What is personal data?
Personal data is any information that can be directly or indirectly linked to a living person, using other information. This means that, for example, data such as name, contact details, and IP addresses constitute personal data.
What is meant by processing?
Processing of personal data involves all actions taken with the data, such as storing, collecting, registering, deleting, or printing the data.
We process your personal data when you provide them to us yourself or when we receive them from someone else (a so-called third party), in the manner described in this Policy. We process your personal data as the data controller and therefore have an obligation to ensure that the processing takes place in accordance with this Policy and the applicable data protection legislation at all times.
We care about your privacy and take data protection issues very seriously. This Policy therefore provides information on, among other things, the categories of personal data we process, the purposes for which we process them, and the legal basis for the processing. We also describe who may access and process the data, the principles of data retention, the third parties with whom we may share personal data, where personal data is processed, and your rights as a data subject, including the right to information, rectification, and erasure, etc. We ask that you carefully read and familiarize yourself with the contents of this Policy, as it applies to all our processing of personal data.
We may occasionally need to update or change the Policy. If we make minor changes, we will indicate the date from which the updated Policy applies at the top of the document. Our processing of your personal data will then be carried out in accordance with the updated Policy. You can always find the latest version of the Policy on our website.
If we make significant changes or intend to use your personal data for purposes other than those for which we collected them, we will inform you in an appropriate manner, either by email (if possible) or by posting a message on our website. The information will include details of the changes we have made and the purposes for which we will use your data in the future. If necessary, we will also obtain your consent before using your personal data for the new purposes.
We hope that this Policy answers your questions about our processing and protection of your personal data. If you have any further questions or concerns, please do not hesitate to contact us at email@example.com.
2. How we process your personal data
In this section, we describe the categories of personal data we process, the purposes for which we process them and the processing activities we perform, the legal basis for our processing, and the period for which we retain the data.
2.1 Contacts at customers and partners
The following applies to contacts at customers and partners.
2.5 Inrego’s role as a data processor
If we have been hired by a customer to receive and handle IT equipment for sustainable reuse, we process the personal data on the IT equipment as a data processor, since in such a situation the customer is the data controller for the processing. Our processing of personal data on the IT equipment is then regulated in a data processing agreement between us and the customer.
2.6 Processing of personal identification number (PIN)
To the extent that we process PIN without your consent, this will only be done when it is clearly justified with regard to the purpose, the importance of a secure identification, or some other significant reason.
2.7 Direct marketing
We may use your personal information for direct marketing via mail, email, telephone and other electronic means if you have previously made a purchase from us, if you are a contact person for a customer or business partner, or if you have provided your email address on our website. You have the right to object to the use of your information for such purposes free of charge, and each communication from us for marketing purposes contains an option to unsubscribe, known as an opt-out. You also have the right to object to the processing of your personal data for direct marketing. If you choose to unsubscribe from future communications, we will make a note in our business systems to stop directing marketing to you. See more about revoking consent in section 6.7.
3. Protection of your personal data
We have implemented several security measures to ensure that our processing of personal data is conducted in a secure manner and to protect the personal data we process against unauthorized access, unauthorized processing, and misuse. For example, access to the systems in which the personal data is stored is restricted to our employees and service providers who need access to the data within the scope of their duties. These individuals are also informed of the importance of maintaining the security of personal data. We also continuously monitor our systems to detect vulnerabilities and to protect your personal data.
4. Who we may share your personal data with?
In order for us to provide our services and send out marketing, we share your personal data with third parties. The following applies to this:
a) Consultants and service providers that we use in certain parts of our operations; we share personal data with these providers primarily for IT operation services (such as data storage, support, maintenance and development), communication services, as well as marketing services such as conducting customer surveys and administering marketing campaigns.
b) Logistics companies in connection with delivery, financial companies in connection with financing purchases, credit rating agencies in connection with credit purchases or entering into agreements, insurance companies in connection with signing insurance policies, and auditors in connection with auditing Inrego's operations.
c) IT security providers; we share personal data with IT security providers when necessary by law to protect you or our customers and partners or to protect our services.
d) Government agencies (such as the Police and the Tax Authority); we share personal data with authorities if necessary to protect our legal interests, if we are required to do so by law or government decision, or in case of suspected crime.
e) Other companies within Inrego Holding AB acting as data processors for Inrego AB in order for us to fulfill the different purposes stated in this policy.
Most of the third parties with whom we share personal data as described above are what is known as data processors in relation to us. They are only allowed to process the transferred data on our behalf and in accordance with our explicit instructions. We only transfer your personal data to such data processors for purposes that are compatible with the purposes for which we collected the data, and we ensure through written agreements with the data processors that they undertake to comply with our security requirements and limitations, as well as requirements regarding international transfer of personal data.
