Personal Data Policy
|2020-09-15 Hanna Sjöström|
We safeguard your privacy and will at all times ensure that your personal data is processed in a lawful manner, which inter alia means that:
- We treat personal data in a correct and open manner.
- We collect personal data for the legitimate purposes set forth in this policy, and do not treat the personal data in any way incompatible with these purposes.
- The personal data we process is adequate, relevant and necessary for the purposes for which they are collected and used.
- The personal data we process is accurate and updated if necessary.
Please see below for more information on how we process your personal data.
1. Who is responsible for your personal data?
GPX Medical AB (publ) is data controller for your personal data and is responsible for ensuring that the processing is conducted in accordance with applicable data protection regulations.
2. Whom do we process personal data about?
We process personal data regarding the following categories of persons:
- Visitors, i.e. private persons who visit and use our website.
- Marketing recipients; i.e. private persons who have registered to receive our newsletter or join our costumer club, or who we collect information about through our social media.
- Customers and partners, i.e. private persons who buy or otherwise show interest in our products or services, or private persons who represent our existing or future customers/partners.
- Suppliers, i.e. private persons who are representatives for our suppliers.
3. What personal data do we process about you?
We may treat both information that you submit to us and which we collect from you.
3.1 If you are a visitor
We may process the following personal data about you as a visitor:
- IP-number and information about your use of GPX Medical AB (publ)’s website.
3.2 If you are a marketing recipient
We may process the following personal data about you as a marketing recipient:
- Contact information, such as name, address, phone number, email address.
- IP-number and information about your use of GPX Medical AB (publ) website.
3.3 If you are a customer, partner, investor or supplier
We may process the following personal data, regarding you as a customer, partner, investor or supplier, or representative of such:
- Contact information, such as name, address, email address and phone number
- Personal identity number,
- IP-number and information about your use of GPX Medical AB (publ) website,
- Copy of ID card/driver’s license, and
- Payment data and information that reveals after a credit report.
4. Why and on what legal basis are we processing your data?
In order to conclude and manage agreements with you as a customer, partner or supplier, or a representative of such, we collect and process your personal data. The legal basis for our processing of your personal data is that it is necessary in order to fulfil our agreement with you or to take action before entering into such agreement. If you do not provide the above-mentioned personal data, we cannot offer our products and services or otherwise fulfil our commitments to you.
If you are a representative or contact person for an organization that is a customer, partner or supplier, the legal basis for our processing of personal data is a balance of interest, i.e. the processing is necessary for a purpose that concerns our legitimate interests in maintaining and fulfilling our contractual commitments. If you do not provide the above-mentioned personal data, we may not be able to fulfil our commitments to the organisation of which you are a representative.
We collect and process personal data belonging to you as a visitor, marketing recipient, customer, partner or supplier in order to assure the quality of our business, to contact you and/or to offer and promote our products or services to you. We may also send relevant offers to you in the form of, among other, newsletters, promotional offers through email etc. The legal basis is that such processing is necessary for our legitimate interest in being able to develop our business and meet your needs as well as promote products and services that we believe you may be interested in. Our interest of processing personal data for these purposes go beyond your potential interest of protecting your personal integrity, in light of the potential benefits that the marketing brings to you. However, you are entitled to object to the processing of your personal data for the purpose of direct marketing at any time.
Some personal data may be processed due to GPX Medical AB (publ) being required to fulfil certain legal obligations, such as personal data processed as a result of our accounting obligation or other obligations stated in law.
In addition to the above, it must also be added that GPX Medical AB (publ) may process personal data with the legal basis of consent, which in that case will be collected separately from this policy.
5. For how long is your personal data being stored?
GPX Medical AB (publ) does not save personal data longer than necessary in relation to the purpose for which the data is being processed. Therefore, we perform screenings of the personal data on a regular basis and remove data which is no longer necessary to process.
We save data about you as a customer, partner or supplier for as long as there is an active agreement. After the contractual relationship has ended, we save personal data for as long as a legal claim related to the agreement is or may be enforced. However, we may need to store personal data even after this time period, e.g. in order to manage warranties, insurance or deadlines for complaints, comply with legal requirements, handle other legal requirements that may be directed against GPX Medical AB (publ) and which do not derive from any agreement or to promote products or services and send offers that we believe you might be interested in.
