1. Who is responsible for the processing of your data?
Visiba Group AB, Swedish company reg.no 556967-9813 (“we”, “our”, “us”) is responsible (data controller) for the processing of your personal data described herein. Please do not hesitate to contact us if you have any questions regarding your personal data.
Please note that we may also process your personal data on behalf of the company you represent, e.g. if you have a user account in our service. If so, that company will be responsible (data controller) for the processing of your data
2. Data protection officer
We have appointed a data protection officer who helps us ensure that we process your personal data in a correct and lawful manner. You can contact our data protection officer by sending an email to email@example.com.
3. How do we collect your data?
Personal data you give to us. We will primarily collect your personal data from yourself, e.g. when you send us an email. We may also collect personal information (e.g. your contact information, job details and feedback) when you attend our events, take part in surveys, or through other business or marketing interactions we may have with you.
You can always choose not to provide us with certain information. However, some information may be necessary for us to interact with our customers, suppliers and partners for business purposes. Not providing such information can prevent our provision of services that you, or the company you represent, might expect from us. We will let you know when this is the case.
- Personal data we collect about you. We may also collect information about you from your employer and colleagues. Sometimes, we also collect data from publicly available sources (e.g. your contact details from your employer’s website), third party social networks (e.g. LinkedIn), contact information service providers and other similar reliable sources.
4. What types of personal data do we process?
The categories of personal data we collect about you will depend on the nature of our relationship with you and the purpose for which the information is being collected.
For example, we may collect and process the following categories of personal data about you:
- Contact details, e.g. your name, email address, postal address, social network details, phone number and other information that would allow us to contact you.
- Organisational data, e.g. the name of the company you represent, your title and place of work.
- Contractual data, e.g. personal information included in agreements between us and the company you represent.
- Messages and documents, e.g. personal information included in emails and attached files, text messages, letters and documents you share with us.
- Personal interests and other individual data, e.g. preferred language, photos, hobbies and interests.
- Notes, e.g. memory notes taken during phone calls or meetings, including the date, time and subject of the conversation. We do not audio record any calls.
- Event data, e.g. information related to event registration, including allergies and other food preferences.
Sensitive personal data. We do not seek to collect or otherwise process sensitive personal data about you. If we need to process your sensitive personal data, we will inform you of such processing in advance. Since email communications are not always secure, we encourage you to not include sensitive data in your emails to us.
5. How do we use your data?
How we process your personal data will depend on the nature of our relationship. For example, we may process your personal data for the following purposes:
- To initiate and manage our business relationship. We will process your personal data to manage our business relationship with you and the company you represent. For example, we will process your data to negotiate and enter into commercial agreements with the company you represent and to fulfil our promises and obligations under such agreements.
- To communicate with you. We will process your contact details and messages to communicate with you and answer the incoming correspondence we receive. When we talk on the phone or in person, we might take notes to help us remember and follow up on the matters we discussed.
- To manage our daily business operations. We will process your personal data to manage our daily business operations according to lawful and fair business practices, like billing for our services, calculating taxes, or conducting required audits. This may also include sending you emails, invoices and reminders about outstanding payments.
- To provide you with customer success services. We will process your personal data for customer success purposes, including responding to your enquiries. This typically requires the use of your contact details, organisational data, messages and notes from our previous meetings. Please note that when we process your personal data for technical support and customer support, we normally act as the data processor on behalf of the company you represent.
- To promote our services (direct marketing) and invite you to events. We may use your contact details to contact you by email or phone, to introduce ourselves and tell you more about our services. Where we have an ongoing business relationship with you, we may also send you periodic newsletters, information about our services and invitations to events. You can always ask us to stop sending you emails or contact you.
- To invite you to participate in our surveys. We may use your contact details to invite you to participate in our customer satisfaction surveys and similar surveys.
- To protect our legitimate interests. We will process your personal data when necessary to protect or exercise our rights or business interests, e.g. to defend us against claims from you or third parties.
- To meet legal requirements. We will process your personal data when necessary to comply with our legal obligations under laws, court rulings or other appropriate legal mechanisms, e.g. to respond to lawful requests by public authorities.
We process your personal data based on our legitimate interests. For example, we have a strong interest in promoting and keeping you up to date on our services and in creating or maintaining good business relationships with our customers, suppliers and other business partners. When we process your personal data for accounting, tax and other legal purposes, we do so to comply with our legal obligations.
