PERSONAL DATA POLICY
Privacy Policy for Synbiotics AB
Updated 21/09/2022
The website www.stigbengmark.com (“the website) is owned by Synbiotic AB, (org. no. 556569-8965) (“SAB”, “we” or “us”) the Personal Data Controller responsible for the personal data we collect in connection with your use of our website. This means that we have a responsibility to process your personal data in accordance with applicable privacy legislation, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and supplementary national legislation.
Our Privacy Policy tells you what personal data we process and for what purpose. The Policy also describes what rights you have, how you may exercise them, and what restrictions there are on these rights in respect of our publication certificate.
1. What is personal data and what does processing of personal data entail?
All types of information that refer directly or indirectly to a natural person who is alive constitute personal data. Names, addresses, photos as well as different types of electronic identities such as an IP address are examples of information that can constitute personal data. We use your personal data for processing purposes only. Processing can entail, for example, collection, storage, registration, sorting, compilation, transfer or erasure of such data.
3. Publication certificates and what these entail
SAB has a publication certificate for the website, meaning that the website is subject to constitutional protection according to the Swedish Act on Freedom of Speech (YGL). This constitutional protection means that the regulations of the GDPR do not apply to the extent that these would infringe on our constitutional right to freedom of speech. This means that SAB does not need to observe the GDPR when publishing texts containing names and images of persons where this publication is made on areas of the website that are intended for the general public and are protected by the publication certificate. The processing covered by Section 3 is not covered by our publication certificate.
3. What personal data do we collect and why
When you contact us
When you contact us using the contact form or via e-mail, we process the data you choose to provide in connection with the question you have asked us for the purposes of helping you with your enquiry.
Personal data: Name, e-mail address and telephone number
Purpose: This data is collected so that we can respond to any questions you have asked us and to be able to get in touch with you.
Retention period: We filter all our e-mail correspondence on a monthly basis.
Legitimate basis: After careful consideration, we have determined that our interest in processing your data is necessary in order to fulfil the purpose and outweighs your interest in protecting your personal data (Legitimate interest, Article 6(1)(f) GDPR).
Sending newsletters
If you sign up for our newsletter, we collect your personal data so that we can send you promotional offers and news updates about our company.
Personal data: Name and e-mail address.
Purpose: Marketing some of our products which may be of interest to you.
Retention period: For as long as you are subscribed to the newsletter and for 2 months after unsubscribing.
Legitimate basis: After careful consideration, we have determined that our interest in processing your data is necessary in order to fulfil the purpose and outweighs your interest in protecting your personal data (Legitimate interest, Article 6(1)(f) GDPR).
4. Security and how we protect your personal data
Your personal data are protected by both organisational and technical security measures, such as using SSL encryption on our website. These measures are used to store, process and communicate your data in a secure manner. If you would like to know what security measures we take, you can contact us using the details below.
5. Transfer of personal data to third countries
Other companies
We may share and collect certain pieces of personal data from external sources in the form of address updates. If we engage a service provider to process your personal data, the service provider is recognised as a personal data processor working for us. In such a case, we shall prepare a data processing agreement between us and the service provider which ensures that the service provider processes your personal data in accordance with this Privacy Policy.
We share your contact information with Super Synbiotics AB for the purpose of advertising SSAB’s products.
Other countries outside the EU/EEA
If you interact with us on social media, your personal data, such as your name and profile picture, will be transferred to third countries outside of the EU/EEA area, specifically to the USA. This happens automatically whenever you are active on social media platforms and is therefore not something over which SAB has any influence. This transfer is performed according to applicable privacy legislation, including the GDPR. Note, however, that the GDPR does not apply in this third country, which may entail an increased privacy risk in relation to the ability of public agencies in the third country to gain access to your personal data, for example, as well as your ability to exercise control over your personal data. This transfer is necessary for you to be able to contact us via social media.
The transfer between us and these services is based on the EU Commission’s standard contractual clauses and is supplemented by technical and organisational security measures. Read more about the EU Commission’s standard contractual clauses here.
Third countries which your personal data may be transferred to:
– USA
– UK Our transfer of personal data to the UK is supported by the EU Commission’s decision on adequate levels of data protection.
5. Your rights
Your rights under the GDPR are applicable provided the processing of your personal data is not covered by our publication certificate. Your rights are as follows.
Right of access (copy of data)
This means that you have the right to request information on how we process your personal data. You also have the right to receive a copy of the personal data which is processed. You have the right to receive information once a year, free of charge, on what personal data we have registered for you, the purpose of the processing, and the category of personal data being processed by making a written, signed application.
Right to withdraw consent
If you have given us consent to process your personal data, you have the right to withdraw this consent at any time. You can withdraw your consent by contacting us using the details below.
Right to rectification
You have the right to have incorrect personal data relating to you rectified without undue delay. If you discover that there are errors in the information we have registered for you, you can contact us by e-mail to have this information rectified. You also have the right to complete incomplete information we have about you.
Right to erasure (right to be forgotten)
In certain cases, you also have the right to demand that we erase all or some of your personal data. You have the right to have your data erased if:
– the personal data is no longer necessary for the purpose of the processing;
– you withdraw the consent which the processing was based on;
– you object to the processing and we do not have a legitimate interest;
– your personal data is being processed in an unlawful manner.
To the extent that it is necessary to continue processing your personal data, e.g. to fulfil our legal obligations, we are not obliged to remove your personal data. This means that certain data may be retained until we are no longer required to process it.
Right to restriction of processing
You have the right to request that we restrict the processing of your personal data. Such a restriction can be imposed for a number of reasons.
If you are contesting whether the personal data we are processing is correct, you can request that we restrict processing until we have verified to what extent the personal data is correct.
If you request that we erase your data, but we are unable to fulfil this request. This may be because we need the information we have on you in order to establish, exercise or defend legal claims, for example. In such cases, you can request that we restrict the processing of your data.
If you have objected to the consideration of balance of legitimate interest that we have made as a legal basis for a purpose. In this case, you can request restriction of processing until we have verified to what extent our legitimate interests outweigh your interests in having the data erased.
In the event that processing has been restricted according to any of the situations above, we may only process your data, excluding storage of the data, in order to establish, exercise or defend legal claims, in order to protect the rights of others, or because you have given your consent.
Right to portability
Under certain circumstances, you have the right to have your personal data transferred to another controller in a structured, commonly used, machine-readable format. This data portability requires that the transfer is technically feasible and can be performed automatically, and that SAB is processing your data on the basis of your consent or in order to execute a contract.
Right to object
You have the right to object to the processing of your personal data based on a weighing up of the legal grounds (legitimate interest) at any time. In order to continue processing your personal data, we must demonstrate a legitimate reason for the processing in question. Otherwise, we may only process the data in order to establish, exercise or defend legal claims. You also have the right to object to direct marketing, including profiling.
Right to lodge a complaint
If you have a complaint concerning our processing of your personal data, you are always entitled to contact the Swedish Authority for Privacy Protection (“IMY”). For more information, please visit www.imy.se.
6. Data controller’s contact details
The data controller for your personal data is Synbiotics AB (org. no. 556569-8965), Varvstoget 16, 234 40 Lomma, e-mail: info@stigbengmark.com.
If you would like to exercise any of the rights listed above, please contact us via e-mail: info@stigbengmark.com.
7. Updates to the Privacy Policy
We may amend this Privacy Policy. We do this so that we can adapt the policy to amendments in applicable legislation, for commercial reasons, or to satisfy our customers’, marketing partners’ and service providers’ needs. Updated versions are published on our website at www.stigbengmark.com with the date of amendment such that it is clear when the last update was made.