Privacy Policy

Privacy Policy

Privacy Policy IST Group

This Privacy Policy was published 2018-05-23.

Index

1. Background

2. Definitions

3. When do we Process your Personal Data?

4. Data controllers

5. Why do we Process your Personal Data?

6. What Personal Data is Processed on what legal ground?

7. Social media platforms

8. Children’s Personal Data

9. Cookies

10. How long is your Personal Data stored?

11. Your rights

12. Consent to the Processing of Personal Data

13. To whom do we transfer your Personal Data?

14. How do we protect your Personal Data?

15. Supervision and compliance

16. Third party’s terms and conditions

17. Changes to the Privacy Policy

18. How do you contact us?

1. Background

Your privacy is important to us.
This policy (“Privacy Policy”) has been designed to make you aware of how we in the IST Group process your personal data in a legal, appropriate and safe manner when you purchase or use any of our services, visit our websites or otherwise come into contact with us.

The Privacy Policy explains how IST Group AB and its subsidiaries process your personal data and what rights you have according to the rules in the EU’s General Data Protection Regulation (EU) 2916/679 with associated statutes of implementation and supplementary statutes on data protection (“The Data Protection Rules”).

The Privacy Policy applies to all companies in the IST Group listed below (collectively referred to as “IST”, “we”, “us”):

1 IST Group AB, reg. no 556254-0806, Ingelstadsvägen 9, SE-352 34 Växjö, Sweden
1 IST AB, reg. no 556265-4755, Ingelstadsvägen 9, SE-352 34 Växjö, Sweden
1 IST Deutschland GmbH, reg.nr. HRB 1408, Bergstraße 23, DE-23843 Neritz, Germany
1 IST Aps, reg. no 25545079, Gammel Marbjergvej 9, DK-4000 Roskilde, Denmark
1 IST International Software Technology AS, reg. no 970 944 443, Elveveien 81, 1366 Lysaker, Norway
1 IST GmbH, reg.no HRB 197284, Bergstraße 23, DE-23843 Neritz, Germany
1 Germina Vertriebs- und Dienstleistungs-GmbH, reg. no HRB 300185, An der Asbacher Straße 5, DE-98574 Schmalkalden, Germany

2. Definitions

In this Privacy Policy, the term "Personal Data" includes any information which can be attributable to an identified or identifiable natural person, such as e.g. name, address, date of birth, e-mail address, phone number, photo, credit card number and IP-address.

This Privacy Policy describes how we Process your Personal Data. The term "Processing" includes e.g. our registering, storing, transmitting, and in other ways using your Personal Data in such a manner as is described in this Privacy Policy.

3. When do we Process your Personal Data?

The Privacy Policy applies (i) when IST provides its services to you or the company your work for or on behalf of, (ii) to mailings regarding events or newsletters, (iii) to our marketing of our services, (iv) upon participation at courses, workshops, seminars and events, (v) to all other contacts with IST in connection to visits at our website www.ist.com (“Website”)  or other social media platforms, (vi) when your register as a user at the IST customer centre, and (vii) to requests or other contacts with us via e-mail or phone.

4. Data controllers

The companies within the IST group which are included in this Privacy Policy work towards the same goal, an improved school and welfare, but target different markets. The companies sometimes act collectively as joint data controllers but can also individually be data controllers for the Processing of Personal Data in accordance with the terms for the service or function in question, or in connection with certain marketing activities.

5. Why do we Process your Personal Data?

IST Processes Personal Data regarding our customers, their customers, our suppliers, prospective customers and business partners. IST only collects your Personal Data for the below-mentioned purposes. The overall aim of the Processing is to handle existing, former and new business relations. This entails that Personal Data is processed in order to:

1 (i)provide services and in other ways fulfil the agreement that has been made with you personally, your employer or the company your work on behalf of;

1 (ii)provide seminars, workshops, courses and other events;

1 (iii)enable general customer relationship management (CRM), support and customer service, e.g. when you contact us via e-mail, phone or via our Website;

1 (iv)inform and market our business inter alia through publishing photos, customer references and other material on our Website, presentation materials displayed on different marketing events or via brochures;

1 (v)leave information about events, send out newsletters and direct marketing via mail, e-mail, phone or via social media platforms regarding our business and our services; and

1 (vi)comply with applicable legislation.

