eKompass Privacy Policy
Why and for whom?
At eKompass AB, organization number 556994-4779, (“eKompass”, ”we”, ”U.S”, ”our”), we care about personal privacy. This means that we respect and protect your privacy and the right to control and transparency when processing your Personal Data.
This Privacy Policy (“The policy”) is applicable for the treatments for which eKompass is the Personal Data Controller. The policy describes overall the purposes for which we need your Personal Data, the legal basis we rely on and the measures we take to protect personal data. We also inform you of how you can exercise the rights you have linked to our processing of your Personal Data.
The policy informs about our handling of Personal Data in cases where you communicate with us, use the Service or visit our website www.ekompass.com.
Definitions
”Treatment” of Personal Data is everything that can be done with a Personal Data, e.g. storage, modification, reading, transmission, etc.
”Regarding law” is the legislation applicable to the processing of Personal Data including the General Data Protection Regulation (GDPR), supplementary national legislation, as well as practices, guidance and recommendations issued by a national or European supervisory authority.
”Personal data” is any kind of information that can be linked to an identifiable, living person.
”Personal data controller” is the company/organization that decides for which purposes and in what way the Personal Data is to be processed and is thus also responsible for Personal Data being processed in accordance with Applicable Law.
”Personal data assistant” is the company/organization that processes Personal Data on behalf of the Personal Data Controller and may therefore only process the Personal Data in accordance with the Personal Data Controller's instructions and Applicable Law.
”Registered” means the living, natural person whose Personal Data is processed.
”The service” are consultative services and services connected to e-commerce such as Robotic Test/Process Automation, advertising services, integration hub, dashboards, etc.
eKompass' personal data responsibility
The information in this Policy covers the Processing of Personal Data for which eKompass is the Personal Data Controller, i.e. the Processing for which we determine the purpose of (why a processing is done) and means for (in what way, which personal data, for how long, etc.). The policy does not describe how we process personal data in the role of Personal Data Processor - i.e. when we process personal data on behalf of our customers.
We sell consultative services and support services in digital business. Our mission is to create profitability for our customers with sustainable systems and processes in e-commerce. We therefore need to process your personal data to access our services or access relevant information.
eKompass' processing of personal data
We have a responsibility to describe and show how we live up to the requirements placed on us when we process your Personal Data. This section aims to give you an understanding of the types of personal data we process about you and for what purposes.
Registered and storage time
The intended recipients of this Policy are the following groups, whose personal data we store in accordance with the criteria below.
-
Users of the Service
Users' personal data will be stored during the time they use the Service and to fulfill legal obligations such as to handle alleged errors in the Service. -
Employees of potential customers
Employees' personal data with potential customers will be stored for the time required to determine whether the potential customer wants to enter into a contract. -
Employees of existing customers
Personal data belonging to employees will be stored for the time required to provide the service and to fulfill legal obligations such as e.g. to deal with alleged errors in the service.
Treatments and purposes
The main purpose of the personal data processing that we carry out is to provide, perform and improve our services to you. There are several different reasons why we may need to collect, process and save your data.
We mainly process personal data for the following purposes:
-
Contact and identification information to confirm your identity, verify your information and be able to communicate with you
-
Information about your use of the service or product in order to improve your customer experience
How do we get access to your personal data?
We collect your personal data in a number of different ways. We mainly get access to your personal data:
-
Because you yourself have provided your personal data to us
-
Because your employer has provided us with your personal data
-
Through third-party analysis technology, e.g. cookies
-
Through generated information that has been obtained internally
-
From public sources such as authorities, SPAR etc
Legal grounds
In order for us to process your personal data, it is required that we have a so-called legal basis for the respective processing. In our business, we process your personal data primarily on the following grounds:
Consent - eKompass processes your Personal Data after we have received your consent to Processing. Information about the treatment is always provided in connection with asking for consent.
Agreement - The processing is necessary for us to be able to fulfill obligations in an agreement between us or to prepare for entering into an agreement with the Registered.
Balance of interests - eKompass may process personal data if we judge that there is a legitimate interest that outweighs the Registrant's protection of personal integrity and if the Processing is necessary for the current purpose, e.g. in direct marketing.
Legal obligation - According to applicable laws and regulations, we are obliged to process personal data as a result of our operations.
If you want additional information about the legal basis(s) for which we process your personal data, you always have the right to request a so-called register extract. Read more under "How to use your rights" below.
