Privacy Policy
AddCard AB ("AddCard" or "we"/"us") process personal data in accordance with the General Data Protection Regulation ("GDPR") and any other Swedish laws and regulations applicable in the field of data protection. This Privacy Policy explains how we use the personal data that we collect from you when you use our mobile application. It also describes your rights toward us and how you can exercise your rights.
1 Addcard’s purposes and legal grounds for processing your personal data
1 Addcard’s purposes and legal grounds for processing your personal data
1.1
Processing of personal data means, including but not limited to, collecting, registering, organizing, structuring, and storing. Processing also means alteration, production, reading, listing, using, and disclosing personal data by transfer, disseminating, changing, removing as well as deletion of the personal data.
1.2
“Personal data” means any information relating to an identified or identifiable natural person that, directly or indirectly in combination with other information, can be linked to a living, natural person. Personal data is a very broad term, and it includes the name, contact details and IP addresses of such person.
1.3
AddCard may process your personal data for the following purposes.
1.3.1
To fulfil an agreement with you or to respond to your request for customer service. The legal ground for this is that the processing is necessary for the performance of an agreement or contract to which the data subject is party or to take steps at the request of the data subject prior to entering into an agreement or contract (Art. 6(1)(b) GDPR).
1.3.2
To satisfy a legitimate and justified interest of AddCard in processing your personal data, such as marketing our products and services by contacting potential and existing customers via e-mail, newsletters, or letters, in order to inform them about AddCard’s services, offers, events and products. The legal ground for this is that the processing is necessary and that AddCard has a legitimate interest (Art. 6(1)(f) GDPR) that is not overridden by the fundamental interests and freedoms of the data subjects.
1.3.3
To comply with legal obligations to report to authorities and third parties. The legal ground is that processing is necessary for compliance with a legal obligation to which the data controller is subject (Art. 6(1)(c) GDPR).
1.3.4
In the event AddCard foresees the need to process your personal data for a purpose which, pursuant to applicable laws and regulations, should be based on your consent (on grounds of Art. 6(1)(a) GDPR), we will contact you in advance, to inform you about the processing for which your consent is required before the consent is collected and ask for your consent.
1.4
For these services, AddCard is the data controller and may determine, alone or jointly with others, the purposes and means for the processing of your personal data. AddCard’s contact details can be found in clause 5 below.
2 Different categories of the data subject’s personal data
2.1
When you visit one of our digital channels (for example our website, social media and video sharing sites, our mobile applications, online events[AB1] ), as well as when you contact us via e-mail or our website’s chat function[NB2] , we may collect information about you, such as your name, address, postal address, e-mail address, phone number, identification data and information regarding your use of AddCard’s products and services. In some cases, we may process your personal identity number. AddCard may also collect your personal data from other public sources and external partners from other countries. Personal data that may be collected and processed by AddCard could include:
2.2.1
your name, e-mail address, postal address, name and contact details of your employer, telephone number, banking information and payment details, IP address, picture, video, contacts, personal settings; and
2.2.2
cookie files stored on your computer or your telephone (or other digital device which you may use to visit our digital channels) for the purpose of identifying your browser and to recognize your settings and preferences. You will have the right to refuse AddCard’s processing of personal data using cookie files; and
2.2.3
other information regarding your use of AddCard’s products and services, which we may collect from our surveys and other means of communication with AddCard
3 Processing and transfer of YOUR personal data
3.1
The data subject has through this Privacy Policy been informed about the fact, that when the data subject processes its own personal data, it acts as the data controller and it is therefore important for the data subject to protect and update login information, protect devices such as telephones and computers against viruses, etc., and comply with applicable law and data protection legislations. When entering free text responses, caution must be taken to avoid entering any integrity, sensitive or unnecessary personal data. When the data subject processes its own personal data AddCard shall act as a data processor.
