Privacy policy
-
-
GENERAL
This privacy policy (the ”Privacy Policy”) always applies, unless otherwise agreed in writing, between Vexer AB, (“Vexer”), and each person who provides Vexer with their personal data (the ”Data Subject”).
1.2
Concepts in this Privacy Policy, e.g. “personal data”, “data controller”, “processing”, “data processor”, “standard contractual clauses” and “supervisory authority”, shall have the meaning ascribed to them in Regulation (EU) 2016/679 of the European Parliament and of the Council (the “GDPR”), unless the circumstances obviously require another order of interpretation.1.3
Vexer is the personal data controller for the processing of personal data which is registered with Vexer via the webpage www.vexer.se, or any of its sub-domains or connected webpages (together the “Website”), or which Vexer collects directly from a Data Subject or from a third party. Vexer may also process personal data on behalf of one of Vexer’s clients, in which case Vexer acts as a data processor, and the client as the data controller.1.4
This Privacy Policy serves to assure the Data Subject that Vexer, in its capacity of personal data controller, processes personal data in accordance with applicable privacy laws and regulations. Vexer, in its capacity of data processor, shall also strive to adhere to this Privacy Policy when processing personal data on behalf of a data controller, however, such processing is always subject to the instructions given by the data controller.1.5
Below follows a description of how Vexer processes the Data Subject’s personal data. Information is also given regarding the Data Subject’s rights, and how the Data Subject can get in contact with Vexer in case the Data Subject has any questions or wants to exercise his or her rights.1.6
By using the Website or in any other way soliciting Vexer’s services (together hereinafter referred to as the ”Services”), the Data Subject agrees to Vexer’s processing of the Data Subject’s personal data in accordance with this Privacy Policy. By using the Website, the Data Subject also agrees to Vexer cookie policy.
-
CHANGES TO THE PRIVACY POLICY
2.1
Vexer may at any time, and at its sole discretion, update or make changes to this Privacy Policy.
2.2
Should Vexer have to change this Privacy Policy, the Data Subject will be informed through announcements on the Website.
-
PROCESSING, OBJECTIVES AND LEGAL BASIS
3.1
The purpose of processing the personal data is to enable Vexer to offer the Services in full, provide information about the Services, and market the Services. Vexer may use personal data for email marketing, facilitating sales, newsletter dispatches, webinar invitations, or re-targeting through advertisement platforms such as LinkedIn, Google or Facebook etc.
3.2
The collection and processing of the Data Subject’s personal data is conducted solely with the Data Subject’s consent or on the premise of an existing agreement or legal obligation, e.g., when Vexer must save the data according to accounting rules. Exceptions are made for cases where a prior consent is not possible for practical reasons, when the processing of the data is permitted by law, or when Vexer has a legitimate interest in processing the personal data, e.g., for marketing, follow-up of the Services, or for exercising or defending Vexer against legal claims, in accordance with a so-called balance of interests.3.3
Any personal data that Vexer processes in connection with the registration of the Data Subject’s use of the Services is referred to below as ”Registration Data.”3.4
Vexer processes the Registration Data to administer the Data Subject’s to be able to offer and market the Services to the Data Subject. The legal basis for the processing is the Data Subject’s consent and/or Vexer’s contractual relationship with the Data Subject in accordance with Vexer’s general terms and conditions.3.5
When a Data Subject contacts Vexer via Vexer’s support service, Vexer saves the personal data that Vexer needs to be able to provide the support service as part of the Services, administer support and complaint cases, and be able to contact the Data Subject. In addition to Registration Data, Vexer may process personal data relating to case/ticket numbers. The legal basis for the treatment is Vexer’s contractual relationship with the Data Subject in accordance with Vexer’s general terms and conditions.3.6
Vexer processes the Data Subject’s Registration Data for direct contact with the Data Subject via email, to conduct Data Subject surveys or to deliver updated purchase terms, newsletters etc. The legal basis for the processing is a so-called balance of interests.3.7
Vexer may process the Registration Data to fulfill its legal obligations based on legal requirements, judgments or decisions by authorities etc. In such cases, the legal basis for the processing is Vexer’s legal obligation.
