This Privacy Notice describes the Principles of processing personal data at Eurostep, hereinafter also referred to as the Principles.
Our Principles comply with the requirements under the EU General Data Protection Regulation (GDPR).
Your privacy is important to us. This privacy statement explains what personal data Eurostep collects from you, through our interactions with you and through our agreements, services and products, and how we use that data.
Your personal data may be collected and/or processed by the Eurostep entity registered in your country of residence for purposes of managing your relationship with Eurostep and to better serve you by personalizing your experience and interaction with us.
For this purpose, your personal data may be transferred to other affiliates within the Eurostep Group, which may be located outside of your country of residence, and in particular to Sweden, where Eurostep is headquartered. These data transfers are done in compliance with Eurostep’s corporate rules and these Principles.
Contact data to Eurostep can be found at the end of this document.
Personal data means any information directly or indirectly related to a natural person.
Processing means any operation carried out with Personal data (incl. collection, recording, storing, erasure, transfer, etc.).
Data Controller has personal data responsibility and has the sole responsibility or sole responsibility for the processing of personal data in accordance with applicable privacy laws.
Eurostep means Eurostep Group and subsidiaries.
Employee means any person employed by Eurostep Group or a person that has the same rights and responsibilities as an employee e.g. subcontractor.
Terms and Conditions
These Principles describe how Eurostep processes Personal data at a general level.
Specific details on the Processing of Personal data might also be described in employment contracts and other related documents.
Eurostep ensures, within the framework of applicable law, the confidentiality of personal data and has implemented appropriate technical and organizational measures to safeguard Personal data from unauthorized access, unlawful processing or disclosure, accidental loss, modification or destruction.
Eurostep may use authorized processors for processing Personal data or transfer personal data to other recipients. In such cases, Eurostep takes needed steps to ensure that such data processors process Personal data under the instructions of Eurostep and in compliance with applicable law and requires adequate security measures.
Categories of Personal Data
Personal data may be collected from you, from your use of our services and from external sources such as public and private registers or third parties.
Personal data categories which Eurostep primarily, but not only, collects and processes are:
Identification data such as name, personal identification code, userIDs, date of birth etc.
Contact data such as an address, telephone number, email address, role, the language of communication, country of residence etc.
Communication data collected when you communicate with Eurostep via telephone, visual and/or audio recordings, e-mail, messages and other communication mechanisms such as social media, data related to your visit at Eurostep’s web sites or communicating through other Eurostep channels or tools. Data about personal settings, survey responses, your satisfaction, applications etc.
Eurostep retains personal data for as long as necessary to provide the services or products and to fulfil the transactions you have requested, or for other essential purposes such as complying with our legal obligations, resolving disputes, and enforcing our agreements. Because these needs can vary for different data types in the context of different services or products and agreements, actual retention periods can vary significantly.
- For prospective customers and their Identification data or Contact data, Communication data, the retention period is different and it will change if they become active customers.
- For marketing a Leads register and for sales, a CRM Register are used where Personal data is collected manually and/or via email, or via social media or advertising via internet channels. This is moved into Sales by Marketing via a qualification process and this is stored as long as Sales need to manage the sales pipeline and help prioritize and close business.
- News and other subscriptions will be stored until unsubscribed.
- Information in applications for Event, Forum and other activities such as product trials will be stored during the time for engagement.
Legal Bases and Purposes for Processing Personal Data
Eurostep processes Personal data primarily to:
Comply with legal obligations and to comply with applicable law. A sound corporate governance and risk management prior to entering into an agreement or compliance with a legal obligation or in Eurostep’s legitimate interest.
Deliver and improve our products and services. The information is used by us for marketing, product delivery, product development, recruitment and billing. This as well as used by our partners to customize content, ads, and offers to your company. The data can also be used as a basis for statistics or be analyzed and grouped for selection, prioritization and planning of personal information. Also so-called profiling. This may also include information we receive through cookies and plugins on our website.
For sending you marketing communications. We may use the personal data you provide to us, as well as the personal data we collect about you from your interactions with our websites, products and services, and from third party sources, for marketing purposes, i.e, to keep you informed about events, new product releases and service developments, alerts, updates, terms, special offers and associated campaigns and promotions or prices. For example, when we collect your business contact details through our participation at trade shows or other events, we may use the information to follow-up with you regarding an event, send you information that you have requested on our products and services and, with your permission, include you on our marketing information campaigns. Before we do so, however, we will, in accordance with the applicable privacy laws in your country, offer you the opportunity to choose whether or not to have your personal data used in this way. We may also contact you regarding products or services similar to those you have already used/purchased or are in the process of using/purchasing.
Our sales representatives may also use your phone number or email address to contact you directly by phone, in connection with our products and services, upcoming events or other promotions, in accordance with the laws applicable in your country.
In all cases, and irrespective of your country, you may at any time choose not to receive marketing communications from us by clicking on the unsubscribe link included in each e-mail you may receive, by indicating so when we call you, by unsubscribing or by contacting us directly at firstname.lastname@example.org
We do our best to tailor your website visit, marketing experience and our communications to your expressed interests and we conduct our marketing as permitted by applicable law. Please note that if you opt-out from marketing communications, we may still contact you regarding your use of our products and services and to respond to your questions or requests.
Personal data used for direct marketing and sales activities will be retained for as long as we have an active relationship with you. We treat you as an inactive contact if (i) you have made a deletion request; and (ii) you have not interacted with us or updated your preferences and contact information in the past 24 months.
Geographical Area Processing
As a general rule the Personal data is processed within the European Union but in some cases transferred and processed to countries outside the EU/EEA.
Transfer and processing of Personal Data outside the EU/EEA can take place provided there is a legal ground i.e. due to legal requirement or your consent and appropriate safeguards are in place. Appropriate safeguards, such as:
- There is an agreement in place including the EU Standard Contractual Clauses or other approved clauses, code of conducts, certifications etc., approved in accordance with the General Data Protection Regulation.
- The country outside of the EU/EEA where the recipient is located has an adequate level of data protection as decided by the EU Commission.
- The recipient is certified under the Privacy shield.
Upon request, you can receive further details on Personal data transfers to countries outside the EU/EEA.
Your Rights as a Data Subject
Your Data Protection Rights
You have the right to request access to your personal data. You also have the right to request Eurostep to rectify or erase your personal data or restrict the processing of the same. You may also object to Eurostep’s processing of your personal data or request data portability. However, please note that Eurostep may not always be obliged to comply with a request of deletion, restriction, objection or data portability. Assessment will be made on a case by case basis of Eurostep’s legal obligations and the exception to such rights.
To exercise one of your rights, please see Contact details.
You may contact Eurostep with any enquiries, withdrawal of consents, requests to exercise data subject rights and complaints regarding the use of Personal data.
You may change certain information, approvals and choices by calling a Eurostep office.
Contact details of Eurostep offices are available on Eurostep’s website www.eurostep.com/contact-us.
Eurostep AB is the Controller for Eurostep and for the handling of your personal data. For further information about how your personal information is handled or for exercising data subject right, contact us preferably through a written, self-signed request sent to:
SE-167 51 Bromma, Sweden
Phone: +46 8 200 440, Fax: +46 8 200 399
v1.2, 04 May 2020