Effective date: 29 March 2019
You interact with our website, www.tystforest.com
You engage our services
We collect personal data via other means or purposes
1. Principles of data processing
We are committed to upholding the 6 principles of the EU’s General Data Protection Regulation (“GDPR”):
Lawfulness, fairness and transparency – obey the law, process data in a way that is reasonably expected, and be open about policies and practices.
Purpose limitation – process data only for the specific reason it was collected for.
Data minimisation – process only what data is needed.
Accuracy – ensure data processed is adequate and accurate.
Storage limitation – retain data only for as long as it is needed.
Integrity and confidentiality – process data securely.
3. Collection of data
We collect personal data about you when:
You browse our website
You contact us via our website contact form
You contact us via email, telephone or other means
You engage our services
We perform our agreed services
You have given a third party permission to share with us information they hold about you
Types of data that may be collected include:
Job function and employer details
Details of your communications with us through our contact form, emails, telephone and other means
The exact type of data collected may depend on the nature or method of your interaction with us, or on the purpose for which we collect it. Furthermore, you may provide additional or unprompted information about yourself in the body of your communications with us.
4. Our purpose for processing your personal data
Personal data may be collected or otherwise processed for the following purposes:
To perform our services
When you engage our services, we require certain information in order to provide those services to you. For example, to communicate with you and to issue invoices.
To respond to queries or comments
We require certain information in order to contact you and to enable us to address your comment or query effectively.
To improve our products and services
We use relevant data in order to improve our products and services. Such information may include sales history, feedback received, issue resolution details, and more.
Fraud prevention / IT security
In some cases, data may be processed in order to ensure such things as the prevention of fraud and the security of IT systems.
5. Our legal bases for processing
Data we process is done so under one of the following GDPR legal bases:
Performance of contract
In order to provide you with our services there is certain information we require. Failure to collect such information may result in us being unable to provide you with the service.
We may need to process personal data as part of our procedures for complying with legal requirements relating to our business activities.
In certain situations, we will request your consent to process your personal data. For example, in relation to our marketing activities.
We collect and process data for our legitimate interests only when that information is necessary and it does not affect your rights or freedoms. For example, for fraud prevention and IT security.
6. Data retention
We retain data only for as long as it is necessary under the purpose and base for which it was processed.
Data processed in relation to performance of contract is held until the contract is fulfilled. Data processed in relation to our legal obligations is retained for as long as those obligations must be met, which may be a number of years.
When you provide consent to process certain information, we retain that data until you either withdraw your consent or the purpose for which consent was given no longer exists.
7. Data sharing
We only share your data with trusted third parties which have been engaged by us to provide services in relation to our business activities. In general, the third-party providers used by us will only collect, use and disclose your data to the extent necessary to allow them to perform the services they provide to us. Such third-party providers have their own privacy policies.
Third-party providers we may use include but are not limited to:
Website hosting providers
Web analytics providers
Email service providers
Postal service providers
8. International transfers
Personal data is only permitted to be transferred outside of the EU when circumstances are necessary and lawful. For example, some of our third-party service providers are global businesses and personal data may be stored and processed in any country in which they have operations.
We only transfer your personal data to trusted third-party providers which have adequate data protection safeguards in place for international transfers, such as those who have committed to the EU-U.S. Privacy Shield.
9. Your rights
Under GDPR you have a number of rights. Individual rights may be affected by the legal base under which your data is processed:
The right to be informed
We will provide information about the processing of your data when it is collected or when you otherwise request information.
The right of access
You have the right to know what data we hold about you.
The right to rectification
You have the right to have any inaccurate data corrected.
The right to be forgotten
You have the right to have your data deleted, subject to certain exceptions. For example, we may be required to retain data in order to meet our legal obligations.
The right to restrict processing
Under certain circumstances, you may have the right to limit the way in which we use your data.
The right to data portability
Under certain circumstances, you may have the right to move, copy or transfer your data from one IT environment to another.
The right to object
You have the right to object to us processing your data. However, this right is affected if the lawful base applied is performance of contract or legal obligation.
Rights related to automated decision-making
Tystforest AB does not make use of any automated-decision making processes.
10. Exercising your rights
If you wish to exercise any of the rights described above or are dissatisfied with the way we have used your data, please email firstname.lastname@example.org. Please note, we may keep a record of your communications to help us deal with any matters you raise.