What personal Data we collect about you depends on (i) how you come into contact with us, or (ii) which of our services we provide for you or the company you work for or on behalf of.

In addition to the Personal Data you provide to us, or which we collect when providing our services, we may also collect Personal Data from third parties. These third parties vary from time to time but include inter alia suppliers of address information from public records in order to ensure we have the correct address information, and credit rating agencies (CRA’s) or banks from where we obtain information regarding creditworthiness or information in order to conduct anti- money laundering controls.

When you are asked to provide us with Personal Data, e.g. upon the purchase of a service or participation in an event, you may choose not to do so. If you choose not to provide necessary information, this may lead to us not being able to fulfil our commitments towards you or the company you work for or on behalf of. 

Further, we Process Personal Data through the use of cookies (small text files which are stored on your unit) on our Website. This is done so that our Website and our online services can function as well as possible and provide you with a pleasant customer experience. Read more on our use of cookies under section 9.

6. What Personal Data is Processed on what legal ground?

The Personal Data listed below is Processed by us for the purposed explained under section 5 above:

1 (i)first and last name:

1 (ii)billing and delivery address;

1 (iii)phone number;

1 (iv)e-mail address;

1 (v)profession and place of work;

1 (vi)personal identification number;

1 (vii)account number;

1 (viii)IP-address;

1 (ix)payment information;

1 (x)user name and password upon registering;

1 (xi)customer references and photos of you; and

1 (xii)correspondence with you.

The Processing of Personal Data is necessary in order for IST to conduct its business through providing sale and delivery of services and thereby fulfil the agreement that has been entered into with you (if you are a sole trader). In situations where you act as a representative or contact person for a company, municipality or organisation which is a client of IST, we Process your Personal Data based on our legitimate business interest. For this Processing, we have conducted a balancing of interests where we have, inter alia, taken into account that the Processing does not include any sensitive Personal Data and that we have a clear commercial interest in being able to provide our services to the company you work for on or behalf of in an efficient manner.

The processing of Personal Data is also necessary in order for IST to be able to provide good service via our customer service and support and in order to be able to investigate potential complaints, and thereby cater to our legitimate interest of handling customer service matters in an efficient and customer friendly manner. Personal Data may also be Processed for other contacts with you, e.g. via news letters or other mailings such as invitations to events, information regarding seminars and courses, or other marketing which we assess is relevant for you or the company you work for or on behalf of. This Processing is based on our legitimate business interest of being able to provide those who have, or have previously had, a business relationship with us, with relevant marketing and information. For this Processing we have conducted a balancing of interests where we have, inter alia, taken into account that the Processing does not include any sensitive Personal Data and that we have a clear commercial interest in being able to provide our services to the company you work for on or behalf of in an efficient manner.

We may also come to Process your Personal Data after receiving your consent, this may be the case e.g. when you consent to our publishing of photos and customer references on our Website. In situations where we can no longer base the Processing of Personal Data on a legitimate business interest, we may obtain your consent in order to e.g. provide you with marketing information. We always document whether you have given your consent to our Processing of your Personal Data.

Your Personal Data is also in certain situations Processed in order for IST to comply with legal obligations according to applicable legislation, court rulings, or decisions taken by the authorities. Such obligations may e.g. follow from the Population Registration Act (1999:1978) or the Money Laundering Act (2017:630).

7. Social media platforms

We use Facebook, LinkedIn, Instagram and YouTube as channels in order to come into contact with our customers and other business partners, as well as to market and inform about our business and our services. In connection with this, IST is the data controller for publications and information on the social media platforms that contain Personal Data and are provided by you as a user in the form of e.g. comments, photos and video. IST does not in any way accept any offensive material being published or made available via IST’s channels on social media platforms. We ask our users to report unfit content to us in order for us to be able to ensure that no such content exists on our social media platforms. IST may also, based on what we deem necessary, remove content from the social media platforms.

8. Children’s Personal Data

IST exceptionally Processes Personal Data concerning children below the age of 16. Such Processing occurs e.g. when IST on our Website publish photos of children. Such publishing however does not occur unless prior consent to the Processing of the child’s Personal Data has been given by the child’s guardian.

