Valid as of 25 May 2018

The surveillance store's privacy policy

At Övervakningsbutiken, we value your personal privacy and strive to always protect your personal data in the best possible way. It is our goal to always comply with applicable laws and regulations for personal data protection. This policy helps you understand, among other things, what information we collect, how it is used and your rights. By agreeing to our policy when making a purchase or providing information, you consent to the processing of your personal data as described below.

Övervakningsbutiken On Net GBG AB (Övervakningsbutiken), 556684-2414, Drottninggatan 38, SE-411 07 Göteborg is the data controller for the processing of your personal data.

1. What is personal data?

Personal data is information that can be directly or indirectly linked to a living natural person. Encrypted data and various types of electronic identities (e.g. IP numbers) are also personal data if they can be linked to natural persons.

Processing of personal data is what happens to personal data. Any action taken with personal data constitutes processing, whether or not it is carried out by automated means. For example, collection, recording, organisation, structuring, storage, processing, transfer and erasure are common types of processing.

2. What are the purposes for which we process your personal data?

The Surveillance Store processes your personal data for various purposes. In order to give you an understanding, we describe below what kind of data we process and for what purposes we do this. We also explain the legal basis for the processing and how long we keep the data.

2.1 When ordering/purchasing

In order to fulfil our obligations to you as a customer, such as completing purchases, invoicing and providing support, we process personal data in this process. We do this, for example, to be able to deliver your products, handle your payment and any complaints and warranty cases in the future. In addition, we perform a compatibility check against any previous purchases to ensure that your products fit.

Personal data categories - Name, address, phone number, email, customer number, social security number, payment details, order details including equipment serial number, IP address.

Legal basis - The processing is necessary for the performance of the contract of sale when you have purchased products from us.

Retention period - 36 months after purchase to handle any warranty and claims issues.

2.2 Managing contracts

When you renew or sign an ongoing contract with us, such as a support agreement, subscription agreement or mobile broadband, we process personal data to be able to provide you with services in line with what has been agreed. This may be, for example, to communicate with you, ensure your identity or investigate technical problems.

Personal data categories - Name, address, phone number, email, customer number, social security number, payment details, order details including equipment serial numbers, technical details of your equipment, support ticket logs, SIM card information, configuration settings of your equipment, router and video storage device usernames and passwords (for operating agreements and subscriptions only), IP addresses, DNS names.

Legal basis - Processing is necessary for the performance of the contract of sale if you have purchased services from us.

Retention period - For the duration of the contract. After the end of the contract, the data is saved for 6 months for handling any warranty cases. Any passwords will be deleted as soon as practicable after the end of the contract (the contract is cancelled, the current period has expired and all invoices linked to the contract have been paid).

2.3 Managing support and customer service issues

When you buy a product from us, you get one year of free technical support. In order for us to offer you the best possible service, we process personal data. This may be, for example, to communicate with you, ensure your identity and investigate technical problems.

Legal basis - Processing is necessary for the performance of the contract of sale.

Retention period - 24 months after your support licence expires to deal with any warranty and support issues.

2.4 Fulfilling our legal obligations

Processing necessary for the fulfilment of the company's legal obligations under legal requirements, court rulings or government decisions (e.g. the Accounting Act or the rules on product liability and product safety).

Legal basis - Legal obligation. This collection of your personal data is required by law. If the data is not provided, our legal obligation cannot be fulfilled and we may therefore be forced to refuse you the purchase.

Retention period - As long as the law requires in each case, for example 7 years for the Accounting Act.

2.5 Evaluate and develop our products, services and systems for the general customer community

In order to evaluate and improve our offering, we process data to develop our product and service offering. This may relate to user interfaces, logistics, purchasing and security development. There is also the possibility for the individual to influence our range.

Personal data categories - Name, phone number, email, customer number, payment details, order details, website user data (e.g. language, clicks, resolution, browser, etc.), correspondence regarding our products and services.

Legal basis - Legitimate interest. This processing is necessary to fulfil our and our customers' interest in developing the business.

Retention period - 36 months from collection.

