Introduction and who we are
References to "Medius" on this site should be considered as references to Medius Sverige AB and all of its subsidiaries and affiliates. Medius Sverige AB is a Swedish limited company with registration number 556820-2765, registered office and address at Platensgatan 8, 582 20 Linköping , Sweden and email email@example.com.
Medius is acting in the capacity of Controller when collecting and processing personal data on its own behalf and for its own purposes. This means situations in which Medius determines the purposes and the means of such processing at its own discretion.
For certain services, Medius has been retained by our customers to process personal data as a Processor. In such cases, Medius shall process your personal data on behalf of and based on the specific instructions given by our customer as the Controller. The subject-matter and duration of the processing, the nature and purposes of the processing, the type of personal data and categories of data subjects, together with the rights and obligations of the parties with respect to such processing will be covered by a data processing agreement (or equivalent terms) agreed between Medius and our customer. For example: suppliers who are invited by Medius’ customers to interact with them on the Medius Supplier Portal should take note that the Medius customer is the Controller in relation to the processing of their personal data. As such, business partners are encouraged to connect directly with the respective Medius customer to find out how their personal data is processed in the Supplier Portal.
What personal data do we process and from whom is such data collected?
The type of personal data that Medius processes about you may be:
- Your contact details, such as name, address, telephone number and email address
- Your job title, position including preferences and interests in a professional context and your company’s name
- Website traffic information as provided by your web browser such as browser type, language and the address of the referring website and other traffic information such as IP address
- Website visitor behavior such as which links you click and when
- Any other information that we collect online from you and maintain in association with your account, such as your user name and password
- Any other information that you provide to use when you are communicating with us
Medius may collect personal data directly from you when you make purchases of products and services, you request support for a product or service, you create a user account, you participate in surveys and evaluations or when you submit questions or comments to us.
We may also collect information about you from other sources, including publicly available databases or third parties from whom we have purchased data or to whom you have provided your data, and combine this data with information we already have about you. We may also receive information from other affiliated companies that are a part of our corporate group. This helps us to update, expand and analyze our records, identify new prospects for marketing, and provide information about our products and services that may be of interest to you.
How we use the information we collect and receive
Your personal data may be saved and processed by Medius for the following purposes:
- In order to answer a contact request or to send you educational content, newsletters, press release and similar information or invitations for seminars and similar events to you. Accordingly, if you do not provide the requested personal information, Medius will not be able to respond to a contact request or to send you any newsletters or invitations and information.
- For marketing and market research, as well as basis for Medius’ market and customer analyses, business and product development, and statistics
- To personalize your experience (your information helps us to better respond to your individual needs)
- To improve our websites (we continually strive to improve our websites offerings based on the information and feedback we receive from you)
- To allow Medius to provide, maintain, monitor, improve and develop our business and services and to personalize our services for you
Purpose and lawful basis for the processing
In accordance with Medius’ assessment, the processing is necessary for the purposes of Medius' legitimate interest to enable our business and in answering a contact request, and administering newsletters, information and invitations to you in accordance with your wishes to be contacted or to receive requested information, respectively.
In addition, Medius’ processing of your personal data for marketing purposes, for market research, for market and customer analysis, business and product development and statistics, is based on a legitimate interest. According to Medius’ assessment, the processing is necessary for Medius' legitimate interest to market its products and services, and to analyze and develop its business and operations.
Medius may also use your personal data for the purpose of compliance with applicable laws and protection of our legitimate business interests and legal rights, including but not limited to, use in connection with legal claims, compliance, regulatory, investigative purposes (including disclosure of such information in connection with legal process or litigation).
How long do we store your personal data?
In general, Medius will only retain your personal data for as long as necessary for the stated purpose, while also taking into account our need to answer queries or resolve problems and to comply with legal requirements under applicable law. This means that we may retain your personal data for a reasonable period after your last interaction with us (normally for a period of three calendar years from your last interaction with us but if you are representing a customer of Medius, we may keep your information for the duration of the contractual relationship and to the extent permitted also after the end of that relationship for as long as necessary to perform the purpose). When the personal data that we collect is no longer required in this way, we destroy or delete it in a secure manner.
