This Privacy Policy (” Policy “) applies when we provide our services or products to you, when you contact us or when you visit our website. In the Policy, the terms ” Company “, ” we “, ” us ” and ” our ” will continue to refer to ZAZZ Energy of Sweden AB.
Here you get information about how we process your personal data as a prospective customer with us, when a customer relationship already exists and / or when you visit our website.
Content
Who is responsible for personal data
Processing of your personal data
Does the Company share your personal information with others?
Does the Company transfer personal data to countries outside the EEA?
How is your personal data protected?
How long does the Company store your personal information?
Why do we inform you?
We know that it is important for you how your personal data is processed. This Policy describes in detail how we collect, process, use and transfer (jointly ” process “) your personal data.
Personal information is information that refers to an individual that can be identified with the help of the information, regardless of whether it is together with other information or independently.
You should read this Policy to know what personal data we process, on what legal grounds, for what purposes and what rights you have when we process your personal data. If you have questions about this Policy, you are welcome to contact us, see contact information under ” Questions and considerations ” below.
Who is responsible for personal data
The company is responsible for personal data, which means that we decide why and how your personal data is processed. It also means that we are obliged to ensure that your personal data is only processed in accordance with this Policy and we are obliged to provide you with the information contained in this Policy.
In cases where we have appointed a data protection officer (DPO), you can contact our DPO via the contact information found in ” Questions and considerations ” below.
Processing of your personal data
What personal data do we process?
The personal information we collect is shown below and can be divided into five main categories (i) contact details; (ii) bank details, (iii) transaction details; (iv) user data and (v) marketing information.
- Contact information (first and last name, social security number, address, telephone number, e-mail address and in special cases the name of the company you are employed by);
- Bank details (billing address, clearing and bank account number);
- Transaction information (information on payments to and from us, purchase history regarding services and products);
- User information (IP address, browser, device, time zone settings, operating system, cookie preferences and information about how you use our website); and
- Marketing information (including your saved choices regarding the desired marketing from us).
We collect personal information directly from you when you enter into an agreement with us, order our services or products or visit our website, but we can also receive them when you contact us, for example when you fill out our contact form on our website. The personal data we process about you may also vary depending on the services or products provided.
It may happen that the treatment is performed by others than us on our behalf. Please note that if you do not provide, for example, contact information, we may be prevented from providing our services and products or the information you request.
On what legal basis do we process your personal data?
We must always have a legal basis, ie a reason that follows from applicable data protection legislation, to process your personal data. We only process your personal data on the following legal grounds:
- The processing is necessary to fulfill our agreement with you ( Contact Information , Transaction Information, Bank Information );
- The processing is necessary for purposes relating to our legitimate interest ( Contact Information , User Information and in special cases Marketing Information );
- The processing is necessary to fulfill a legal obligation incumbent on us ( Contact Information , Transaction Information, Bank Information ); and or
- You have given your consent to the processing ( Marketing Information ).
For what purposes do we process your personal data?
Below is a summary of the purposes for which we process your personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (“ GDPR ”) and other applicable data protection legislation. Under certain circumstances, several purposes may be relevant to a treatment activity.
- Contact information (to provide services or products according to customer agreements, customer service, manage your rights according to GDPR);
- Transaction details (to provide services or products under customer agreements, customer service);
- Banking information (to provide services or products under customer agreements, customer service);
- User information (to provide services or products according to customer agreements, for you to be able to use our website, business and product development, monitor and produce statistics, perform market and customer analyzes); and
- Marketing information (so that we can send offers to you as a customer regarding our services and products).
Your contact information is needed for us to be able to provide good customer service. We have a legitimate interest in being able to answer your questions and we must be able to handle complaints or disputes that you raise with us. We also have a legitimate interest in continuously improving our services and products and your user data may therefore be used for business and product development, monitoring and compilation of statistics and performing market and customer analyzes.
Does the Company share your personal information with others?
Personal data will only be shared with others when it is necessary for our contact and for us to be able to perform our tasks or when it is otherwise necessary based on the purposes set out in this Policy. Your personal information may be shared with our partners, suppliers or other third parties with whom you come into contact or who are involved in our activities.
Partners
Your personal information will only be shared with our partners (insofar as it exists) in certain situations where it is legal to share it. We may, if applicable, share personal information with our partners, for example, in order for us to provide
- our services and products;
- for business and product development
Your personal information will never be shared with our partners unless it complies with applicable data protection laws or the information that follows from this Policy. Access to personal data for our partners is only granted if necessary.
Suppliers
In the event that there are suppliers, the following applies. We have suppliers who provide us with certain services. Services covered are
- IT support;
- cloud services;
- other IT-related services where the supplier helps us manage, for example, our website
We have written personal data assistant agreements with all our suppliers that regulate how they may process personal data on behalf of us and require that they must guarantee an adequate level of security for your personal data.
Access to personal data for third parties is limited and is granted only in light of the nature of the assignment, the need for knowledge, depending on work functions and roles. This means that we will never share your personal information with anyone who does not need it for any of the above purposes or to help us perform our tasks in accordance with the same.
Disclosure of information to third parties
In certain circumstances, we may be obliged to share your personal data with third parties based on applicable law. These third parties may consist of:
- Administrative authorities (eg the Swedish Tax Agency);
- Financial institutions;
- Insurer;
- Legal representative; and
- Police, prosecutor.