-
SENSITIVE PERSONAL DATA
Vexer does not process any sensitive personal data, i.e., data which reveals a Data Subject’s ethnic origin, political opinions, religious beliefs or membership of the trade union, as well as personal data relating to health or sex life.
-
SHARING OF PERSONAL DATA TO THIRD PARTIES
5.1
Without the Data Subject’s explicit permission, Vexer will not share the Data Subject’s personal data with any third party in any other way than what follows from this Privacy Policy, unless Vexer is obliged to do so following the applicable regulations or unless the personal data is shared in connection with an ongoing legal-, administrative- or recovery procedure in which the Data Subject and Vexer are both parties.
5.2
Vexer uses subcontractors for services in connection with Vexer’s Services (so-called data processors). These data processors may process personal data and may need some access to personal data collected in connection with the Services. Vexer may also need to use the data processors’ services to store personal data. Vexer always ensures that data processors only process the Data Subject’s personal data in accordance with Vexer’s instructions and only for the purpose of providing the agreed-upon services to Vexer.
-
STORING OF PERSONAL DATA
6.1
The Data Subject’s personal data will not be stored for any longer than necessary, with regards to the purpose of the processing and taking into account Vexer’s legal obligations, e.g., regarding accounting regulations etc.
6.2
Vexer regularly deletes all personal data that is no longer needed with regards to the purpose of the processing, in accordance with the relevant laws and regulations in force at any time.
-
TRANSFER OF PERSONAL DATA OUTSIDE THE EU
Vexer only transfers personal data to data processors in third countries (i.e., countries outside the EU/EEA) if the third country has an adequate level of protection according to applicable privacy laws and regulations and the data processor has agreed to the EU Commission’s standard contractual clauses for data transfers between EU and non-EU countries.
-
THE RIGHT TO REQUEST INFORMATION
8.1
The Data Subject has a right to request and obtain, free of charge, information regarding what personal data (if any) that is being processed by Vexer (a so-called register extract). The Data Subject also has the right to have any incorrect personal data corrected. If the Data Subject wishes to know if Vexer processes any personal data about the Data Subject, he or she can send a written and signed request to Vexer in accordance with section 17 below. In the request, the Data Subject needs to indicate specifically what kind of information the Data Subject is interested in receiving (unless the Data Subject is interested in receiving information about all personal data). That way, Vexer can provide the Data Subject with information that is relevant. If the Data Subject repeatedly sends requests for an extract from the register, Vexer may charge a fee or, in some cases, in accordance with statutory law, refuse to comply with the request.
8.2
The extract from the register will be sent to the Data Subject within 30 days from the time Vexer received the request. If the extract is extensive and Vexer needs more time or if Vexer for some reason cannot comply with the Data Subject’s request, Vexer will without undue delay notify the Data Subject thereof.
-
THE RIGHT TO RECTIFICATION
9.1
In order to fulfill its obligations to always have accurate and relevant personal data, Vexer systematically works with its registers and updates personal data where necessary. If the Data Subject notices that the personal data Vexer processes is incorrect or if Vexer lacks important personal data, the Data Subject has the right to have their personal data corrected. Vexer normally performs simple data corrections without consideration, but in some cases, Vexer may need to consider the Data Subject’s request. Vexer will not approve the Data Subject’s request if it is impossible or requires an unreasonable amount of work. Upon a request by the Data Subject, Vexer will inform the Data Subject about whom the correction has been submitted to.
9.2
In the event that the Data Subject’s personal data is changed at the Data Subject’s request, Vexer will inform any data processors and partners that process the personal data about the change.
