PRIVACY NOTICE

  1. INTRODUCTION

Your privacy is our concern, and regardless of whether we are processing personal data concerning you in your capacity as a corporate customer, supplier or private individual, we make every effort to safeguard your privacy by protecting your personal data. This Privacy Notice explains how we process your personal data.

We reserve the right to amend this Privacy Notice without prior notification. The latest version of our Privacy Notice is available at any time from our website: www.dhandel.se.

We will always be open about how we process your personal data, and you are welcome to contact us at any time if you have any queries about our data processing: info@dhandel.se

  1. WHO IS RESPONSIBLE FOR YOUR PERSONAL DATA?

Svensk Distanshandel AB (“Svensk Digital Handel”), Org. No. 556227-8365, is the official Data Processor responsible for the processing of your personal data.

  1. HOW DO WE PROCESS YOUR PERSONAL DATA?

Our processing of your personal data may vary depending on the nature of our contact with you. A comparison chart for our personal data processing is provided below.

3.1 YOUR MEMBERSHIP OF SVENSK DIGITAL HANDEL

Svensk Digital Handel is an interest organisation that helps companies to be safer, smarter and more profitable online. Through membership of Svensk Digital Handel, companies gain a stable base and extensive development opportunities. In support of that membership, from time to time, we may process personal data about the employees of our members.

Processing performed for the purpose of:

  • Administration of membership applications and registration.
  • Administration relating to billing and payments for our services.
  • Communication with members concerning questions relating to membership of Svensk Digital Handel.

Legal basis.
Our and your legitimate interest in being able to efficiently and accurately document and administer information required for fulfilment of our obligations in accordance with the terms and conditions of membership.

Retention time We store your personal data for as long as your company remains a member of Svensk Digital Handel.

3.2 MARKETING

We invite you to subscribe to our newsletter for information about our services and other interesting news. We may also register you for our e-mails and text messages if you have expressed an interest in our organisation by, for example, using our services, attending any of our seminars, have been in contact with us, or if we think our services will be of interest to you. In order to be able to send marketing materials to you, we need to process your personal data.

Please bear in mind that you have the right at any time to object to (decline to receive) our marketing. You can do so within our mailings via our unsubscribe link or by contacting us (our contact details are provided at the top of this Privacy Notice).

Data processing performed for the purpose of:

  • Direct marketing via e-mail, text message or other digital channels (e.g. social media).
  • Direct marketing from our business partners.
  • Producing marketing materials from our seminars/events, e.g. to process photographs, video or audio recordings.
  • Producing surveys and statistics of how our visitors use our services and interact with us, e.g. statistics on visitor traffic on our website or responses to our marketing mailings. For this processing and for this purpose, we use cookies. You can read more about how we use cookies in our

Legal basis.
Our legitimate interest in being able to market our business and our products and services.

Retention time Determined by whichever of these happens first: (1) you object to our marketing or (2) two years have elapsed since your last activity. Activity is taken to mean when your company made use of our services, attended any of our seminars, contacted us or otherwise expressed an interest in our services.

3.3 SEMINARS AND EVENTS

Svensk Digital Handel is proactive in convening Business Partners, buyers, decision-makers and others from both startup enterprises and large groups within the different branches of e-commerce. We do that through various events, workshops and meetings. when we host our D-Congress, the largest meeting place for e-commerce businesses in the Nordic region. We see knowledge exchange and partnering as key growth drivers, and we facilitate meetings between our members, TRYGG E-HANDEL certified traders and Business Partners. When we organise a seminar or event, we need to process personal data concerning attendees.

Processing performed for the purpose of

  • Registering and administering seminar/event attendees.
  • Communication with attendees concerning their queries before and during the seminar/event
  • Communication by e-mail and text message from selected exhibitors to notify booth space, speaker time or other event coordination details.
  • Photography, and video and audio recordings during a seminar or event.
  • Follow-up on a completed seminar or event to elicit ratings in the interest of improving future seminars or events.

Recipients of personal data

  • We may issue lists of attendees to external speakers or other companies such as exhibitors with whom we are co-hosting the seminar or event.

Legal basis.
Our and your legitimate interest in being able to administer, host, document and follow-up on a seminar or event. If you attend a seminar or event as a private person, we will process your personal data based on the agreement we have concluded with you.

Legal basis for special categories
During a seminar or event, we may offer meals or other catering. We may need information about any special dietary requirements in order to cater for our attendees’ needs.

Retention time Maximum 60 days post-completion of a seminar or event.

3.4 SUPPLIERS, SPEAKERS, ETC.

When we purchase services or products from our suppliers, we may process personal data about our suppliers’ contacts. We do so in order to maintain good business relations and in order to fulfil the terms and conditions of the supplier agreement in force. For a seminar or event, we may also hire external speakers, and we will then need to process their personal data also.

Processing performed for the purpose of

  • Communication with company contacts concerning orders and fulfilment of obligations in accordance with the agreement we have concluded with that company.
  • Other communication concerning our business relations.
  • Communication with external speakers in advance of a seminar or event, including follow-up and ratings post-completion.

Legal basis
Our legitimate interest in using personal data for maintaining sound business relations and fulfilling our obligations in relevant contractual agreements, e.g. in relation to external speakers.

Retention time The last-occurring of (1) the expiry of our agreement or the seminar’s/event’s completion or (2) the expiry of our right of complaint for default in performance pursuant to our contractual agreement (or law if applicable).

3.5 DEVELOP AND ENHANCE OUR ACTIVITIES

Our services to our members are core to our undertaking. To optimise those services, we may use personal data to generate statistics and the like in support of the aim of developing and enhancing our activities and our services to you as members.

Processing performed for the purpose of

  • Compiling reports and statistics for follow-up, administration, planning and rating of our activities.
  • Conducting member surveys.

