POLICY
Processing personal data

On this day, 25th May 2018, the following policy (“Personal Data Policy”) has been established for the Intersolia Group including Intersolia Ltd.

Purpose
We care about your privacy. You should feel safe and secure when you trust us with your personal data. Therefore, we have created this policy. It is based on existing personal data legislation and clarifies how we work to protect your rights and your privacy.

Personal data means all types of information that can directly or indirectly be attributed to a living real person (“Personal data”).

The purpose of this policy is that you should know how we process your personal data, what we use it for, who may use it, in what circumstances and what your rights are.

If you have a question that is not answered here please get in touch with us. You can find information about how to contact us under “Contact details” below.

Background
We primarily process your personal data in order to fulfil our obligations to you. We do not process more personal data than is required to meet those purposes (information about what purposes we handle personal data for is under the section “What we use personal data for” below) and we always strive to use the least sensitive personal data.

We also need your personal data to provide a good service, for example for marketing, follow-up and information. We may also require your personal data to fulfil legislation and to carry out customer and market analyses.

You have the right to oppose us processing your personal data. When we gather personal data about you for the first time you will receive more information about it and how you can exercise your rights.

Guidelines
What personal data do we process?
We only process personal data when we have legal grounds for processing it. We do not process personal data in cases other than when it is required to fulfil contractual and/or legal obligations, if we have not had your stated consent. The following are examples of the personal data that we process:
• Name
• Address
• E-mail address
• Telephone number
• Fax number
• Date of birth
• Title
• User name
• Data that you entered yourself and willingly volunteered
• Content that you publish yourself, user generated content

Certain information can be retrieved automatically, for example information about your use of our systems, products and services, localisation information, information about network and device performance, language and information about identification and operating system. We will use Cookies and similar technology to gather this information. More information about the use of Cookies is available under the section “Cookies”.

Sensitive personal data
Sensitive personal data is information that reveals race or ethnic origin, political opinions, religious or philosophical beliefs or union membership, and personal data that refers to health or sex life (below “Sensitive Personal data”). Information about health could be sick leave, pregnancy and doctor’s appointments.

Depending on what information you choose to share with us we can process Sensitive Personal data.

How do we have access to personal data?
Most personal data that we process is based on a contract and/or legal requirements. In those cases where we need to, we try as much as possible to obtain your consent before we start to process your personal data. We do this by allowing you to fill in specific consent clauses in cases where the process requires consent.

You can withdraw your consent at any time. We will then no longer process the personal data that was covered by your consent or retrieve new personal data, on the condition that it is not required to complete our legal or contractual obligations. Remember that withdrawing your consent may mean that we cannot meet our obligations to you.
We also have access to your personal data in the following way:

• Data that you supply to us directly
• Data that is registered when you visit our website
• Data that we retrieve from public registers
• Data that we receive when you employ one of our colleagues
• Data that we receive when you subscribe to our courses or seminars
• Data that we receive when you subscribe to newsletters and other mailings
• Data that we receive when you respond to surveys and investigations
• Data that we receive when you contact us, apply for employment with us, visit us or contact us in another way

What do we use personal data for?
We will process the personal data we collect for the following purposes;

1. To communicate with you.
2. To supply our systems, products and services and to ensure their functionality.
3. Analyse your use of our systems, products and services and to improve our systems and develop new products and services.
4. Administer your account and use of our systems, products and services, and communicate with you, for example via notifications, e-mail and in other ways.
5. Inform you of updates to our systems, products and services.
6. Marketing our systems, products and services, including functions and content in our systems, products and services.
7. As otherwise stated in the Personal Data Policy.

Personal data that is processed with the purpose of marketing our systems, products and services, including the function and content of our systems, products and services are processed based on our legitimate interests to market our operations and our systems, products and services, including the function and content of our systems, products and services.

We save your personal data for as long as you use our systems, products and services and for twelve (12) months after you have stopped using our systems, products and services. If you request it we will permanently erase your personal data. We are obliged by Swedish law to retain certain personal data for longer than a twelve (12) month period.

If we cannot process your personal data we cannot provide you with our systems, products and services. Your privacy is very important to us and we will handle the personal data that you share with us with great care and in line with “best practice”, the Personal Data Policy and applicable legislation and regulations.
Without your consent we will not divulge your personal data to anyone other than so stated in the Personal Data Policy.

Which data do we give to you?
When we collect your personal data for the first time we will inform you how we obtained your personal data, what we will use it for, what rights you have under the General Data Protection Regulations and how you can exercise these. You will also be informed who is responsible for personal data processing and how you can contact us if you have questions or need to submit a request or inquiry that refers to your data and/or rights.

Is your personal data processed in a reassuring way?
We follow routines and work processes so that your personal data is handled in a safe way. The starting point is that only employees and other persons within the organisation that need personal data to carry out their work tasks shall have access to them.

