Integrity policy

Welcome to Agiremus AB's privacy policy. This policy is intended to give you as a user, existing and new customer, partner or other stakeholder a clear understanding of how we collect, use, protect and handle your personal data. The policy applies to all individuals whose personal data may be processed by us in connection with providing our services, interacting with you in our digital channels, or when you are otherwise in contact with us. We are committed to protecting your privacy and ensuring that your personal data is handled in a safe and secure manner.

You are always welcome to contact us if you have any questions about how we process your personal data.

1.      Definitions

Personal data is information that can be directly or indirectly attributed to a living natural person. Examples of such data are names, personal email addresses, telephone numbers and the like, but encrypted data can also constitute personal data if it can be linked to natural persons.

Processing  refers to any act that is performed with personal data, for example when collecting, storing, modifying, using or deleting.

Controller  means a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

2.      What personal data do we collect about you and when?

Information that you provide to us

We mainly process your name, email address, phone number, career history and position within your business. Occasionally, additional information may be processed, but only if you can be considered to have made the information public. The personal data is primarily collected when you share it with us via our website or otherwise send it to us.

Data from other sources

We may also process personal data collected from someone other than you, for example when the company you work for becomes a customer, data may be collected about people at the company. Personal data that companies provide to us is primarily information such as name, email address and telephone number. Occasionally, additional information may be processed, but only if you can be considered to have made the information public.

3.      How do we handle health data?

Personal data that includes data on health constitutes a special category of personal data under Article 9(1) of the GDPR. In the event that you submit data that falls within the scope of Article 9(1) of the General Data Protection Regulation, we process your personal data on the basis of Article 9(2)(a) when you have expressly given your consent to the processing of this personal data for one or more specific purposes.

4.      Why do we process your personal data?

We process your personal data for the purpose of providing the services you have requested, e.g. by processing the data you have submitted to us or registered in a contact form via our website, administering our relationship with you and, where applicable, administering the agreement with you or with your employer. We may also inform you about our services and other things that we find to be in your interest as well as ours. We can also market ourselves by sending out information to your e-mail address about our activities, about our meetings, events or the like.

5.      What is the legal basis for processing your personal data?

We always process your personal data in accordance with applicable legislation. We process your personal data when it is necessary to fulfil an agreement with you or respond to your request for service or when we have another legitimate and legitimate interest in processing your personal data, such as an interest in marketing us. We also process your personal data when the personal data processing is necessary to comply with a legal obligation.

Where we process your personal data for any purpose that requires your consent, we will obtain your consent in advance. Certain personal data may be mandatory to provide, for example, in order for us to provide a service or fulfil another request from you. This will then be stated or stated in connection with the collection of the data.

6.      Who may we share your personal data with?

Data processors

In some situations, it is necessary for us to engage other parties to be able to carry out our work. For example, it is about the fact that we use different IT suppliers. They are to be regarded as personal data processors to us and we have signed a personal data processing agreement in these cases. The personal data responsibility remains with us as a company.

We check all data processors to ensure that they can provide sufficient guarantees regarding the security and confidentiality of personal data and sign data processing agreements. When personal data processors are engaged, it is only for the purposes that are compatible with the purposes we ourselves have for the processing, as we are still the data controllers.

Actors that are independent data controllers

We may share your personal data with certain other parties who are independent data controllers, such as authorities. When your personal data is shared with an entity that is an independent data controller, that organisation's privacy policy and personal data management apply.

We may engage suppliers and partners to perform tasks on our behalf, for example to provide IT services or help with services. The performance of these services may involve these recipients gaining access to your personal data.

We may also disclose personal data to third parties, such as the police or other authorities, if it relates to the investigation of a crime or if we are otherwise obliged to disclose such information by virtue of law or official decisions.

7.      Where do we process your personal data?

We always strive for your personal data to be processed within the EU/EEA, but sometimes this is not possible.

For some IT support, the data can be transferred to a country outside the EU/EEA. This applies, for example, if we share your personal data with a personal data processor who, either itself or through a subcontractor, is established or stores information in a country outside the EU/EEA. As data controllers, we are responsible for taking all reasonable legal, technical and organisational measures to ensure that the protection of personal data is the same as within the EU/EEA.

When personal data is processed outside the EU/EEA, the level of protection is guaranteed, for example, by a decision from the European Commission that the country in question ensures an adequate level of protection or by the use of so-called appropriate safeguards.

