Privacy policy - Cyklos

Privacy policy

Your privacy is of the utmost importance to us. The following privacy policy seeks to explain in an easy-to-understand manner how Cyklos AB, org. no. 556830-1880, securely processes and protects your personal data.

Data Controller

Cyklos is the Data Controller for personal data processed on you, and is responsible for ensuring that such processing takes place in accordance with applicable law.

Definitions

Personal data

Personal data is any kind of information that can be directly or indirectly attributed to a natural person who is alive. This includes, for example, your name, social security number, address, email address and phone number. Other examples include reservation numbers and encrypted information, different types of electronic identities, such as IP numbers, if they can be linked to natural persons.

Indirect personal data can include an address, a car’s registration number, or a reference number. Any form of data linked to an individual but indirectly.

Processing

‘Processing’ refers to everything we do with personal data. Examples include: collection, registration, storage, processing and dissemination.

Data Controller

A Data Controller is responsible for the personal data processed. It also determines the purpose of processing, which personal data are requested and how processing is conducted.

How do we collect your personal data and what personal data do we collect?

Personal data gathered from sales

We collect personal data required to fulfil your order. This means that we collect personal data from the contact person and other persons involved in the transaction. Such data includes name, title, email and phone number.

Personal data from personal contact

We collect personal data from you when you contact us via such channels as customer service, email, telephone, or in other ways. We collect name, email, telephone number and any customer or order number provided.

Personal data when registering for newsletters and downloading white papers

When you subscribe to our newsletter and download white papers, names and email address are collected. Phone numbers are also collected if you choose to enter them.

Data collected from someone other than you

When we attend trade fairs, we collect personal data from external sources e.g. through attendance lists. Data are also collected from external sources such as Byggfakta, PAR and Bisnode, which are then imported into our customer register.

Why do we use your personal data?

In order for us to process your personal data, there must be a legal requirement – a legal basis for processing. In order for our processing of your personal data to be lawful, we have to comply with a contract or other legal obligations. For example, a legal obligation may be that personal data have to be saved to comply with the rules contained in the Accounting Act.

Your personal data can also be processed in response to the weighing of interests, when Cyklos’ interests in processing of data are weighed against yours concerning the protection of privacy, or after you have given consent to processing.

Below are the purposes for which we process your data and the legal basis on which we do so.

Sale

When selling products and order processing, we process personal data to effectively administer the order, and to manage contact with you during the purchase and warranty period. Order processing involves obtaining voluntary consent from you. According to what you have consented to, we use your personal data in accordance with the voluntary consent. We may also process personal data on the grounds of legitimate interests in being able to provide you with good and effective order processing.

The legal basis for processing is consent and legitimate interest.

Customer service and personal contact

We process your personal data to provide you with the best form of customer service. Processing is done in order to effectively answer your questions.

The legal basis for processing is consent and legitimate interest.

Direct marketing

We process your personal data in order to promote our products and services directly to you. We direct market through such channels as letters, personal contact and mailing newsletters.

The legal basis for processing is consent and legitimate interest.

Legal obligation

In some cases, we may have a legal obligation to process your personal data. Examples include the processing of personal data we have to perform to meet the requirements of the Accounting Act.

Consent

When you consent to us processing your personal data in accordance with the purposes set forth above, you agree to:

We can process your personal data in accordance with this privacy policy
We can contact you by email or phone
We can send direct marketing to you via email about our products
That we have the right to send newsletters on a regular basis to the e-mail address given. (If you wish to unsubscribe, you can click on the link provided in each newsletter at any time).

How long do we save your data?

We store your personal data for the purposes set out above.

Upon obtaining consent, your data will be stored for up to five years after our last contact with you.
Personal data processed on the basis of our legitimate interest in the purchase process will be retained for up to three years after our last contact with you.
Personal data processed in the pursuance of customer service or other personal contact on the basis of our legitimate interest will be retained for up to three years after our last contact with you.
Data collected from external marketing source will be retained for up to three months after collection.
If you subscribe to our newsletter, your personal data will be retained as long as you subscribe to the newsletter.
Where there is a legal obligation under law or regulation, we will save the personal data for as long as the law so requires.

