Privacy Policy

Last updated: 2023-10-26

Privacy Policy | Griffeye Technologies AB

1. Introduction

This Privacy Policy (the “Privacy Policy”) describes how Griffeye Technologies AB and its subsidiaries (“Griffeye”, “we”, “us” or “our”), processes your personal data obtained through our website or otherwise when you come in contact with Griffeye.

We are responsible for the processing of your personal data as described in the Privacy Policy in the capacity of data controller. If you would like to know more about our processing of your personal data, you are welcome to contact us via our email address: [email protected] or by the contact details found at the bottom of this Privacy Policy.

We may update this Privacy Policy from time to time. If we do, we will update the date at the top of the Privacy Policy. We will always post the updated Privacy Policy on all the affected websites.

We encourage you to review this Privacy Policy periodically to stay informed about our collection, use, and disclosure of personal data.

2. The scope of this Privacy Policy

The Privacy Policy covers our processing of personal data relating to our provision of products and services as well as personal data obtained from your use of our websites.

3. How we collect your personal data

The personal data we process relating to you is collected directly from you.

4. How we process your personal data

We only process your personal data to the extent permitted in accordance with applicable data protection legislation. This means inter alia that we need to have a legal basis for the purposes for our processing of your personal data, which in our context generally means one of the following legal bases.

Performance of a contract – the processing is necessary in order for us to provide you with our services or otherwise perform a contract between us (this applies if you conduct your business in a sole proprietorship), or to take steps at your request prior to entering into a contract.

If you are acting on behalf of someone else, e.g., in the capacity of representative of a company (which usually is the case), our processing is carried out with reference to our legitimate interest balanced against your interests or fundamental rights or freedoms, where our legitimate interest is to conclude and perform the contract with the company you represent.

Performance of legal obligations – the processing is necessary in order to fulfil our legal obligations according to law or other statutes that we are subject to, or if we are subject to orders or decisions by courts or authorities, which require us to process your personal data.

Legitimate interests – the processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, provided that they are not overridden by your interests or fundamental rights or freedoms (in which case the processing would not be allowed).

Consent – the processing is carried out with your prior consent, where we inter alia are responsible for clearly informing you of what processing you consent to and your right to withdraw your consent in relation to our continued processing.

Below, we explain more about the categories of personal data we process, for what purposes we process them and what legal bases we rely on when processing your personal data, including for how long we store your personal data.

4.1 Customer Agreements for products and services

What we do and why:

To enable us to offer you our products and services we will process your personal data:

  • When you place an order for any of our products, to be able to deliver your products and services and to know where to send the invoice for the order;
  • To carry out the financial transaction connected to your purchase;
  • To continuously be able to fulfil our contractual obligations in order to manage our relationship with you; and

To enable customer service and provide support.

The personal data that we process:
  • Contact information, such as your name, business address, phone number and email address;
  • Payment information, including invoice details and payment history; and

Previous purchases, including previous purchases, payment and credit history and service contacts.

Our legal basis for processing: 

Performance of contract: When it is necessary to process your personal data as part of entering into and performing a contract between the legal entity you represent and Griffeye, we base our processing on the contract. 

Legitimate interest: We have a legitimate interest to process your personal data as part customer maintenance and service when you are acting as a representative of our customer.

Legal obligation; when we process personal data in accordance with a legal obligation, for example to fulfil our obligations according to the Swedish Accounting Act (Sw: Bokföringslagen (1999:1078)).

How we share and transfer your personal data:

We may share personal data with the following categories of third parties:

  • IT service providers

We will not transfer your personal data outside the EU/EEA within the scope of this processing activity.

How long we keep your personal data:

We will keep your personal data as long as we have a contractual relationship with you or the company you represent, and for a period of two (2) years after such contract or relationship has ended or when we receive information that the company you represent has appointed a new representative.

Further, your personal data may be kept for seven (7) years according to requirements in the Swedish Accounting Act (Sw: Bokföringslagen (1999:1078)).

4.2 “My” pages and webshop

What we do and why: 

Your personal data that you register in our Customer Portal is used to manage your purchases and use of licenses for software and add-ons that we provide.

We process your personal data to be able to offer product support for products you or the company you represent have ordered from us.

If you contact us for service or support, we will use your personal data in order to properly respond to your requests and help you in an effective manner.

The personal data that we process:

  • Contact information, such as your name, business address, phone number and email address;
  • Payment information, including invoice details and payment history; and

Previous purchases, including previous purchases, payment and credit history and service contacts.

Our legal basis for processing: 

Performance of contract: When it is necessary to process your personal data as part of entering into and performing a contract between the legal entity you represent and Griffeye, we base our processing on the contract.

