Coligo Privacy Policy

This privacy policy explains how we collect and use your personal data. It also describes your rights towards us and how you can exercise them. We will only use the information you provide in accordance with this privacy policy and the General Data Protection Regulation (EU 2016/679).

For cookies, please see the specific information regarding cookies on our website and set your preferences.

1           PERSONAL DATA THAT YOU GIVE US

You may choose to give us your personal data. This includes information submitted when you visit our website, use our services or if you contact us (collectively referred to as “Services” in this privacy policy).

We will process the following categories of personal data that you give us:

1.1       When you supply us with products and/or services (supplier): name, email address and phone number of the contact person as well as your office address.

1.2       When you use our Services (customer): name, email address and phone number of the contact person as well as your office address.

1.3       When you subscribe to our newsletter: name and email address.

1.4       When you send us a job application: name, email address, records to evaluate your suitability for the position, your CV and personal letter, as well as other personal data as may be relevant for the specific application.

1.5       If you contact us: We may ask for additional personal data other than as informed above, in order to assist you.

2        PERSONAL DATA THAT WE COLLECT

2.1       To manage the customer or supplier relationship: name, email address and company name.

2.2       To administer payments and invoice you: name, email address and company name.

3        HOW WE USE AND KEEP YOUR PERSONAL DATA

3.1       We use your personal data to be able to provide our Services and fulfill our commitments towards you. We process personal data based on the following legal grounds.

Purpose of the Processing

Personal Data Categories

Legal Basis for the Processing

Storage Period

Manage the customer relationship.

Name, email address and phone number of the contact person as well as your office address.

Fulfill our contractual obligations towards you.

As long as you are a customer, and one year thereafter.

Administer customer and supplier relationships, including order and payment processing.

Name, email address and phone number of the contact person.

Fulfill our contractual obligations towards you, and a legal obligation.

7 years after creation due to book keeping legislation.

Provide support services.

Name, email address and phone number of the contact person.

Fulfill our contractual obligations towards you.

As long as necessary to provide the support, and one year thereafter.

Send you our newsletter and other information regarding our Services.

Name and email address.

Fulfill our contractual obligations towards you and to pursue legitimate interest.

As long as we send out such information, unless you unsubscribe.

If you contact us.

Name, email address and phone number of the contact person.

Fulfill our contractual obligations towards you and to pursue legitimate interest.

As long as is necessary to assist you.

Manage your job application.

Name, email address and phone number as well as other personal data provided by you

Pursue legitimate interest, and consent if stored longer

Until the position has been filled. Subject to your explicit consent, we may ask to store it for a longer period.

3.2        Your personal data will be deleted by us when the processing is no longer necessary for the purposes stated above, except if required by applicable laws. In such case, we keep the data only as long as necessary or mandated by law for such purpose, such as for bookkeeping purposes.

4       SHARING OF PERSONAL DATA

4.1       We share your personal data with the following subcontractors to provide our Services and perform our contractual obligations towards you:

Subcontractor name (service name)

Region for processing

Transfer mechanism

Services provided

Microsoft Corporation (Azure)

EU/EEA and the U.S.

EU-U.S. Data Protection Framework (EU-U.S. DPF)

Hosting and storing cloud services

Microsoft Corporation (M365) 

EU/EEA and the U.S.

EU-U.S. Data Protection Framework (EU-U.S. DPF)

Email services

Microsoft Dynamics 365

EU/EEA and the U.S.

EU-U.S. Data Protection Framework (EU-U.S. DPF)

Customer management

Hubspot

U.S.

EU-U.S. Data Protection Framework (EU-U.S. DPF)

Marketing automation

Aspia AB

Sweden

Not applicable

Accounting and invoicing services

SumNerv

EU/EES

Not applicable

Backup

AvePoint

U.S.

EU-U.S. Data Protection Framework (EU-U.S. DPF)

Backup

 

4.2       These third parties are limited by law or contract from using the personal data for purposes beyond those for which the personal data is shared. We take all reasonable legal, technical, and organizational measures to ensure that your personal data is treated securely and with an adequate level of protection when transferred to or shared with such selected third parties.

4.3       Some of the subcontractors we share your personal data with are located outside the EU/EEA (in a third country). Depending on which part of our Services you use, your personal data may be transferred to the United States. When doing so, we are committed to protect your data and comply with applicable data protection laws, adhering to the EU-U.S. Data Protection Framework (EU-U.S. DPF) as well as having supplemental measures to ensure adequate protection of your personal data. Such supplemental measures include i.a. encryption at rest as well as in transit and role-based access on a need-to-know basis.

4.4       If we are required by law or you have agreed to it, we will disclose necessary personal data to authorities such as the police, tax agencies or other authorities. An example of legally required sharing is for the purposes of anti-money laundering and counter-terrorist financing.

4.5       In the event that we sell or buy any business or assets, we may disclose your personal data to the prospective seller or buyer of such business or assets. If we or substantially all of our assets are acquired by a third party, personal data about our customers may be disclosed and transferred.

5        YOUR RIGHTS

5.1       The right to a register excerpt. You have the right to request a transcript of your personal data that we store and process. Your request must be submitted in writing to us using the contact information below, including your signature.

5.2       The right to rectification. We want you to correct inaccurate or incomplete information about you, and kindly ask you to contact us in this case.

5.3       Data portability. When it comes to personal data that you have provided to us, you have the right to request a transfer to another provider. Contact us for help with this.

5.4       The right to be forgotten. You have the right to object to our processing of your personal data. The consequence of this may be that we are no longer able to carry out the Services. Contact us and we’ll see to what extent this is possible.

5.5       Marketing communications. You may at any time decline marketing communications from us. Let us know in that case.

5.6       Complaints. If you are displeased with our processing of personal data, you should contact us and let us know. You can also turn to the Swedish Data Protection Authority (Sw. Datainspektionen), Box 8114, 104 20 Stockholm, Sweden, phone number + 46 8 657 61 00, email address datainspektionen@datainspektionen.se, or the equivalent authority in the EU-member state where you live, to file a complaint.

6        SECURITY

6.1       We are using adequate technical and organizational security measures to ensure that your personal data is not misused, lost or unlawfully accessed. We only give access to your personal data to those employees who require it to provide our Services.

7        UPDATES TO THIS POLICY

7.1       We may occasionally update this privacy policy. If we make significant changes, we will notify you of the changes through our Services or through other means, such as email. To the extent permitted under applicable law, by using our Services after such notice, you accept the updates.

7.2       We encourage you to periodically review this privacy policy for the latest information on our privacy practices.

8        CONTACT INFORMATION

8.1       If you have any questions regarding our processing of your personal data, or any question, complaint or claim, please contact us at:

Coligo AB

Gamla Brogatan 27, 111 20 Stockholm

Sweden

info@coligo.se