Data protection policy
- What information do we process?
- On what legal basis do we process this information?
- Read more here:
- What do we do with your information?
- What third parties will be able to access your data?
- Registry of processors
- Where do we process your data?
- How do we protect your data?
- Your rights as registred
- Automated decisions
- Cookies on our websites
- For how long do we store your personal data?
- Changes to this data protection policy
- Contact us and the Data Protection Authority
We always aim to protect your individual rights and your personal data. This data protection policy describes how we collect, use, store and share personal information. The policy is a supplement to our general terms and conditions. service-specific terms and SLA, our Data Processing Agreement, and Appendix 1. This data protection policy applies from May 25, 2018, when the General Data Protection Ordinance (GDPR) entered into force.
By using our services, you accept our Data Protection Policy and our processing of your personal information. You also agree that we use different communication paths such as email, SMS, phone or support systems to send information to you.
In order to offer you our services, we need to process your personal information as shown below. We do this with the utmost account of your integrity.
What information do we process?
Personal data is usually collected directly from you as a customer upon registration (eg address information), or generated when you use our services and products (eg IP addresses or user logging). The personal data we collect can be divided into the following categories broken down by method of collection, type of task and purpose:
Identification: This usually consists of social security numbers and names in Sweden as specified by the registrant upon registration, and is used for customer identification primarily.
Contact: Information such as email, contact details and phone number, which is also stated when registering directly by the registered person. This is important for providing support, sending invoices or contacting you with important information about your service.
History: For example login history, changes made to our services or online requests for your services, which is automatically collected by our systems to assist in evaluation, debugging, security management and tracking.
If you as a customer collect and store your services with us, you assume the role of personal data controller and we take the role of personal data counselor. This is explained more below and is regulated in our personal agreement with attachment that we offer all our customers.
On what legal basis do we process this information?
Almost all treatments are performed on the basis of having a contract between us and our customers. This is needed in order for us to fulfill our commitments to you as a customer and to comply with applicable legislation. In some cases, treatments based on legal obligations may also occur.
Read more here:
What do we do with your information?
All data is used to deliver, administer and improve our services. The information is required to deliver our services (for example, invoicing, customer service, financial administration or ownership identification). We also use this to communicate with you about important events or information about your account, as well as newsletters and general email communications.
Some third party services such as domain registration and SSL services require that we share certain information with the provider in order to provide the service (as shown by the separate domain terms we provide for this).
What third parties will be able to access your data?
In order to protect our customers’ integrity, personal information is not disclosed to an external party not disclosed without informing you as a customer. Exceptions to this are made if a customer has violated our terms of agreement, whether there is legal action or if the authority requests this in support of Swedish legislation. Examples of such authorities are tax authorities, police authorities, and supervisory authorities in affected countries.
We have implemented a full-fledged register of suppliers and organizations that carry out processing related to personal data in our systems. We have signed a data processing agreement with selected suppliers, and these agreements include provisions on the processing of personal data on our behalf. Suppliers are, for example, in the areas of development, maintenance, operation and support of IT systems.
Registry of processors
On this link, you can see the processors who, in some cases, process our customers personal data for which we are controller, or in some cases processing our customers data where we are processors ourselves.
Where do we process your data?
We always strive to do the EU / EEA treatment. In some situations, however, the information may be transferred to, and processed in, non-EU / EEA countries, or other supplier or subcontractor. As we always strive to always protect your information, we will take all legal, technical and organizational measures to ensure that your information is handled securely and with a level of protection comparable to the protection offered in the EU / EEA. We also have good agreements with all our suppliers to ensure that the treatment is carried out in accordance with the regulations.
How do we protect your data?
We have a comprehensive multi-level security system through both logical network constraints, access levels, alarms and various types of intrusion protection. We also work according to “Privacy by design” in development, both internally and with partners.
All staff are also trained in data protection, and are updated annually in this regard.
Your rights as registred
As a registered person and customer with us, you have special rights regarding the personal information we have about you.
As a customer, you can contact us at any time to find out what information we have collected, as well as instructions on how to view them as a customer. We strive to implement this without delay.
Changes to registered data can usually be made through our customer portals, but can always be done by communicating with us where we will then assist in implementing the change.
If you object to the accuracy of the data we have registered, you may request that we limit the processing of these data to storage only. We can then stop any other processing (which also means we must stop delivery of our services) until a correction has been made or until it is possible to determine what is correct and not.
For personal data that has been processed and collected automatically (with the consent of the agreement / agreement), you are entitled to receive it in a machine-readable format.
Under certain circumstances, you are entitled to request the deletion of your personal information. These can be e.g.
– If there is no legal basis for the treatment or the treatment is illegal
– There is no legitimate reason for continued treatment
– You oppose direct marketing treatment
A prerequisite for our ability to perform the above is that we receive adequate documentation for identification from you as registered. Your request to exercise your rights above is assessed on a case-by-case basis based on current circumstances. We may also have to keep your information if it is required to comply with legal obligations, claim a legal claim or enforce our active agreements.
In some cases, we may use automated decision making if you have made your explicit consent or if it is necessary to fulfill an agreement, such as evaluation and improvement of our services (eg traffic and usage analysis).
Cookies on our websites
For how long do we store your personal data?
We save data as long as it is necessary to fulfill our commitments as a supplier, and as long as required by statutory storage times. When we save data for purposes other than our commitments such as companies, such as In order to meet accounting and financial requirements, we only save the information as long as it is necessary for the purpose.
Changes to this data protection policy
The content of this data protection policy may change over time. We will always keep our customers’ integrity high and comply with all data protection laws within the EU and Sweden. If we carry out major changes, these will be communicated via email and in your customer portal. If you want to stay updated on a regular basis, we recommend that you review this policy on a regular basis.
Contact us and the Data Protection Authority
If you have any questions or concerns regarding our data protection policy, please contact our support organization via email, chat, phone or case system. Contact information is available on our website. You can also file a complaint or contact the computer inspection that acts as our supervisory authority. Contact information can be found at https://www.imy.se.
This policy was last updated 2020-11-19.