www.adddemand.se and www.adddemand.com (hereinafter referred to as the “Website”), is a website belonging to the company ADD DEMAND AB registered under the Organization Number 556763-2517 (hereinafter referred to as the “Data Controller”). ADD DEMAND values your privacy and the integrity of your personal data as Users who visit and browse our website.
That is why we, ADD DEMAND AB, strive to respect your rights as set forth in the General Data Protection GDPR 2017/679 (GDPR) and the ePrivacy Directives of the European Parliament and the Council as well as the Swedish Data Protection Act (Sv. Lag (2018:218) med kompletterande bestämmelser till EU:s dataskyddsförordning).
1.1 User: means any identified or identifiable natural person visiting the website www.adddemand.se and www.adddemand.com in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
1.2 Personal data: means any information relating to a User.
1.3 Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
1.4 Processor: means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
1.5 Recipient: means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.
1.6 Consent: means any freely given, specific, informed, and unambiguous indication of the user’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.]
1.7 Cookie: A cookie is a text file that is automatically saved in the browser of any User when visiting a website. This text file may contain personal data and/or information relating to the User’s navigation.
2.2 The Data Controller assures the User that it implements all the necessary means to ensure compliance with the provisions of the General Data Protection GDPR 2017/679 of the European Parliament and of the Council dated 14 April 2016 by ensuring compliance with the retention periods, the need to collect the aforementioned personal data, and the confidentiality of the personal data collected (hereinafter referred to as the “GDPR”).
3. Personal data collected
3.1 Types of personal data collected:
- a. The User’s e-mail address
- b. The name, first name and telephone number of the User
- c. The User’s address
- d. The User’s personal registration number
- e. The User’s company registration number
- f. The User’s browsing preferences on the Website.
3.2 Means of collection
- 3.2.1. The User’s personal data is collected either when the Users communicate them to the Data Controller via the Website or by automated collection systems active on the Website.
- 3.2.2. Personal data of the User is collected when the User communicates them: by filling in the contact form;
- 3.2.3. By automated collection during the User’s browsing of the Website, the Data Controller automatically records certain information relating to the User’s preferences and use of the Website. Cookies are used during the User’s browsing of the Website to collect personal data automatically.
3.3 Recipients of the data:
- a. the Data Controller
- b. the internal employees of the Data Controller acting on its behalf
- c. the subcontractor of the Data Controller in charge of hosting the domain of the Website
- d. any legally or administratively authorized person (e.g. judicial authorities).
4. Processing of Personal Data
Legal basis for processing
The processing of Users’ personal data via the Website must necessarily be justified by one of the conditions set forth in Article 6 §1 of the GDPR. In accordance with the GDPRs, Users’ personal data will only be processed if one of the following conditions is met:
- a. The User has given his consent: the User concerned has consented to the processing of his personal data for one or more specific purposes
- b. The performance of a contract requires it: the processing is necessary for the performance of a contract to which the User concerned is a party or for the performance of pre-contractual measures taken at the request of the User concerned
- c. Compliance with the law requires it: the processing is necessary for compliance with a legal obligation to which the data controller is subject;
- d. A legitimate interest justifies it: the processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party, unless the interests or the fundamental rights and freedoms of the User concerned which require protection of personal data prevail.
4.2 Purposes of processing and data retention period
- 4.2.1 In accordance with Article 13 of the GDPR, the purpose and the duration of the storage and processing of personal data must be justified by a valid purpose, in addition to one of the legal bases listed above.
- 4.2.2. Therefore, personal data are processed as follows:
5. Protection of personal data collected and processed
5.1 In accordance with Article 5 and Article 32 of the GDPR, the Data Controller has an obligation to ensure the security of the personal data of Users that it stores and processes.
5.2 The Data Controller shall maintain a register containing all personal data of Users collected. The Data Controller affirms that it implements all necessary security measures to protect the personal data of the Users contained in this register and to avoid any violation of the User’s personal data.
5.3 To this end, the Data Controller affirms to the Users that it has studied the risks associated with the storage and processing of the Users’ personal data in order to implement adequate security measures as follows:
- a. By allowing pseudonymization and encryption of the User’s personal data;
- b. Implementing means to ensure the confidentiality, integrity, availability and resilience of processing systems and services at all times;
- c. Implementing means to restore the availability of and access to personal data in a timely manner in the event of a physical or technical incident;
- d. By guaranteeing the use of a procedure to regularly test, analyze and evaluate the effectiveness of technical and organizational measures to ensure the security of the processing.
5.4 The Data Controller assures Users that the data it keeps and processes are stored within the European Union, in a Member State subject to the GDPR.
5.5 In the event of a breach of the User’s personal data, the Controller undertakes to notify the competent supervisory authority of such breach within 72 hours in accordance with Articles 33 and 34 of the GDPR.
6.1 Purpose of using cookies
- 6.1.1 As explained above, a cookie is a text file that is automatically saved in the browser of any User when visiting a website. This text file may contain personal data and/or information relating to the User’s navigation
- 6.1.2 The only purpose of the cookies used on the Website is to improve your browsing experience as a User. The cookies used facilitate your navigation by memorizing some of your personal data when you access and navigate the Website. Three types of cookies are used on the Website, their purpose varying according to their type:
- a. Functional cookies: these cookies make it possible to remember your data entered during authentications or searches carried out on the Website;
- b. Advertising cookies: these cookies make it possible to identify the consumption habits, research, and preferences of Users in order to offer them advertising content in line with their personal preferences;
- c. Security cookies: these cookies enable the securing of Users’ personal data by ensuring the encryption of data contained in other cookies.
6.2 Information on cookies used on the Website
- 6.2.1 Each cookie used on the Website is identifiable by a name. Each cookie has a lifetime, i.e. a period of time after which it disappears and ceases to be active, forgetting any personal data it stored. Each cookie also has a function, or purpose, that justifies its placement on the Website.
6.3 Managing cookies: activation and deactivation
- 6.3.1t is possible for the User to manage at any time the Cookies on the browser he/she is using. The User can activate or deactivate them at any time. The means of managing cookies depend on each browser. To make it easier for Users to manage their cookies, below is an explanatory help for managing cookies on the main browsers used by Users:
7. Data Protection Officer
7.1 In accordance with the provisions of the GDPR, a Data Protection Officer (hereinafter “DPO”) is appointed by the Controller. The DPO is responsible for ensuring compliance with the GDPR in the context of any processing or storage of personal data.
7.2 The designated DPO, Jeremy Viala, can be reached at the following email address: [email protected]
8. Your rights
8.1 In accordance with the provisions of the GDPR, the User has the right to request from the Data Controller access to his/her personal data, the rectification or deletion thereof, or a limitation of the processing relating to the User concerned, or the right to object to the processing and the right to the portability of data.
8.2 The User has the right to withdraw his/her consent to the processing of his personal data at any time. This withdrawal of consent will take effect at the time the Data Controller receives notification of the User’s withdrawal of consent.
8.3 The User has the right to lodge a complaint with the Swedish Authority for Privacy Protection (Sv: Integritetsskyddsmyndigheten) via the contact form available at the following website: https://www.imy.se/en/about-us/contact-us/.
8.4 The User may also exercise his or her rights previously stated in relation to this Policy by notifying the Data Controller at the following e-mail address [email protected]