Integrity Policy

Background ⁠Norcospectra Group (hereinafter "The Company", "we", "our", "us") respect your privacy. This Integrity Policy describes how we obtain and process your personal data. The Integrity Policy also describes your rights in relation to us and how you can assert these rights.

All our processing of your personal data is in accordance with our Integrity Policy and current data protection read this Integrity Policy before you share any personal data with us.

Scope ⁠This Integrity Policy addresses the processing of all personal data of any person in commercial contact with us, such as our customers, suppliers, business partners, prospects and its contact persons, representatives, users of any of our services or any other physical person connected to such party (“contact persons”), as well as visitors to our website.

This Integrity Policy applies to all business processes in Norcospectra Group and to all Norcospectra Group handled websites, domains, mobile solutions, cloud services and communities as well as Norcospectra Group - branded websites and third party social networks.

1. How do we collect personal data? ⁠1.1 Information from you ⁠1.1.1 In general, we collect personal data directly or indirectly from you in a variety of ways, both online and offline, such as ⁠(a) when you request or engage us for our services, ⁠(b) when we request or engage you for your services, ⁠(c) when you request or purchase our products, ⁠(d) when we request or purchase products from you, ⁠(e) when we enter into an agreement with you or act under such agreement, ⁠(f) when we perform our services, ⁠(g) when you log in to or use any of our external systems, ⁠(h) when you submit an contact- or order form on our website, ⁠(i) when we meet at meetings, events, seminars, fairs, etc., ⁠(j) when you sign up for our newsletter subscription service, ⁠(k) when you participate and sign up to participate in our events, ⁠(l) when you interact on our social medias, ⁠(m) when you participate in our surveys, ⁠(n) when you contact us through our website, by e-mail, letter or phone or face-to-face, or ⁠(o) when you in any other way interact with us. ⁠1.1.2 We will also, with your consent, use cookies and other tracking technology when you use our web site (www.norcospectra.com or www.ksprojekt.se) in order to optimize your experience of these. ⁠Please see the paragraph describing automatic data collection tools for more information about these technologies and your rights in this context.

1.2 Information from other sources ⁠1.2.1 We may collect data about you when we interact with a party, for which you are a contact person, in any of the ways mentioned in section 1.1.1 above. ⁠1.2.2 We may collect data about you from other persons linked to the party for which you are a contact person. ⁠1.2.3 If the company you act as a contact person for enters into an agreement with us via one of our partner companies, we may collect information about you from the partner company. ⁠1.2.4 We may also collect data about you from marketing or analyst companies, our customers or partners or from event organisers. ⁠1.3 Cookies and other automatic data collection tools ⁠1.3.1 We may, with your consent, use cookies and other digital tracking technologies to collect information about your movements on our website (www.apptus.com) and when interacting with us, to optimize your experience. ⁠1.3.2 A cookie is a text-only string of information that a website transfers to the cookie file of the browser on your computer's hard disc so that the website can remember who you are. ⁠1.3.3 When you visit our website a cookie will be sent to your computer. Cookies are used to help recognize you as a unique visitor when you return to our website. It is also used to allow us to tailor content to match your preferred interests. We cannot identify you personally this way. ⁠1.3.4 You have the ability to accept or decline cookies by modifying the settings in your browser. However, you may not be able to use all the interactive features of our website if cookies are disabled.

2. What personal data do we process? ⁠2.1.1 The type of personal data that we process about you may be: ⁠(a) Identity information, such as date of birth, age, nationality, gender, etc. ⁠(b) Contact information, both personal and professional, such as name, organisation (company) name, registration number, VAT registration number, postal address, phone number, mobile phone number, e-mail address, fax number, etc. ⁠(c) Employment information, i.e. information regarding your employment or other relationship with the party for which you are a contact person, such as job title, role, position, etc. ⁠(d) Information regarding products and services, such as product and service name, description, content, customisation, etc. and details regarding sold or purchased products and services, etc. ⁠(e) Unique user information, such as login ID, username, password, security question, etc. ⁠(f) Device information, such as IP address, language settings, browser type, browser settings, time zone, operating system, platform, screen resolution, response time, download error, etc. ⁠(g) Traffic and usage information regarding our external systems, such as which links you click and when, which functions you use and when, how you reached and left the service, session time, session ID, delivery notifications when we contact you, etc. ⁠(h) Traffic and usage information regarding our website, such as which links you click and when, the address of the website from which you arrived, etc. ⁠(i) Geographic information, your geographical location. ⁠2.1.2 We do not process sensitive personal data (i.e. special categories of personal data) about you.

