Privacy Policy
1. Background
1.1 Inrego collects, stores and uses personal data in connection with, for example, but not limited to, the purchase of our products and services, service matters, contracts, marketing, visits to Inrego or any other type of contact with Inrego.
1.2 Inrego considers it important that all those whose personal data we process should feel safe and confident in our intention and ability to process their information properly.
1.3 The purpose of this Privacy Policy is for Inrego to briefly describe to those whose information Inrego has collected, or may collect, and process how Inrego intends to comply with the personal data processing requirements set out in Regulation (EU) 2016/679 of the European Parliament and of the Council ("GDPR"), as applicable from 25 May 2018, and other personal data legislation in force at the time (collectively referred to as the "Applicable Law"). This Privacy Policy shall also briefly describe how Inrego intends to ensure adequate protection of the privacy and fundamental rights of individuals in relation to the processing of personal data in the context of the activities carried out by Inrego.
1.4 This Privacy Policy is in no way to be considered as legal advice or as an exhaustive or all-inclusive description of the rights and obligations arising from Applicable Law.
2. Responsibility
2.1 Inrego is normally the data controller for the data that Inrego collects and processes.
2.2 Inrego may, where the data subject is the controller of the personal data in question, in certain cases be regarded as a processor of personal data. In such cases, the controller should enter into a data processor agreement with Inrego.
2.3 The data controller is responsible for ensuring that Inrego has the right to process the personal data provided to Inrego.
3. Safety measures, etc.
3.1 Inrego shall take the technical and organisational measures that, taking into account the available technology and the cost of the measures, are required by Applicable Law in order to protect the personal data that are the subject of the processing.
3.2 Inrego shall take reasonable steps to comply with its obligations, taking into account the nature of the processing and the information available to Inrego, regarding:
(a) the security of the processing;
(b) notification of a personal data breach to the supervisory authority; and
(c) informing the data subject of a personal data breach.
4. Why Inrego processes personal data
4.1 Inrego processes personal data for various purposes as a necessary part of Inrego's operations. Below are some examples of the most common purposes.
4.1.1 Advice and contact prior to and in connection with the purchase or conclusion of a contract.
4.1.2 Execution of purchases and delivery of ordered goods or services.
4.1.3 Follow-up contact before, during or after delivery and in connection with service and warranty issues or customer satisfaction surveys.
4.1.4 Financial related processing such as invoicing, credit assessment, financing, leasing or renting.
4.1.5 Fulfilment of Inrego's obligations under law, such as the Accounting Act.
4.1.6 Marketing activities including targeted offers by post, email, online or by telephone.
4.1.7 To fulfil Inrego's other obligations in the contractual relationship with customers and partners.
5. Disclosure of personal data
5.1 Inrego may disclose personal data to third parties for various purposes when it is deemed necessary for the implementation of, for example, the purposes set out in paragraph 4. The following are some examples of the most common types of third party actors that may have access to and also process personal data.
5.1.1 Logistics companies in connection with deliveries, finance companies in financing purchases, credit rating companies in purchasing credit or concluding contracts, insurance companies in taking out insurance policies, auditors in auditing Inregos' activities, marketing partners in carrying out campaigns.
5.2 Inrego may also disclose personal data if it is necessary to protect Inrego's legal interests, comply with applicable legislation or requirements from authorities
5.3 Third parties in the form of consulting companies or other types of suppliers may also have access to personal data, if necessary, for example, in the development, service and operation of IT systems that form part of Inrego's business.
5.4 Inrego does not normally conduct business outside the EU/EEA but may need to disclose personal data to any of Inrego's suppliers and/or partners located outside the EU/EEA. Where personal data is to be transferred to such a country, Inrego will take steps to ensure that the personal data is protected in accordance with Applicable Law.
5.5 Inrego does not sell personal data to third parties without permission. If all or part of Inrego's business is subject to sale, merger or bankruptcy, personal data may be transferred to third parties in connection therewith.
6. Legal basis and storage
6.1 Inrego bases its processing of personal data on different legal grounds depending on the purpose. Below are some examples of the legal basis that may be applicable for different purposes.
6.2 Inrego processes personal data on the legal basis referred to as contract in accordance with Article 6(1)(b), recital 44 of the Applicable Law. This legal basis is applicable, for example, when Inrego processes personal data as part of the performance of contractual obligations towards customers and partners. This legal basis also applies to the processing of personal data prior to the conclusion of a contract where Inrego assesses that the data subject intends to enter into a contract.
6.3 Inrego processes personal data on the legal basis referred to as legal obligation in accordance with Article 6(1)(c), recital 45 of the Applicable Law. This legal basis is applicable, for example, when Inrego ensures compliance with legal requirements such as the Accounting Act.
6.4 Inrego processes personal data on the basis of the legal ground referred to as balancing of interests in accordance with Article 6(1)(f), recitals 47, 48, 49 and 69 of the Applicable Law. This legal basis applies, for example, to marketing activities.
6.5 Inrego may also process personal data on the legal basis of consent in accordance with Article 6(1)(a), recitals 32, 38, 42, and 43.
6.6 Inrego shall seek to limit its retention of personal data, both in scope and duration, to what is necessary for the purposes.
7. Rights
7.1 The data subject has rights in accordance with Articles 12 through 23 and Article 34 Applicable Law. The main rights of data subjects are:
(a) Access to the data subject's personal data in the form of an extract from the register describing, inter alia, the personal data held, the purposes of the processing and the third parties to whom personal data are disclosed.
(b) Erasure of personal data if they are no longer necessary for the purpose for which they were collected.
(c) rectification and/or completion of inaccurate and/or incomplete personal data.
(d) Restriction of processing for a particular purpose. For example, the data subject has the right to object to the use of personal data for direct marketing purposes such as e-mail offers.
(e) The right to lodge a complaint with the supervisory authority. The Data Protection Authority is the supervisory authority in Sweden.
7.2 The data subject's rights may be limited to some extent as required and/or permitted by Applicable Law. For example, Inrego may not erase customer data when it is required to comply with legal requirements such as the Accounting Act or to fulfil contractual obligations
7.3 When requesting the exercise of the rights of data subjects, the simplest way may often be to contact your main contact person or sales representative at Inrego.
7.4 If you wish to make a formal request to exercise these rights, please contact gdpr@inrego.se or send a letter to us at "Inrego AB, Kemistvägen 3, 183 79 Täby" marked "Att: GDPR". In order to be able to process a formal request quickly and with quality, we ask you to formulate your request with clarity, especially with regard to which right you wish to use and with which information you want us to identify you in our records. If you are also aware that you appear in more than one of our registers, for example if you are a customer or partner in more than one of Inregos' business areas, we would appreciate it if you would include this information as well. This is because Inrego generally avoids merging registers more than is necessary for its business.
7.5 Other
7.6 We at Inrego are humbled by the fact that there may be things we can do better and therefore welcome suggestions for improvement.
7.7 Inrego considers it likely that this Privacy Policy may be revised as legal practice, best practice in application and implementation and Inrego's operations and procedures evolve.