Privacy Notice – evroc AB
This Privacy Notice describes how evroc AB, reg. no. 559398-0930 (“evroc”, “we”, “our” or “us”) collects, uses, shares or otherwise processes personal data and the rights associated with that processing.
This Privacy Notice applies to the processing of your personal data if you: (i) are a representative of a customer of our products and services where your information has been shared with us in our capacity as a controller; (ii) are a representative of a service provider or supplier to evroc where your information has been shared with us in our capacity as a controller; or (iii) visit our website (“you” or “your”). evroc is the controller under EU data protection laws regarding the processing of your personal data. This Privacy Notice does not apply to the extent we process personal data in the role of a processor or service provider on behalf of our customers.
We care about your privacy and it is important to us that you feel comfortable with how we process your personal data. Therefore, please read the information in this Privacy Notice carefully.
1 Processing of your personal data
We collect and process the personal data you submit to us in connection with your interactions with us. In addition, personal data may be collected from other sources, e.g. from publicly available registers. The following table describes (i) the purposes for the processing of your personal data; (ii) which types of personal data we collect and process for each purpose; (iii) the legal basis under the GDPR for the processing of your personal data; and (iv) for how long we process your personal data for each purpose.
| Purposes of the processing of your personal data | Personal data collected and processed | Legal basis for the processing of your personal data | For how long we process your personal data |
|---|---|---|---|
|
Providing our services and administrating customer and supplier relationships We process your personal data to provide our services and to manage customer and supplier relations generally, such as billing, customer/supplier correspondence and customer/supplier relationship management |
| The processing is necessary for our legitimate interest in providing our services and the management of customer/supplier relations. | For as long as it is necessary to initiate, maintain or manage a professional relationship with you and the company or organization that you represent |
|
Bookkeeping and accounting We process your personal data to perform bookkeeping and accounting in accordance with applicable laws |
| The processing is necessary for evroc to comply with its legal obligations. | During the period in which the bookkeeping is recorded and 7 years after the end of the year in which the information was registered |
|
Marketing and communications We process your personal data to send you marketing information, product recommendations and othe communications about us |
| The processing is necessary for our legitimate interest in conducting direct marketing. | For as long as it is necessary to maintain or manage a professional relationship with you and the company or organization that you represent |
|
Developing and analysing our services We process your personal data to develop, analyse and improve our products and services |
| The processing is necessary for our legitimate interest in analysing out business and to develop and improve our services | For as long as there is a professional relationship with you and the company or organization that you represent |
|
Security We process your personal data for the purposes of maintaining a high-level of security, including investigating, detecting and preventing suspicious activity, fraud and cybercrime that may affect evroc or its services |
| The processing is necessary for our legitimate interest in promoting the safety and security of evroc’s products and services and to protect our rights | For as long as there is a professional relationship with you and the company or organization that you represent or as long as necessary to establish, exercise or defend legal claims. |
As described above, we rely on our legitimate interest as the legal basis for certain purposes for which we process your personal data. For such processing, we rely on a legitimate interest assessment, through which we have determined that our legitimate interest to process your personal data for the relevant purpose overrides your interest and fundamental right to not have your personal data processed. Please contact us if you want to know more about how these assessments have been made. Our contact details can be found in Section 6 below.
2 Recipients of personal data
We have taken appropriate technical and organisational security measures to protect the personal data we process from unauthorised access. Only those who need to process personal data for the purposes for which they are processed have access to the personal data. In order to fulfil the purposes mentioned in Section 1 above, we sometimes may need to transfer your personal data to third parties. We always observe great caution when transferring your personal data and your personal data are only transferred in accordance with applicable law and this privacy notice. Your personal data may be transferred to the following categories of recipients:
- Group companies: We may share your personal data with other group companies for group-wide administration, including for the administration and delivery of the services.
- Service providers and business partners: We may share your personal data with service providers and business partners who performs services on our behalf, e.g. for the provision of IT services or administrative services. These companies have access to your personal data to the extent that they need it to perform their tasks, but they may not use or share the data for other purposes.
- Authorities and recipients in legal disputes: We may be required by law to share personal data with certain authorities. Sharing of personal data may also take place if we have a legitimate interest in establishing, asserting, or defending legal claims.
3 Transfer of personal data to third countries
All processing of your personal data is carried out within EU/EEA and no personal data is transferred to third countries.
4 Your rights
You have the following rights in relation to our processing of your personal data.
- Right of access and information: You can request a copy of all information about you, information about the purpose of the processing, where we have obtained the information from, any recipients of the information, retention period and information about your rights as a data subject.
- Right to rectification: If you believe the data we have registered is inaccurate or incomplete, you can request that it be corrected or supplemented.
- Right to be forgotten: In certain cases, you can request that information about you be deleted. This right applies in particular circumstances, especially if your personal data is no longer necessary for the purposes for which it was collected. This right is not absolute, and we may retain your personal data for legal or legitimate reasons e.g. if it is necessary for establishing, exercising or defending legal claims.
- Right to restriction: You can request that the processing of your personal data should be restricted, for example if you do not think that the information we have about you is correct or if you believe that the processing is unlawful. Such request can also be made during the time we investigate whether our legitimate interests override your interest of privacy when you object to the processing (see more about this under right to object above).
- Right to object: You can object to the processing of your data, if our processing of your personal data is based on our legitimate interest. If you object, we do not have the right to process the data anymore, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms or if it is needed for the establishment, exercise or defense of legal claims. If we consider that we have such legitimate grounds, or if the data are needed for the establishment, exercise or defense of legal claims, we will notify you of this, and the reasons for such assessment. You can also object to your personal data being processed for marketing purposes. If you do so, we will cease the processing of your data for these purposes.
- Right to data portability: You may request to receive (and to transmit to another data controller) your personal data collected on the basis of consent or for the fulfilment of an agreement in a machine-readable and commonly used file format.
- Right to withdraw consent: If our processing of your personal data is based on consent, you may withdraw your consent at any time. Withdrawal does not affect the lawfulness of the processing that has already taken place.
If you wish to exercise any of these rights, you can do this by contacting evroc using the contact details set out in section 6 below. In order to comply with your request, we may ask you to verify your identity. We may charge you a reasonable administrative fee when a request is manifestly unfounded or excessive, particularly if it is repetitive.
5 Changes to and updates of this Privacy Notice
We may make changes and updates to this Privacy Notice e.g., if there are changes in law, or to reflect other changes in our policies and procedures with respect to our processing of your personal data. We will inform you of any such changes in accordance with applicable data protection laws.
6 Contact information and complaints
If you have any questions or concerns regarding the processing of your personal data, you can contact us via the contact information below. You can also lodge a complaint to the Swedish Authority for Privacy Protection (or with another local data protection authority) if you believe that evroc’s processing of your personal data is not in accordance with EU data protection laws.
evroc AB
Address: Katarinavägen 9 116 45, Stockholm
E-mail: dpo@evroc.com
Data Protection officer
Address: Katarinavägen 9 116 45, Stockholm
E-mail: dpo@evroc.com
