Maximus processes personal data and information associated with visitors and their use of our website.
Personal data is only processed if a legitimate interest exists, if consent has been obtained or if the processing is necessary for compliance with legal obligations or the performance of contracts with customers (the parties that order our services), clients (the end users of our services), suppliers or other stakeholders. In conjunction with the processing of personal data, the protection of such data is ensured through compliance with applicable laws and regulations.
Maximus does not provide services directly to children and does not collect personal data about children for preparatory purposes.
Information that is processed
When you contact Maximus, visit our website or come into contact with Maximus in some other manner, we may, if legal grounds exist, collect:
- email address
- professional and educational background
- information about health or disability (only if required as part of a relevant process)
- personal ID number
Other information (in conjunction with website visit)
- questions, enquiries or feedback submitted via the website
- information about use of the website or online services, such as
- website from which Maximus’ website was accessed
- IP address
Purpose of the processing
Maximus processes personal data in order to be able to provide customer service and our services or to comply with legal obligations.
The information that is collected about visitors to our website is used for the following purposes:
- improving the website
- responding to feedback, questions or enquiries
- disclosing information requested by the visitor about the services provided
- providing services
- providing access to online-based systems or portals (clients only)
Legal grounds for the processing
Maximus processes the abovenamed information on one of the following grounds: performance of contract, legal obligation, legitimate interest or explicit consent from the individual whose information is being processed.
Recipients of the information processed by Maximus
Maximus may make information available to external parties who are contractually bound to ensure secure and lawful processing of the information. Information may also be made available to third parties in order to comply with a legal or regulatory obligation, or if a legitimate interest exists for Maximus or the third party, for example:
- if Maximus needs to disclose information to a law enforcement agency, court of law, supervisory body, government agency or other third party
- if there is a serious threat to an individual’s wellbeing
- if such disclosure is necessary for the provision of contractual services
Recipients of information processed on behalf of clients:
- The Swedish Public Employment Service (Arbetsförmedlingen)
- Suppliers necessary for the provision of Maximus’ services
Maximus does not make personal data or other information available to external parties for the purpose of marketing their services, performing market surveys or other commercial activities.
Maximus stores information for as long as such information is required for lawful processing or to comply with legal obligations. Maximus does not store information longer than necessary.
Maximus stores all information in accordance with policies for information security and applicable laws and regulations. Technical and organisational measures are implemented to protect information against accidental or unlawful destruction, loss or alteration, and against unauthorised disclosure of or access to such information.
Maximus does its utmost in all situations to protect the information that is processed, but we cannot guarantee the security of information sent to us via the internet.
With respect to the processing of personal data, you have the right to request a register extract and, if grounds exist, to request that:
- inaccurate personal data be rectified
- personal data be erased
- personal data only be processed for restricted purposes
- personal data be transmitted to other services/companies (right to data portability)
- your consent to the processing be withdrawn (in applicable cases)
and, if grounds exist, to object to
- personal data being processed on the basis of legitimate interest, e.g. for direct marketing purposes
- decisions based solely on automated decision-making
Furthermore, you have the right to lodge a complaint with the supervisory authority (the Swedish Data Protection Authority – Datainspektionen).
If Maximus processes information on behalf of another party i.e. the other party is the personal data controller for such processing, your request or objection will be forwarded to the controller.
Any request or objection submitted must at least contain:
- confirmation that the request/objection relates to MAXIMUS Sweden AB
- details of the matter to which the request/objection relates
- other information which could be of relevance or importance, e.g. participation in a programme, use of a service (clients only)
- proof/authentication of identity or power of attorney
Maximus may request additional information if necessary and will assess the grounds for the request or objection. Legitimate withdrawal of consent may lead to the cessation of the provision of services by Maximus, in which case you will be informed of such cessation.
If you have questions, or if you wish to submit a request or objection, please contact us via email to firstname.lastname@example.org
or via letter to:
Data Protection Officer
MAXIMUS Sweden AB
Olof Palmes gata 13
111 37 Stockholm
Last updated 17 August 2020.