Legal basis
Our legitimate interest in using personal data to develop, enhance and streamline our activities.

Retention time For this purpose, it is difficult for us to specify in advance how long your personal data will be retained for. Instead, we have routines in place for continuous verification that your personal data are still necessary for this purpose. Personal data that we have not used over a three- year period will be erased, as we no longer deem your personal data to be necessary by that point in time.

3.6 LEGAL OBLIGATIONS AND AUDIT DUTIES

We may need to process certain personal data in order to fulfil our legal obligations. This may pertain to the requirements of legislation governing accountancy, tax or money laundering or requirements to disclose information in the event of an audit.

Processing performed for the purpose of

  • Mandatory handling of compliance with our legal obligations pursuant to legislative requirements, a legal ruling or the decision of a competent authority (e.g. legislation governing accountancy, tax or processing necessitated by an audit).

Recipients of personal data
We may disclose your personal data to counterparts, an ombudsman, authority or court of law.

Legal basis
Statutory obligation. Retention time For such duration as is necessary for fulfilling our statutory obligation or in compliance with applicable legislation. For example, the national accountancy act requires us to retain certain information about an applicable transaction for 7 years.

3.7 SECURITY MEASURES AND FOR PREVENTING MISUSE OR DETERRING, PREVENTING AND INVESTIGATING CRIME

Our undertaking engages proactively in security to ensure that we are able to protect your personal data, and that we have the necessary information for preventing misuse or deterring, preventing and investigating criminal offences such as fraud or intrusion in our services.

Processing performed for the purpose of

  • Being able to prevent and investigate fraud or other violations of the law.
  • Preventing spamming, phishing, trolling or other actions prohibited by law or by the agreements concluded with our corporate customers.
  • Safeguarding and enhancing our IT environment to protect it against attacks and intrusion.

Legal basis
Our legitimate interest in maintaining systematic security, and to prevent misuses or to deter, prevent and investigate crimes.

Retention time For 36 months from when the data are collected. If we suspect that a service has been misused or discover that a crime has been committed, we will store the data for such a duration as is necessary for ascertaining, asserting or defending our (or a third party’s) legal claim. For further details, see Section 3.8 (Disputes).

3.8 DISPUTES

If, contrary to expectations, any dispute should arise regarding our services, we may need to process any personal data necessary for settling that dispute.

Processing performed for the purpose of

  • Settling a dispute, e.g. a legal claim relating to our contractual agreement.

Recipients of personal data
We may disclose your personal data to counterparts, an ombudsman, authority or court of law.

Legal basis
Our legitimate interest in being able to ascertain, assert or defend a legal claim or, as defendants, to defend a legal obligation in accordance with applicable legislation and thereby in disclosing your personal data, for example, as required by a court inquiry or order.

Retention time For 36 months from when the data are collected. If we suspect that a service has been misused or discover that a crime has been committed, we will store the data for such a duration as is necessary for ascertaining, asserting or defending our (or a third party’s) legal claim.

  1. FOR HOW LONG ARE PERSONAL DATA RETAINED?

Your personal data will be retained by us for such time as is strictly necessary for fulfilling the purpose of our processing. After that time, your data will be erased or de-identified by a secure method so that it can no longer be linked to you.

For specific retention periods, please see the above purposes of our data processing.

  1. HOW WE SHARE YOUR INFORMATION

In order to fulfil our purposes, we may retain the services of other entities to assist us in our data processing. These may comprise data protection officers and enterprises acting as independent personal data controllers. Please see also the specific recipients of personal data stated under item 3 above.

Personal data protection officers

Service providers

We may disclose your personal data to various providers of services such as analytical tools for our marketing, tools for rating our seminars or events, or IT consultancies responsible for our systems service and development. These undertakings will solely be permitted to process your personal data in accordance with our instructions and will not be permitted to use your data for their own purposes. In such cases, we will sign a data protection officer agreement to ensure this, and the agreement will likewise protect the confidentiality and integrity of your personal data.

Independent personal data controller

Prospective buyers and sellers

We may share information with potential buyers and sellers in the event that we divest all or part of our business undertaking or in the event of a merger. Our legal basis for this processing is our legitimate interest in being able to execute the divestment or merger, and we will retain your personal data only for such a duration as is needed in order to execute that divestment or merger.

  1. YOUR RIGHTS

When we process your personal data, you have certain rights. The following names and explains these rights, what they entail and how to exercise them. Please note that all of these rights concern personal data linked to you as an individual and not to the company you represent. An example: information about a company is not personal data and is thus not comprised by your rights.

Your right of access
We are committed to openness and transparency concerning how we process your data. If you wish to gain access to the personal data we hold on you, you have the right to request such access. Upon receiving a request for access, we may ask you for proof that we are disclosing the data to the right person.

Your right to rectification
Is your data with us not up-to-date, or are we processing inaccurate data concerning you? If so, you can request rectification of your personal data.

Your right to erasure and your right to restriction of processing
You have the right to request erasure (deletion) of your data or restriction of processing of that data, e.g. if you consider your personal data are being processed unlawfully.

Your right to object to our processing of your data (including your right to object to direct marketing)
You have the right to object to (decline) our processing (e.g. the processing based on our legitimate interest). Your personal data will not be processed for the purpose of direct marketing if you object to such processing. If you object to our direct marketing (decline to receive it), we will stop such mailings to you.

Your right to lodge a complaint with a supervisory authority If you are dissatisfied with the reply you receive from us after contacting us, or if you consider that we are processing your personal data improperly, you have the right to file a complaint with the Swedish Data Protection Authority/Privacy Protection Authority.

How do I exercise my rights?

If you wish to exercise any of your rights, please contact us at info@dhandel.se.