Information regarding Crewdox’ processing of your Personal Data
If you’re reading this, you have either been contacted by one of Crewdox’s employees, you’re interested in our newsletter, you have signed up for a demo/trial on our website or your employer/principal is a customer of ours. In either case this document will provide information about what we do with your Personal Data and what rights you have to influence this processing.
As a “Controller” of your personal data (as defined in the GDPR, article 4.7) according to applicable law, Crewdox AB, with Swedish company registration number 556969-9951, is responsible for making sure that your personal data is processed in a safe and legal way.
If you have any questions or remarks regarding our processing of your personal data, feel free to contact us at firstname.lastname@example.org.
ABOUT OUR PROCESSING - WHAT, HOW, WHY AND FOR HOW LONG?
What information we have and what we do with it depends on who you are.
If you are a subscriber of our newsletter, you have provided us with your e-mail address in order for us to send you our newsletter, which may consist of both editorial content and marketing content. We will not use your e-mail address for any other purpose than to provide you with the requested newsletter. You can always unsubscribe using the link provided in each newsletter.
If you have been contacted by us, we have received your contact details from two sources, either
From yourself when you have contacted us using a form on our website, sent us an e-mail or likewise, or
From an external provider of business information.
We use this information because we have a “legitimate interest” (see article 6.1.f of the GDPR) to contact businesses for which our services are relevant (commonly referred to as “leads”).
We will continue to process this information for this purpose until you have been contacted or are no longer representing a potential customer, this could be because your company has declined our services, we find that you have left your current position (regarding information bought from an external provider, this is updated every month) or some other reason. Following contact, and presuming you are still representing a potential customer, we will continue to process data for the purpose of finalizing a contract (after which you, or someone else, will become a “Contact person”).
If your employer/your company is or becomes a customer of ours, we will process personal data about our contact persons with the company. We will then process commonly used data (such as name, title and contact details) for customer relations and contract purposes (such as support, sales, invoicing etc). Such processing is based on our legitimate interest to maintain customer relations and the contractual agreement. You may object to your personal data being processed for this purpose by contacting us.
Note that some data may be kept because we have a legal obligation (see article 6.1.c of the GDPR) to keep records, for example your name may be used as reference on an invoice which needs to be kept in our bookkeeping records.
Users of the service
If you are a user of the service, your employer/principal has provided you with credentials to use our services. We don’t process any credential data, nor any other data in our service, for our own purposes. Our customer is responsible and "controller" of all such data.
Like most operators of digital services we, however, collect non-personally identifying information that web browsers and servers typically make available, such as your browser type, language preference, referring site, and the date and time of each visitor request and eventual requests. We will collect and share statistics about such use of the Service and the Website in an aggregated and non-personally-identifiable manner. Our purpose for collecting such information is to better understand how our visitors and users use the Service and the Website and for marketing and advertising purposes. Such information is however used in an aggregated manner, and is never linked back to any personal data, unless to identify anyone using the Service or the Website in an unauthorized manner.
Though it may be technically possible to connect such information to a certain person, it is processed in an non-identifiable way with us, this means that your rights concerning such data, should it be considered personal data, is very limited (see article 11 of the GDPR).
SHARING YOUR PERSONAL DATA
However, we may share personal data with our subcontractors to facilitate, provide the Service and the Website, and to perform the Service and the Website, or to analyze how the Service and the Website are used. In such case, we remain responsible for our subcontractors’ processing of personal data. Our subcontractors have access to personal data only to perform these tasks on our behalf and are obligated not to disclose or use personal data for any other purpose. Some of our subcontractors may be located outside the European Union. All transfers made by us are always in accordance with Chapter 5 in the GDPR, on the basis of an adequacy decision and subject to appropriate safeguards.
We use the following categories of contractors who may process your personal data:
Storage providers (servers)
Accounting and bookkeeping providers
Communication providers (e-mail, chat, support and videoconference systems)
Marketing and e-mail automation providers
Please note that we may disclose personal data to third parties if we are required to do so by applicable law, regulation or a decision from a competent court. We may also disclose personal data to hired specialists, such as lawyers and accountants, who are bound by secrecy by law or contract.
Briefly, you have the right to receive information about what personal data of yours we process, to make sure that this data is correct and to complain to us if you think that we do something wrong. The easiest way to contact us is by using our contact details as stated in section 6 below.
More specifically, you have the following rights:
The right to, once a year without getting charged and otherwise against payment of the administrative costs, request information about what personal data we control about you,
The right to demand any incorrect personal data is corrected, or to block such data during the time when we make sure whether or not such data is incorrect,
The right to demand that personal data is deleted under the circumstances stated in Article 17 of the GDPR, or not used during the circumstances stated in Article 18 of the GDPR,
The right to have your personal data transferred to yourself or to another controller in a commonly used and machine-readable format (data portability), under certain circumstances, and
The right to file a complaint with the Data Protection Authority (Sw: Datainspektionen) or other relevant authority (for contact details, see www.datainspektionen.se).
In case of uncertainty about how we handle personal data, if not agreeing with how we handle personal data or in the event of other questions or complaints, please send us an e-mail to the address supplied below in section 6.
In the event of a security breach that affects you, we will, as soon as possible, notify you about the security breach and the measures taken by us.
4.3Please contact us for further information regarding our security measures.
SE-722 17 Västerås, Sweden
Company Registration Number: 556969-9951
Email address: email@example.com