Data Policy
Effective Date
Nov 28, 2024
1. Data Controller
Norrhavet Group AB is the controller for the personal data we process. If you have any questions or concerns, you can contact us:
– Email: elsa@norrhavet.com
2. What Personal Data We Collect
Depending on your interaction with us, we may collect the following types of personal data:
– Identity Information: Full name, title, and job role.
– Contact Details: Email address, phone number, physical address.
– Service Details: Information about services provided, contractual details, and associated correspondence.
– Financial Information: Payment details (processed securely in line with PCI DSS standards).
– Website Interaction Data: IP addresses, cookies, and usage data collected via our website.
3. Purpose and Legal Basis for Processing
We process your personal data only when there is a lawful basis under GDPR.
| Purpose of Processing | Legal Basis |
|---|---|
| To fulfill contractual obligations | Performance of a contract |
| To comply with legal requirements | Compliance with a legal obligation |
| To send marketing communications | Your explicit consent |
| To improve our services and website | Legitimate interest in business optimization |
| To manage customer inquiries and support | Legitimate interest in customer service |
4. Sharing of Personal Data
We only share your personal data when necessary, with the following categories of recipients:
1. Service Providers and Processors:
These include IT service providers, payment processors, and cloud storage services. All providers are bound by GDPR-compliant data processing agreements.
2. Authorities and Legal Obligations:
Personal data may be shared with law enforcement or other governmental authorities when required by law or in response to legal processes.
5. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy, or as required by law.
– Contractual Data: Retained during the contract duration and up to 10 years thereafter to comply with accounting and legal obligations.
– Marketing Data: Retained until you opt out or withdraw your consent.
Data no longer needed will be securely deleted or anonymized.
6. Your Rights Under GDPR
As a data subject, you have the following rights concerning your personal data:
1. Right to Access: Request information about the personal data we hold about you.
2. Right to Rectification: Correct any inaccurate or incomplete data.
3. Right to Erasure: Request deletion of your personal data where legally permissible.
4. Right to Restriction: Limit the processing of your data in specific circumstances.
5. Right to Data Portability: Request transfer of your data to another organization.
6. Right to Object: Object to processing based on legitimate interest or direct marketing.
7. Right to Withdraw Consent: Withdraw your consent for data processing at any time.
To exercise your rights, contact us at elsa@norrhavet.com.
If you believe your data protection rights have been violated, you can lodge a complaint with the Swedish Authority for Privacy Protection (IMY) or your local data protection authority.
7. Data Security
We use appropriate technical and organizational measures to protect your personal data from unauthorized access, alteration, loss, or disclosure. These measures include:
– Encryption of sensitive data.
– Restricted access to personal data.
– Regular security audits and updates to safeguard our systems.
8. Cookies and Tracking Technologies
Our website uses cookies and similar technologies to enhance user experience and analyze site performance. For detailed information, please see our Cookie Policy (https://norrhavet.com/cookie-policy/).
9. International Data Transfers
If personal data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as:
– Standard Contractual Clauses approved by the European Commission.
– Transfers to countries deemed adequate by the European Commission.
You can request further details about these safeguards by contacting us.
10. Changes to This Privacy Policy
We reserve the right to update this Privacy Policy at any time. The latest version will always be available on our website. Significant changes will be communicated to you directly if applicable.
