Processing of personal data
We at KärnIT AB (CoreIT) care about your privacy and you should always be able to feel secure when entrusting your personal data to us. The purpose of this policy, based on current data protection legislation, is to make you aware of how we process your personal data. What we use it for, who may view it and under what conditions, and how you can safeguard your rights. It also give instructions for what rights you have when providing us with your personal data and how you can claim these rights.
What is personal data and what is processing personal data?
Personal data is any information that can identify you as a physical individual. It can be a name, mail address, national Id number but it can also be pictures and user names in social media.
Processing personal data can be any type of handling as collecting, registration, reading, storing, transferring or even deleting data in systems. Processes outside IT-systems can also be considered as personal data handling, for an example personal data stored in register.
CoreIT is a data controller, which means that we are responsible for the processing of your personal data and for ensuring your rights. All our processing of personal data is in accordance with applicable data protection laws.
what personal data do we process?
We only process personal data where there is a legal basis for this or with an agreement from you. We do not process personal data unless this is necessary for the fulfilment of our services or the obligations in accordance with agreements and the law. Examples of personal data we process:
- Name and national Id number or other type of identification number.
- Contact information, as address, phone number, e-mail address etc.
- Company affiliation.
- Bank account information
When participating in different events or conferences personal data is also processed and information that is more sensitive as allergies or dietary habits can be necessary to register. Information that you give without being requested to and which you provide voluntarily we will process only on the basis that we do not handle more personal data than what is necessary for the purpose, and we always endeavour to use the least sensitive information when sharing the information within CoreIT.
how do we gain access to your personal data?
CoreIT will collect personal data from you when you use our functions, order our services or products, contact us for support, participate in events or sign up for newsletters. In addition, when the company you work for is purchasing our services, your personal data can be collected as an employee. We may also collect certain personal data from external sources, such as financial information on credit reports and address updates.
how and why do we process your personal data?
CoreIT will use your collected personal data in order to provide services and products. We will also process your personal data when you request our support and to fulfil the contract with you or your company. Where possible, we try to obtain your consent before we are starting to process your personal data.
Depending on type of product, service or web page you use we will process your personal data with following purpose:
- Customer service and support
In order to give you as a customer a quick and specific support we need to register and administrate your personal data in our support tools. We will also use this information in contracts, time management and invoices in current assignments.
- Usage of web pages and services
When you use and register personal data in our websites, the information is collected and stored in our systems. When browsing in our websites, we can automatically retrieve information about your visits, your usage of them and about your computer in order to enhance your experience of our services to you. We sometimes link to other third party pages on our websites that have their own privacy rules and we do not take any responsibility for data processes in these pages.
- Delivery of products/services
When you purchase services or products from our web shop we need information about you in order to identify you and to send a confirmation, to deliver the service or product and to invoice you in secure way.
We want to inform you about what we or our partners offer, what’s going on with us or to invite you to our events. This kind of marketing is sent via newsletters to your e-mail. You can unsubscribe from our newsletter at any time by clicking “Unsubscribe” in the footer visible in all newsletters.
We sometimes conduct surveys to find out what you think about us, this is mainly done via e-mail. You can choose to unsubscribe from our mailing list at any time by clicking “Unsubscribe me” in the footer that appears in all surveys.
If you e-mail us or send information to us in another way, that information will be collected and stored. We always move important or sensitive data to other systems and clear our e-mail archive regularly.
For how long DO WE KEEP YOUR PERSONAL DATA?
We retain your information as long as it is required to meet the above purposes or as long as we are required by law to do so. We have developed clear out routines to ensure that personal data is not kept longer than needed for the specific purpose. The storage time may be different depending on the purpose of the service and for how long the information is necessary for the purpose. After that, we will safely delete or anonymise your information so that it will no longer be possible to link them to you. An example is information about special diets. This data will be deleted as soon as the event or seminar is completed. Certain data, however, require a legal obligation, such as accounting records. This require that we retain the data in a minimum of seven years.
who get access to your personal data?
We never forward, sell or exchange your personal data for third party marketing purposes outside CoreIT.
In the case when you, as an employee or contact in a company placed in a third-country, share personal data to CoreIT, this data may be processed outside the EU/EEA. But this will only be done by agreement with you and in accordance with customer agreement. When processing personal data outside the EU / EEA, the level of protection is guaranteed by a decision of the EU Commission that the country concerned ensures an adequate level of protection or by using appropriate safeguards. Examples of protection may be “Privacy Shield” which includes the use of “Binding Company Rules” and different contractual solutions. Standardized model clauses for data transfer, as adopted by the EU Commission, are available on the EU website.
how do we protect your personal data?
CoreIT have procedures and methods of working to ensure that your personal data are processed in a secure way. The basic condition is that only employees and other persons within the organisation who need the personal data to carry out their work duties have access to them.
For sensitive personal data, we have established authorisation checks, which means there is a higher level of protection for this type data.
Our security systems are developed with your privacy in mind, and provide a high degree of protection against intrusion, destruction and other modifications that may pose a risk to your privacy. To protect your data from loss, manipulation and unauthorized access, we perform the necessary technical and organizational actions. We also continually adjust our security processes in accordance to developments and progress in the technical field.
We have policies for IT security in order to ensure that your personal data is processed securely. We do not transfer or process your personal data in other ways than as explicitly stated in this policy.
Under applicable law, you are entitled to request information about the personal data we keep about you at any time. If your information is incorrect, incomplete or irrelevant, you may want to have it corrected or deleted. However, in some cases, we may not delete any of your data if there is a statutory requirement for storage, such as accounting rules, or when there are other legitimate reasons why the personal data must be saved, such as unpaid debts. You also have the right to limit the amount of personal data we process and to require transfer of your personal data. A prerequisite for data transfer is that it is technically possible and can be automated.
You may revoke your approval at any time to let us use your personal data for marketing purposes. In case of questions or complaint about CoreIT’s handling of personal data, registry extracts, rectification, restriction of information or objection for marketing purposes, please contact CoreIT’s by sending a letter to CoreIT Customer Service, Box 407, 891 28 Örnsköldsvik, Sweden or by email, firstname.lastname@example.org.
data protection authority
Datainspektionen is the Swedish Data Protection Authority and if you are not satisfied with the way we treat your personal information you have the right to contact them and make a complaint. For contact information see www.datainspektionen.se.
A cookie is a small text-based data file that a web server may request to save on the hard drive of a visitor to the website. The cookie helps to recognise what kind of content and which pages have been visited on our website. Information stored using cookies may handle how a website user utilises the website, what type of browser the web user uses and which web pages the user has visited. The cookie allows CoreIT to enhance your visit to the CoreIT website.
CoreIT websites may contain links to other sites that we do not control. We are not responsible for the privacy processes or content of these sites, but we provide these links to make it easier for our visitors to find more information about specific topics.
If you have any questions or complaints you are always welcome to contact us at;
KärnIT AB (CoreIT)
891 28 Örnsköldsvik
Phone: +46 (0)660 729 00