8.      How long do we keep your personal data?

We never store your personal data for longer than is necessary for the respective purpose. We have developed deletion procedures to ensure that personal data is not stored for longer than is necessary for the specific purpose. The length of the storage period varies depending on the purpose of the processing and how long the data is necessary for the purpose. For example, some information in the accounts must be kept for at least seven (7) years due to legislation. When we no longer need to store your personal data, we will securely delete or de-identify your data so that it can no longer be linked to you.

Personal data collected for marketing purposes will be deleted no later than one (1) year after collection.

9.      Cookies

Our website uses cookies. We are required by law to inform our visitors about this, what the cookies are used for and how to opt out of them. More information can be found on our website: https://agiremus.com/

10.   What are your rights as a data subject?

As a data subject, you have a number of rights under current legislation. Here we list these rights.

Right to register extract (right of access)

If you want to know what personal data we process about you, you can request access to the data. When you make such a request, we may ask you some questions to ensure that your request is handled efficiently. We will also take steps to ensure that the data is requested by and provided to the right person.

Right to rectification

If you discover that something is wrong, you have the right to request that your personal data be corrected. You can also complete any incomplete personal data. In some cases, you can make corrections yourself, which we will then inform you about.

Right to erasure

You can request that we delete the personal data we process about you if, among other things:

-        The data is no longer necessary for the purposes for which it is processed

-        You object to a balancing of interests we have made based on our legitimate interest, where your reason for objection outweighs our legitimate interest

-        Personal data is processed unlawfully

-        The personal data has been collected about a child (under the age of 13) for whom you have parental responsibility

-        If the data was collected on the basis of your consent and you want to withdraw your consent

However, we may have the right to deny your request if there are legal obligations that prevent us from immediately deleting certain personal data. It may also be the case that the processing is necessary for us to be able to establish, exercise or defend legal claims.

Right to restriction

You have the right to request that our processing of your personal data be restricted. For example, if you request rectification because you believe that the personal data we process is incorrect, you can request a restriction of processing for the time we need to check whether the personal data is accurate.

If, and when, we no longer need your personal data for the defined purposes, our routine is normally that the data is deleted. If you need the personal data to be able to establish, exercise or defend legal claims, you can request restriction of the processing of the data by us. This means that you can request that we do not delete and delete your data.

If you have objected to personal data processing we carry out on the basis of a balancing of interests as a legal basis, you can request limited processing for the time we need to check whether our legitimate interests outweigh your interests in having the data deleted.

If the processing has been restricted in accordance with any of the situations above, we may only process the data for the establishment, exercise or defence of legal claims, to protect the rights of another person or if you have given your consent.

Right to object to certain types of processing

You always have the right to object to any processing of personal data that is based on a balancing of interests. You also always have the right to avoid direct marketing.

Right to data portability

As a data subject, you have the right to data portability (transfer of personal data) if our right to process your personal data is based either on your consent or the performance of a contract with you. A prerequisite for data portability is that the transfer is technically possible and can be automated.

Manage your rights

The application for an extract from the register or if you wish to invoke any of your other rights must be in writing and signed by the person to whom the extract relates. We will respond to your requests without undue delay and within 30 days at the latest. Email to our email address: dataskydd@agiremus.com. The email should be sent as far as possible from the email address you registered with us.

11.   How is your personal data protected?

We work actively to ensure that personal data is handled in a secure manner. This applies through both technical and organisational protective measures. Such measures include access restriction through key cards, password protection, and encryption. Our website also has HTTPS protection, which stands for HyperText Transfer Protocol Secure and ensures that visitors have a secure connection to our website. Such protection encrypts the connection between the user and the website server. An encrypted transfer of information means that passwords and other important data are protected and remain private.

12.   Regulator

The Swedish Authority for Privacy Protection is the authority responsible for monitoring the application of data protection and privacy legislation. If you believe that we are acting incorrectly, you can contact the Swedish Authority for Privacy Protection, see https://www.imy.se.

13.   Our contact details

Contact us if you have any questions about how we process personal data. If you have any questions about how we process personal data or have a request in accordance with the above rights, you are always welcome to contact Emanuel Restaino as set out below:

Contact:

Agiremus AB

Org. nr.: 559015–9413

dataskydd@agiremus.com

08 - 83 27 80

14.   Changes to the Privacy Policy

We reserve the right to make changes to our Privacy Policy. You can always find the latest version on our website. In the event of changes that are of crucial importance to our processing of personal data, this will be communicated to you.