Privacy policy
Version 1.1, updated 08 Mar 2024
1 INTRODUCTION
1.1
Your privacy and digital security are important for us at Extellio International AB (formerly E-Space Communication AB), registration no. 556555–1321, registered address Djäknegatan 9, 211 35 Malmö, (”Extellio”). You must always feel secure when you provide personal data to Extellio. Extellio is a controller regarding the processing of your personal data, and you can contact us at any time whatsoever to ask questions about our processing. You will find our contact details below, see section 12.
1.2
With this privacy policy (the ”Privacy Policy”) we wish to inform you about which personal data Extellio compiles and processes about you, how it is processed and for what purpose, applicable legal basis on which the processing is based, and your rights relating to the processing. Presented below is a description of the measures taken to protect your personal data and how you can contact us if you have any questions about our processing of your personal data.
1.3
Personal data comprises all information which directly or indirectly can be linked to a currently living natural person – for example name, email address and telephone number.
1.4
Extellio will always comply with applicable laws about how your personal data may be processed, including the General Data Protection Regulation (EU) 2016/679 (abbreviated title – hereinafter ”GDPR”), the Data Protection Act and other applicable law.
1.5
The Privacy Policy provides below a description of how we process personal data with respect to different categories of persons. We have chosen to make a rough division by describing the personal data that is processed by us when we provide our services to our customers, and to describe the personal data which we largely process on a regular basis in our business.
Personal data processing as a consequence of services provided by us
(i) When we provide our services, participants (ʺRespondents”) in our customer surveys (”Surveys”) are able to provide personal data in free text answers (ʺFree text Answers”) (see particularly section 0);
(ii) In certain Extellio services, there is a possibility for the Respondents to assist our customers with feedback on certain issues whereby the Respondent’s contact data is processed (ʺContact Issues”; see particularly section 2.2; and
(iii) In certain Extellio services, there is the possibility for the Respondents to participate in several future surveys that are specific for precisely a particular customer (”Customer Panel”; see particularly section 2.3.
Personal data processing in our ongoing business
(iv) Individuals who notify their interest in working together with us, individuals with whom we come into contact at personal meetings and with whom we consider commencing cooperation, individuals regarding whom we have obtained information from a third party such as through recommendation from a third party, etc. (”Candidates”) (see particularly section 2.4);
(v) reference individuals provided to us by Candidates in connection with the start of employment (”Reference Individuals”) (see particularly section 2.5;
(vi) contact persons and representatives of customers, suppliers, cooperation partners, prospectives, etc. (see particularly section 2.6);
(vii) other employees of customers, suppliers and cooperation partners whose personal data we will process within the scope of our services (see particularly section 2.7);
(viii) individuals who submit interest forms, emails and enquiries to Extellio (see particularly section 2.8); and
(ix) participants in market and customer surveys concerning Extellio and individuals who register on our website or otherwise show interest in marketing measures, such as receipt of newsletters and information regarding possible seminars and events arranged by Extellio (see particularly section 2.9).
2 WHAT PERSONAL DATA DO WE COMPILE ABOUT YOU, AND WHY?
Kindly note that other conditions generally apply in the event we are a processor for the customer with whom you carry out a survey investigation (see particularly thereon below, section 2.7).
2.1 Free text answer
Personal data that is processed
Extellio may come to process personal data as a consequence of the information that the Respondents provide in their free text answers in the Surveys, despite being requested not to do so.
Purpose
As a rule, Extellio does not have any purpose in processing personal data that appears in free text answers.
Legal basis
The data appearing in Free text Answers and which is classified as personal data is processed by Extellio based on the consent you provided when you chose to state personal data in the free text answer that you subsequently sent to us.
Processing
Processing carried out with respect to your personal data includes storage in our business system; in addition, we take anonymized measures so that the free text answers no longer contains personal data.
2.2 Contact questions
Personal data that is processed
In certain Surveys, the Respondents are given the possibility to request to be contacted by the customer that uses Extellio services in order to obtain additional information or help. This takes place through the Respondent actively providing contact details which are thereafter stored by Extellio and also disclosed to the relevant customer.
Purpose
Extellio processes your contact data in order to allow both the relevant customer and possibly Extellio to have the possibility to communicate with you on the questions that become relevant within the scope of the Survey in question.