Regarding sensitive personal data we have introduced special authorisation checks, which means greater protection for your personal data.
Our security system is developed with a focus on your privacy and protects to a high degree against hacking, interference and other changes that could compromise your privacy.

We take all appropriate technical organisational safety measures that are required to protect personal data against unauthorised access, modification or interference. There is however always a risk in submitting personal data via digital channels as it is not possible to completely prevent technology systems from being hacked. We do not transfer personal data in other cases than those specifically stated in this policy.

When do we give out your personal data?
Beyond what is stated in the Personal Data Policy we will not share the personal data you supply to us with any third parties.
We will not share the personal data you supply to us with any third parties other than (i) when there is specific agreement between you and us, (ii) when it is necessary to defend your rights, (iii) if it results from legal obligation, authority’s decision or court decision or (iv) if we appoint an independent supplier for services in connection with our systems, products and services our for-marketing purposes. These suppliers can handle personal data and sometimes requires limited access to personal data that is collected via our systems, products and services. We always strive to limit such access to personal data and only share information that is necessary for the suppliers to do their work and provide their services. We also require that these suppliers (i) protect your personal data in accordance with the Personal Data Policy and (ii) do not use or divulge your personal data in any other way than that provides us with the agreed products or services.

If you request it, we will permanently erase your personal data that is processed with the purpose of marketing our systems, products and services, including functions and contents of our systems, products and services. We may transfer personal data to a third country (a country outside the EU/EES). In those cases where we choose to use suppliers outside the EU/EES, for example cloud service providers or sub-contractors that provide support services, we will in such cases take all reasonable legal, technical and organisational measures to ensure that your personal data is processed safely and with an adequate level of security.

Erasing personal data
Your personal data will not be stored for longer than is necessary with reference to the purpose of the processing and we will otherwise erase personal data in a way that follows applicable legislation.

Right to request information
Once per calendar year you have the right, cost-free, to request information of what personal data we process about you and also to have any incorrect information corrected. If you wish to know whether we process personal data about you, you can send a written and signed request to us (see “Contact details” section below).

Links
Our digital channels may contain links to other websites provided by other companies. This Personal Data Policy does not apply to these web sites. You should therefore check the Personal Data Policy of each website before submitting any personal data.

Cookies
We collect information using technology such as cookies, beacons and local storage (for example on your web browser or device). In the Personal Data Policy we use the term “Cookies” for all technology, including data and text paragraphs, that we store in your web browser or device.

A Cookie is a small text file that is stored on your computer, telephone or other device when you visit a website. Cookies can, for example, help us to recognise you the next time you visit our website, but also allow us to offer a more secure and reliable service.

We use functional Cookies to manage certain functions in our systems, products and services, so that your choices and settings will be remembered when you use our systems, products and/or services again. In order to maintain and improve our systems, products and services we use Cookies for analysis, to measure the demand for and use of our services and how they function when they are used.

Most web browsers allow you to choose how to manage Cookies. You can set the web browser to refuse to accept Cookies, or to remove certain Cookies.
If you choose to block Cookies parts of the functionality in our systems, products and/or services will be degraded or disappear.

Security
We take all appropriate technical organisational safety measures that are required to protect personal data against unauthorised access, modification or interference. There is however always a risk in submitting personal data via digital channels as it is not possible to completely prevent technology systems from being hacked.

Liability
Intersolia Ltd are personal data controllers, which means that we are responsible for how your personal data is processed and that your rights are maintained.
Personal data incident

In case of breach of security relating to Personal Data, for example a computer hacking or an accidental loss of Personal Data, we are obligated to document the breach of security and report it to the inspection authority within 72 hours. We may also need to inform you, for example if there is a risk for identity theft or fraud.

Change in Personal Data Policy
Should we need to make changes to the Personal Data Policy we will inform you of this and inform you of the content in the new conditions that you approve.

Invalid stipulations
If an authorised court finds any stipulation in the Personal Data Policy invalid, this shall lead to the reasonable adjustment of the stipulation in question. Other stipulations will remain in full force and effect.

Applicable law
Personal Data Policy is governed by and interpreted in accordance with English law, without application of rule for conflict of laws.
Disputes or requirements that arise regarding or in conjunction with the Personal Data Policy, or the breach, termination or invalidity of these conditions must be finally determined by English courts.

Inspection Authority
For more information relating to the current legislation, our responsibility when processing the Personal Data and your rights as a data subject, please visit the inspection authority’s homepage.

Contact details
If you have any questions regarding the Personal Data Policy or have any other questions regarding our processing, please contact us on:

Intersolia Ltd, org.no. 5114737
76 King Street
Manchester
M2 4NH
gdpr@intersolia.com