2.6 Preventing misuse of the service or preventing, preventing and investigating offences against the company

To prevent crime, possible fraud and unauthorised use of our IT services, we process personal data to ensure our and our customers' security and privacy.

Personal data categories - Name, social security number, video recording from camera surveillance, user data from the website (e.g. language, clicks, resolution, browser, etc.), data on how our IT services are used.

Legal basis - Fulfilling a legal obligation (where applicable) and in other cases legitimate interest. Even if there is no legal obligation, this processing is necessary to fulfil our legitimate interest in preventing corporate crime and misuse of our services.

Retention period - 36 months from collection.

2.7 Managing and administering benefits and offers

In order to provide our customers and other interested subscribers with important updates as well as general and targeted offers, we process personal data. We may contact you by phone or send out newsletters by e-mail. As a customer, you can always choose to opt out of receiving offers from us and it is possible to choose which type(s) of offer you want, such as general offers, updates and offers that are customised for you.

Personal data categories - Name, email, phone number, purchase history, activity history (e.g. emails opened, link clicks), website user data (e.g. language, clicks, resolution, browser, etc.)

Lawful basis - Legitimate interest under the Marketing Act for direct marketing to customers and consent for interested subscribers. This processing is justified to enable us to market ourselves.

Retention period - 36 months or until you as a customer choose to opt out of our offerings.

2.8 Submitting quotes

In order for Övervakningsbutiken to be able to provide a requested quote, we need to collect personal information in order to distribute and provide feedback to you as a customer. If you are a customer already, we also check that the quoted equipment is suitable with your current one.

Personal data categories - Name, email, phone, purchase history

Legal basis - Legitimate interest to be able to offer and follow up the requested quote.

Retention period - 12 months after the last update of the quote.

3. from what sources does your personal data come?

In addition to the information you provide or we collect based on your purchases and how you use our services, we sometimes collect personal data from third parties (other sources). The data we collect from other sources are:
a) Address information from public records to ensure that we have accurate information about you.
b) credit rating information from credit rating agencies, banks or credit reference agencies

4. Who can your personal data be shared with?

Data processors - When required to deliver our services, we share your personal data with companies that are so-called data processors for us. A processor is a company that processes information on our behalf and under our instructions. We have data processors who help us with:
a) Logistics (e.g. DHL and Post)
b) Payment solutions (for example Klarna and Dibs)
c) Marketing (e.g. our advertising agency, email programmes and social media)
d) IT services (e.g. our ERP provider and other supporting IT service companies)

When your personal data is shared with a data processor, it is only for the purposes stated above. We ensure that all processors can provide guarantees regarding the security of personal data.

Independent data controllers - We also share your personal data with certain companies that are independent data controllers. Being an independent controller means that the company itself controls the information provided to it. Independent controllers with whom we share or may share your personal data are:
a) Government authorities where we are required to do so by law or on suspicion of a criminal offence (for example, the police and HMRC)
b) Public goods transport companies (logistics companies and freight forwarders)
c) Payment solutions companies (e.g. Klarna, Dibs, banks and other payment service providers)

When your personal data is shared with companies that are independent data controllers, their privacy policies and data processing practices apply.

5. Where is your personal data processed?

We aim to process your personal data within the EU/EEA and all our own IT systems are located within the EU/EEA. Regardless of where your personal data is processed, we take reasonable legal, technical and organisational measures to ensure that the level of protection is the same or higher than in the EU/EEA. Where personal data is processed outside the EU/EEA, the level of protection is guaranteed either by an adequacy decision of the European Commission or by the use of appropriate safeguards, such as Privacy Shield.

6. What are your rights as a data subject?

Right of access (record extracts) - We are open and transparent about how we process your personal data and if you want to gain more insight into what data we process about you, you can request access to the data. Please note that a request for access may mean that we need to request additional information to effectively handle your request and ensure that the information is provided to the right person.

Right to rectification - You can request that your personal data be corrected if it is inaccurate, as well as the right to complete any personal data.

