the behalf of a Data controller Benify signs a Personal Data Agreement (PDA) and state that Benify shall comply with instructions from the Data controller and with the personal data regulation in each country. Benify’s subcontractor (Lifeplan) also have to sign a PDA with Benify ensuring that they agree to follow the Data controller´s instructions and security requirements set by applicable personal data legislation in force at each time.
When personal data that Benify Group process and stores no longer for fills a purpose. Benify Group erase the personal data without any delay according to an internal erasing policy.
Benify Group ensures that appropriate security measures are taken to protect personal data at all times. Security mechanisms including e.g. encryption of data, firewalls, secure logging and access controls are in place to protect personal data.
The end-user’s rights
The end-user has the right to once a year, free of charge through the data controller, request written information about the personal data Benify Group holds or processes for him or her.
How cookies can be avoided
Users can always delete cookies from the hard drive in the computer used to login to Benify´s portal. Most modern browsers also support so-called ” Private mode “, which means that the end-user’s cookies are deleted every time they close their browser.
When visiting Benify´s portal Benify will automatically register end-users IP-addresses. The information will be used to calculate the number of visitors and the frequency.
The applicable personal data legislation requires that a Data subject (the end-user) must consent in order for anyone to process their personal data. However, there are some exemptions. Due to these exemptions, no consent is needed. The end-user will get informed about their personal data being processed by Benify when registered.
This policy will be continually monitored and will be subject to an annual review.