We save data about you as a marketing recipient until you object to the processing of your personal data. If you object to the processing, we will delete your personal data as soon as possible.
We save data about you as a visitor up until you object to the processing of your personal data or for up to 24 months after your last visit to the website. If you object to the processing, we will delete your personal data as soon as possible.
6. Who has access to your personal data?
Your personal data may be submitted to and processed by third parties. These may include group companies, service providers, legal advisors, accountants, business consultants, authorities etc. Examples of situations when your personal data may be transferred to third parties are when such action is required due to law, disputes, authority requests or decisions or after a request by you, alternatively when so is required in order to fulfil GPX Medical AB (publ) legitimate interest. GPX Medical AB (publ) remains personal data controller for the personal data provided to the third parties, while the third parties, depending on the circumstances, become independent personal data controllers, personal data controllers joint with GPX Medical AB (publ) or personal data processor to GPX Medical AB (publ).
7. How and where do we store your personal data?
GPX Medical AB (publ) takes appropriate technical and organizational measures to prevent unauthorized or unlawful processing and access, loss, destruction or damage to personal data, thereby ensuring an appropriate level of security.
GPX Medical AB (publ) may process personal data within as well as outside of the EU/EEA. We will and must take necessary actions in order to ensure that the transfer of personal data is conducted lawfully and that the personal data will continue to be protected by the recipients outside of the EU/EEA.
We also use third party cookies which conduct cross-domain tracking in order for us to provide marketing to you on other websites or media channels.
We do not save your personal data regarding cookies. You may block cookies and still have access to most of our content on the website. If you choose to block cookies, however, it may impair the website’s functionality. To block cookies, you must change the security settings in your browser.
GPX Medical AB (publ) may process your personal data through profiling, such as analysis of how you use our website, which services and offers you have been interested in, details of your purchases etc. to provide you with offers that we think may interest you. You may at any time object to the processing of your personal data through profiling. However, if such treatment is necessary for the conclusion or performance of an agreement with you or if such treatment is permitted under applicable law, we may still continue with the processing.
10. What rights do you have as a data subject?
10.1 The right to access
You have the right to turn to us and request access to the personal data we process related to you. You also have the right to request information about, among other things, the purpose of the processing and the recipients of the data. GPX Medical AB (publ) will provide you with a copy regarding the processed personal data, free of charge. If you request further copies, we may charge an administration fee.
10.2 The right to rectification and limitation
You have the right to, without undue delay, have your personal data rectified or, under certain circumstances, limited. If you believe that GPX Medical AB (publ) is processing personal data regarding you which is inaccurate or incomplete, you may request to have the data rectified or completed.
10.3 The right to deletion
You also have the right to have your personal data deleted, e.g. if the data is no longer necessary for the purpose of the processing or if the processing is based on a consent which has been withdrawn. However, there may still be legal requirements or contractual relations preventing us from deleting your personal data.
10.4 The right to objection
You have the right, at any moment, to object to the processing of your personal data if the legal basis of processing is based on a balance of interests. You also have the right, at any moment, to object to the processing of your personal data if the data is processed for the purpose of direct marketing.
10.5 The right to data portability
You have the right to receive the personal data that you have provided to GPX Medical AB (publ) and have this data transmitted to another data controller (data portability), provided that such portability is technically possible, and that the legal basis for processing the data is consent or that it has been necessary for the fulfilment of an agreement.
10.6 The right to file a complaint
If you are dissatisfied with how we process your personal data, please contact us by using our contact information stated below in section 12. You also have the right to file a complaint regarding our personal data processing to:
Name: Datainspektionen, Box 8114, 104 20 Stockholm
Email address: firstname.lastname@example.org
11. Alterations of the policy
GPX Medical AB (publ) reserves the right to alter and update the policy. If the policy is materially altered or if current data is to be processed in a different manner than what is stated in the policy, GPX Medical AB (publ) will inform about this appropriately.
12. Contact GPX Medical AB (publ)
For questions about the policy or requests regarding personal data, please contact GPX Medical AB (publ) contact person by using our contact information below.
Name: Hanna Sjöström, CEO GPX Medical AB (publ)
Email address: email@example.com