Privacy Policy at netProviders International AB (netProviders)

1. netProviders International AB, organisation number 559123-3977, provides corporate customers with marketing services, including a communication platform for digital mailshots to addresses supplied by customers wherein the customer is identified as the sender of the mail. In this context, in addition to their suppliers, netProviders will have access to digital personal data. 
2. netProviders processes personal data primarily to fulfil its obligations to customers and suppliers. Our basic principle is not to process more personal data than is necessary for the purpose, and netProviders always strives to utilise the least privacy-sensitive data.
3. netProviders is under an obligation in all situations to ensure that personal data is processed correctly and in accordance with the law in force at any given time, and to ensure that those who process personal data have the qualifications required to fulfil such requirements. 
4. This privacy policy (the ‘Policy’) contains rules and guidelines for the processing of personal data by netProviders in its capacity as personal data controller and, where applicable, as personal data processor, regardless of the type of personal data in question and whose personal data it concerns. 
5. netProviders usually requests personal data in order to fulfil statutory or contractual requirements or requirements that are necessary to enter into an agreement with, for example, an employee, a customer or supplier. In cases where the data subject does not provide the requested information, this may in some cases mean that netProviders cannot enter into an agreement or fulfil its obligations in an agreement with the data subject. 
6. Employees’ personal data is collected and processed in order to fulfil obligations under law, collective agreements or for the conclusion and fulfilment of individual agreements. Personal data that is processed is generally restricted to name, social security number, contact information, bank details, salary specifications and documentation, qualifications and information concerning next-of-kin. This information is processed by the HR manager, managers, IT, sales manager, finance department and internal or external actors who administer salaries and other benefits, etc., and the authorities when required. The purpose of processing employees’ information is that netProviders shall be able to fulfil its legal and contractual obligations to the employee. Some such personal data processed may be of a sensitive nature, such as that relating to illness or union membership. 
7. The time for storing data shall not be longer than necessary with regard to the purposes of the processing. For this reason, personal data erasure is regularly undertaken, removing the data that is no longer needed. Upon termination of employment, information about the employee is deleted, with the exception of such information that netProviders must retain in order to fulfil legal requirements such as taxation or to be able to meet demands from the employee arising from the employment relationship. 
8. Consultants’ individual personal data is collected in order for netProviders to be able to fulfil legal obligations or to be able to enter into and fulfil consultancy agreements. The information collected and the members of staff at netProviders that process the information are essentially the same as for employees. A consultant’s personal data is needed for the payment of consulting fees and other remuneration, general administration of consulting services, to enable evaluation and review of performance and also, more generally, to ensure the fulfilment of legal obligations. 
9. The time for storing data shall not be longer than necessary with regard to the purposes of the processing. For this reason, personal data erasure is regularly undertaken, removing the data that is no longer needed. Upon conclusion of the commission, information about the consultant is deleted, with the exception of such information that netProviders must retain in order to fulfil legal requirements such as taxation or to be able to meet requirements from the consultant arising from the commission relationship. 
10. Corporate customers are legal persons but, in order to manage agreements, netProviders processes personal data of the customer’s representatives such as name, telephone number and e-mail, as well as personal data entered by the corporate customer into netProvider’s communication platform, even if the corporate customer the personal data controller. netProviders also processes personal data regarding representatives of companies that are potential customers, such as name, telephone number, address and e-mail. The recipients of this information are mainly persons relevant to the agreement in the sales department, finance department, marketing department, managers and agreement administrators. The helpdesk and technicians may also receive the information. When entering into customer agreements, netProviders processes the personal data that is relevant to the customer relationship and that is required for the fulfilment of the agreement. Representatives’ personal data can also be processed in order to send offers to the customer company. Representatives nevertheless retain the right to object at any time to the processing of personal data for direct marketing. When netProviders processes personal data regarding representatives of potential customers, this is done either to contact the customer in order to provide the potential customer with offers and information or to administer booked meetings. The representative retains the right to object to the processing of personal data for direct marketing purposes. 
11. netProviders never retains data longer than necessary with regard to the purposes of the processing. Hence personal data erasure is regularly undertaken, removing the data that is no longer needed after the customer relationship has ended. In some cases, netProviders may need to retain personal information after the customer relationship has ended, for example to administer guarantees and complaint deadlines, handle any legal claims or to market services and send offers. Personal data regarding representatives of potential customers is deleted when the dialogue with the customer has ended, unless a customer agreement has been reached or, immediately, if the person concerned objects to direct marketing.
12. Personal information about customers stored by netProviders’ corporate customers may be found on netProviders’ communication platform and thus on netProviders’ servers. In such cases, netProviders is the personal data processor and the corporate customer the personal data controller. Personal information provided by the corporate customer for their own distribution through netProviders’ communication platform will be deleted from netProviders’ system as soon as the corporate customer’s campaign is over.
13. Suppliers are generally regarded as legal persons, but netProviders processes the personal data of representatives of supplier companies or companies with which netProviders intends to enter into agreements for the purpose of entering into or managing agreements with suppliers. Personal data that is processed may include name, telephone number, e-mail, address and professional title. Those who receive the information are by and large the responsible manager, the CEO, the finance department and the IT department. The purpose of processing such personal data is to administer purchasing agreements, handle invoices and to be able to direct questions to the supplier.
