This Privacy policy describe how personal identifiable data is processed by the Company as required by the European General Data Protection Regulation (GDPR).

About whom do we process data

We process personal data for our clients. As a data processor we process personal data as required to provide the Service to our clients as regulated in our Business Agreement. We also process personal data relating to our clients, partners and individuals relevant for our marketing and business development, employees, and potential employees.

Personal data

When carrying out our work to provide our Services and develop our business, we process the personal information. This information include:

• Basic personal details, including name and contact details.
• Nature of our relationship.
• Educational information and affiliations to organisations which are in the public domain.
• Notes of meetings, correspondence and conversations which we may have with you.
• Usage logs and statistics.

For all our contacts, we record communication preferences when they’re known. Contacts can change their communication preferences at any time. This means we don’t get in touch with people who don’t want us to. It helps us reduce wastage and make sure that our contacts are in control of how and if we stay in contact.

What do we do with the data

We use the data to carry out our work to provide our Services. This includes

• Marketing and sales. We use our own CRM-system for contact information, activities, e-mail marketing and event management.
• Customer support. We use Wisma SPCS for customer service and to manage our product development.
• Administration and human relations. We use our own system for accounting.
• Business development. We use personal data to network to find new clients, new partners and to learn more about our markets.

We use cookies

We use cookies to understand and save your preferences for future visits, keep track of advertisements and compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future. We may contract with third-party service providers to assist us in better understanding our site visitors. These service providers are not permitted to use the information collected on our behalf except to help us conduct and improve our business.

If you do not accept cookies, you can disable them via your browser's security settings.

See your browser's help pages for more information on how you can view the cookies stored in your browser, how to remove them and adjust settings for cookies. If you in your browser choose not to accept cookies you will not be able to fully take advantage of this website's services.

Legal grounds

When we process data we rely on these grounds for lawful processing.

For the purpose of administering contracts with clients, partners and employees, to the extent that we process personal data we do so because it is necessary for the administration of a Contract.

For our marketing and other business development activity we process data because it is in our Legitimate Interest unless the law requires us to obtain your Consent in which case we will only process data with your Consent.

Please see "your rights" below for details of what Legitimate Interest and Consent mean in this context, and your rights associated with either of terms.

Third parties

We do not sell, trade, or otherwise transfer to third parties your personally identifiable information. This does not include trusted third parties who assist us in operating our service, conducting our business, or servicing you, as long as those parties agree to keep this information confidential.

We may also release personal information when we believe release is appropriate to comply with the law, enforce our policies, or protect ours or others rights, property, or safety. However, non-personally identifiable visitor information may be provided to other parties for marketing or other uses.

As a data processor we will only process client data to the extent required to provide our services as regulated by our Business Agreement.

How long do we retain information?

As data processor we keep information for so long as the contract with our client requires.

For administering our own business, we retain personal data while clients are working with us and for a reasonable time beyond until such a time as repeat business seems unlikely. A data subject may ask us to remove them from our database or from the receipt of communications at any time.

How do we protect your information?

We do our utmost to protect your privacy. Data protection legislation obliges us to follow security procedures regarding the storage and disclosure of information in order to avoid unauthorized loss or access. We have implemented industry-standard security systems and procedures to protect personal information from unauthorized access, disclosure, alteration, misuse, or destruction.

We commit to implement appropriate technical and organizational measures to ensure a level of security appropriate to the risks.

Procedure in case of personal data incident

The GDPR states that in the case of a personal data breach, the controller shall document the facts relating to the personal data breach, its effects and the remedial action taken. Also, as a data processor we are obligated to notify the controller if we become aware of a personal data breach. We have therefore this established procedure in the case of a suspected personal data incident:

1. Registration. All incidents are registered in our issue tracking system when discovered
2. Analysis. All registered incident are analyzed to understand the nature of the incident and enable prioritization and deciding of appropriate response
3. Prioritization. All incidents are prioritized and classified
4. Resolution and reporting. If a data incident occur when we act as a data processor, we commit to inform the data controller without delay.
5. Evaluation and procedure revision.

Your rights

If we are processing data with your consent then you have the right to withdraw that consent without prejudice.
We will make reasonable efforts to ensure that personal data is accurate and complete, and we will update or correct your information as needed when notified by you.

You may have the right to access the personal information we hold about you. In some cases, however, access rights may not apply, including when providing access is unreasonably burdensome or expensive under the circumstances. To request access to, correction of, amendment to, anonymization of, or erasure of your information, please contact us by email as described above.

You have the right to complain about the way in which we process your data. The address to which any complaints should be addressed is above.

Revisions to this privacy policy

We review this policy regularly. This Policy was last updated on December 7th 2018.