Retriever's privacy policy

Drafted 14 May 2018

 

1. BACKGROUND 

 

1.1 When Retriever (“we/us”) conduct our business operations, we process information regarding contact persons at customers and suppliers, as well as people who visit our website (“you”). This type of information constitutes personal data and we are careful to take technical and organizational measures to protect your personal data and your privacy. 

 

1.2 Through this privacy policy, we would like to inform you about the principles applied in the processing of personal data by the Retriever Group, to explain which categories of personal data are processed, the purposes of the processing, the legal basis for the processing, where and to whom the personal data may be disclosed, and our obligations and your rights in conjunction with the processing of your personal data. 

 

1.3 The manner in which personal data may be processed is regulated by law. The General Data Protection Regulation (“GDPR”) applies as the law of all EU member states commencing on 25 May 2018 and replaces at that time national rules such as, for example, the Personal Data Act in Sweden. 

 

1.4 The GDPR is intended to protect the privacy of people in conjunction with the processing of personal data and therefore contains a number of principles and detailed provisions which must be taken into consideration by any party processing personal data. An important part of the privacy protection is that any person whose personal data is processed is entitled to obtain information regarding the processing. 

 

 

2. IMPORTANT CONCEPTS 

 

2.1 Personal data is any information relating to an identified or identifiable natural person, for example name, address, telephone number, email address, personal ID number, photograph, IP address, bank account number, geographical location data, and information regarding health. 

 

2.2 Processing of personal data includes any measure taken regarding the personal data, whether or not by automated means (i.e. with the aid of IT technical resources), for example collection, recording, processing, organization, structuring, reading, use, and storage. 

 

2.3 The controller of personal data is the party who, alone or jointly with others, determines the purposes and means of the processing of personal data and who is ultimately responsible for ensuring that the processing takes place in accordance with applicable personal data legislation. 

 

2.4 The data subject is an identified or identifiable natural person. 

 

3. PRINCIPLES FOR PROCESSING PERSONAL DATA 

 

3.1 The GDPR establishes fundamental principles for all processing of personal data. We process personal data in light of the principles governing personal data processing. 

 

3.2 The principles are set forth in Article 5 of the GDPR which prescribes that the following applies to the processing of personal data:

 

a) the data must be processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency). 

b) the data must be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (purposes limitation); 
c) the data must be adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed (data minimization); 
d) the data must be accurate and, where necessary, kept up to date. Every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (accuracy); 
e) the data may not be stored in a form which permits identification of data subjects for longer than is necessary for the purposes for which the personal data are processed (storage limitation). 
f) the data must be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (integrity and confidentiality); 
g) the party processing the data shall be responsible for, and be able to demonstrate compliance with, the principles through clear information and documentation (accountability) 

 

 

4. WHO IS RESPONSIBLE FOR THE PERSONAL DATA WE COLLECT? 

 

The Retriever company that you are in contact with, or whose website you visit, is the controller for our processing of your personal data and can be contacted through our data protection officer at the email address dpo@retriever.se. 

 

5. WHICH PERSONAL DATA DO WE COLLECT ABOUT YOU AS A CONTACT PERSON AT A CUSTOMER OR SUPPLIER, AND FOR WHICH PURPOSES? 

privacy-policy-5

privacy-policy-5b

 

 

6. WHICH PERSONAL DATA DO WE COLLECT ABOUT YOU AS A VISITOR TO OUR WEBSITE, AND FOR WHICH PURPOSES? 

privacy-policy-6

 

 

7. FROM WHICH SOURCES DO WE COLLECT YOUR PERSONAL DATA? 

 

We process personal data which is provided by customers and suppliers. 

 

In addition, we may also collect contact information regarding employees of customers and suppliers from public filing systems in order to offer or order services. 

 

Data which is stored regarding visitors to our website is data which the visitor to the website provides via their electronic tools, for example computer or smartphone. 

 

 

8. WHO HAS ACCESS TO THE PERSONAL DATA AND WHERE CAN THE PERSONAL DATA BE TRANSFERRED TO? 

 

8.1 Personal data may be released for the above-stated purposes to companies within the Retriever Group as well as other companies with which we cooperate (for example customers, suppliers and other cooperating partners in order, for example, to offer services or for informational purposes). 

 

8.2 We may transfer the personal data to countries outside of the EU/EEA (third country). This may take place, for example, through personal data being stored on servers located in a third country, or where we retain the services of IT suppliers which provide support and maintenance of IT systems from third countries. In those cases in which we transfer personal data to a third country, we will enter into an agreement and take other measures to protect the personal data in accordance with applicable legal requirements. We will continuously provide clear, written information in the event transfers to a third country become relevant. 

 

 

9. HOW LONG DO WE SAVE YOUR PERSONAL DATA? 

 

We never save your personal data longer than is necessary for each purpose. Please see more regarding the specific storage period under each respective purpose in sections 5 and 6 above. 

 

 

10. WHAT ARE YOUR RIGHTS AS A DATA SUBJECT? 

 

You have the right to request access to personal data by requesting what is referred to as an extract from a filing system, and to request correction, erasure, or restriction of the processing, and you are entitled to object to the processing. In addition, in certain cases, you also have the right to receive your personal data in a machine-readable format and to transfer this data to another controller. 

 

 

11. HOW IS YOUR PERSONAL DATA PROTECTED? 

 

We use IT systems to protect confidentiality, privacy, and access to personal data. We have implemented specific safeguards to protect your personal data against unlawful or unauthorized processing (such as unlawful access, loss, destruction or damage). Only those persons who actually need to process your personal data for us to be able to fulfil our stated purposes have access to it. 

 

 

12. WHAT CAN YOU DO IF YOU WANT TO FILE A COMPLAINT? 

 

12.1 Should you have any questions for us regarding the processing of personal data or believe that our processing of your personal data is being carried out in contravention of the GDPR, you are asked to firstly contact our data protection officer at the email address dpo@retriever.se, so that we will have an opportunity to address any errors. 

 

12.2 However, you always have the possibility of submitting complaints to the supervisory authority (the Ombudsman of the Finnish Data Protection Agency, the Data Protection Authority in Norway, the Data Protection Authority in Sweden, and the Data Protection Agency in Denmark) where you believe that we are processing your personal data in contravention of data protection legislation. 

 

 

13. DATA PROTECTION OFFICER 

 

We have appointed a data protection officer. The role of the data protection officer is to monitor compliance with applicable data protection legislation by, for example, performing checks and informational services. Our data protection officer can be reached at the email address dpo@retriever.se.