Your rights
You are the one who decides on your Personal Data. We always strive to ensure that you can exercise your rights as efficiently and smoothly as possible.
Access - You always have the right to receive information about the Personal Data Processing that concerns you in a so-called register extract. From the register extract, it appears that, among other things, which of your personal data we have stored and for which purposes and on which legal basis. We only release information if we have been able to ensure that it is actually you who is asking for the information.
Amendment - If you discover that the Personal Data we process about you is incorrect, contact us and we will fix it!
Deletion - Do you want us to forget you completely? You have the right to request the deletion of your Personal Data when they are no longer necessary for the purpose for which they were collected. If we are required to retain your data by law or an agreement we have entered into with you, we will ensure that it is only processed for the specific purpose stated in the law or agreement. We then ensure that the data is deleted as soon as possible.
Objection - Do you not agree with us that our interest in processing your Personal Data outweighs your interest in protecting personal integrity? No problem - in that case we will review our balance of interests and check that it still holds. We will of course take your objection into account when we make a new assessment to evaluate whether we can still justify our Processing of your Personal Data. If you object to direct marketing, we will delete your Personal Data at once without reviewing our assessment.
Limitation - You can also ask us to limit our processing of your data:
-
During the time we are dealing with a request from you about any of your other rights.
-
If, instead of requesting deletion, you want us to mark that the data should not be processed for a certain purpose. If you e.g. do not want us to send you advertising in the future, we still need to save your name to know that we should not contact you.
-
In cases where we no longer need the data for the purpose for which it was collected, provided you do not have an interest in us retaining the data in order to assert a legal claim.
Data portability - We can give you the information you have provided to us yourself or that we have received from you in connection with our entering into an agreement with you. You receive your data in a commonly used and machine-readable format, which you can then take with you to another Personal Data Controller.
Withdraw consent - If you have consented to one or more specific processing(s) of your Personal Data, you have the right to withdraw your consent at any time and thus ask us to cease the Processing immediately. Please note that you can only withdraw your consent for future Processing(s) of Personal Data and not for any Processing that has already taken place.
How to use your rights
Contact us at info@ekompass.com and we will help you.
Transfer of Personal Data
To conduct our business, we use the help of others who process Personal Data on our behalf, so-called Personal Data Processors.
We process all personal data within the EU/EEA.
We have entered into personal data processor agreements (PUB agreements) with all of our Personal Data Processors. The PUB agreement regulates how the Personal Data Processor may process the Personal Data and which security measures are required for the processing of personal data.
We may also need to provide your Personal Data to certain designated authorities in order to fulfill obligations according to law or authority decisions.
Our categories of Personal Data Processors
Below are categories of recipients with whom we may share your information:
-
Suppliers of HR systems or HR services, e.g. through systems for contract management or payment of salaries.
-
IT suppliers for, for example, business systems and case management. In order to carry out our assignments and services, we store your data in our business systems (a system that administers our customers and contacts).
-
System for conducting customer analysis and producing statistics to contribute to industry statistics and to improve the customer experience.
Security
eKompass has taken appropriate technical and organizational measures to ensure that your personal data is processed securely and that it is protected from loss, misuse and unauthorized or unauthorized access. In the event that your Personal Data is shared with Personal Data Assistants, your Personal Data will receive equivalent protection.
Our security measures
Organizational Security Measures are measures that are implemented in working methods and routines within the organization. Our organizational security measures are:
-
Internal governing documents (policies/instructions)
-
Login and password management
-
Information Security Policy
-
Physical security (premises, etc.)
Technical security measures are measures implemented through technical solutions. Our technical security measures are:
-
Encryption
-
Access list
-
Access log
-
Secure network
-
Firewall
-
Regular control of security level
-
Two-step verification
If we don't keep what we promise
If you feel that we are processing your Personal Data incorrectly, even after you have alerted us to this, you always have the right to submit your complaint to the Swedish Privacy Protection Authority.
More information about our obligations and your rights can be found on the Swedish Data Protection Authority's website (https://www.imy.se/). You can also contact the authority at imy@imy.se.
Changes to this policy
We reserve the right to make changes to this Policy. In cases where the change affects our obligations or your rights, we will inform about the changes in advance so that you are given the opportunity to take a position on the updated policy.
Contact
We have appointed a data protection officer who can answer questions about your rights and other questions about how we process your personal data.
Contact details for eKompass's data protection officer:
daniel.christensson@ekompass.se
English (UK) 
Svenska