Personal data provided in connection with newsletter subscriptions, event registrations or information requests are stored by Medius until you unsubscribe from the applicable service. However, if you unsubscribe, Medius will continue to process your personal data to the extent necessary to ensure by technical means that no further posting of newsletters, event invitations, educational information and similar are sent to you. If Medius does not save your personal data in this respect, Medius will not be able to ensure that no further newsletters, invitations or information will be sent to you. The continued processing of your personal data is, according to Medius' assessment, necessary for the purposes of Medius’ legitimate interest in preventing sending of newsletters, information and invitations to you in accordance with your expressed desire.
You have the right to request a confirmation from Medius as to whether or not personal data concerning you are being processed and, where that is the case, obtain access to your personal data. You also have the right to request that Medius corrects any inaccuracies in your personal data and that Medius shall erase your personal data or restrict the processing of your personal data. You further have the right, at any time, to object to Medius’ processing of your personal data if you believe that Medius has no legitimate interest in processing the personal data or to the use of your personal data for the purposes of direct marketing. You are finally entitled to lodge a complaint regarding Medius’ processing of your personal data with a supervisory authority. You can contact Medius for more information about these rights.
How do we share your personal data?
- Third party service providers (for example to email and hosting providers and partners that are administrating webinars or websites or distributing press releases and other information on behalf of Medius and to any other third parties to the extent such disclosure is required to enable products or services to be provided to you and/or our clients);
- Business partners;
- Affiliated companies within our corporate structure; and
- As needed for legal purposes (for example to authorities in accordance with applicable laws and regulations).
Medius may also share your personal data in connection with mergers, acquisitions or divestiture of all or parts of Medius’ business, where the acquiring entity as well as its consultants and Medius’ own consultants may obtain access to data managed by Medius.
When sharing your personal data with third parties we take appropriate technical, organizational and legal measures in accordance with applicable data protection legislation. When required by applicable law, Medius has established Data Processing Addendums with any third party with which your personal data is shared.
Export of personal data
For personal data collected within EEA, the personal data collected is generally processed within EEA. In cases where Medius exports your personal data outside the EEA, such export is based either on a decision by the EU Commission that the third country in question ensures an adequate level of protection, or on appropriate safeguards to ensure that your rights are protected. Examples of appropriate protection measures are approved code of conduct in the recipient country, standard contract clauses or binding company internal rules.
Specifics about emails
In cases where an e-mail sent to or from Medius contains personal data, Medius’ receipt/dispatch and further processing of such e-mail means that we process personal data. E-mails almost always contain personal data because the e-mail address itself is usually considered as personal data. The e-mail may also contain other information that is considered as personal data. When Medius sends e-mails, we either do so to communicate with the recipient (e.g. to reply to an e-mail from him/her or to ask a question), or to inform the recipient of something.
The content of incoming e-mail is usually unknown when the email is received by Medius. When that is the case, the personal data contained in the e-mail is processed by Medius for the purpose of receiving and reading the e-mail to assess if the e-mail shall be deleted or if Medius shall take action. For e-mails sent from Medius, similar considerations are made in connection with dispatch of the e-mails.
If Medius, after receipt of an incoming e-mail, or in connection with sending an outgoing e-mail, considers that the e-mail should not be deleted, and that further processing is necessary, Medius will on a case-by-case basis decide the legal basis, means and period for the processing. The legal basis for the processing of e-mails depends among other things on the content of the e-mail and whether Medius has any relationship with the recipient/sender.
If an email received by Medius contains personal data about a third-party individual, Medius will inform such individual that Medius processes personal data about him/her, provided (i) the identity of the individual is clear and (ii) the provision of such information proves impossible or would involve a disproportionate effort for Medius.
If Medius upon receipt/dispatch of an e-mail, determines that the e-mail shall be deleted, deletion will be made within a reasonable time after receipt/dispatch. If Medius determines that further actions will be taken, it depends on the content of the e-mail, as well as the continued processing and purpose of the same, how long the e-mail, including the personal data, will be kept by Medius
Medius takes security seriously. We take various steps to protect information you provide to us from loss, misuse, and unauthorized access or disclosure. These steps take into account the sensitivity of the information we collect, process and store, and the current state of technology.
Previous privacy policies:
Last updated: 20 December 2021