- The personal data we collect
- What we do with your personal data
- Sharing your personal data
- Third party providers
- Your rights
- Data security
- Contact information
The personal data we collect
Generally, the type of personal data we collect is the information that we use for the functionality of our website and its services. We also collect aggregated anonymized statistical data as well as in some cases information such as your IP address and your email address (where you provide it to us in exchange for a service).
We handle no so-called “special categories of personal data”.
What we do with your personal data
To be allowed to handle your personal data, the applicable data protection legislations obligate us to have a so-called “legal basis” for each of our purposes to process your personal data. For this reason, we have drafted the below table to show our legal basis for each of our purposes.
|What we do (our purposes with handling your personal data)||Our legal basis||Storage time|
|We may provide you with our newsletter information (email subscription) provided that you have requested such by submitting your email address on our website or contacted us to do so. Some of the recommendations are based on profiling on your behavior in relation to our emails.||Fulfillment of contract. You may at any time end the service by unsubscribing in any of the emails.||Until you decide to discontinue the service (end of contract).|
In addition to the above, we undertake such day-to-day measures that are necessary for businesses providing services to consumers, such as book keeping, accounting and maintaining our website security. To the extent this is not mandatory under applicable laws, we undertake these measures based on our legitimate interest. We may also analyze our customers’ behavior in order to improve our websites and services on a general level. However, such analysis will use generalized or anonymized data on an aggregated level.
Sharing your personal data
Your personal data may be processed in different locations around the world if the parties we share your personal data with reside in a country outside the EU/EEA. Our sharing of personal data outside the EU/EEA requires certain legal ground under applicable data protection legislation. Where a country is regarded by the European Commission to be a country with adequate level of protection for personal data, this will be our legal ground. Otherwise there are three main types of legal ground on which that we may base such sharing. These are:
- that the transfer is necessary for our performance of the contract with you;
- that the transfer will be based on the standard data protection clauses for transfer of personal data to countries outside of the EU/EEA adopted by the European Commission (a copy of these standard data protection clauses can be found at http://ec.europa.eu/justice/data-protection/international-transfers/transfer/); and
- the EU-U.S. Privacy Shield, where the transfer is made to the United States and the recipient is duly certified.
Third party providers
According to the applicable data protection legislation, you have certain rights as a so-called “data subject”. Below, we have listed your rights. Your rights include the following:
- Right to access – You are entitled to access the personal data that we handle. You are also entitled to receive certain information about what we do with the personal data. Such information is provided in this document.
- Right to rectification – Under certain circumstances, you are entitled to correct inaccurate personal data concerning you and to have incomplete personal data completed.
- Right to erasure – Under certain circumstances, you are entitled to have your personal data erased. This is the so-called “right to be forgotten”.
- Right to restriction of processing – Under certain circumstances, you are entitled to restrict how we use your personal data.
- Right to data portability – You are entitled to receive your personal data (or have your personal data directly transmitted to another data controller) in a structured, commonly used and machine-readable format from us.
- Right to object – You are entitled to object to certain types of handling of personal data that we carry out. This applies to all our activities that are based on our “legitimate interest”.
Finally, you also have the right to lodge a complaint with the applicable data protection supervisory authority.
A cookie is a small text file that is stored on your computer, some only until you close down your browser (so-called “session cookies”) and some for an extended period of time (so-called “permanent cookies”). If you do not wish to allow storage of cookies on your computer, you can change the settings in your browser. Note, however, that in a few cases some of our website features may not function properly and some content may not be displayed correctly as a result.
For further information about cookies visit www.youronlinechoices.com.
In order to keep your personal data secure, we have implemented a number of technical and organizational security measures. For example, we maintain high levels of technical security in all systems (including traceability, disaster recovery, access limitations etc.). In addition, we have adopted policies to ensure that our employees (which of course are subject to confidentiality obligations) do not use personal data when it is not necessary. Such policies also set out our standards for when we contract suppliers, or introduce new IT systems within our operations.