Legal basis
Your contact details will be processed by Extellio based on the consent you provided when, in a Survey, you state that you wish to participate in relevant Contact Issues.
Processing
Processing carried out with respect to your personal data includes storage of your contact details in our business system and disclosure thereof to the customer with whom you have consented to correspond on the relevant issues.
2.3 Customer Panel
Personal data that is processed
In certain Surveys, the respondents are given the possibility to register with a panel which may receive additional Surveys regarding a relevant customer. This takes place through the Respondent actively providing contact details which are thereafter stored by Extellio but are not disclosed to the relevant customer.
Purpose
By the Respondent providing contact details, he/she can be registered and participate in the relevant Customer Panel.
Legal basis
Your contact details are processed by Extellio based on the consent you provided when stating, in a Survey, that you wish to participate in the relevant Customer Panel.
Processing
Processing carried out with respect to your personal data includes storage of your contact details in our business system.
2.4 Candidates
Personal data that is processed
We compile and process such information about you as you have personally provided to Extellio and such information as we are able to obtain from public authorities or other parties in the form of recommendations and references. Such information includes among other things:
-
- name, age, address, email address and telephone number;
- messages you have provided to us by email, website, social media or otherwise;
- information provided in CV and personal letters, professional role and skills areas;
- notations from interviews and information from references; and
- information from public authorities and registers.
Purpose
The purpose of the processing of the personal data stated above includes, among other things, contacting and maintaining contact with you, carrying out interviews and assessing your suitability for a relevant service and whether conditions for employment are satisfied.
Legal basis
The personal data stated above will be processed by Extellio based either on the consent you provided when submitting an application to us (in such cases, more information is available in the consent document), or Extellio’s legitimate interest in being able to maintain and develop the relationship with you and to assess your suitability for the service or cooperation in question.
Processing
Processing carried out with respect to your personal data includes, among other things, storage in our business system and other online storage space, communication with you, compilation of information from relevant public authorities and registers, and compilation of references from stated Reference Individuals.
2.5 Reference Individuals
Personal data that is processed
The information that is compiled and processed about you comprises such information as Candidates provide about you when they are in an employment process with us and such information as you provide to us in our contact with you. Such information includes, among other things, name, workplace address, email address, telephone number and professional title.
Purpose
The purpose of the processing of the personal data stated above is to obtain references and assess Candidates’ suitability for a relevant service.
Legal basis
The personal data stated above will be processed by Extellio based on our legitimate interest in being able to obtain references as part of our thorough and well-based recruitments.
Processing
Processing carried out of your personal data includes among other things, storage in online storage and communication in connection with taking references.
2.6 Contact persons and representatives of customers, suppliers, cooperation partners, prospectives, etc.
Personal data that is processed
The information that is compiled and processed about you includes such information as you personally provide to Extellio and such information as Extellio receives from your employer or through recommendation from a third party. Such information includes, among other things, name, email address, telephone number, personal ID number and ID documents in those cases where secure identification is required, an employer, where appropriate, possesses, as well as notices that you have provided to us via the website, email, social media or otherwise.
Purpose
The purpose of the processing of the above personal data includes, among other things, to administer the agreement that may be in place between Extellio and your employer, to establish and maintain contacts with you and your employer, to contact you regarding questions that arise as a result of any agreement between us and your employer, and to state you as invoice recipient on invoices and in our invoicing system.
Legal basis
The personal data stated above will be processed by Extellio based on our legitimate interest in establishing and maintaining communication, developing business relationships and, in a purposeful manner, entering into and performing any agreement between us and your employer.
Processing
Processing carried out of your personal data includes, among other things, storage in our business system and other online storage space, communication with you and invoicing.
2.7 Other employees of customers and persons related to customers
When Extellio performs its services for its customers, Extellio normally acts as processor. In our role as processor, within the scope of our services we may process personal data regarding a customer’s employees and personal data regarding persons who are related to a customer’s business. The processing is carried out on behalf of our customers and in accordance with an applicable processor agreement and instructions in force from time to time. If you have any questions regarding such processing, we refer you to our customer who is controller in respect of the processing.
