Your privacy is very important for us at Sand Annotation AB (“Sand”). Our aim is for you to feel safe with our processing of your personal data.
Sand’s customers, suppliers, and other stakeholders who have contact with Sand should be able to trust that Sand respects their privacy, and follows applicable laws and regulations when collecting and processing data that can be used to identify any individual person ("Personal Data").
Sand enters into service agreements with its customers. Within the framework of these service agreements, customers provide files containing varying amounts of documents with various content. In the case of documents containing Personal Data, the customers have previously entered into agreements with the person(s) from which that data belongs to. These agreements state that the person agrees that their Personal Data can be processed electronically and by supplier to customers, e.g. Sand.
Customers are responsible for personal data according to GDPR in relation to their own customers regarding the Personal Data included in the documents that Sand’s customers provide to Sand electronically.
When Sand receives files containing documents, each document is depersonalized and encrypted in such a way that each document is given a neutral designation - normally a combination of letters and numbers, e.g. C 467 - which does NOT allow identification of a person based on its document identifier. The document, with such neutral designations, is then sent to a scanning service which, depending on the agreement between Sand and its customer, can be hosted by a third party provider to Sand, or a local service. Sand has an agreement with the third party scanning service provider that ensures any document being deleted after scanning has occurred, and that any information within the document is handled in accordance with applicable regional laws.
The result of this scanning procedure will be processed and used to extract relevant information within the document, and is then sent back to the customer. Sand will not store any information extracted, or the document itself, after the results have been sent back to the customer without permission.
The Personal Data that is processed about candidates takes place within the framework of the customers' operations.
In cases where the processing of personal data is based on consent, a person may withdraw his/her consent at any time, provided that the withdrawal does not affect the legality of the previous processing or if there is another legal basis for the processing.
According to the GDPR, a person may have the right to (i) receive information about which personal data concerning the person is being processed; (ii) access this information and, if necessary, request that it be corrected; (iii) demand that personal data concerning the person be deleted; (iv) prevent Sand from processing or limit Sand's ability to process personal data; (v) obtain from Sand a copy of the personal data provided by the person in a structured, plain and machine-readable format.
Sand protects personal data in accordance with applicable data protection legislation and data security.
Sand only saves data for as long as it is needed for the purpose for which, and under the agreements for which, it has been collected. Sand's handling of data as described above is done solely to ensure the fulfilment of legal obligations and for compliance with agreements.
For further information on the Personal Data Protection Ordinance (“GDPR”), please refer to the Privacy Protection Authority (www.imy.se).
115 23 Stockholm
© 2021 All Rights Reserved