To whom do we disclose your data?

We use a number of IT providers and systems. Some of these store and process personal data. We protect your privacy and security and therefore choose our suppliers with care. When we use cloud-based solutions, it implies that we transfer personal data to external suppliers. Such suppliers will then become our personal data processors and cannot use your personal data for any purpose other than to provide a service to us or according to the instructions we provide. They shall also be able to provide sufficient guarantees that the processing of personal data complies with the requirements of the Data Protection Regulation. This is regulated in personal data processing contracts we have with those suppliers.

We use MailChimp to distribute our newsletter. Their physical servers are located in the United States, which means that personal data is transferred to a country outside the EU/EEA zone. MailChimp is affiliated with the Privacy Shield and the transfer to third countries complies with the rules of secure data transmission in accordance with GDPR. Learn more about MailChimp’s security here.

We will not sell your personal data to third parties.

Your rights

Cyklos is responsible for the processing of your personal data in accordance with applicable law.

The law provides a number of rights to which you are entitled and actions you may request

The right to information

You have the right to request confirmation of whether we process personal data on you and if so, we will inform you of how your personal data is processed. You also have the right to receive a copy of the data we process.

Right to rectification

We have a responsibility to ensure that the data we process is accurate, but customers also have the right to supplement any data that is missing and relevant. If you discover incorrect personal data about you, you are entitled to request correction. When such personal data are corrected, we will pass on details to anyone to whom we have disclosed the personal data, except where that would prove impossible or would entail excessive effort.

Right to deletion

You have the right to contact us to request deletion of your personal data:

If the data are no longer needed for the purposes for which they were collected.
If processing is based solely on your consent and you revoke that consent.
If processing is for direct marketing and you are opposed to your data being processed.
If you oppose personal data processing that occurs after weighing of interests and there are no legitimate interests that outweigh your interest.
If processing of your data has not complied with applicable law.
Deletion is required to comply with a legal obligation.

If your data are deleted, we will notify anyone to whom we have provided data on you. However, this does not apply if that would prove impossible or would entail excessive effort.

The right to object

You have the right to object to your data being used for direct marketing purposes. You can do so by contacting us at Cyklos. If you object, we will no longer process data for that purpose.

You also have the right to object to processing performed on the basis of weighing of interests. If you object to such processing, we will only continue if there are legitimate grounds for doing so that outweigh your interests.

The right to restriction of processing

You have the right to request a temporary restriction on the processing of your data. Processing can be limited in the following situations:

When you believe that your data is incorrect and you have therefore requested rectification by us. You can then request that the processing of your data be limited while we investigate.
When data processing is illegal but you are opposed to your data being deleted and instead request restricted use.
If you want us to retain your data for you to use them to determine, enforce or defend legal claims, even if we do not need them anymore.
Once you have objected to processing of your data, we will continue processing for the duration of verification.
If processing of your data is temporarily restricted, we will notify anyone we have disclosed them to accordingly.

The right to data portability

You have the right to data portability. This means that, under certain conditions, your personal data can be extracted and transferred in a structured, widely used and machine-readable format to another data controller.

The right to withdraw consent

You have the right to revoke your consent at any time. Please contact us by phone or
email to do so.

The right to complain to the Swedish Data Protection Authority

If you believe that your personal data is being processed in violation of applicable regulations, you should report it to us as soon as possible. You can also file a complaint with the Swedish Data Protection Authority (www.datainspektionen.se).

Contact details

Data Controller, Cyklos AB

Cyklos is the Data Controller responsible for the personal data processed. We decide the purpose and manner of processing.

Cyklos AB
Org. no.: 556830-1880
Skogsborgsvägen 16
647 31 Mariefred

Phone: 08-684 050 60

If you have questions or wish to exercise your rights