This Privacy notice describe the Principles of processing personal data at Eurostep, hereinafter also referred as the Principles.
Our Principles comply with the requirements under the EU General Data Protection Regulation (GDPR).
Your privacy is important to us. This privacy statement explains what personal data Eurostep collects from you, through our interactions with you and through our agreements, services and products, and how we use that data.
Your personal data may be collected and/or processed by the Eurostep entity registered in your country of residence for purposes of managing your relationship with Eurostep and to better serve you by personalizing your experience and interaction with us.
For this purpose, your personal data may be transferred to other affiliates within the Eurostep Group, which may be located outside of your country of residence, and in particular to Sweden, where Eurostep is headquartered. These data transfers are done in compliance with Eurostep’s corporate rules and these Principles.
Contact data to Eurostep can be found in the end of this document.
Personal data means any information directly or indirectly related to a natural person.
Processing means any operation carried out with Personal data (incl. collection, recording, storing, erasure, transfer, etc.).
Data Controller has the personal data responsibility and has the sole responsibility or sole responsibility for the processing of personal data in accordance with applicable privacy laws.
Eurostep means Eurostep Group and subsidiaries.
Employee means any person employed by Eurostep Group or a person that has the same rights and responsibilities as an employee e.g. subcontractor.
Terms and conditions
These Principles describe how Eurostep processes Personal data in a general level.
Specific details on the Processing of Personal data might also be described in employment contracts and other related documents.
Eurostep ensures, within the framework of applicable law, the confidentiality of Personal data and has implemented appropriate technical and organizational measures to safeguard Personal data from unauthorized access, unlawful processing or disclosure, accidental loss, modification or destruction.
Eurostep may use authorized processors for processing Personal data or transfer Personal data to other recipients. In such cases, Eurostep takes needed steps to ensure that such data processors process Personal data under the instructions of Eurostep and in compliance with applicable law and requires adequate security measures.
Categories of personal data
Personal data may be collected from you, from your use of our services and from external sources such as public and private registers or third parties.
Personal data categories which Eurostep primarily, but not only, collects and processes are:
Identification data such as name, personal identification code, userIDs, date of birth etc.
Contact data such as address, telephone number, email address, role, language of communication, country of residence etc.
Communication data collected when you communicates with Eurostep via telephone, visual and/or audio recordings, e-mail, messages and other communication mechanisms such as social media, data related to your visit at Eurostep’s web sites or communicating through other Eurostep channels or tools. Data about personal settings, survey responses, your satisfaction, applications etc.
Eurostep retains personal data for as long as necessary to provide the services or products and to fulfill the transactions you have requested, or for other essential purposes such as complying with our legal obligations, resolving disputes, and enforcing our agreements. Because these needs can vary for different data types in the context of different services or products and agreements, actual retention periods can vary significantly.
- For prospective customers and their Identification data or Contact data, Communication data, the retention period is different and it will change if they become active customers.
- For marketing a Leads register and for sales a CRM Register are used where Personal data is collected manually and/or via email, or via social media or advertising via internet channels. This is moved into Sales by Marketing via a qualification process and this is stored as long as Sales need to manage the sales pipeline and help prioritize and close business.
- News and other subscriptions will be stored until unsubscribed.
- Information in applications for Event, Forum and other activities such as product trials will be stored during the time for engagement.
Legal bases and purposes for processing Personal data
Eurostep processes Personal data primarily to:
Comply with legal obligations and to comply with applicable law. A sound corporate governance and risk management prior to entering into an agreement or compliance with a legal obligation or in Eurostep’s legitimate interest.
Deliver and Improve our products and services. The information is used by us for marketing, product delivery, product development, recruitment and billing. This as well as used by our partners to customize content, ads, and offers to your company. The data can also be used as a basis for statistics or be analyzed and grouped for selection, prioritization and planning of personal information. Also so-called profiling. This may also include information we receive through cookies and plugins on our website.
Geographical area processing
As a general rule the Personal data is processed within the European Union but in some cases transferred and processed to countries outside the EU/EEA.
Transfer and processing of Personal data outside the EU/EEA can take place provided there is a legal ground i.e. due to legal requirement or your consent and appropriate safeguards are in place. Appropriate safe-guards, such as:
- There is an agreement in place including the EU Standard Contractual Clauses or other approved clauses, code of conducts, certifications etc., approved in accordance with the General Data Protection Regulation.
- The country outside of the EU/EEA where the recipient is located has adequate level of data protection as decided by the EU Commission.
- The recipient is certified under the Privacy shield.
Upon request you can receive further details on Personal data transfers to countries outside the EU/EEA.
Your rights as a data subject
Your data protection rights
You have the right to request access to your personal data. You also have the right to request Eurostep to rectify or erase your personal data or restrict the processing of the same. You may also object to Eurostep’s processing of your personal data or request data portability. However, please note that Eurostep may not always be obliged to comply with a request of deletion, restriction, objection or data portability. Assessment will be made on a case by case basis of Eurostep’s legal obligations and the exception to such rights.
To exercise one of your rights, please see Contact details.
You may contact Eurostep with any enquiries, withdrawal of consents, requests to exercise data subject rights and complaints regarding the use of Personal data.
You may change certain information, approvals and choices by calling a Eurostep office.
Contact details of Eurostep offices are available on Eurostep’s website www.eurostep.com.
Eurostep AB is the Controller for Eurostep and for the handling of your personal data. For further information about how your personal information is handled or for exercising data subject right, contact us preferably through a written, self-signed request sent to:
SE-167 51 Bromma, Sweden
Phone: +46 8 200 440, Fax: +46 8 200 399
v1, 25 May 2018