This privacy policy is designed to explain how we at Elsyspas collect and use your personal information, as well as to clarify your rights and how you can exercise them. We encourage you to read through the policy carefully and contact us if you have any questions or concerns.
We strive to ensure that our processing of your personal data is correct and in line with your expectations. To maintain a high level of security in the handling of your personal data, we have implemented appropriate technical and organizational measures. These measures are aimed at protecting your personal data against unauthorized access, use, alteration or deletion.
Your privacy and security are of the utmost importance to us, and we constantly strive to improve our processes and procedures to ensure that your information is handled in a secure and responsible manner. Do not hesitate to contact us if you have any questions or comments.
Personal data is all kinds of information that directly or indirectly can be attributed to a natural living person. Examples of this are name, personal identity number, address, image, email and IP address. Even data that only indirectly can be linked to a person can be personal data if the information in combination with other data can be connected to you. Data processed in a computer can be personal data even if no names are mentioned.
Processing of personal data is everything that happens with personal data, regardless of whether the processing is automated or not. Examples are collection, registration, organization, structuring, storage, processing, transfer and erasure.
Data controller is the organization that decides the purposes and means of a personal data processing. The data controller is responsible for ensuring that the processing takes place in accordance with applicable law.
Purpose: To manage and fulfill purchase orders.
Processing performed
Categories of personal data
Legal basis: Performance of the purchase agreement. In order for us to fulfill our obligations to you as a customer arising from our agreement with you, the above processing is necessary.
Storage period: For as long as necessary to fulfill the purchase agreement and thereafter for up to 36 months due to our legitimate interest in being able to handle any complaints or warranty issues.
Purpose: To handle customer service matters and complaints.
Processing performed
Categories of personal data
Legal basis:
During warranty period: Fulfill agreement. The processing is necessary to provide customer service during the warranty period
During complaint period: Legal obligation. Processing is necessary to handle any complaints to satisfy our legitimate interest in handling customer service matters.
Storage period: Until the customer service matter has been closed
Purpose: To be able to conduct and manage participation in competitions and/or events.
Processing performed
Categories of personal data
Legal basis: Consent. The processing is based on your consent.
Storage period: Until the competition/event has ended, and in the case of prizes, until the prize has been distributed.
Purpose: To be able to send marketing by email (newsletter).
Processing performed
Categories of personal data
Legal basis: Consent. The processing is based on your consent.
Storage period: Until you unsubscribe from the newsletter or withdraw your consent.
Purpose: To fulfill legal obligations.
Processing performed
Categories of personal data
Legal basis: Legal obligation. The processing is necessary to comply with legal obligations.
Storage period: In accordance with applicable accounting legislation, currently 7 years after the fiscal year ends.
We share your personal data with certain companies in order to fulfill the purposes listed above. These companies are called data processors and may only process your personal data in accordance with our instructions and may not use your data for their own purposes. They are also required to comply with the same security requirements as us and may not transfer your data to a third country unless there are adequate safeguards for an international transfer of personal data.
Companies that are independently data controllers. Your personal data is shared with certain companies that are independently data controllers for the processing they perform. This means that it is not us who control how the information provided to the company is to be processed and that company’s privacy policy and personal data management applies to this processing.
Independent data controllers with whom we share your personal data are:
Right of access (so-called register extract). You have the right to receive a copy of the personal data we process about you. To receive a register extract, you should contact us according to the information below. The register extract will be delivered within 30 days.
Right to erasure. You can request that we delete the data we have about you under certain circumstances. If it is not possible for us to delete your data, for example because we need to keep it to fulfill a legal obligation, we will explain why.
Right to correction. If any of the data we have about you is incorrect, you have the right to request that we correct the data.
Right to data portability. If we process your data based on your consent or in order to fulfill an agreement with you, you have the right to receive a copy of the data that concerns you in a machine-readable format. If technically possible, you also have the right to request that we transfer your data to another data controller.
Right to restriction of processing. You have the right to request that we restrict the processing of your data in certain circumstances. For example, if you have contested the accuracy of your data and we are checking whether the data is correct, you can request that the processing of your data be restricted during this time. If you have objected to us using a legitimate interest as a legal basis for processing, you can request restricted processing during the time we need to check whether our interests outweigh your interests in having the data deleted.
If processing has been restricted according to one of the above situations, we may only, in addition to the storage itself, process the data to establish, assert or defend legal claims, to protect someone else’s rights or if you have given your consent.
Right to object to certain types of processing. You always have the right to be free from direct marketing.
Legitimate interest: In cases where we use a legitimate interest as the legal basis for a purpose, you have the opportunity to object to the processing. In order to continue to process your personal data after such an objection, we need to be able to demonstrate a compelling legitimate reason for the current processing that outweighs your interests, rights and freedoms, or the processing is used for the establishment, exercise or defense of legal claims.
To exercise your rights, you contact us according to the information below. We will respond to your request within 30 days. If there are special circumstances that mean we need more time, we will let you know within the 30-day period.
We may need to request additional information from you to verify your identity before fulfilling your request. If we cannot fulfill your request, we will explain why.
If you feel that our processing of your personal data is not done correctly, we would like you to contact us first. You also have the right to submit a complaint to the Swedish Authority for Privacy Protection (IMY), which is the supervisory authority for personal data processing in Sweden. You can find more information about this at imy.se.
For questions about our processing of personal data or to exercise your rights, please contact us:
Elsyspas AB
Email: info@elsyspas.com
We may update this privacy policy from time to time. When we make significant changes, we will notify you (for example via the website or, if you are a customer, via email provided in good time before the updates take effect). When we make information about updates available, we will also explain the meaning of the updates and how they may affect you.