9. Cookies

We use cookies on our Website. More information on how we treat cookies can be found in our Cookie Policy .

10. How long is your Personal Data stored?

Your Personal Data is stored only for as long as there is a need to store it in order to fulfil the purposes for which the Personal Data was collected in accordance with this Privacy Policy. We Process your Personal Data as long as we have a business relationship with you or the company your work for or on behalf of.

If you have given consent to the Processing of your Personal Data, IST Processes your Personal Data for the specific purpose, until you withdraw your consent. You can withdraw your consent at any time by (i) contacting our data protection officer and provide a written objection, or (ii) following the link in the mailings if the consent regards receiving mailings with marketing information.

In order to enable IST’s compliance with the legal obligations stemming from applicable legislation or in order to safeguard our legal interests we may store your Personal Data for a longer period of time. The Personal Data is however never stored for longer than is necessary or statutory for each purpose respectively.

11. Your rights

You have a right to receive information regarding the Processing of your Personal Data we carry out. Below you find a statement of the rights you can claim by contacting our data protection officer. Contact information to our data protection officer can be found at the very end of this Privacy Policy.

Right to access
You have a right to, free of charge, request information regarding our Processing of your Personal Data. You also have a right to receive a copy of your Personal Data that we Process. Such a request shall be submitted to us in writing. We will respond to your request as swiftly as possible. If we cannot grant you access to the information your request concerns, we will provide a reason as to why. The copy of your Personal Data will be sent to your registered address unless otherwise is agreed with you in writing. In order to ensure the right person will be receiving the Personal Data we may come to request more information from you.

Right to rectification
The main responsibility to ensure that the Personal Data we Process is correct lies with IST. If you inform us that the Personal Data you have provided us with is no longer correct, we will promptly correct, block or erase such Personal Data.

Right to erasure
You have the right to request that IST, without unnecessary delays, erases your Personal Data. Personal Data shall be erased in the following cases:
(i) if the Personal Data is no longer necessary for the purposes for which it was collected;
(ii) if you withdraw your consent and the Processing was based solely on your consent;
(iii) if Processing is carried out for purposes of direct marketing and you oppose your Personal Data being used for such purposes;
(iv) if you oppose the Processing of Personal Data after a balancing of interests has been carried out and your interest outweighs ours;
(v) if your Personal Data has not been Processed in accordance with the Data Protection Rules; or
(vi) if erasure is necessary in order to comply with a legal obligation.

There may be obligations which hinder us from immediately erasing all your Personal Data. These obligations stem from applicable legislation regarding e.g. accounting. If certain Personal Data cannot be erased due to applicable legislation we will inform you of this as well as ensure that the Personal Data will be used solely for the purpose of complying with such legal obligations and not for any other purposes.

Right to restriction
You have a right to request that IST temporarily restricts the Processing of your Personal Data. Such a restriction can be requested in the following cases:
(i) if you consider the Personal Data we have about you to be incorrect and in connection with this have requested rectification;
(ii) when the Processing of your Personal Data which is carried out is not compliant with The Data Protection Rules, but you still do not want your Personal Data to be erased but rather restricted; and
(iii) when we no longer need your Personal Data for the purposes of our Processing but you need it in order to establish, exert, or defend a legal claim.

If you have objected against the Processing of your Personal Data the use of your Personal Data may be restricted during the time of the investigation. Upon the restriction of your Personal Data IST will only store your Personal Data and for further Processing obtain your consent.

Right to data portability
You have a right to, in the cases where we Process your Personal Data with your consent or in order to fulfil contractual obligations toward you, require that we provide you with all Personal Data we have about you and which is Processed in an automated manner, in a machine-readable format, which may be e.g. an Excel-file or a CSV-file. If it is technically possible you further have the right to require that we transfer your Personal Data to another data controller.

Right to object
You have a right to object to our Processing of your Personal Data if the Processing is based on our legitimate interest. IST will in such a case ask you to specify which Processing you object to. If you object to any Processing we will only continue our Processing of the Personal Data if there are legitimate interests for Processing which outweigh your interests. We will also inform you about our decision.