Authorities and in some cases also companies to whom we transfer personal data as described above may be independently responsible for the transferred data. When your personal data is transferred to someone who is an independent data controller, we do not control how the data is subsequently processed, and the responsibility for this then falls on the authority or company to which the transfer was made, including, among other things, the obligation of that authority or company to inform you about its processing of your personal data and to ensure that the processing is lawful.
We do not sell personal data to third parties without permission. If all or part of our business is subject to sale, merger or bankruptcy, personal data may be transferred to third parties in connection with this.
5. Where we process your personal data
Our goal is always to process your personal data within the EU/EEA where all our own IT systems are located. However, it may occur that your personal data is shared with data processors who are established or store information in a country outside the EU/EEA, either themselves or through subcontractors. In such a case, we will take all reasonable legal, organizational, and technical measures required to ensure that the level of protection for the processing is equivalent to that within the EU/EEA. This will either be done through a decision by the EU Commission that the country in question provides an adequate level of protection or through the use of appropriate safeguards such as standard contractual clauses or approved codes of conduct in our agreements with such data processors.
You can read more about the third countries that the European Commission has deemed to ensure an adequate level of data protection at https://ec.europa.eu/info/law/law-topic/data-protection_sv
6. Your rights as a data subject
In this section, we describe the rights you have as a data subject. You can always exercise these rights by contacting us via firstname.lastname@example.org or by sending a letter to Inrego AB, Kemistvägen 3, 183 79 Täby, marked "Att: GDPR". To handle a formal request promptly and with quality, we ask you to formulate your request clearly, especially regarding which right you wish to exercise and with which information you want us to identify you in our records. If you also know that you appear in more than one of our records, for example, if you are a customer or a business partner in several of our business areas, we would appreciate it if you also include this information. This is because we generally avoid linking records more than necessary for our operations.
6.2 Right of access
If you want to know what personal data we process about you, you can request access to the information. The information will be provided in the form of a record extract that specifies which personal data we process, for what purposes we process them, where the information was obtained from, which third parties the information has been transferred to, and how long the data will be stored. If your request is made in electronic form, the information will be provided in an electronic format that is commonly used, unless you request otherwise.
6.3 Right of rectification
You have the right to have incorrect information about you corrected without delay. You also have the right to complete incomplete information.
6.4 Right to erasure
You have the right to have your personal data erased without undue delay if one of the following applies:
a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
b) you withdraw your consent to a processing based on consent and there is no other legal ground for the processing;
c) you object to a processing based on a balancing of interests and your objection outweighs our legitimate interests;
d) the personal data have been processed unlawfully;
e) the personal data must be erased in order for us to comply with a legal obligation.
6.5 Right to restriction of processing
You have the right to request restriction of the processing of your personal data if any of the following apply:
a) you contest the accuracy of the personal data, for a period enabling us to verify the accuracy of the data;
b) the processing is unlawful, and you oppose the erasure of the personal data and request the restriction of their use instead;
c) we no longer need the personal data for the purposes of the processing, but you require them for the establishment, exercise or defense of legal claims;
d) You have objected to processing based on a balancing of interests, and we are assessing whether our legitimate grounds for processing outweigh your legitimate interests.
Where processing has been restricted under this point, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the EU or of a Member State.
6.6 Right to data portability
In cases where our processing of personal data is based on your consent or performance of a contract, you have the right to request that the data concerning you and that you have provided to us be transferred to another data controller. However, a prerequisite for this is that the transfer is technically possible and can be done automatically.
6.7 Withdrawal of consent
In cases where our processing of your personal data is based on your consent, you always have the right to withdraw your consent at any time. Such withdrawal of consent does not affect the lawfulness of processing that occurred based on your consent before it was withdrawn. If you withdraw your consent, we will no longer process the personal data that is based on the consent, unless we are legally obligated to continue processing them. If our legal obligations prevent us from deleting your data, we will instead mark them so that they are no longer actively used in our systems.
You can send an email to email@example.com at any time to withdraw your consent. We will promptly respond to your request.
6.8 Right to lodge a complaint
If you believe that we are processing your personal data in an incorrect manner, you can, in addition to contacting us, lodge a complaint with the Swedish Data Protection Authority (Integritetsskyddsmyndigheten).
You have the option to change the settings in your browser for the use and scope of cookies. An example of such an adjustment is to block all cookies or to delete cookies when you close your browser. Then no cookies will be stored, but you will not be able to use certain parts of our website and all parts of it will not function correctly.