Introduction and Purpose
Processing of Personal Data
It is necessary for Extenda Retail to Process Personal Data in order to be able to provide services to customers and in order to conduct its business. Extenda Retail mainly Processes Personal Data related to applicants for employment, contact persons of customers and individuals that represent potential customers. When you use and interact with Extenda Retail’s websites or services, communicate with or otherwise contact Extenda retail or visit our offices or attend our events, Extenda retail may therefore collect, use, share and Process information relating to you.
When processing personal data, Extenda Retail ensures the presence of a legitimate legal ground for the Processing as well as legitimate purpose. Further, Extenda Retail assures that all processing of personal data is necessary. Additionally, Extenda Retail will not process personal data for a longer period than what is necessary. The following sections provide information regarding the Processing of Personal Data conducted by Extenda Retail.
Categories of Personal Data Collected
Extenda Retail collects and processes the following categories of Personal Data:
- Basic contact information such as name, phone number, address and e-mail address;
- Information about age, personal identity number och gender;
- Data concerning employment, title and position;
- Questions and comments that relate to our products;
- Pictures taken of you in our offices;
- Different types of user-information, for example, username and passwords; and
- E-mails and other information regarding e-mail that have been sent to and from Extenda Retail.
To manage customer relations and fulfill commitments according to customer agreements, it is necessary for Extenda Retail to Process Personal Data related to customers’ contact persons or users of our services. Extenda Retail Processes these categories of Personal Data in order to;
- Manage the sale process and contract process with customers;
- Quote products and services at the request of customers;
- Fulfill contractual obligations;
- Provide support services to users of Extenda Retail’s services;
- Improve functionality and to make Extenda Retail’s products and services more usable;
- To maintain Extenda Retail’s products;
- To ensure that Extenda Retail’s products are used in accordance with instructions; and
- To manage customer contracts such as invoicing, orders and administration.
Applicants for Employment
Extenda Retail Processes Personal Data relating to Applicants’ for employment in order to decide whether or not employment is given. The Personal Data is Processed based on consent (if consent is necessary) or because Extenda Retail has a legitimate interest in Processing the applicant’s Personal Data and this interest does not violate the applicant’s right to privacy.
Personal Data about visitors is Processed by Extenda Retail In order to identify visitors. The Processing of Personal Data is based on the legitimate interest in protecting confidential trade secrets and security measures in regards to employees, the premises and all visitors.
Extenda Retail Processes Personal Data regarding potential clients for marketing purposes. This can be made either through the collection of Personal Data at events or at customer meetings. Based on the activity, Extenda Retail might send out marketing offers.
Sensitive Personal Data includes any information that reveals your race or ethnicity, political views, religious or philosophical beliefs, membership in a trade union, as well as personal data regarding your health or private life. Extenda Retail generally does not Process any Sensitive Data about you. In case you provide us with Sensitive Personal Data we will only process such data if we receive your consent for this or if such Processing is legally required. Extenda Retail limits the use of personal identification numbers and only Processes personal identification numbers when needed to ensure your identification.
Collection of Personal Data
Normally Extenda Retail collects Personal Data directly from the Data Subject or from other persons connected to its customers, for example from a manager or a colleague. Sometimes Extenda Retail collects Personal Data from other sources, for example, partners to Extenda Retail dealing with marketing questions, recruitments, public records or from other types of social networks.
Sharing of Personal Data
Extenda Retail may share Personal Data with third parties in the following situations:
- Authorities: The Swedish Tax Agency and other authorities may require that personal data is disclosed by Extenda Retail. In such cases, Extenda Retail will only disclose personal information if there is an authority resolution; and
- Mergers & Acquisitions – In connection with mergers, acquisitions or divisions, the acquiring business and consultants assigned in the acquiring business may need to access the Personal Data that Extenda Retail Processes. Extenda Retail ensures that confidentiality agreements regarding the Processed Personal Data are entered into and that consent is collected when necessary in these situations.
Storage and Protection of Personal Data
Taking into account the type of Personal Data collected and the risk that may arise in the event of an infringement, reasonable and appropriate organizational, technical, and physical measures are in place to protect the Personal Data collected and processed. In regards to the Data Subject’s Personal Data, Extenda Retail ensures the following:
In regards to protecting Personal Data, Extenda Retail ensures:
- prevention of unauthorized access;
- prevention in regards to spreading of the Personal Data;
- that Personal Data is treated with confidentiality; and
- availability of Personal Data in accordance with applicable data protection legislation.
In regards to organizational measures, Extenda Retail ensures that it has:
- appointed an internal working group to continuously develop and assess the company’s work regarding processing of personal data;
- appointed a Data Protection Officer;
- appointed people within each part of the organization who are responsible for personal data-related questions and issues;
- established incident management procedures for the organization to act quickly and effectively in the event of a Personal Data incident or Breach;
- implemented training regarding Personal Data management for employees; and
- entered into personal data processing agreements with all customers and suppliers if necessary.
In regards to technical measures, Extenda Retail ensures that it has implemented the following measures:
- classification of Personal Data in order to introduce security measures that correspond to risk assessment;
- assessment of the use of encryption and pseudonymization to mitigate the risk of Processing Personal Data;
- restriction of access to Personal Data to only those who need access in order to fulfill statutory obligations or obligations arising from contracts;
- the effective use of systems that detect, recreate, prevent and report privacy incidents; and
- the effective use of tools to assess whether the technical and organizational measures taken are sufficient to protect Personal Data.
In order to gain access to Extenda Retail’s premises, access cards are required and parts of the premises are video-monitored.
Duration of Processing
Extenda Retail will only Process Personal Data for as long as it is needed for the purpose for which the data was collected.
The Use of Sub-processors and Transfers to Third Countries
Extenda Retail endeavors to keep Personal Data within the European Economic Area (EEA) but may engage suppliers located outside of the EEA such as other companies within the Extenda Retail Group or companies that assist with our technical support and maintenance of our IT services. Any such Personal Data will always be kept to a minimum relevant for the purpose. No matter where your personal data is transferred, Extenda Retail always takes necessary measures to ensure that the security level and processing is in line with GDPR, for example by using the EU Commission’s Standard Contractual Clauses.
Data Subject’s Rights
In regards to Data Subjects’ own Personal Data, all Data Subjects have the right to:
- request information regarding our Processing of Data Subject’s Personal Data, if any. Please note that Extenda Retail may request certain details about a Data Subject in order to ensure that the information is provided to the correct person and handled in a secure way.
- rectification of Personal Data that Extenda Retail Processes if these are in any way incorrect;
- request us to delete Personal Data we hold about a Data Subject. For example, if the information is no longer necessary to fulfil the purpose it was collected for. Please note that, when legally required, Extenda Retail could decline a request from a Data Subject, for example if the data is needed for tax or bookkeeping purposes, or are necessary to defend legal claims;
- request limitations of the Processing of your Personal Data. Please note that in such cases, Extenda Retail may need to investigate the situation further prior to reaching a decision; and
- have Data Subjects’ data transferred to another Controller. This however requires that the transfer is technically possible and may be carried out automatically and that the processing is based on the fulfillment of an agreement with you.
Extenda Retail is committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, and you are located in the EEA, you have the right to lodge a complaint with the competent supervisory authority