If we process your personal data in our capacity as processor and you are unfamiliar with the identity of the controller, you may contact us using the contact details in section 12; we will pass on your questions to the controller in respect of your personal data.
2.8 Personal data in interest forms, emails and enquiries
Personal data that is processed
The information that is compiled and processed when you complete and send in information via Extellio’s interest forms on our website or contact us by email, comprises first name and surname, email address and other information which you personally choose to provide. We may also save the contact details you state in conjunction with a telephone call, in order to be able to get back to you regarding your enquiries.
Purpose
The purpose of the processing is to enable us to address a question you have submitted and follow-up the communication with you until the matter is closed.
Legal basis
The above personal data will be processed by Extellio based on our legitimate interest in establishing and maintaining communication as well as developing potential business relationships.
Processing
The processing operations conducted on your personal data include storage in our business systems and other online storage facilities, communication with you by post, email, and SMS.
2.9 Marketing
Personal data that is processed
The information that is compiled and processed about you includes such information as you personally provide to Extellio and such information as we obtain from our customers. Such information includes, among other things, address, email address, telephone number, where appropriate allergies and food preferences, photos, statements and results from marketing and customer surveys, etc.
Purpose
The purpose of the processing of the personal data stated above includes, among other things, sending you newsletters and invitations to seminars, events, etc. by email or text message, publishing photos from seminars, events, etc. on our website and our social media, carrying out marketing surveys and customer surveys, etc.
Legal basis
The above personal data will be processed by Extellio based either on our legitimate interest in taking marketing measures so that you can receive relevant news, keeping you updated as to what is happening in or around the business, etc. or on condition that, via our website or otherwise, you have granted Extellio your consent to the processing. You are entitled at any time to withdraw your consent and each mail out sent by us for marketing purposes includes a possibility to deregister (opt out).
Processing
Processing of your personal data which is carried out includes, among other things, storage in our business system and other online storage space, distribution by post, email and text message, publication on our website and social media, summaries of market surveys and customer surveys, etc.
3 COOKIES
We use cookies through both our website and our Surveys. A cookie is a text file that is sent from our web server and is saved on your browser or unit. You personally have the possibility change the settings on your browser for the use and scope of cookies. In certain cases, cookies can be characterised as personal data.
Personal data that is processed
When you use our website, we compile and process among other things technical data concerning units that are used when visiting our website (for example, IP address) and statistics about how you have interacted with us, i.e. how you used our website.
Purpose
The purpose of the processing of the above personal data includes assessing the use of, and improving, your website visit, our services and our website, and to save functional settings.
Legal basis
The above personal data will be processed by Extellio based on our legitimate interest in being able to assess the use of, and improving, our services and website.
Read more about our use of cookies in our cookie policy.
4 PROCESSING OF PERSONAL ID NUMBER
Insofar as we process a personal ID number without your consent, this will only take place when clearly justified in light of the purpose, the importance of secure identification or some other appreciable reason.
5 FURTHER PROCESSING AND COMPILATION OF CONSENT
5.1 Updating information and obtaining possible consent
In the event that Extellio needs to process personal data for any purpose other than those stated above, Extellio will inform you of this by updating this Privacy Policy in accordance with section 11 below.
If, for example, Extellio would process the Personal Data for any purpose that under applicable law requires your consent, Extellio will also obtain your consent before such processing begins. Consent to such processing is entirely voluntary and you always have the possibility to withdraw your consent at any time. More information about the consent and your rights in this regard is provided in the relevant consent document.
5.2 Extellio deletes redundant or unwanted personal data
We work actively to ensure that the use of our services does not involve the processing of more personal data than necessary. Our basic approach is therefore that any collection of personal data should be proportionate and justified by the purposes for which the data is collected.
Where we are the data controller, we therefore reserve the right to regularly delete or anonymize personal data that we consider to be redundant, in breach of our general terms and conditions, or incompatible with applicable law or regulations.
