GDPR, Personal Data Policy, and Cookies
Your privacy is important to us, and we are responsible for the personal information you provide us. This policy describes how we process, store, and manage your personal data, both when you are a customer with us and when you apply for a job with us.
It also outlines your rights and how you can exercise them. It is important that you read and understand the privacy policy and feel confident in how we handle your personal data.
Responsible for the handling of personal data
Invistic AB, organization number 559243-8427, is responsible for the personal data processing described in this policy.
If you have any questions or want to exercise any of your rights, you can reach us at Email: support@invistic.com
How do we access the personal data?
In addition to the information you provide to us or that we collect from you when you become our customer, contact us, or apply for a job, we may also collect personal data from a third party.
The information we collect from third parties is as follows:
- We may gather information from public address registers to ensure we have the correct address information for you.
- We may also obtain creditworthiness information from credit rating agencies, banks, or credit information companies.
What personal data do we process?
The following categories of personal data may be processed:
- Contact details such as name, address, email address, phone number
- Identity details such as personal identification number, organization number
- Financial details such as bank account numbers and other bank-related information
- Employment-related information such as employment details, applications, CVs, cover letters
How do we process your personal data?
We primarily process your personal data to fulfill our obligations to you. Our starting point is to not process more personal data than necessary for the purpose, and we always strive to use the least sensitive data.
Below is information about the personal data processing activities we undertake:
Providing and fulfilling service/product agreements
We process personal data to fulfill our agreement and provide services/products to you. We handle personal data for administration, invoicing, credit checks, handling complaints and claims, assisting with inquiries about your service/product when you contact our customer support, and otherwise protecting our rights and fulfilling our obligations under the agreement with you. Personal data processed in this activity include contact details, identity-related data, and financial data.
Accounting
We process your personal data to comply with the legal obligations imposed on us, such as the accounting law’s requirement to archive financial records. Personal data processed in this activity include contact details, identity-related data, and financial data.
Marketing
We process personal data to facilitate marketing services/products to you and send newsletters about the services/products you’re generally interested in, as well as information about the company. Additionally, we may send invitations to events related to your areas of interest. Personal data processed in this activity include contact details.
Before Employment
We process your personal data when you apply for jobs or express interest in employment with us. The company processes your personal data to assess your application and carry out the recruitment process. Personal data processed in this activity include contact details and identity-related data.
What legal grounds do we have for our personal data processing?
We process your personal data to administer and provide the agreed service/product. When it comes to personal data processing to meet legal obligations, such as the accounting law or tax legislation, the legal ground is a legal obligation.
For marketing and recruitment-related processing, the legal ground is our legitimate interest. This means that we believe our interest in processing your personal data for the purposes listed above outweighs the privacy intrusion you are exposed to as a result of the processing. This assessment has been made, particularly considering that we believe the processing will benefit you.
If personal data related to job applications is not linked to an ongoing or concluded recruitment process, we will retain your personal data for potential future recruitment needs only if you have explicitly consented to this.
How long do we retain your personal data?
We store your personal data as long as you are a customer with us and for up to 12 months thereafter. Some personal data is retained for longer periods to meet accounting and tax law requirements. Once the purposes of the processing are fulfilled and the retention period has expired, your personal data is securely deleted or anonymized so that it can no longer be linked to you.
Specifically about cookies
A cookie is a small text-based data file that a web server requests to save in your browser. By sending the cookie’s content back with each request to the respective website, the server can keep track of the visitor’s preferences, behavior, or identity (as far as it is known). We use the following cookies on our website:
- Session cookies (a temporary cookie that expires when you close your browser or device).
- Persistent cookies (cookies that remain on your computer until you delete them or they expire).
- Third-party cookies (cookies set by a third-party website. On our site, these are primarily used for analytics, such as Google Analytics and HotJar).
The cookies we use aim to improve the services we offer. Cookies enhance the website’s functionality and make it easier for you as a user. We also use cookies to collect and analyze behavior data based on your use of the website and services, with the goal of improving the user experience and enabling personalized communication and messages to you as a user. We also use cookies to deliver relevant marketing to you.
How can you manage cookies?
You can change your browser settings at any time to control the use and scope of cookies. You can choose to block all cookies, only accept certain cookies, or delete cookies when you close your browser. If you choose to block or delete cookies, some services may not be usable, or the website may not function properly in all respects.
Who do we share personal data with?
Our starting point is not to disclose personal data to third parties unless the individual has consented or it is necessary to fulfill our obligations under the contract or law. When we disclose personal data to third parties, we ensure that the data is handled securely.
- Service Providers
To fulfill the purposes of processing your personal data and meet the obligations required of us as a company, we share personal data with companies that provide services to us. These companies may only process personal data according to the data processor agreement signed with the company and the instructions they receive in connection with this. They may not use your personal data for their own purposes, and they are legally and contractually obligated to protect your personal data. A service provider may not share your personal data with third parties or subcontractors without our approval. - Authorities
We may disclose necessary information to authorities if we are legally required to do so. This information may include your personal data. In connection with legal proceedings, it may also be necessary to transfer information containing personal data to other parties involved in the dispute.
How are your personal data protected?
We protect your personal data through a combination of technical and organizational solutions. We have implemented specific security measures to safeguard your personal data against unauthorized or unlawful access. We develop procedures and practices to ensure that your personal data is handled securely. Only those who need to process your personal data for their work tasks have access to it.
Your Rights
As a data subject, you have the following rights:
- You have the right to request a register extract showing which personal data we have about you.
- You have the right to request correction if we have incorrect or incomplete personal data about you.
- The data is no longer needed for the purpose for which it was collected.
- If the data is stored with your consent and you withdraw that consent.
- If the processing is based on a balancing of interests and there are no legitimate reasons that outweigh your interest.
- If the personal data has been processed unlawfully.
- If deletion is required to fulfill a legal obligation.
- If you object to processing for direct marketing purposes.
The right to have personal data deleted does not apply if we are legally obliged (e.g., by the accounting law) to retain the data.
- You have the right to data portability (the right to have your personal data transferred) provided that the legal basis is consent or contract, and the data you can obtain are personal data relating to you that you have provided or that have been generated by your actions/activities.
- You have the right to request the restriction of your personal data processing. However, if you request a restriction on the processing of your personal data, it may prevent us from fulfilling any obligations towards you during the period the restriction is in effect.
- You have the right to object to personal data processing that is based on a balancing of interests as a legal ground. To continue the relevant processing, we must be able to demonstrate a compelling legitimate reason for the processing that outweighs your interests, rights, or freedoms. Otherwise, we can only process the data to establish, exercise, or defend legal claims.
- You always have the right to object to the use of your personal data for direct marketing. If you object to direct marketing, the personal data will no longer be processed for such purposes.
If you are not satisfied with the response you have received from us, you have the right to file a complaint with the supervisory authority.
Vänligen,
Your friends at Invistic.