Legitimate interest: We have a legitimate interest to process your personal data as part customer maintenance and service when you are acting as a representative of our customer.

Legitimate interest; if you communicate with Griffeye without any connection to an agreement with us, we will base our processing of your personal data on legitimate interest, where our legitimate interest is to respond to your requests and questions.

How we share and transfer your personal data:

We may share personal data with the following categories of third parties:

  • IT service providers

We will not transfer your personal data outside the EU/EEA within the scope of this processing activity.

How long we keep your personal data: 

We will keep your personal data as long as our communication is on-going and we provide you with service or support, and for a period of two (2) years after the agreement our communication is connected to has ended.

Where our processing is based on legitimate interest, we will keep your personal data for as long as our communications in the matter is on-going and we provide you with service or support, and for a period of one (1) year after.

4.3 For marketing activities

What we do and why:

We may process your personal data for the purpose of providing relevant information and targeted marketing via newsletters, email and phone concerning our products, services and events. You always have the option to decline such communication.

When registering for events, such as seminars and lectures, we will process your personal data. During the events, you may be photographed or filmed. Griffeye might publish this material on our websites or in newsletters in accordance with what is stated in each consent.

The personal data that we process: 

  • Contact information, such as your name, business address, phone number and email address;
  • Payment information, including invoice details and payment history; and

Previous purchases, including previous purchases, payment and credit history and service contacts

Our legal basis for processing: 

Legitimate interest; Wherein it is our legitimate interest to be able to market ourselves and our services to the legal entity you represent.

Legitimate interest; Wherein it is our legitimate interest to promote our products and services, and showcase our activities by collecting, recording and use images and footage of individuals during events.

Consent; Our processing for the purpose of marketing materials from events is based on your explicit consent.

How we share and transfer your personal data:

We may share personal data with the following categories of third parties:

  • IT service providers

We will not transfer your personal data outside the EU/EEA within the scope of this processing activity.

How long we keep your personal data:

We process and keep your information for a period of fourteen (14) months. You can opt-out of receiving the marketing messages at any time. A procedure for opt-out is included in every marketing message.

4.4 For technical support

What we do and why:

To be able to manage support cases, we will process personal data with the purpose of resolving your case. This includes error descriptions, request information and attached files. 

The personal data that we process: 

  • Contact information, such as your name, business address, phone number and email address;
  • Payment information, including invoice details and payment history; and

Previous purchases, including previous purchases, payment and credit history and service contacts

Our legal basis for processing: 

Legitimate interest; where our legitimate interest is to improve our products and services as well as to make our customer experience better.

How we share and transfer your personal data:

We may share personal data with the following categories of third parties:

  • IT service providers

We will not transfer your personal data outside the EU/EEA within the scope of this processing activity.

How long we keep your personal data:

We will keep your personal data as long as our communication is on-going and we provide you with service or support, and for a period of two (2) years after the agreement our communication is connected to has ended.

Where our processing is based on legitimate interest, we will keep your personal data for as long as our communications in the matter is on-going and we provide you with service or support, and for a period of one (1) year after.

4.5 Recruitment

What we do and why:

In our recruitment process, we process your personal data which has been provided by you to us during the recruitment process to enable us to evaluate your application.

If we decide to call you to an interview, we will process your personal data to be able to carry through the interview and keep notes from the interview.

We may also perform a background check on our finalist candidates.

The personal data that we process: 

  • Contact information, such as your name, business address, phone number and email address;
  • Application documents, such as CV and personal letter; and

Information provided about you during reference taking, such as assessments from previous employers.

Our legal basis for processing: 

Legitimate interest; where our legitimate interest is to make it possible for us to evaluate your qualifications and personal qualities in connection with decisions on recruitment.

Legal obligation; when we process personal data in accordance with a legal obligation, for example to fulfil our obligations to document information about education, professional experience and other qualifications for the persons employed to meet the requirements of local anti-discrimination laws, if applicable.

How we share and transfer your personal data:

We may share personal data with the following categories of third parties:

  • IT service providers

We will not transfer your personal data outside the EU/EEA within the scope of this processing activity.

How long we keep your personal data:

We will keep your personal data until the recruitment process is over, and for two (2) years thereafter.  

5. Additional processing purposes

In addition to the processing purposes listed above, we may be required to process personal data for additional purposes. This might be to tell you about changes to our terms, conditions and policies or to share personal data with authorities, if we are required to do so by law or with your consent.

We may also be required to keep certain personal data for longer periods of time e.g., to be able to establish, exercise, and/or defend against legal claims. We will generally process such personal data for ten (10) years from creation or for the time necessary to fulfil the purpose in the relevant case. This processing of your personal data is based on our legitimate interest of establishing and/or defending legal claims.