Does the Company transfer personal data to countries outside the EEA?
We will not normally transfer your personal data to a country outside the European Economic Area (” EEA “). However, it may be the case that one of our suppliers, customers or partners is outside the EEA or uses personnel or materials / equipment outside the EEA and your data may then be processed outside the EEA. We have put in place appropriate safeguards with regard to the protection of your privacy, your fundamental rights and freedoms and the exercise of your rights. If the processing of your personal data will take place outside the EEA, we always take measures such as ensuring an appropriate level of data protection through standard contractual clauses based on EU Commission Decision 2021/914 of 4 June 2021 or decisions replacing it.
If you want to see a list of relevant regulations or have questions about transferring data to other countries, you are welcome to contact us, see contact information under ” Questions and concerns ” below.
How is your personal data protected?
We use adequate IT security systems to protect the confidentiality, integrity and access to your personal information. In particular, we have taken appropriate security measures against illegal or unauthorized processing of personal data and against unintentional loss of or damage to personal data. Access to your personal data is only granted to persons for whom it is necessary for them to be able to carry out their work tasks.
How long does the Company store your personal information?
We will store your personal information for as long as we need it to fulfill the purposes for which it was collected (see above) and to comply with laws and fulfill legal obligations. This may mean that some data is stored longer than others. How long we store your personal data is affected, for example, by the following (i) laws that we are required to comply with; (ii) if we have any legal transactions between each other or any third party; (iii) the type of personal data we hold about you, and (iv) if you or the competent authority requests us to retain the personal data and this follows for a reasonable reason or is required by applicable law.
If you have questions about how long we store certain personal information about you, you are welcome to contact us.
Your rights and how you can use them
You have different rights that you have the right to use. One of your rights is to be informed of our processing of your personal data, ie you have the right to take part in this Policy. To exercise any of your rights, we ask you to send a written request to the e-mail address provided under ” Questions and concerns ” below.
Below is a summary of the other rights you have according to law with information about any conditions and restrictions on how the rights can be used.
Right of access
You have the right to access the personal data we have about you.
However, we must be able to verify your identity. Your request must not affect the rights and freedoms of others, such as the privacy and confidentiality of another person. In some cases, we may also refuse to provide a copy of the information, for example if you make so-called unfounded or unreasonable requests, for example requesting access several times in a short time.
Right to data portability
You may have the right to receive the information you have provided to us, and which is processed by us, in a commonly used machine-readable format.
The GDPR does not establish a general right to data portability, but if the processing is based on your consent or on our agreement with you and when the processing is performed by automatic means (eg not physical documents), you have such a right.
Rights in connection with incorrect or incomplete information
You can question the accuracy and completeness of the personal data we process about you. If it turns out that the personal information is incorrect, you have the right to have the incorrect information removed, corrected or, where applicable, supplemented.
This right only applies to your own personal data. When exercising this right, be kind and be as specific as possible.
Right to object
You have the right to object to the processing of your personal data.
This right only applies if our processing of your personal data is expressly based on a so-called legitimate interest (see further under ” For what purposes do we process your personal data? “). To make an objection, the request must be based on reasons that are related to your specific situation. This means that your justification for the objection must not be too general.
Right to limitation of treatment
You have the right to request that we limit the processing of your personal data.
This right only applies if our processing of your personal data is illegal, if our processing of the personal data is no longer needed for the stated purposes, if you consider the data to be incorrect and have requested correction or objected to our processing of your personal data and are awaiting information from us. in the matter of legitimate interest.
The right to delete personal data
You may have the right to have your personal data deleted (also known as the “right to be forgotten”), for example if you believe that the data we process is incorrect, if the data is no longer needed for the purposes for which it was collected or if the processing in itself is illegal.
There are different situations where we have the right not to delete your personal data. Such situations can be (i) that we need the information to fulfill a legal obligation; (ii) that we need the information to exercise or respond to legal claims; (iii) that we need the information with reference to the fact that certain filing obligations apply by law, or (iv) that the information is necessary to fulfill the contractual obligations we have towards you.
Right to withdraw your consent
You have the right to withdraw your consent to such treatment as you have previously consented to.
If you withdraw your consent, this will only apply to future treatment.
Questions and thoughts
If you have any questions or would like more information about your rights or our processing of your personal data, including the right to access and correct incorrect data, you are welcome to contact us by email at info@zazzenergy.com .
If you have any questions or concerns about how we process your personal data, we encourage you to let us know so that we can try to resolve this. If you believe that we are violating our obligations under applicable data protection legislation, you are always welcome to submit a complaint to the Privacy Protection Authority, or another competent supervisory authority.
Changes to this Policy
We may make changes to this Policy. If the change entails a change of significant importance for the nature of the treatment (eg extension of the categories of recipients or introduction of transfers to a third country) or a change which may not be significant with regard to the treatment, but which may be of significant importance for , or influence you, we will provide updated information in good time before the change is implemented. We will send the changes to you via e-mail so that you can take part in and form an opinion about the changes. When we notify you of such changes, we will also explain how you may be affected by them.
Uppdaterad | 2022-01-01