Uphead's privacy and personal data policy
We care about your privacy. You should feel safe when you entrust us with your personal data.
This is why we have drawn up this policy. It is based on current data protection legislation and clarifies how Upheads works to safeguard your rights and your privacy. We therefore wish that you take the time to read the following information.
The purpose of this policy is to let you know how we process your personal data, what we use it for, who can access it and under what conditions, and what your rights are and how you can exercise them.
Background
We process your personal data primarily to fulfill our obligations to you and to give you the best possible experience with our services. Our starting point is not to process more personal data than necessary for the purpose, and we always strive to use the least privacy-sensitive data.
We also need your personal data to provide you with good service, for example in terms of marketing, follow-up and information. We may also need your personal data to comply with laws and perform customer and market analysis. When you contact us through any of the communication channels we use, the contact information you provide is used to manage your case, manage the continued contact with you and to improve our service in case of recurring contact.
You have the right to object to our use of personal data for direct marketing purposes. When we collect personal data about you for the first time, you will receive more information about this and how you can object. If you visit our website, you consent to cookies for the processing of your data.
Guidelines
What personal data do we process?
We only process personal data when we have a legal basis. We do not process personal data other than when it is necessary to fulfill contractual and legal obligations. Here are examples of the personal data we process:
- Name
- Address
- E-mail address
- Telephone number
- Title
- User name
- Photographs
- Debit card numbers, credit card numbers and other bank-related data
- Data that you registered voluntarily and provide voluntarily
- Content that you publish yourself, so-called user-generated content.
- IP addresses
How can we access your personal data?
We try as far as possible to obtain your consent before we start processing your personal data. You consent to processing by accepting our general conditions? When you agree to our general conditions, you also agree to the processing of your personal data.
You have the right to withdraw your consent at any time. We will then no longer process your personal data or collect new ones, provided that it is not necessary to fulfill our contractual or legal obligations. Keep in mind that withdrawal of consent may mean that we cannot fulfill the obligations we have in relation to you. Read more about this in the section "Your rights" below.
We also access your personal data in the following ways:
- Data that you provide to us directly
- Data recorded when you visit our website
- Data we receive from public registers
- Information we receive when you hire one of our staff members
- Information we receive when you register for our courses or seminars
- Information we receive when you sign up for newsletters and other mailings
- Information we receive when you respond to questionnaires and surveys
- Information that we receive when you contact us, apply for employment with us, visit us or otherwise contact us.
What information do we provide to you?
When we collect your personal data for the first time, we will inform you how we have obtained the personal data, what we will use it for, what your rights are under data protection law and how you can exercise them. You will also be informed about who is responsible for the processing of your personal data and how to contact us if you have any questions or need to make a request or inquiry related to your personal data and/or rights.
Is your personal data processed securely?
We develop procedures and practices to ensure that your personal data is handled securely. The starting point is that only employees and other persons within the organization who need the personal data to perform their duties should have access to it.
In the case of sensitive personal data, we have put in place specific access controls which provide a higher level of protection for your personal data. Our security systems are developed with your privacy in mind and provide a very high level of protection against intrusion, destruction and other changes that could put your privacy at risk.
We have several IT security policies in place to ensure that your personal data is processed securely.
When do we disclose your personal data?
Our policy is not to disclose your personal data to third parties unless you have consented to it or unless it is necessary to fulfill our contractual or legal obligations. In order to deliver some of our services, it is sometimes necessary that we share certain personal data with other companies. In cases where we disclose personal data to third parties, we establish confidentiality agreements and ensure that the personal data is processed in a secure manner. The suppliers that Upheads cooperates with have equivalent obligations regarding the processing of personal data as the obligations we have towards you as a customer. We do not transfer personal data in cases other than those explicitly stated in this policy.
How long do we keep your data?
As long as there is a customer relationship, Upheads saves your personal data. This is to be able to fulfill the obligations we have towards you. The data is also saved when it is necessary to achieve the purposes described in this policy. When the customer relationship ends, some data is removed, others are anonymized and some are deleted. This is done within a reasonable time after you cease to be a customer of Upheads unless current legislation states otherwise. How long your personal data is stored depends on the purpose for which it has been collected and the legal basis for the processing of your personal data. Personal data collected for invoicing purposes will be retained for as long as necessary for accounting purposes. Personal data may also be retained if there is a balance of interests that says it is necessary and is based on other economic or security reasons. In these cases, storage is limited and managed using the access controls set out in this policy.
Your rights
As this policy is about how your personal data is processed, we also want you to know what your rights are. You have the right to request an extract from the register of your personal data that we process. You also have the right to have your personal data corrected if you believe it is inaccurate or misleading in any way and you have the right to restrict the processing of your personal data until we change it. You have the "right to be forgotten" but deletion of personal data cannot take place if it is contrary to current legislation or if it is based on a balance of interests. You have the right to object to the processing if you consider that the balance of interests is incorrect or that there are no legitimate grounds for the processing. You also have the right to withdraw your consent or make a complaint about the processing to the Swedish Data Protection Authority.
Responsibility and contact
Upheads is the data controller, which means that we are responsible for how your personal data is processed and that your rights are safeguarded. If you have any questions about the processing of your personal data or questions about this policy, please contact us through dataskydd@upheads.se or via the contact details on our website www.upheads.se.