12. Consent to the Processing of Personal Data

If you have consented to the Processing of your Personal Data you are free to decide if and when your wish to withdraw your consent to the Processing of your Personal Data. You can do this by (i) contacting our data protection officer and provide a written objection, or (ii) following the link in the mailings if the consent regards receiving mailings with marketing information and other information.

13. To whom do we transfer your Personal Data?

In order to provide some of our services we appoint select third parties. This entails that we share some of the Personal Data we have collected with them, e.g. to IST´s group companies and other business partners which provide services for IST. In connection with such transfer of your Personal Data IST takes organisational and technical measures in order to ensure that your Personal Data is handled in as safe and secure a manner as possible. These select third parties will only process your Personal Data in manners which follow from this Privacy Policy and in order to fulfil one or more of the purposes which are listed in this Privacy Policy. IST is responsible towards you for ensuring that the Processing of your Personal Data carried out by these third parties is carried out in a correct and legal manner.

IST may transfer your Personal Data to countries outside the EU/EES, if any of our group companies, suppliers or business partners are located there. If Personal Data is transferred to a country outside the EU/EES, IST will ensure that the Personal Data will remain protected as well as take measures needed in order to transfer Personal Data to a country outside the EU/EES in a legal manner.
We will disclose your Personal Data if it is required by law or if we, as a company, reasonably deem it to be necessary in order to protect our company rights and/or in order to comply with a court ruling or abide by the verdict of a legal negotiation or legal process. We will however do everything we can to ensure that your Personal Data will remain protected in the future.
As the business is conducted today, IST will not sell your Personal Data to a third party unless we have previously obtained your consent. However, we may, in the case that IST decides to divide, sell, buy, merge with another company or organisation, or in any other way reorganise the business, transfer your Personal Data to potential or actual buyers and their potential advisors.

14. How do we protect your Personal Data?

In order to protect your personal integrity, discover, prevent and limit the risks of a hacking attack etc., IST takes several technical and organisational information safety measures. IST also takes measures in order to protect your Personal Information against unauthorised access, misuse, reveals, changes and damages. IST ensures that access to your Personal Information is only granted to employees who need to Process it in order to fulfil their work assignments, and that they abide by confidentiality in accordance with IST’s applicable policies and routines.

15. Supervision and compliance

If you are dissatisfied with how your Personal Data has been processed or believe that your Personal Data has been Processed contrary to The Data Protection Rules you can at first-hand contact our data protection officer. You can also always turn to the supervisory authority in the Member State where you have your place of residence or where the alleged breach has been conducted.
The supervisory authorities can be contacted at the following addresses:

Sweden: Datainspektionen, www.datainspektionen.se

Norway: Datatilsynet, www.datatilsynet.no

Denmark: Datatilsynet, www.datatilsynet.dk

Germany: The German federal states each have a supervisory authority which is responsible for the execution of the data protection legislation and which functions as the competent authority for data controllers established in the federal state in question.

United Kingdom: Information Commissioner’s Office (ICO): ico.org.uk

IST annually reviews this Privacy Policy

16. Third party’s terms and conditions

IST’s service may in some cases be subject to a third party’s terms and conditions. IST is not responsible for such a third party’s use of your Personal Data as they themselves are data controllers and responsible for the Processing of your Personal Data. Therefore, it is important that you observe and read through the terms and conditions of the third parties. The same applies if there is a link on our Website to other websites.

17. Changes to the Privacy Policy

IST reserves the right to change this Privacy Policy when we deem it to be necessary in order to comply with applicable legislation. Such changes are especially warranted upon potential changes in legislation, due to statements from the supervisory authority or other authorities issuing statements pertaining to the Data Protection Rules. Further, this Privacy Policy will be updated when is necessary due to changes in our business activities.

If IST make larger changes to this Privacy Policy or changes concerning how we Process your Personal Data, you will be informed of this before such a change becomes applicable.
 

18. How do you contact us?

If you have questions pertaining to this Privacy Policy or the current Processing of your Personal Data, wish to file a request in accordance with the Privacy Policy or whish to report a violation of this Privacy Policy etc., you are welcome to contact IST’s Data Protection Manager.

Arnhild Opstad