Additionally, we may also be required to process personal data to comply with legal obligations e.g., relating to bookkeeping or tax legislation, or if we are ordered to process personal data (including disclosing it) by a competent court or government authority.

6. Analytics tools

We use analytic tools and other third-party tracking technologies, such as Google Analytics, that enable, among other things, to collect information in the form of various usage and user metrics when you use our website. These tools will be used to improve the functions and user experience of our websites, as well as build a profile of your interests and show you relevant adverts on other websites. They are based on uniquely identifying your browser and internet device.

7. Security measures

Griffeye is committed to safeguard your privacy and personal data and have taken measures to ensure that your personal data is handled in a safe way. For example, we encrypt all data transferred via our website using secure socket layer technology (HTTPS/SSL).

Additionally, we will never store any personal data locally. Access to systems where personal data is stored is limited to our employees and service providers who require it in the course of their duties. Such parties are informed of the importance of maintaining security and confidentiality in relation to the personal data we process. We maintain appropriate safeguards and security standards to protect your personal data against unauthorized access, disclosure or misuse. We also monitor our systems to discover vulnerabilities.

8. Where we process your personal data

We strive to always process your personal data within the EU or EEA. However, if a third country transfer is described in the tables under section 4 above, we will transfer your personal data, to service providers who, either themselves or by their sub-contractors, are located or have business activities in a country outside the EU or EEA. In such cases, we are responsible for ensuring that the transfer is made in accordance with applicable data protection legislation before it occurs, e.g., by ensuring that the country in which the recipient is located ensures an adequate level of data protection according to the European Commission, or by ensuring appropriate safeguards based on the use of standard contractual clauses that the European Commission has adopted and other appropriate measures to safeguard your rights and freedoms.

You may access a list of the countries that the European Commission has decided provide an adequate level of data protection at https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en.

You may access the European Commission’s standard contractual clauses at https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32021D0914.

9. Your rights

In this section we describe your rights as a data subject. You can exercise them by contacting us using the contact information at the end of this document. Please note that not all rights listed below are absolute and there are exemptions which can be valid. Your rights are the following:

9.1 Right of access

You have the right upon request to get a copy of your personal data which we process and to get complementary information regarding our processing of your personal data.

9.2 Right of rectification

You have the right to have your personal data rectified and/or complemented if they are wrong and/or incomplete.

9.3 Right to erasure

You have the right to request that we erase your personal data without undue delay in the following circumstances: (i) the personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed; (ii) you withdraw your consent on which the processing is based (if applicable) and there is no other legal ground for the processing; (iii) you object to our processing of personal data, and we do not have any overriding legitimate grounds for the processing; (iv) the processed personal data is unlawfully processed; or (v) the processed personal data has to be erased for compliance with legal obligations.

9.4 Right to restriction

You have the right to restrict the processing of your personal data in the following circumstances: (i) you contest the accuracy of the personal data during a period enabling us to verify the accuracy of such data; (ii) the processing is unlawful, and you oppose erasure of the personal data and request restriction instead; (iii) the personal data is no longer needed for the purposes of the processing, but are necessary for you for the establishment, exercise or defense of legal claims; or (iv) you have objected to the processing of the personal data, pending the verification whether our legitimate grounds for our processing override your interests, rights and freedoms.

9.5 Right to data portability

If your personal data has been provided by you and our processing of your personal data is based on your consent or on the performance of a contract with you, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format in order to transmit these to another service provider where it would be technically feasible and can be carried out by automated means.

9.6 Right to object

You have the general right to object to our processing of your personal data when it is based on our legitimate interest. If you object and we believe that we may still process your personal data, we must demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.

9.7 Right to object to direct marketing

You have the right to at any time object to processing which is done for the purpose of direct marketing. If you object to such processing, we will no longer process your data for such purposes.

10. Complaints with the supervisory authority

In Sweden, the Swedish Authority for Privacy Protection (Sw. Integritetsskyddsmyndigheten) is the authority responsible for supervising the application of current data protection legislation. If you believe that we process your personal data in a wrongful manner, we encourage you to contact us so that we can review your concerns. However, you may file a complaint with the Swedish Authority for Privacy Protection at any time.

11. Contact us

If you have any questions or suggestions about our Privacy Policy or how we process your personal data, do not hesitate to contact us at the following contact details:

Griffeye Technologies AB
Första Långgatan 30
SE-413 27 Gothenburg
SWEDEN

Phone: +46 (0)31 99 08 30
E-mail: [email protected]

Analyze DI Pro

Sign up for a free 90-day trial or talk to a member of our sales team.