3.2
Further, the data subject has through this Privacy Policy been informed about the fact that personal data will be stored in a database for the purposes described above. If AddCard engages co-operation partners, AddCard shall ensure that any personal data is afforded equivalent protection as prescribed in this Privacy Policy and in accordance with the GDPR. AddCard may also transfer personal data to others within AddCard’s business operation, coordinators, co-operation partners and providers, as well as third parties, including but not limited to suppliers, cloud service providers, consultants, and authorities. AddCard shall, however, only transfer personal data if AddCard has a legal ground under the GDPR to do so.
3.3
AddCard may also transfer personal data to a third country, i.e., a country outside the EU/EEA, or to international organizations according to applicable laws and data regulations. AddCard and third parties may be based anywhere in the world, which could include countries that may not offer the same legal protections for personal data as the data subject’s country of residence. AddCard will follow local data protection requirements and its internal global privacy standards and AddCard will apply the necessary safeguards under the applicable law of the country transferring the data for such transfers.
3.4
The personal data will be, dependent on the purpose for which it is collected, archived, confidentially erased, or anonymized in accordance with the rules of archiving when it is no longer necessary. Personal data will be stored during the time it is necessary for AddCard to fulfil its obligations and for the purposes set out above. AddCard will bring necessary measures to provide the personal data with protection against unauthorized access and loss thereof.
3.5
In the event a personal data incident incurs, AddCard shall notify you as soon as possible and in any event within 72 hours of becoming aware of the incident. A personal data incident means a security incident that leads to an accidental or unlawful destruction, loss or alteration, unauthorized disclosure or unauthorized access to the personal data transferred, stored, or otherwise processed. As personal data will be transferred over the internet, it is important for data subjects to be aware of the associated risks.
3.6
Subject to applicable data protection legislation, AddCard shall not be liable for any damages arising from the processing of personal data. In any event[NB1] , AddCard shall not be liable for indirect damages. Notwithstanding anything said in this clause 3.6, AddCard is not seeking to exclude liability for gross negligence and wilful misconduct nor any other mandatory terms and conditions stipulated by Swedish and European law.
4 The data subject’s legal rights
4.1
Data subjects have the right to object to AddCard’s processing of the personal data such as, for example, when processed in connection with direct marketing. Data subjects also have the right to request deletion, restriction, and rectification of the personal data. If consent is withdrawn, or if the stored personal data is incorrect or irrelevant, AddCard must delete, restrict, or correct such personal data.
4.2
Data subjects have the right to request information about AddCard’s processing of personal data. If a request is made electronically, AddCard shall provide the information in an electronically readable form which is structured and commonly used. Any request from data subjects shall be answered within a reasonable period by AddCard.
4.3
AddCard shall, upon request, provide information about the purpose of the processing, what personal data is being processed, recipients of the personal data and, if possible, for how long the personal data will be stored. Upon request, AddCard shall also provide information about the possibility to request deletion, rectification, or alteration of the personal data, as well as how to lodge a complaint to AddCard or the competent supervisory authority. Furthermore, AddCard shall upon request provide information about the origin of the personal data, the existence of profiling and automatic decision-making, and any transfers to third countries. If requested, AddCard shall also provide the data subjects with a copy of the processed personal data.
4.4
Data subjects have the right to transfer the personal data to another data controller (data portability), as well as to lodge a complaint regarding AddCard’s processing of personal data. Complaints shall be submitted to AddCard and/or the competent supervisory authority according to the contact details in clause 5 below.
4.5
If the data subjects request to delete the collected data they delete their profile in AddCard application and send email to info@addcard.com
4.6
This Privacy Policy may be updated at any time and the latest updated version may always be found on AddCard’s website here: www.addcard.se
5 Contact information
5.1
Data subjects have the right to object to AddCard’s processing of the personal data such as, for example, when processed in connection with direct marketing. Data subjects also have the right to request deletion, restriction, and rectification of the personal data. If consent is withdrawn, or if the stored personal data is incorrect or irrelevant, AddCard must delete, restrict, or correct such personal data.
5.2
Data subjects have the right to request information about AddCard’s processing of personal data. If a request is made electronically, AddCard shall provide the information in an electronically readable form which is structured and commonly used. Any request from data subjects shall be answered within a reasonable period by AddCard.