1. GENERAL
We at Rolf Nordic want you to feel safe when you leave your personal information to us. This privacy policy explains how we collect, use, release and store your personal information and how we otherwise ensure that your personal data is processed in accordance with applicable law. It is important for us that you read and understand this privacy policy and that you feel safe with how we process your personal data.
2. WHO IS PERSONAL DATA CONTROLLER?
2.1 Rolf Nordic AB, with org. no. 556962-6046 and postal address Kopparbergsvägen 6, 72213, Västerås (in this policy called "Rolf Nordic") is handling your personal data, but your employer is your personal data controller. The personal data controller is responsible for processing your personal data. Rolf Nordic provides and markets products and services and for other contacts with Rolf Nordic, such as service cases via email and telephone. As the personal data controller, it is the responsibility of you employer to ensure that your information is handled in a correct and safe manner according to applicable legislation.
3. WHAT PERSONAL DATA ABOUT YOU ARE BEING PROCESSED?
Rolf Nordic collects and processes the following categories of personal information about you as a customer or potential customer in connection with using our services.
• Contact information such as name, title and attestation right, e-mail address, delivery address, invoice address and telephone number.
• Account information such as, username, password and when the account was registered.
• Identification number, i.e social security number or corporate identity number.
• Correspondence and other information about support cases such as notes and e-mails when contacting customer service.
• User-generated data about your interaction with Rolf Nordic – through our communication platforms and websites - such as IP address, device information (computer technical information, mobile phone and other devices you use such as browser settings, time zone, operating system), location information.
4. FROM WHAT SOURCES DO WE COLLECT DATA ABOUT YOU AS A CUSTOMER?
4.1 Rolf Nordic collects your personal information directly from you when you are in contact with our customer service and when you otherwise have contact with Rolf Nordic and provide us with information about you. Information about you is collected at these times so that you can enter into agreements with Rolf Nordic and for Rolf Nordic to be able to provide its products and services to you.
4.2 In addition to the information that Rolf Nordic collects from you, we can also collect personal data from someone else, i.e. from third parties. We retrieve information from public records via third party. For example, address update services, e.g. Bisnode, to make sure we have the right contact information about you. We collect creditworthiness information from credit rating agencies, disclosure agencies or banks, e.g. UC.
5. WHY DO WE PROCESS PERSONAL DATA ABOUT YOU?
Rolf Nordic collects and manages information about you for different purposes. These purposes set the external framework for what we may use your personal data for. Below, we explain the purposes why we collect your personal data and give examples of in what purpose we use it. Please note that some of your personal data may be processed for several purposes.
a) Manage orders and purchase Processing of personal data for this purpose includes activities to identify and send you order confirmation, manage payment for ordered products and goods and assess what payment methods we can offer you (based on contact information, ordered goods, payment history and financial information), deliver orders, notify delivery and handle complaints and warranty cases regarding purchased products and services. The collection of information that we do to be able to handle your orders and purchases is required in order for us to fulfill our obligations under Rolf Nordic general sales conditions. If the information is not provided by you, our obligations cannot be fulfilled, and, in that case, we can deny you the order or purchase.
b) Providing the tool Rolf. By having your email address, we give you permission to log in to your account and ensure your identity. The collection of information that we do to be able to provide and administer your account is required for us to be able to fulfill our obligations under the Terms of use for Rolf. If the information is not provided, our obligations cannot be fulfilled, and, in that case, we can deny you registration of the account or terminate the account.
c) Provide information about and market products and services. We treat personal data for this purpose in order to inform you by mail, e-mail, SMS / MMS and telephone about and market the products, services and offers from Rolf Nordic. The collection of information that we do for the purpose is required in order for us to be able to fulfill our obligations under these terms. If the information is not provided, our commitments cannot be fulfilled, and, in that case, we need to limit certain benefits and other benefits associated with your account.
d) Handle matters that come in to Rolf Nordic support functions. Processing of personal data for this purpose includes activities such as being able to communicate, secure the customer's identity, investigate complaints and support cases, answer questions that come in to customer service or other support functions via e-mail, phone or digital channels, correct erroneous information, provide technical support and nurture customer relationship.
e) Completing the legal obligations required by Rolf Nordic. Personal information is processed for this purpose in order for Rolf Nordic to be able to fulfill the requirements of laws, judgments or authority decisions. Examples of such requirements are product liability and product safety such as the production of communication and information about product alarms and product recalls (e.g. in the case of a defective or harmful product) and obligations to save certain information according to the Swedish Accounting Act that can be attributed to an individual. If the information collected by Rolf Nordic is not provided for this purpose, our legal obligation may not be met and we may, in that case, deny you the order, purchase or activity giving rise to our legal obligations.
