OUR PRIVACY POLICY – GDPR

The GDPR (General Data Protection Regulation) has required us to review how we process your personal data as a business going forwards.
We’ve updated our privacy policy to make it easier for you to understand what information we collect and why we collect it. The GDPR came into force on 25 May 2018. We want to assure you that we process your personal data in accordance with the new regulation. We use your e-mail address and your name (if you have given it to us) to send you information about our business. You can unsubscribe from our mailings at any time by clicking the link at the foot of our e-mails.

We have also taken steps to improve our privacy controls and other controls in order to protect your data and privacy.

Nothing has changed in terms of your current choices or how your information is processed.
However, we have improved our description of our approaches and our explanations of your options in terms of updating, managing, exporting, and deleting your data.

We are making these updates in line with the entry into force of the GDPR in the EU. The GDPR has been developed to harmonise privacy legislation from across Europe and contains fine-tuned transparency rules for how companies must describe their data management. We have now made the necessary updates to our privacy policy.

This privacy policy applies to those who contact or have contacted us by phone, e-mail, or online, or otherwise given us their personal information. The processing of personal data complies with the GDPR that came into force on 25 May 2018.
“Personal data” means any information relating to an identified or identifiable natural person, whereby an identifiable natural person is someone who can be directly or indirectly identified by way of a name, identification number, location data, or online identifiers, or one or more factors that are specific to the natural person’s physical, physiological, genetic, psychological, economic, cultural, or social identity. Please refer to the applicable legislation for more definitions.
The information is collected in the appropriate databases. Such information may include names, personal identity numbers, postal addresses, phone numbers, electronic addresses, delivery, payment and purchase information, address-based profiling, and data-based information on the use of digital services.
We use this information for marketing, to supply products, as a basis for statistics, product development and invoicing and, where applicable, in order for our partners to tailor content, advertising, and offers to your company.
The data may also be analysed and grouped for selecting, prioritising, and planning the personal data. This is known as profiling. This may include information that we obtain by way of cookies and plugins on our website.
Personal data may be provided to partners with which we have data processing agreements and to authorities if requested by law or by way of an order from a public authority.
Personal data is stored only for a specific purpose and is deleted once a specific amount of time has passed following the end of the business relationship or if the data subject has withdrawn their consent. The data subject may also request the correction/deletion of any incorrect data, or submit a written request for information on the personal data we hold on them. This is done in writing in accordance with a procedure.
To protect personal data, we have appropriate physical, technical, and organisational security measures for the management and transfer of personal data, including appropriate security measures to protect such data against accidental or unlawful destruction, accidental loss, improper use, amendment, unauthorised disclosure or access, and all other forms of illegal processing.

For further information and to request information about our management of personal data, please contact our GDPR co-ordinator at info@cernelle.se