3. What do we do with your information? ⁠3.1 The purposes of and legal basis for our processing of your personal data ⁠3.1.1 Personal data is processed only to the extent that it is necessary for the purposes described in this Integrity Policy. ⁠3.1.2 The data we process is mainly used to provide, perform and improve our business, products and services as well as to enter into and to fulfil our obligations and exercise our rights arising from a contract with you or a party for which you are a contact person. ⁠3.1.3 We save your personal data only for as long as it is necessary for the purposes of our processing and for as long as required by law or any other regulated time limit. For further information, please see below. ⁠3.1.4 Below we have compiled our various purposes with our processing of your personal data, the categories of personal data pertaining to the respective process, the legal basis for the processing and how long we store your personal data: ⁠3.1.5 Please note, if you choose not to provide us with certain personal data or limit our right to process your personal data, that may result in that we cannot fulfil our obligations to you or to the party you represent and that you, or the party you represent, cannot assert your, or its, rights against us. ⁠3.2 What are our legitimate interests? ⁠3.2.1 As you can see in the list above under section 3.1.4 we may process your personal information because it is necessary for the purposes of our legitimate interests. ⁠3.2.2 Our “legitimate interest” corresponds to the purpose for which we perform each processing based on our interest. ⁠3.2.3 When we process your personal information for our legitimate interests, we make sure to consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. Our legitimate business interests do not automatically override your interests - we will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). ⁠3.2.4 We do not consider that our processing disadvantages you in any way. We use your information only in ways you would understand and reasonably expect and which have a minimal privacy impact, or where there is a compelling justification for the processing. ⁠3.2.5 You have a right to object to processing that is based on our legitimate interests. If you wish to do so please contact info@norcopsectra.com. For more information on your rights, please see “Your rights” section below. ⁠3.3 If you do not want to receive marketing information from us ⁠3.3.1 As described in section 3.1.4 above, we may process your data to invite you to our events, to communicate relevant news and information within our practise areas to you, to communicate relevant information about us and our services etc. If you do not want to receive such communication, you are welcome to email us at info@norcopsectra.com. ⁠3.4 How to revoke your consent ⁠3.4.1 Some of our processing of your personal data described in section 3.1.4 above is based on your consent. You have a right to revoke your consent to this processing of your personal data at any time. If you would like to make use of this right and revoke your consent, please contact us at info@norcopsectra.com. ⁠3.4.2 Please note, if you revoke your consent, it does not affect the legality of the processing we have performed based on your consent before it was revoked. ⁠3.5 Automated decision-making ⁠3.5.1 We do not perform any processing that includes automated decision-making (including profiling). ⁠ ⁠4. Disclosure of your information ⁠4.1 To whom may we disclose your information? ⁠4.1.1 We may disclose your personal information to, chosen third parties in accordance with the provisions below. In the event of such sharing or transfer we will take every reasonable legal-, technical and organizational action in order to make sure that your personal data is handled in a safe manner and that the level of security is adequate. Any third party that process your information on our behalf are bound by processor contracts which includes a provision that such third party shall follow our instructions, take the measures that we find necessary, observe confidentiality and respect this Integrity Policy. ⁠Employees ⁠4.1.2 We may disclose your personal information to any of our employees or officers insofar as reasonably necessary for the purposes set out in this policy. ⁠Our group of companies ⁠4.1.3 We may disclose your personal information to any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries) insofar as reasonably necessary for the purposes set out in this policy. ⁠Advisers, suppliers, subcontractors and other business partners ⁠4.1.4 We may disclose your personal information to any of our insurers, professional advisers, agents, suppliers, subcontractors or business partners insofar as reasonably necessary for the purposes set out in this policy. Hence, we might share your personal data when a third party provide us with services such as providing, hosting and maintaining IT systems, technical support, marketing, etc. on our behalf. ⁠Other ⁠4.1.5 We may disclose your personal information: ⁠(a) to the extent that we are required to do so by law or a court order; ⁠(b) in connection with any ongoing or prospective legal proceedings; ⁠(c) in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk); ⁠Transfer ⁠4.1.6 If we buy or sell a business or assets we may provide a potential seller or buyer of such business or assets with your personal data. If we, or a substantial part of our assets, are acquired by a third party, your personal data may be disclosed to such acquirer.