f) Preventing abuse and investigating crimes within the framework of our operations. Treatment of personal data for this purpose is done to prevent abuse of Rolf Nordic accounts to and prevent and investigate suspicions of theft and fraud. Suspected crimes and attempted crimes may be reported to the police.
g) Evaluate, develop and improve Rolf Nordic services, products and systems for our customers in general. Treatment of personal data for this purpose includes activities to make our system, Rolf, more user-friendly, develop or highlight digital features, improve our customer service (e.g. development of services and products), develop documentation to improve goods and logistics flows, develop and improve the company's range and resource efficiency, and improve our IT system to increase safety, produce statistics for market and customer analyzes and business follow-up. as well as business and method development related to orders and purchases, automatically archiving behaviors that may later have to be reviewed for security reasons and giving customers the opportunity to influence the range that Rolf Nordic provides. In order to fulfill this purpose, Rolf Nordic performs general analyzes in aggregated form, i.e. not at the individual level, with regard to, among other things, click and visitor behavior, unit information, order history, payment history, geographical location and individual customers' feedback.
6. WHAT ARE THE LEGAL BASIS FOR OUR TREATMENT OF YOUR PERSONAL DATA?
In order for Rolf Nordic to have the right to collect and process your personal data, there must be a legal basis for each purpose for which the data is processed. The legal bases on which we base our treatment are described in this section. Note that several legal grounds may apply to the same treatment.
a) Legal obligation. This basis means that our processing is necessary to fulfill a legal obligation required by Rolf Nordic, for example, to document payment information in order to meet the requirements of the Accounting Act.
b) Contractual obligations. This basis means that the treatment is necessary to fulfill an agreement with you as a customer or to be able to enter into agreements at a later stage. When ordering or buying, we will process your information in order to fulfill obligations according to the signed Subscription Agreement. Then it can e.g. be necessary that Rolf Nordic records your contact information so that we can fulfill our obligation to deliver the product or service and that we make a credit report so that we can ensure your payment ability.
c) Legitimate interest. This means that our treatment is based on a so-called balancing interest of legitimate interest. By this is meant that the processing is done in order for Rolf Nordic to judge that we have legitimate interests of treating your personal data that weighs heavier than your interest in not receiving the personal data processed. On this basis, we treat your personal data, among other things in order to prevent abuse, prevent and investigate crimes within the framework of our activities. If we judge that a crime or attempted crime has been committed and we make a police report, Rolf Nordic will also continue to process your personal data in order for us to be able to determine, defend or make legal claims.
7. HOW MUCH OF YOUR PERSONAL DATA DO WE SAVE?
7.1 Rolf Nordic will save your personal information as long as it is necessary to fulfill the purposes for which the data is processed. Thus, the length of the storage period depends on the purpose for which the data is processed. In addition, Rolf Nordic may save the data longer if it is needed to establish, defend or make legal claims, eg. if there is a dispute or if a notification of crime has been submitted to the police authority. We regularly carry out thinning and removing personal information that is no longer necessary.
7.2 Rolf Nordic saves personal information linked to your account as long as you are using our services.
8. WHO DO WE SHARE YOUR PERSONAL DATA WITH?
8.1 Rolf Nordic will not sell or share your personal data to third parties unless we have your permission to do so. See our Data Processing Agreement for more information.
9. WHERE DO WE STORE YOUR PERSONAL DATA?
Rolf Nordic will primarily handle your personal information in the EU / EEA. However, we may also transfer your personal data to a country outside the EU / EEA if we need to share your information with Rolf Nordic suppliers or partners who are outside or store personal data in a country outside the EU / EEA. If your personal data is transferred to any country outside the EU / EEA, Rolf Nordic will take the necessary steps to legally transfer the personal data by ensuring that your personal data is handled safely and with an adequate level of protection comparable to the protection offered within the EU. / EEA, for example by entering into an agreement with the recipient that includes the EU Commission's standard contract clauses or, if transfer is made to the United States, by the recipient certifying itself to comply with the principles of Privacy Shield.