Right to erasure - You can request that we erase your personal data in the following cases:
a) Where the data is no longer necessary for the purposes for which it was collected or processed.
b) Where you object to a balancing of interests that we have carried out based on legitimate interest and your reason for objecting outweighs our legitimate interest.
c) Where you object to processing for direct marketing purposes.
d) The personal data is processed in an unlawful manner.
e) the personal data must be erased to comply with a legal obligation to which we are subject
f) Personal data has been collected about a child (under the age of 13) for whom you have parental responsibility and the collection has taken place in the context of offering information society services.

Please note that we may be entitled to refuse your erasure request when there are legal obligations that prevent us from immediately erasing certain personal data. These obligations may stem from accounting and tax legislation, banking and money laundering legislation, but also from consumer rights legislation. In some cases, processing may be necessary for the establishment, exercise or defence of legal claims. If we cannot fulfil a request for erasure, we will instead prevent the personal data from being used for purposes other than the purpose that stops the requested erasure.

Right to restriction - You have the right to request that our processing of your personal data be restricted. If you contest the accuracy of the personal data we process about you, you can request a restriction of processing during the time we need to verify whether the data is accurate or not. In cases where we no longer need the personal data for our purposes but you need it for legal claims, you can request restricted processing of the data by us. In other words, you can request that we do not erase your data. If you object to a legitimate interest that we have used as a legal basis for a purpose, you can request restricted processing for a limited period of time. The time depends on our investigation if our legitimate interests outweigh your interests in having the data erased. If processing is restricted under any of the situations above, we may only process the data beyond retention for the establishment, exercise or defence of legal claims, to protect the rights of another person or if you give your consent.

Right to object to certain types of processing - You always have the right to opt out of direct marketing and to object to any processing of your personal data that is based on a balance of interests that we have made.

Legitimate interest - When we use legitimate interest as the lawful basis for a purpose, you can object to the processing. To continue processing your personal data following an objection, we need to demonstrate a compelling legitimate ground for the processing in question that overrides your interests, rights or freedoms. If we cannot demonstrate this, we may only process the data for the establishment, exercise or defence of legal claims.

Direct marketing - You can object to your personal data being processed for direct marketing purposes. The objection also covers any analyses of personal data carried out for direct marketing purposes. Direct marketing means any type of marketing outreach (e.g. mail, email, SMS). If you object to direct marketing, we will cease processing your personal data for that purpose as well as cease all types of direct marketing.

7. How do we use cookies?

Cookies are a small text file consisting of letters and numbers sent from our server and stored in your browser or device. On overvakningsbutiken.se/en we use the following cookies:
1) Session cookies (expire when you close your browser or device).
2) Persistent cookies (remain on your computer until you delete them or they expire).
3) First-party cookies (set by the website you are visiting)
4) Third-party cookies (set by a third-party website, such as Google Analytics)
5) Similar technologies (similar technologies that store information in your browser or on your device)

The purpose of our cookies is to improve the services we offer. Some make our services work satisfactorily and others make the experience better for you. We also use cookies for overall analysis of your use of our services and for functional settings such as language VAT settings. You can control your use of cookies directly through your browser or device. In your browser or device settings, you can learn more about how to adjust and set your preferences. For example, you can choose to block all cookies, accept only first-party cookies or automatic deletion when browsers are closed.

Remember that some of our services may stop working if you block or delete cookies.

8. How do we protect your personal data?

We use secure IT systems to protect confidentiality, privacy and access to personal data. We have also put in place other security measures to protect your personal data against unlawful or unauthorised processing (for example, unauthorised access, loss, destruction or damage). This means that only the people who actually need to process your personal data have access to it.

9. Which authority is responsible for enforcement?

The Swedish Data Protection Authority is responsible for monitoring compliance with the legislation. If you think a company is handling personal data incorrectly, you can submit a complaint to them at datainspektionen.se.

10. How do you contact us for data protection questions?

Data protection is very important to us and we have dedicated staff to deal with these issues, who can always be reached at dataskydd@overvakningsbutiken.se/en. The latest version of our privacy policy is always available here on our website. In the event of updates that clearly affect our processing of personal data (such as changes to stated purposes or categories of personal data) or updates that may be of crucial importance to you, you will receive information on overvakningsbutiken.se/en and by e-mail (if you subscribe to our newsletter) well in advance of the updates taking effect. When we make updates, we will also clearly explain how they may affect you.