5. How do we protect your information? ⁠You should always feel secure when you provide us with your personal data. ⁠Therefore, we have taken the suitable legal, technical and organisational precautions to prevent unauthorized access, use, change and deletion of your personal information. We have adopted an IT policy which applies to all our employees that set up the provisions for how we use our information systems. All our processing of your personal data is in accordance with current applicable data protection legislation.

6. Where are we processing your information? ⁠It is our objective to process all your personal data within the EU/EEA. In some situations, however, your personal data might be transferred to and processed by a company within our company group or by supplier, subcontractor or other business partner with registered office in a country outside the EU/EEA. All such sharing and processing of information will be in accordance with current applicable data protection legislation and we will take all reasonable legal-, technicaland organisational actions to make sure that your personal data will be processed securely and with an adequate level of protection comparable with, and at the same level as, the protection that is provided within the EU/ EEA.

7. Your rights ⁠7.1 Right of access and to information ⁠7.1.1 You have the right to obtain a confirmation from us as to whether or not personal data concerning you are being processed by us, and, where that is the case, you have the right to access that personal data. ⁠7.1.2 We will provide a copy of your personal data undergoing processing. For any further copies requested, we may charge a reasonable fee based on administrative costs. If you make the request by electronic means, and unless otherwise requested by you, the information will be provided in a commonly used electronic form. ⁠7.2 Right to rectification ⁠You have the right to obtain from us, the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you also have the right to have incomplete personal data completed. ⁠7.3 Right to erasure (”right to be forgotten”) ⁠7.3.1 You have the right to obtain from us, the erasure of personal data concerning you and we have the obligation to erase your personal data in some situations, for example ⁠(a) if the personal data is no longer necessary in relation to the purposes for which they were collected, ⁠(b) if the processing is based on your consent and you withdraw that consent, ⁠(c) if the processing is based on our legitimate interests and you object to the processing and there are no overriding legitimate grounds for the processing, ⁠(d) if the personal data have been unlawfully processed, or ⁠(e) if the personal data have to be erased for compliance with a legal obligation, etc. ⁠7.3.2 There might be reasons as to why we cannot immediately erase all your personal data. Our continuous processing of your personal data might for example be necessary in order for us to fulfil a legal obligation that requires processing of your personal data, for example bookkeeping and tax legislation, or to establish, exercise or defend a legal claim. In that case we will block the information that could not be immediately erased from use for any other purposes than the ones that hindered the information from being erased immediately. ⁠7.4 Right to restriction of processing ⁠You have the right, under certain conditions; to obtain from us restriction of processing of your personal data. Restriction of processing means that your stored personal data will be marked with the aim of limiting their processing in the future to certain given purposes. The right to restriction applies for example when you have contested the accuracy of your personal data, for a period enabling us to verify the accuracy of the personal data, and when you have objected to our processing based on our legitimate interests, pending the verification whether our legitimate grounds override yours. ⁠7.5 Right to data portability ⁠7.5.1 You have the right, under certain conditions, to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format and the right to transmit those data to another controller without hindrance from us. ⁠7.5.2 When exercising your right to data portability you have the right to have your personal data transmitted directly from us to another controller, where technically feasible. ⁠7.6 Right to object ⁠7.6.1 You have the right to object, on grounds relating to your particular situation, at any time to certain processing of your personal data. The right to object applies e.g. when we process your personal data on the basis of our legitimate interests. ⁠7.6.2 Where personal data are processed for direct marketing purposes, you have the right to object at any time to our processing of your personal data for such marketing. ⁠7.7 Right to object to automated individual decision-making (including profiling) ⁠You have the right, with certain exemptions, not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. ⁠7.8 Right to lodge a complaint ⁠If you consider that our processing of your personal data infringes the GDPR you have the right to lodge a complaint with the Integritetsskyddsmyndigheten, which is the supervisory authority in Sweden. ⁠7.9 Exercise your rights ⁠If you wish to exercise any of your rights you can easily do that by contacting us, using the contact information under section 8. In order to protect your integrity and your personal data we might require that you identify yourself when you require our assistance.

⁠8. Contact information ⁠⁠If you have any questions concerning integrity and data protection you are welcome to contact our HR department at info@norcospectra.com