10. WHAT RIGHTS DO YOU AS A CUSTOMER HAVE?
10.1 Rolf Nordic are responsible for ensuring that your personal information is processed in accordance with applicable legislation. This section describes your rights related to our processing of your personal information. We will, at your request or on our own initiative, correct, de-identify, delete or supplement any information found to be incorrect, incomplete or misleading. If you have any questions about this or want to exercise any rights, please contact us at the information provided at the bottom of this policy.
a) The right to access your personal information. We at Rolf Nordic want to be open with how we process your personal data. If you want to gain insight about how we process your information, you have the right to request information about that, including a copy of your personal data that is being processed. This includes information about purposes, categories of personal data, categories of recipients of personal data, storage period or criteria for determining the storage period, information on where the data has been collected and the existence of automated decision-making including information on the logic behind and the importance of the processing. Please note that in the case of a request for access, we may ask for additional information about you in order to ensure that we provide the information to the right person and what information you want to take part of. The register extract is free of charge, but with repeated inquiries, Rolf Nordic has the right to charge an administrative fee of SEK 100.
b) Right to correction of your personal data. Rolf Nordic is keen to have correct and updated personal information. If the information we have about you is incorrect, you have the right to request that the will be corrected. You also have the right to supplement any incomplete personal data.
c) The right to erase your personal information. We respect that the personal information we process about you is borrowed from you. You therefore have the right to request that Rolf Nordic remove your personal data when; the data is processed in an illegal manner, must be erased in order to fulfill a legal obligation to which Rolf Nordic is subject, no longer is necessary for the purposes for which they have been treated or when you object to a balance of interests of legitimate interest that Rolf Nordic has done and there is no legitimate interest in Rolf Nordic or third party that weighs heavier (see section f below for information on the right to object). However, we cannot always accommodate your request as there may be reasons that give us the right to continue the treatment, e.g. if the personal data is processed to fulfill a legal obligation as a legal basis (such as according to the requirements of the Swedish Accounting Act) or if the information is necessary for Rolf Nordic to be able to determine, enforce or defend legal claims.
d) The right to data portability. You have the right to receive a copy of the personal data that concerns you in a structured format and in some cases get the data transferred to another person responsible for personal data. However, this right only covers information that you have provided yourself to Rolf Nordic and which we treat with the support of consent or contractual obligation towards you on a legal basis.
e) Right to limitation of treatment. You have the right to request that our processing of your personal data be limited in certain situations, which means that the information may only be processed for certain purposes. For example, you can request limitation of incorrect information when you have requested correction. While Rolf Nordic is investigating the accuracy of the data, their processing will be limited.
f) Right to object to certain types of treatment. When Rolf Nordic deals with your personal data based on balancing interest of legitimate interest as legal basis or for direct marketing, you have the right to object to our treatment. Objections to the balancing actor's interest can be made when you have personal reasons that concern the situation. In such an objection, Rolf Nordic assesses whether we have justified reasons for the treatment, which weighs your interest in protecting your privacy. If so, Rolf Nordic may continue to process your personal information even though you have opposed the processing. You can do objection to direct marketing and analyzes for direct marketing purposes without giving any reasons. If you object to direct marketing, we will cease processing your personal data for that purpose and any kind of direct marketing measures such as sending newsletters and offers.
10.2 If you think that we handle your personal data incorrectly, you are welcome to contact us. Contact details can be found at the bottom of this policy. You also have the right to file any complaints regarding the processing of your personal data to Datainspektionen, which is the responsible supervisory authority for processing personal data in Sweden.
11. HOW DO WE PROTECT YOUR PERSONAL DATA?
You should always be able to feel safe when you leave your personal information to us. Rolf Nordic has therefore taken appropriate technical and organizational security measures to protect your personal information from inappropriate or involuntary disclosure, use, improper access, deletion, modification or damage to your personal information. For example, all customer data in a database that is protected by firewall and authorization control is saved so only employees working at Rolf Nordic and need access to your data to perform specific tasks have such access.
12. APPLICATION AND AMENDMENT OF THE PRIVACY POLICY
12.1 The latest updated version of Rolfs privacy policy is always on our website. Our privacy policy applies at any time in the form and to the content that is published on the website.
12.2 Rolf Nordic has the right to update the privacy policy at any time. If the privacy policy changes, the updated policy will be published on Rolf Nordic website. In addition, you will be informed that the privacy policy has changed the next time you log in to your account on Rolf Nordic. We may also inform you via e-mail if there are major changes to the privacy policy. If you do not want to accept the changed policy, you can terminate your account on Rolf Nordic by contacting customer service, see the contact details at the bottom of this policy.
13. CONTACT INFORMATION
Please do not hesitate to contact us if you have any questions about this privacy policy or if you would like more information about our processing of your personal data or if any information would be incorrect and you would like us to correct it. Please contact our customer service at info@rolf.se.