Statement of purpose
Benify values and takes pride in processing personal data with a high level of integrity and security. In this policy, Benify explains why and how we process personal data on behalf of persons requesting services directly from Benify such as BenifyDeals Privat or demos of Benify’s digital benefit portal and other marketing material and communication related to the portal.
Key terms and definitions
There are some key legal terms that it is essential to know in order to understand this policy. Below is a description of these terms.
Personal data is information related to an identified or identifiable natural person or data subject. An identifiable person is someone who can be identified, either directly, for example through a personal identity number, or indirectly, through use of the data in conjunction with other information in the possession of the data controller. Certain special categories of personal data, including racial or ethnic origin, trade union membership, sexuality, physical or mental health conditions, and religious beliefs, are considered sensitive data. Such data require higher protection and safeguards.
Processing personal data includes any operation or set of operations performed on personal data, whether or not by automatic means. So, processing includes disclosure by transmission, structuring, amending, storing and many other activities performed on personal data.
Controller is the natural or legal person who determines the purposes and means of the processing of their personal data. The controller is entitled to engage other parties to process personal data on its behalf. Such party is called a processor. The processor is thus acting under the authority of the controller and is only allowed to process the controller’s personal data on instructions from the controller or if required by applicable law.
Why Benify processes personal data
When Benify provides BenifyDeals Privat as well as demos of Benify’s digital benefit portal and other marketing material and communication related to the portal, Benify is required to receive and process personal data of the persons to whom these services are provided (the data subjects).
Consequently, Benify is the controller of personal data which Benify processes, and determines the purposes and means of the processing of such personal data. The legal basis for our processing is fulfillment of our agreement with you to provide our services.
When a service is ordered directly from Benify, the person placing the order is informed about Benify’s role as a controller, and the general purposes for which their personal data is being processed by Benify.
How Benify processes personal data
The processing activities carried out by Benify when providing services directly to a data subject generally includes (without being limited to) the following operations:
- Receiving personal data related to the data subject requesting the service
- Administrating orders made by the data subject
- Communicating with the data subject to evaluate the data subject’s experience with, and interest in, Benify’s offer
Before Benify engages in such processing, the data subject must confirm Benify (i) gaining access to relevant personal data of the data subject and (ii) processing that personal data in order to fulfill its obligations to the data subject.
Any processor engaged by Benify that will process personal data under the authority, and on behalf, of Benify must enter into a data processing agreement with Benify. Pursuant to this agreement, the processor agrees to comply with instructions from Benify and applicable data protection legislation.
Benify is obliged to keep the data subjects informed about any processor engaged to process the data subject’s personal data and the data subjects are entitled to object to such processor’s processing.
Benify engages the following processors:
Zendesk – provider of system for customer service
Stay Secure Sweden – provider of advanced e-mail protection services
HubSpot – Provider of marketing management system
Lime – Provider of customer relationship management (CRM) system
Rights of data subjects
According to the EU General Data Protection Regulation (2016/679) you as a data subject have the right to free information regarding the stored data on you as well as the right to correct, block or delete this data. In order to ensure your rights, please send your request by e-mail or mail to the following address, clearly stating your identity:
104 51 Stockholm
Data storage and transfer
Benify only stores and processes personal data within the European Economic Area (EEA). No personal data is transferred to any third country outside of the EEA.
Benify’s data centers are located in Sweden and Germany.
The security of personal data is important to Benify. We ensure that appropriate security measures are taken to protect personal data at all times and we follow generally accepted standards and frameworks to protect personal data. This means that personal data, for example, is protected against unauthorized access, changes or destruction.
In order to achieve a structured and strategic approach to information security, Benify has a fully implemented information security management system according to ISO/IEC 27001 which caters to both administrative and technical security controls. Benify is therefore ISO/IEC 27001:2013 certified. The certification process has been performed by an independent external certification body that has been accredited by an accreditation body.
For further information, see the Benify security page available on our public website.
This policy will be continually monitored and will be subject to an annual review. Document owner is responsible for annual review. In case of recurring critical incidents there may be additional reviews.