-
THE RIGHT TO ERASURE
10.1
The Data Subject has the right to request that Vexer erases the Data Subject’s personal data when:
a) they are no longer needed for the purposes for which they have been collected and for which they are being processed;
b) Vexer processes personal data under the Data Subject’s consent and the Data Subject withdraws said consent;
c) Vexer processes personal data for direct marketing and the Data Subject opposes the continued processing for this purpose;
d) Vexer processes personal data on the legal basis of a balance of interests and there are no legitimate interests that weigh heavier than the Data Subject’s interest;
e) Vexer does not process personal data in accordance with applicable rules;
f) It is required that personal data is erased in order to fulfill a legal obligation; or
g) there is another relevant legal basis for the Data Subject’s request to erase the personal data.
10.2
Vexer has the right to refrain from erasing the Data Subject’s personal data if Vexer needs to retain such data in order to fulfill a legal obligation or in order to be able to pursue a legitimate interest that overrides the Data Subject’s interest.
-
THE RIGHT TO RESTRICT PROCESSING
11.1
The Data Subject has the right to request the restriction of the processing of personal data in the following cases:
a) the accuracy of the personal data is contested by the Data Subject, for a period enabling the data controller to verify the accuracy of the personal data;
b) the processing is unlawful, and the Data Subject opposes the erasure of the personal data and requests the restriction of its use instead;
c) the data controller no longer needs the personal data for the purposes of processing, but the Data Subject requires the data for the establishment, exercise, or defense of legal claims;
d) the Data Subject has objected to processing pursuant to Article 21(1) of the GDPR, pending the verification whether the legitimate grounds of the data controller override those of the Data Subject.
11.2
Where processing has been restricted, such personal data may only be processed with the Data Subject’s consent or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State.
-
DELETION OF PERSONAL DATA
12.1
Vexer shall delete the personal data when it is no longer needed for the purposes for which it was collected or processed, unless there is a legal obligation to retain the data for a longer period.
12.2
When the Data Subject requests the deletion of personal data and Vexer has no valid legal grounds to continue processing, the personal data will be deleted. Vexer will take reasonable steps to ensure that personal data is securely deleted from its systems.
-
THE RIGHT TO WITHDRAW CONSENT AND OBJECT TO PROCESSING
13.1
If personal data is processed based on the Data Subject’s consent, the Data Subject has the right to withdraw their consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
13.2
In addition, the Data Subject has the right to object to the processing of their personal data in cases where the legal basis for processing is either the performance of a contract or a legitimate interest pursued by the data controller or a third party. If the objection is based on legitimate grounds, Vexer will cease processing the personal data unless there are compelling legitimate grounds for the processing that override the Data Subject’s rights and freedoms or for the establishment, exercise, or defense of legal claims.13.3
Where personal data is processed for direct marketing purposes, the Data Subject has the right to object at any time to the processing of their personal data for such marketing.
-
THE RIGHT TO DATA PORTABILITY
14.1
The Data Subject has the right to receive the personal data concerning them, which they have provided to Vexer, in a structured, commonly used, and machine-readable format. This right applies only where the processing is based on consent or a contract, and the processing is carried out by automated means.
14.2
The Data Subject has the right to transmit those data to another data controller without hindrance from Vexer, where technically feasible.
-
SECURITY MEASURES
15.1
Vexer has implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk of processing personal data. These measures include protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
15.2
However, no security measures are perfect or impenetrable. Therefore, while Vexer strives to protect personal data, it cannot guarantee the absolute security of any information disclosed to or from its systems.
-
COMPLAINT TO SUPERVISORY AUTHORITY
16.1
The Data Subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of the Data Subject’s habitual residence, place of work, or place of an alleged infringement, if they believe that the processing of their personal data infringes the GDPR.
16.2
For more information, the Data Subject may contact the Swedish Data Protection Authority (Datainspektionen), or any other relevant supervisory authority depending on the Data Subject’s location.
-
CONTACT INFORMATION
17.1
If you have any questions regarding this Privacy Policy or if you wish to exercise any of your rights under this Privacy Policy, please contact Vexer using the following contact details:
Vexer AB
Reg. No:
Address: 417 22 Göteborg
Email: edis@vexer.se -