THE PERSONAL DATA ACT IS REPLACED BY THE NEW GENERAL DATA PROTECTION REGULATION (GDPR)
On 25 May 2018, new EU rules on the protection of personal data came into effect (the General Data Protection Regulation, 2016/679). GDPR establishes fundamental principles for the processing of personal data and defines the conditions under which such processing is lawful. The regulation also gives individuals the right to information about how their data is processed, access to their personal data, the right to rectify incorrect data, and the possibility to restrict processing.
YOUR PERSONAL DATA IS IMPORTANT TO US
controlcert.se is owned by ControlCert Scandinavia AB, which takes privacy very seriously and uses data that can identify individual persons (hereafter referred to as Personal Data) only in accordance with this policy.
It is important to us that the personal data you entrust to us as a customer is handled with care, responsibility, transparency, and in compliance with the law. Below we outline how we process your personal data — something we are required to do under Swedish and European data protection legislation.
The purpose of this information is to give you a more detailed explanation of why and how we process your personal data when you use our services.
WHO IS RESPONSIBLE FOR YOUR PERSONAL DATA
When you contact us as a customer, subscribe to a newsletter, or use our websites, ControlCert Scandinavia AB is the entity responsible for your personal data. Under the law, this is referred to as the data controller.
WHERE YOUR PERSONAL DATA COMES FROM
The main source of personal data about you is you. This includes information you provide when using our services or when updating your details in connection with newsletters or email communications. Examples include your name and contact information such as email address and postal address.
We also store visitor and traffic data from our website, such as your IP address, device type, operating system, and browser. This data is collected through cookies to help us improve our website and provide you with the best possible user experience.
When necessary, we may also update your information using public registers or information services, such as SPAR or the Swedish Companies Registration Office (Bolagsverket).
WHO WE MAY SHARE YOUR PERSONAL DATA WITH
Your personal data will not be shared with other companies for commercial purposes. We also ensure that your personal data is handled lawfully and correctly if it is transferred outside the EU/EEA area.
YOUR RIGHTS
Under EU data protection legislation, you as a user have certain statutory rights regarding the personal data we process about you. You have the right to access your personal data, the right to rectification and erasure, and the right to object to processing, for example direct marketing. You also have the right to lodge a complaint with the national data protection authority, the Swedish Authority for Privacy Protection (IMY).
You can opt out of receiving marketing communications from us at any time by clicking “unsubscribe” in the emails or text messages we send, or by using a clearly visible unsubscribe link.
PURPOSE AND LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA
Your personal data, as a user, is processed for the following purposes based on the legal grounds stated below. We also describe how we process your personal data for marketing purposes:
- Legitimate interest in providing information and offers that our customers can reasonably expect to receive from us.
- To communicate with you as a customer and respond to inquiries.
- To investigate complaints or support cases.
- To fulfil a contract to which you are a party.
- For financial management, bookkeeping, and accounting. We also use your purchases or transactions for our accounting and financial reporting.
- To comply with legal obligations.
RETENTION OF YOUR PERSONAL DATA
We retain your personal data for as long as necessary for the purposes stated above and for as long as you are a customer, or as required by law. After that, the data is deleted or anonymised.
CONTACT INFORMATION
If you wish to exercise any of your statutory rights, please send a written and personally signed request to the address provided below. You may also contact us via email at admin@controlcert.se
If you have any questions regarding the processing of your personal data. You can also contact our Data Protection Officer with any comments or complaints about how we handle your personal data.
ControlCert Scandinavia AB
556861-4407