6 WHO MAY RECEIVE YOUR PERSONAL DATA?
6.1
Unless otherwise stated (for example, in Surveys) Extellio may share your personal data with third parties, among others:
(i) with our customers who use the services that we provide;
(ii) with our service providers in matters primarily concerning IT operational services such as support, maintenance and development, and data storage;
(iii) with companies that offer storage services, email services, accounting services, marketing services, etc.;
(iv) with accountants, lawyers and other external professional advisers to Extellio, who are subject to binding confidentiality provisions or a legal duty of confidentiality;
(v) with providers of IT security when such is necessary according to law in order to protect you or our customers and cooperation partners or to protect our services;
(vi) for example, to comply with a court order/public authority order or other legal obligations; and
(vii) to protect rights, property or to enhance security for Extellio and its group companies or otherwise.
6.2
Several of the third parties with whom we share personal data in accordance with the provisions above constitute processors in relation to us. They may only process the transferred data on our behalf and in accordance with our express instructions. We only transfer your personal data to such processors for purposes that are compatible with the purposes for which we have compiled data and we ensure, through written agreements with the processors, that they undertake to comply with our security requirements and limitations as well as requirements regarding international transfer of personal data.
6.3
In certain situations, however, public authorities and some of the companies to which we transfer personal data in accordance with the provisions above may be independent controllers in respect of the transferred personal data. When your personal data is transferred to any party that is an independent controller, we do not control how the data is subsequently processed; instead, in such case the responsibility rests with the public authority or the company to whom the transfer has taken place, including that the public authority or the company is obliged to inform you about its processing of your personal data and to ensure that the processing is lawful.
6.4
Extellio will always endeavour to limit access to personal data that has been disclosed in accordance with the provisions above and to share information only where there is a legal basis for sharing and which is required so that the recipients can perform their work or provide their services. Extellio will also require that the recipients be able to show that they (i) will protect your personal data in accordance with this Privacy Policy and applicable law, and (ii) do not use or disclose your personal data for any purpose other than the purpose for which it was disclosed.
7 HOW LONG DO WE KEEP YOUR DATA?
Your personal data will be processed and stored by Extellio during the period required to perform the purposes of the processing specified above. Thereafter, your personal data will be deleted. When determining the period during which your personal data will be stored, Extellio takes into account specifically the requirements regarding storage times set forth in statutes, limitations periods, public authority recommendations and industry practice.
8 IS YOUR PERSONAL DATA PROCESSED OUTSIDE THE EU/EEA?
8.1
When Extellio provides its services and processes personal data within the scope of the above categories 2.1–2.3 (i.e. Free text Answers, Contact Issues and Customer Panel), all processing takes place within the EU/EEA.8.2
Extellio preferably also processes your other personal data within the EU/EEA. On the other hand, as a consequence of your relationship with Extellio, primarily based on where your business is located or where you are physically located, your personal data may be transferred to outside the EU/EEA.8.3
A common feature of all transfers outside the EU/EEA is that Extellio does not transfer your personal data to an external party without, prior to the transfer, having entered into an agreement, ensured that the country is approved by the EU Commission, or other appropriate security measures. For example, by our entering into applicable standard agreement clauses issued by the EU Commission. If you wish to know more about what applies upon transfer of personal data to a country outside the EU or EEA, you can read more here.8.4
In case of transfer to the US, we generally check that the organization in question is certified under the EU-U.S. Data Privacy Framework, which ensures a level of protection equivalent to that provided by the GDPR.
8.5
In the event that your personal data is shared with data processors of Extellio who, either themselves or through their sub-processors, are established or store the information outside the EU/EEA, Extellio will take all reasonable legal, organizational and technical measures necessary to ensure that the level of protection of that processing is equivalent to that within the EU/EEA. Preferably, we ensure that we have entered applicable standard contractual clauses, issued by the European Commission, with the relevant parties.
8.6
You can find the standard contractual clauses that we preferably conclude with controllers or our processors here.
9 WHAT ARE YOUR RIGHTS?
It is our responsibility to process only personal data that is correct, relevant and necessary in light of our purposes, and you are entitled to verify that such occurs. Extellio is responsible for ensuring that your personal data is processed in accordance with applicable legislation.
Extellio will, at your request or on its own initiative, rectify, anonymize, delete or supplement information which is discovered to be incorrect, incomplete or misleading.
As an individual, you have a number of rights under applicable law. You are entitled to:
(i) Obtain access to your personal data.-
- At your request, we will as quickly as possible, and not later than within 30 days from having received your notice requesting access to the data, disclose information regarding the personal data we process about you.