6. How long do we keep your personal data?
How long we need to keep your data depends on the context and cannot in all cases be specified in advance. Generally, we keep your personal data for as long as we have an ongoing legitimate business need to do so.
- During our business relationship. We keep your contact details and other relevant information until we no longer conduct business with the company you represent. If you leave your current job/position, please let us know.
- Liability periods and claims. Normally, we also keep your contact details, messages, notes and other relevant information during warranty or liability periods (even after our business relationship has ended). Should any relevant legal claim be brought, we may also continue to process your personal data for such additional time necessary in connection with that claim.
- Communication and direct marketing. We will process your contact details and messages for as long as motivated by the context. We will stop using your contact details for direct marketing purposes when you ask us to stop contacting you or unsubscribes from our mailings.
- Tax and accounting. We may keep your personal data (e.g. invoices and other accounting data) longer where necessary to comply with our legal obligations under tax and accounting rules.
We regularly review our need to keep your data, taking into account the applicable legislation. When we no longer need your data, we will either delete or render it anonymous.
7. Who can access your data?
We will never sell your data. However, sometimes we share your information with trusted parties. For example, your personal data will be shared with:
- Our employees and consultants. We share your personal data with our employees and consultants on a need to know basis. For example, our customer success team will have access to your contact details and other data to provide you with customer success services.
- Group companies. We will share your personal data with other companies within Visiba Group, e.g. our subsidiary companies.
- Service providers. We will share your personal data with service providers who provide us with IT services like email, billing system, document hosting, backup services, etc. Our service providers and their selected staff are only allowed to access and use your data on our behalf for the specific tasks that they have been requested to carry out, based on our instructions.
- Banks, legal advisors and other suppliers. We may share your personal data with legal advisors and accountants, banks, auditing firms, debt collection companies or transport service providers. Normally, these recipients will be responsible (data controllers) for their processing of your personal data.
- Public authorities. Legal obligations may require us to share information about you, e.g. to respond to lawful requests from law enforcement agencies, regulatory agencies, and other public and government authorities. Public authorities are responsible (data controllers) for their processing of your personal data.
- Legal process. We may disclose personal data about you to courts, legal advisors and other parties when needed in connection with a legal process, e.g. to enforce our terms and conditions and to protect our rights.
- Business transfers. We may share or transfer your personal data in connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
- Other parties. We may also share your personal data when you ask or permit us to, e.g. when we make a referral to another company. You may also be included in email conversations together with other external parties.
8. Where do we store your data?
We always strive to store your personal data within the EU/EEA. However, your personal data will in certain situations be transferred to and processed outside of the EU/EEA. For example, we use Zendesk as our customer support system, who will process your data in the U.S.
Please note that privacy laws in countries outside of the EU/EEA may not be the same as, and in some cases may be less protective than, privacy laws in your country. However, we will always ensure that your personal data is processed safely and that adequate safeguards (e.g. EU standard Model Clauses and Privacy Shield) are in place to protect your personal data.
You can always contact us for more information about the applicable safeguards.
9. What are your rights?
Where applicable to you, you have the following rights in respect of our processing of your personal data:
- Right to object. You have the right to object to processing based on legitimate interest. You can contact us for more information on the balance test that we have made. You also have an absolute right to object to direct marketing.
- Right to access and transfer your data. You have the right to ask us for copies of your personal information. There are some exemptions, which means you may not always receive all the information we process. You may in certain circumstances also have the right to transfer your information to another data controller.
- Right to rectification. You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Right to erasure (‘right to be forgotten’). You have the right to ask us to erase personal information about you in certain circumstances. Normally, we will honour your request unless deleting the information prevents us from carrying out necessary business functions.
- Right to restriction. You have the right to request that the processing of your personal data should be limited until inaccurate or incomplete information about you has been corrected, or until an objection from you has been handled.
- Right to withdraw your consent. You may at any time withdraw any consent you have given us. However, please note that it will not affect any processing that has already taken place.
You can read more about your rights here.
10. How do we protect your personal data?
We want you to feel confident about providing us with your personal data at all times. We have taken appropriate security measures to protect your personal data against unauthorised access, alteration and erasure.
Should a security breach occur that may materially impact you or your personal data (e.g. risk of fraud or identity theft), we will contact you to explain what action you can take to mitigate any potential adverse effects of the breach.
Should you feel that we have not complied with our obligations regarding your personal data, please let us know, and we will do our best to make you happy again.
You may also raise your concern with Datainspektionen (the supervisory authority in Sweden) or with the supervisory authority in the country where you live or work.