Mina tjänster

Du är här: Online help > General information about the program > GDPR in My Services

GDPR in My Services

This page is continuously updated with information about how to manage personal data in the program according to GDPR.

The General Data Protection Regulation (GDPR), may seem overly complicated. To help you get a better overview, we have gathered information about what you can do to comply with GDPR when working in Mina tjänster.

The information on this page refers to the usage of Mina tjänster in its basic format. If you have any extensions or integrations with other services you should also look into how GDPR affects those.

ClosedWhat is GDPR?

The General Data Protection Regulation (GDPR) is a EU regulation which replaced 95/46/EC and other national regulations that previously regulated how personal data was managed.

The basic GDPR regulations:

  • You may only manage personal data if you comply with all the requirements of the regulation.
  • You may only collect personal data for specified purposes.
  • You may only collect personal data that is necessary in order for you to fulfil the specified purposes.
  • If you are in possession of personal data, the data must be continuously updated and correct.
  • When the specified purposes have been fulfilled, the data should be deleted.
  • Personal data must be stored securely to prevent them from being altered or stolen.
  • You must be able to prove that your processing of personal data complies with the GDPR regulations.

At vismaspcs.se you will find more general information about GDPR.

ClosedWork according to GDPR in Mina tjänster

Here you can read about what you need to do to fulfil the GDPR requirements for personal data management when working in Mina tjänster.

ClosedCompiling personal data records

According to the law, you are obligated to inform those you collect personal data about regarding the fact that you are collecting data and the purpose of the data collection. The person you have collected data about has the right to request access to the data you have recorded. In Mina tjänster, there will be information recorded about users.

How to compile such personal data is described below.

ClosedUsers

The easiest way to compile the data you have recorded about an individual user is to go to My services – Users, and open the user in editing mode. Take a picture of what is shown on the screen. Send the picture to your user.

ClosedRemoving recorded personal data

You are only allowed to store personal data for as long as they are needed to fulfil the purpose you stated when collecting the data. The data should be removed after it has served its purpose. You should therefore regularly go over and verify that the personal data you have stored are up-to-date and used according to their original purpose.

Any person you have stored personal data about may also request that the data you have stored be removed. Please note that local accounting legislation takes precedence over GDPR, and that accounting documents which contain personal data should therefore be stored for 7 years.

Delete or pseudonymise

In Mina tjänsterit is not possible to delete a user who you have created payslips or registered time for. If you have users that you cannot delete, but for which you no longer need to store personal data, you can instead choose to pseudonymise the data.

To pseudonymise the data for a user you open them in the editing mode and replace the data by *****. If you want to delete an email address, you have to contact our customer support agents.

You can choose to inactivate a user, this means that the data will not deleted, but the information will not be visible. Read more in How do I delete a user?

ClosedPersonal data collection

Personal data include any information which, directly or indirectly, may identify a natural person. Please note that a sole proprietorship also class as a natural person. According to GDPR you may only collect personal data for specified purposes. These purposes may differ between companies, depending on what business they conduct. One purpose could for example entail storing address information in order to invoice a customer.

Examples of personal data include information such as name, address, telephone number and personal identity numbers. However, since the law states that personal data can be any information that directly or indirectly can be linked to a natural person, such data may also include photos or a description of the distinguishable features of a person. For more information, we recommend taking a look at the Swedish Data Protection Authority's website.

According to GDPR, the person whom you have collected personal data about has the right to access to the following information:

  • who you are
  • the purpose of the data collection
  • what legal grounds that support it
  • whether the information is shared with others
  • how long the data will be stored

The person whom you have collected personal data about has the right to request access to the data.

In the program you find personal data in fields that have a fixed purpose, such as name, phone number and address. If a customer requests access to any information that has been stored about them, this data can easily be compiled. Besides fields with a fixed purpose, personal data can also be stored in other parts of the program, such as in free text fields and comments. We recommend that you avoid entering personal data in these fields since it is difficult to locate, analyse and compile this kind of information.

ClosedPersonal data storage

Your program is cloud-based, which means that the personal data you record is stored on our infrastructure supplier’s servers, as well as our servers here at Visma. More information about how data is stored in Visma’s cloud-based programs can be found at www.visma.com/trust-centre.

Please note that you are always responsible for the data you have collected, and that GDPR applies no matter how data has been stored or distributed. If you consult a third party supplier, you must therefore establish a data processing agreement between your company and the company you are consulting. Read more about this below.
ClosedData processing agreement

As a business owner you sometimes transfer personal data to others, often without even thinking about it. Data could for example be transferred to credit reference companies, webshops as well as invoicing and payment solutions. When a so-called third party supplier receives your personal data they become a processor.

As a business owner you are also a controller, meaning that you are always responsible for the data you receive. You are also responsible for any data that is transferred to third party suppliers. In this case, a data processing agreement between yourself and your third party suppliers is required. Read more about it in the article Personuppgiftsbiträdesavtal – vad innebär GDPR:s längsta ord?

In the support film Biträdesavtalet you will find more information about data processing agreements.

ClosedProcessing agreement between Visma and you as a customer

Your program is cloud-based, which means that any personal data that you register in the program are stored by Visma. Because we process personal data on your behalf, it makes us a third party supplier. Therefore, a data processing agreement between Visma and yourself should be established. Such an agreement is included in the agreement you approve when you start using your program.