- You also entitled to obtain a copy of the personal data that is processed.
- You are entitled, once per calendar year, through a written, signed application, to receive free of charge a register extract regarding the personal data that is registered about you, the purposes of the processing and recipients to whom the data has been or will be provided. You are also entitled, in the register extract, to obtain information about the source of the personal data that has not been compiled from you, the existence of automated decision-makers (including profiling) and the predetermined period during which the data will be stored, or the criteria used when determining such period.
(ii) Demand rectification of your personal data.
- Upon request, we will as quickly as possible and not later than within 30 days from having received your notice about rectification, rectify the incorrect or incomplete data that we process about you.
(iii) Demand deletion of your personal data.
- Upon request, we will as quickly as possible and not later than within 30 days from having received your notice about deletion, remove your personal data if it is no longer needed for the purpose for which it was compiled.
- There may be reasons that make it impossible for us to delete your personal data immediately. In such case, we will terminate the processing carried out for other purposes and inform you of the legal basis and relevant purpose for continued processing.
(iv) Demand limitation of processing.
- You are entitled to have your personal data marked so that it may only be processed for certain defined purposes. Among other things, you may request limitation when you believe that your personal data is incorrect and you have requested rectification in accordance with the provisions above. During the period in which the accuracy of the data is investigated, the processing thereof will be limited.
- Extellio will notify you if the investigation has concluded that the processing is to be limited. We will ensure that necessary rectification or deletion of data, as well as limitations of processing of data, are also carried out by the companies to whom Extellio has disclosed your personal data (see section 6 above).
(v) Demand data portability.
- You are entitled, under certain conditions, to obtain and transfer your personal data in a structured, generally used and mechanically readable format to another controller. Contact us if you wish to know more; see section 12.
(vi) Objection to processing of personal data which is carried out based on a balancing of interests.
- You may object to processing taking place which is based on a balancing of interests. If you object to such processing, we will only continue the processing if there is a legitimate interest for the processing which outweighs your interests. If such is the case, we will inform you of the reasons.
(vii) Demand that we cease processing your personal data for direct marketing.
- You are always entitled to object to direct marketing by sending an email to the data protection officer. Once we have received your objection, we will cease the processing of personal data for such marketing purposes.
- You have the right to complain about our processing of your personal data to the Swedish Authority for Privacy Protection’s (IMY), if you believe that we are in breach of the Privacy Policy, do not respect your rights or otherwise act in violation of applicable law.
If you wish to exercise any of your rights above, please contact us. You can find our contact details below, see section 12.
10 SECURITY
You must always be able to feel secure when you disclose your personal data to us. Accordingly, Extellio has introduced the security measures that are needed to protect your personal data against unauthorised access, changes or deletion. For example, all information about you is saved in a database which is protected through authorisation control and firewalls.
It is important for us that our customers are protected. Although we take precautionary measures for data protection, no security measures are fully secure and therefore we are unable to guarantee 100% security of your personal data.
If we were to lose control of your personal data of a privacy nature, for example personal ID number, we will notify you immediately and not later than 72 hours after discovering the incident.
11 CHANGES TO PRIVACY POLICY
We will sometimes make changes to the Privacy Policy. If we make important changes to the Privacy Policy, we will send you a clear notice based on what is appropriate in light of the circumstances, for example by sending you an email or text message, or through a pop-up with information before you can access Extellio’s website or Online services. In certain cases, we will notify you in advance, and your continued use of the website after the changes have taken place will constitute your approval of the changes. Therefore, we kindly request that you read all such notices carefully.
If you do not wish to continue to use the website or do not want us to continue to process your personal data in the register of interested parties in accordance with the new version of the Privacy Policy, you can notify us so that we will delete our personal data within 30 days of your notice. Note, however, that we are unable to delete your data if there are legal reasons for continued processing. If such is the case, we will notify you of the reasons for continued processing.
12 CONTACT DETAILS
Thank you for reading our Privacy Policy. You are welcome to contact us if you have any questions!
Personal data controller
Extellio International AB, 556555–1321
Postal address
Djäknegatan 9
211 35 Malmö
Sweden
Telephone
+46 (0)40 44 10 10
persondata@extellio.se