14. netProviders never retains data longer than necessary with regard to the purposes of the processing. Hence personal data erasure is regularly undertaken, removing the data that is no longer needed after the contractual relationship has ended. netProviders may retain personal data after the termination of the contractual relationship, for example to administer any guarantees and complaint deadlines or handle legal claims.
15. Personal information about suppliers stored by netProviders’ corporate customers may be found on netProviders’ communication platform and thus on netProviders’ servers. In such cases, netProviders is the personal data processor and the corporate customer the personal data controller. 
16. Sensitive personal data may thus be stored at netProviders. Sensitive data refers to personal data that reveals racial or ethnic origin, personal opinions, religious or philosophical beliefs or trade union membership and processing of genetic/biometric data to uniquely identify a natural person, data on health or data on a natural person’s sexual life or sexual orientation. 
17. netProviders never processes sensitive data without the consent of the data subject or without sanction for such processing under the General Data Protection Regulation, for example in relation to labour law, social security and social protection, or when the processing is necessary to protect the data subject’s or another person’s fundamental interests. when the data subject is physically or legally prevented from giving consent, in some cases within the framework of trade union activities, if the information has already been published by the data subject, if it is necessary and important in relation to the public interest, if it is necessary for reasons related to, inter alia, assessment of the work capacity of employees or the provision of health care or, if necessary, for statistical purposes. 
18. Whenever sensitive data is processed, netProviders takes security measures to ensure the data remains protected. 
19. Sensitive personal data stored by netProvider’s corporate customers or by those whom the customer has invited to use netProvider’s communication platform may be found on netProviders’ communication platform and thus on netProviders’ servers. In such cases, netProviders is the personal data processor and the corporate customer the personal data controller. 
20. Collection, processing and retention of personal data shall take place transparently and only to the relevant extent. Personal data must be processed in a way that avoids violating the data subject’s personal privacy and adequate security measures must be taken. netProviders can process personal data either by collecting and processing the data for its own part or as part of the provision of the communication platform to corporate customers.netProviders can therefore be the personal data controller and, through its communication platform, personal data processor. 
21. When transferring information to third parties for the purpose of securing legal obligations or safeguarding rights where netProviders is the personal data controller, netProviders shall, where applicable, and with each external party that processes personal data on behalf of netProviders, establish a written agreement regarding the basis for processing, time period for processing, type of personal data and netProviders’ obligations and rights as personal data controller. 
22. netProviders is personal data processor in relation to the corporate customers to whom netProviders provides its communication platform. Through the use of the communication platform, customers and the customers’ invited users will, where applicable, store personal data on netProviders’ servers. Material stored by customers’ users may contain personal data, which means that netProviders, by storing the data, is personal data processor in relation to its corporate customers. The corporate customer is the personal data controller. For each new customer, netProviders must therefore enter into a personal data processing agreement. It is the customer in his capacity as personal data controller who determines access, purpose and retention times for the personal data. Thus when netProviders is the personal data processor, the personal data is always processed in accordance with the personal data processor agreement and in accordance with the personal data controller’s instructions. 
23. Where netProviders is the personal data controller, the data subject has the right to approach netProviders and request access to the personal data that netProviders processes and also be informed about, among other things, the purposes of the processing and who received the personal data, whereby upon request the data subject receives free of charge a copy of the personal data being processed.
24. The data subject has the right to have his personal data corrected or, under certain conditions, restricted or deleted without undue delay. If the data subject considers the personal data about him or her processed by netProviders to be incorrect or incomplete, the data subject may demand that these be corrected or supplemented. The data subject also has the right to have his data deleted, including in cases where such data is no longer necessary or if the processing is based on consent and this has been revoked. If the data subject requests that the data be corrected, deleted or restricted in processing, netProviders will also try to notify each recipient of the personal data of the data subject’s request.
25. The data subject has the right to object at any time to the processing of his personal data if the legal basis for the processing consists of a public interest or legitimate interests in accordance with the General Data Protection Regulation. The data subject also has the right to object to the processing of his personal data at any time if these are processed for direct marketing. 
26. The data subject has the right to obtain the personal data that he has provided to netProviders and has the right to transfer this data to another personal data controller. This applies, however, on condition that this is technically possible and the legal basis for the processing consists of consent or that the processing was necessary for the fulfilment of an agreement.
27. If the processing of personal data is based on the data subject’s consent, he or she has the right to revoke this consent at any time. Such revocation does not affect the legality of the processing of personal data before the consent was revoked. 
28. The data subject has the right not to be subject to decisions based solely on automated processing, including profiling, and which may have legal consequences or the equivalent for the data subject. This does not apply, however, if such processing is necessary for entry into or performance of an agreement with the data subject, if such processing is permitted under applicable law or if the legal basis is the data subject’s consent. 
29. The registered person has the right to lodge a complaint with the Swedish Authority for Privacy Protection.
30. In the event of questions about the Policy, or for other requests regarding personal data, please contact data protection officer Michaela at netProviders on +46702 43 00 94 or michaela@netproviders.io.  
31. netProviders may change and update the Policy. In the event of important changes in the Policy, or if existing information is to be processed in a manner other than that specified in the Policy, netProviders will provide information about this in an appropriate manner.