Privacy Policy
Why and for whom?
At Act Sverige AB org.nr (559331-7521) ("Act", "we", "us", "our") we care about personal privacy. This means that we respect and protect your privacy and the right to control and transparency when processing your Personal Data.
This Privacy Policy (the "Policy") applies to the processing for which Act is the Personal Data Controller. The policy describes overall the purposes for which we need your Personal Data, the legal basis we rely on and the measures we take to protect personal data. We also inform you of how you can exercise the rights you have linked to our processing of your Personal Data.
The policy informs about our handling of Personal Data in cases where you communicate with us, use the Service or visit our website Act Sweden (collectively "Functions").
This policy is aimed at:
Users of the Service
Definitions:
"Processing" of Personal Data is everything that can be done with a Personal Data, e.g. storage, modification, reading, transmission, etc.
"Applicable law" is the legislation applicable to the processing of Personal Data including the General Data Protection Regulation (GDPR), supplementary national legislation, as well as practices, guidelines and recommendations issued by a national or European supervisory authority.
"Personal data" is any kind of information that can be linked to an identifiable, living person.
"Personal data controller" is the company/organization that decides for which purposes and in what way the Personal Data is to be processed and is thus also responsible for Personal Data being processed in accordance with Applicable Law.
"Personal data assistant" is the company/organization that processes Personal Data on behalf of the Personal Data Controller and may therefore only process the Personal Data in accordance with the Personal Data Controller's instructions and Applicable Law.
"Registered" means the living, natural person whose Personal Data is processed.
"The service" Assault alarm.
Act's personal data responsibility
The information in this Policy covers the Processing of Personal Data for which Act is the Personal Data Controller, i.e. the Processing for which we determine the purpose of (why a processing is done) and means for (in what way, which personal data, for how long, etc.). The policy does not describe how we process personal data in the role of Personal Data Officer - i.e. when we process personal data on behalf of our customers.
We provide an app that functions as an assault alarm. We therefore need to process your personal data in order to create a personal user account.
Act's processing of personal data
We have a responsibility to describe and show how we live up to the requirements placed on us when we process your Personal Data. This section aims to give you an understanding of the types of personal data we process about you and for what purposes.
How long do we save your Personal Data?
We save your Personal Data for as long as is necessary with regard to the purpose for which it was collected. Depending on the legal basis on which we support the processing, this may a) result from an agreement, b) depend on a valid consent, c) appear from legislation or d) result from an internal assessment based on a balancing of interests.
We never save your Personal Data for longer than necessary and regularly delete Personal Data. Act also takes reasonable measures to keep the Personal Data that is processed up-to-date and to delete out-of-date and otherwise incorrect or redundant Personal Data.
Treatments
The main purpose of the personal data processing that we carry out is to provide, perform and improve our services to you. There are several different reasons why we may need to collect, process and save your data.
We mainly process the following personal data:
Contact and identification information to confirm your identity, verify your information and be able to communicate with you information about your use of the service or product in order to improve your customer experience.
How do we get access to your personal data?
We collect your personal data in a number of different ways. We mainly get access to your personal data:
- Because you yourself have provided your personal data to us.
- By registering yourself using Mobile BankID.
- Legal grounds
In order for us to process your personal data, it is required that we have so-called legal basis for the respective treatment. In our business, we process your personal data primarily on the following grounds:
If you want additional information about the legal basis(s) for which we process your personal data, you always have the right to request a so-called register extract. Read more under "How to use your rights" below.
Your rights
You are the one who decides on your Personal Data. We always strive to ensure that you can exercise your rights as efficiently and smoothly as possible.
Access - You always have the right to receive information about the Personal Data processing that concerns you in a so-called register extract. From the register extract, it appears that, among other things, which of your personal data we have stored and for which purposes and on which legal basis. We only release information if we have been able to ensure that it is actually you who is asking for the information.
Correction - If you discover that the Personal Data we process about you is incorrect, contact us and we will fix it!
Deletion - Do you want us to forget you completely? You have the right to request the deletion of your Personal Data when they are no longer necessary for the purpose for which they were collected. If we are required to retain your data by law or an agreement we have entered into with you, we will ensure that it is only processed for the specific purpose stated in the law or agreement. We then ensure that the data is deleted as soon as possible.
Objection - Do you not agree with us that our interest in processing your Personal Data outweighs your interest in protecting personal integrity? No problem - in that case we will review our balance of interests and check that it still holds. We will of course take your objection into account when we make a new assessment to evaluate whether we can still justify our Processing of your Personal Data. If you object to direct marketing, we will delete your Personal Data at once without reviewing our assessment.
Limitation - You can also ask us to limit our processing of your data:
During the time we are dealing with a request from you about any of your other rights.If, instead of requesting deletion, you want us to mark that the data should not be processed for a certain purpose. If you e.g. do not want us to send you advertising in the future, we still need to save your name to know that we should not contact you.
In cases where we no longer need the data for the purpose for which it was collected, provided you do not have an interest in us retaining the data in order to assert a legal claim.
Data portability - We can provide you with the information you have provided to us yourself or that we have received from you in connection with entering into an agreement with you. You receive your data in a commonly used and machine-readable format, which you can then take with you to another Personal Data Controller.
Withdraw consent - If you have consented to one or more specific processing(s) of your Personal Data, you have the right to withdraw your consent at any time and thus ask us to cease the Processing immediately. Please note that you can only withdraw your consent for future Processing(s) of Personal Data and not for any Processing that has already taken place.
Transfer of Personal Data
In order to conduct our business, we may need the help of others who process Personal Data on our behalf, so-called Personal Data Processors.
In cases where our Personal Data Processors transfer the Personal Data to a country outside the EU/EEA, we have ensured that the Processing is legal according to Applicable Law by having one of the following requirements met:
There is a decision from the European Commission that the country ensures an adequate level of protection; application of the European Commission's standard contractual clauses for third country transfers; or other appropriate protective measures that comply with Applicable Law.
We have entered into personal data processor agreements (PUB agreements) with all of our Personal Data Processors. The PUB agreement regulates how the Personal Data Processor may process the Personal Data and which security measures are required for the processing of personal data.
We may also need to provide your Personal Data to certain designated authorities in order to fulfil obligations according to law or authority decisions.
Security
Act has taken technical and organizational measures to ensure that your personal data is processed securely and that it is protected from loss, misuse and unauthorized or unauthorized access.
Our security measures
Organizational security measures are measures that are implemented in working methods and routines within the organization. Our organizational security measures are:
Internal governing documents (policies/instructions)
Login and password management
Technical security measures are measures implemented through technical solutions. Our technical security measures are:
Access log
Secure network
VPN
Firewall
Backup
Regular control of security level
Two-step verification
If we don't keep what we promise
If you feel that we are processing your Personal Data incorrectly, even after you have alerted us to this, you always have the right to submit your complaint to the Swedish Privacy Protection Authority.
More information about our obligations and your rights can be found on the Swedish Data Protection Agency's website (HTTPS://WWW.IMY.SE/)
Changes to this policy
We reserve the right to make changes to this Policy. In cases where the change affects our obligations or your rights, we will inform about the changes in advance so that you are given the opportunity to take a position on the updated policy.
Contact
Contact us if you have questions about your rights or if you have any other questions about how we process your personal data: