- DATA CONTROLLER
As an enterprise software solution provider, we offer our commercial clients with software products to support their digital transformation processes and to meet their needs. These products can be used to collect and process personal data of ‘end-users’; the data subjects which use the Services we offer to our clients of those their personal data are processed via our Services. Owing to the nature of our usual business model, we generally are not in the position of data controller in relation to the personal data of end-users. In most cases, our clients decide the purposes and the means of personal data processing activities conducted over our products. In other words, usually we will not be in direct relationship with our clients’ end-users. If you believe your personal data has been processed via our products and you wish to acquire further information on the data processing activities or you seek to use your data subject rights, we recommend you to refer to the privacy notices or policies prepared by our relevant client.
- PURPOSES FOR PROCESSING PERSONAL DATA
We may collect and process your personal data for various purposes.
- To advertise, market and publicise our products. We can send you marketing content about our new products, products that we believe you will be interested and benefit from, special offers or we can inform you about educational or similar events that we organise and send newsletters. You may solicit such content by subscribing to our newsletter through our website or we may send these communications based on our existing business relationship with you. You can always reject receiving marketing communication from us with the methods we will be informing you in the content of each of our messages.
- To respond to your requests or handle your complaints.
- To provide our clients and their end-users with our Services as well as, where required, to provide technical support in relation to our products.
- To carry out contractual processes with our clients. Including formation and performance of a contract. For such purposes, our business partners may share personal data of their authorised employees.
- For business and product development processes. In that regard, we may analyse the use of our apps, website or software. Also, we can analyse and process certain personal information to diagnose problems in our apps and website.
- To send business related communication messages such as regarding your payments or contract renewals.
- To carry out marketing research activities to better tailor our Services to the needs and expectations of our clients.
- To protect our and our client’s rights and interests. To this end we may carry out data processing activities to reduce and prevent fraud, piracy or other illegal conduct concerning our Services.
- To fulfil our legal requirements which we are subjected to. For example, we may process and share certain personal information to meet legal requirements arising out of tax laws or we may share certain information with public authorities where lawfully requested in the course of criminal investigations.
- For reporting and archiving purposes.
- RECIPIENTS OF PERSONAL DATA AND PURPOSES FOR TRANSFERING SUCH DATA
Chrisma may share your personal data among its global subsidiaries or with third party business partners, suppliers, legally authorized public institutions and authorized private persons within the scope of the purposes described above. In particular, some of the purposes for sharing your personal data are as follows:
- We procure information technology system support from third party service providers while we are providing our Services. For example, we may procure cloud services to store or process personal data. Thus, your personal data can be shared with such service providers during the course of supplying you with our Services.
- To comply with legal requirements we are subjected to. For example, to respond information requests made by enforcement authorities.
- To exercise, defend or protect our rights and interests. For example, we may share personal information with courts, enforcement offices or legal offices in relation to unpaid debts or illegal use of our Services.
- If our company goes under a merger get acquired by another company or transfer our certain assets or part of our Services, your personal information may be shared or disclosed to third parties that are involved in the transaction.
In cases where personal data we process are transferred to third countries, we will be doing so in compliance with cross border data transfer procedures set out under personal data protection regulations we are subjected to. Lastly, we do not sell, rent or in any way unfairly exploit the personal data belonging to any of our clients or end-users which we possess.
- METHOD AND LEGAL REASON FOR COLLECTING PERSONAL DATA
We are only permitted to process your personal data where we can rely on one or more legal basis as provided by privacy laws. We process personal data where at least one of the following conditions are met:
- It is necessary to enable us to perform our contractual commitments to you.
- It is necessary for us to comply with a legal obligation we are subjected to.
- It is necessary for us to exercise, protect or defense of our rights.
- It is necessary in our legitimate interests (e.g. to serve our customers properly, to improve and better our services, to market our services to our clients, to effectively manage our businesses).
- YOUR RIGHTS AS DATA SUBJECTS AS ENVISAGED UNDER ARTICLE 11 OF THE LAW
As personal data subjects, you are entitled to the following rights:
- To learn whether your personal data are being processed,
- To Request information, if your personal data have been processed,
- To Learn the purpose of the processing of your personal data and whether data are being used in compliance with such purpose;
- To Learn the third-parties to whom the data are transferred domestically or abroad,
- To request rectification of the processed personal data which are processed incompletely or inaccurately,
- To request erasure or destruction of your personal data under the conditions specified in the relevant legislation,
- To request the processes of correction, erasure and destruction under the relevant legislation are notified to third persons to whom personal data is transferred.
- To object to negative consequences to you that are concluded, as a result of analysis of the processed personal data through solely automatic systems,
- To demand compensation for the damages that you have suffered as a result of an unlawful processing of your personal data.
You may communicate your requests regarding your rights by sending an email to us at firstname.lastname@example.org or in writing to:
Chrisma Svets & Smide AB, Terminalgatan 2 521 36 Falköping
We will evaluate and conclude your request at least within 30 (thirty) days as stated under the Law. The aforementioned process is principally free of charge however, CHRISMA reserves the right to request for a fee based on the tariff determined by the Data Protection Authority.