Privasee

Privacy Notice

Last updated 18 January 2021

When this applies to you?

This Privacy Notice applies to the collection and use of your personal dataIt also explains your rights in relation to us and how you can exercise your rights. 


The type of information we collect will depend on the circumstances and the service you are using, e.g. we collect analytics data when you visit our website and other data when you contact us directly.


Privasee will maintain and process all your personal data (i.e. all kinds of information that links directly or indirectly to you as an individual in compliance with the EU General Data Protection Regulation (GDPR). Privasee will not pass on your personal data to third parties, other than as explicitly described in this policy. 


Our website contains links to other websites. Once redirected to another website, this notice is no longer applies.

What personal data do we collection and use?


When you use our services and browse our website or contact us, we automatically record information about your usage of those services, your browsing, your interaction with our emails as well as information about the device you are using and your internet connection.  We will use personal data that we collect, to provide, maintain, protect, improve, and promote our services in accordance with your preferences and as otherwise stated in this policy.  

 

If you use Privasee Services you will likely be processing personal data of other persons. In this relationship Privasee is acting as data processor. It is your responsibility to make sure that the processing complies with GDPR. Please refer to the Data Processing Agreement (DPA) between your organisation and Privasee for details regarding that relationship.   

 

Examples on collection/use of your personal data by our Services can include, but are not limited to: 

  • You are creating a user account in any of our services 
  • You are using any of our services 
  • Log-data when using our services  
  • You receive notifications,  
  • You contact us; 
  • You visit our website. 


Tracking technologies and cookies

We may use tracking technologies; such as tags and cookies. These technologies enable us to recognise your device and to track your interaction with our services, website, emails and adverts. The first time you visit this website you will be given the choice and information on a cookies function.  On subsequent visits you can deselect your choices using the cookie consent banner on the right of the page where you can also find detailed information on which cookies are used and why. 


Use of Privasee  Services

When a user normally an employee of a Privasee customer uses a our Services, like GDPR TotalTrust Portal, Helpdesk, GDPR training, the employer and user will share personal data with us. In these kind of transactions Privasee is a data processor, and the user/employee is the data controller. This relationship is detailed in the Data Protection Agreement between Privasee and its Customer. 


Sales or marketing

Whenever you visit any of our social media channels, we collect information that you have chosen to submit to us, e.g. names, addresses, email addresses, phone numbers and other personal data. We may also process information regarding your usage , such as transaction history and technical data relating to the device you are using , e.g. IP addresses, unique device ID and type of web browser.  

 

If you have clicked on one of our direct marketing communications, we may get access to contact information which forms part of your online profile (e.g. your name, email address, phone number and event business information). We use this information to supply you with the requested Service, and to supply you with marketing and offers about our Services. Opt out is provided in the communication. 


How long do we process your data?


We will process your personal data for the limited time needed in order to fulfil a specific purpose. in some cases we may need retain for a longer period if there is a legal reason. In particular, we process your data for: 


  • As long as required for a specific purpose; 
  • As long as you have an active subscription/account in any of our Services; 
  • As long as you have the MP App installed, and until you delete it (uninstall on your smart device or contacting us or by instructing us to delete data, for example by way of a right to erasure request), we will process the personal data we need to be able to deliver the Services to you; 
  • The purpose of complying with applicable laws, such as the GDPR, employment and book keeping.


Disclosure to third parties

We only share your personal data with third parties when necessary and according to the principles stated in this Privacy Notice. As a general rule, we do not disclose personal data to third parties, save from circumstances in which we share data with our partners and suppliers, as listed below:


Suppliers and subcontractors

Privasee may share personal data with the suppliers and subcontractors we use in order to provide our Services to you. Suppliers and subcontractors are companies who are only entitled to process the personal data they receive from Privasee. Examples of such suppliers and subcontractors are cloud services providing applications, and development software- and data storage, data analytics services.  

  

We may share personal data with suppliers to Privasee both inside and outside the European Economic Area (EEA). When we share your personal data, we take all reasonable contractual, technical, and organisational measures to ensure that your personal data is treated with an adequate level of protection and in accordance with the GDPR 

 

A list of service suppliers which are located outside of the EEA ar listed below. 


Zoho.com (US) and transfers for technical support in India

The GDPR compliance portal is developed on Zoho Creator Developer (Application as a Service) based in Zoho U.S. data centres. Encryption enabled at field-level when technically viable.

customers, partners, employees

  • Email address of admin user used as logon credentials.
  • Employee names which are active in GDPR compliance tasks.
  • Name, email, telephone, notes, relating to data subject exercising their rights under GDPR to your organisation. 

Zoho.eu (data stored in EU data centres) transfers for technical support in India

Operational purposes, e.g. Word, Excel, etc., are hosted Zoho WorkDrive.

customers, suppliers, sub-contractors, pro-bono contacts, investors

  • personal data which can be contained within communications documents, spreadsheets and slides

Helpdesk services are based on Zoho Desk.

registered users and employees

  • Name, email address, language, locale, optional personal data added to profile by user, e.g. bio.
  • Earned gamification points
  • Contributions to the Community
  • Questions/dialog between user and helpdesk personnel

Talent LMS (EU and US)

This is a cloud service which we use for the GDPR-privacy awareness training, that we call our DOVE.

customers, partners, employees

  • email address
  • full name
  • course completion success/failure
  • learning experience and outcome
  • gamification badges on success

Smartsupp.com  (EU and US)

All is processed in the EU except for Mailchimp which involves an international transfer.

website visitors

  • email address

monday.com (EU/EEA and US)

Project management tool

customers, partners, employees

  • email address
  • telephone number
  • full name
  • free-text fields

User Centrics GmbH

Cookie consent banner

website visitors

  • consent preferences

Security

We implement security measures appropriate to the size and nature of our business, all with the aim of keeping your personal data safe and secure. We maintain appropriate organisational, technical and contractual safeguards to protect against loss, misuse or unauthorised access, disclosure, alteration or destruction of the personal data we hold about you. It is also critical that we ensure the availability and resilience across our IT operations. We require that our service providers do likewise. 

Contact and your rights

If you would like to know what personal data we hold about you or would like us to delete your personal data from our records then please contact us.

If you are a customer, please contact Privasee's customer service or your key account manager. 


We will make reasonable efforts to supply, correct or delete personal data about you on our files. Please note that we are required to retain logs/evidence on data subject requests by law and/or for own legitimate business purposes. 


If you have a complaint you can contact Privasee's data protection responsible directly or send complaint to the Swedish DPA can be made using this link.