Personal Data Policy

ByHart AB, org.nr. 559246–8184, Teknikvägen 3, 961 50 Boden, Sweden, (hereinafter “the Company” or “we”) respects your privacy and your right to control your personal information.

This Personal Data Policy describes what data we collect, for what purpose and for what purposes it is collected, the legal basis for our processing, in what way you can have control over your own data and how you can contact us. This Personal Data Policy applies when you use our websites (https://www.byhart.se/ and https://www.hartic.se/) and when you use our services and / or purchase our products provided by the Company (hereinafter referred to by the collective term “the Service”).

The company is responsible for personal data in accordance with these terms and conditions and is responsible for processing in accordance with current legislation. It is important that you read and understand our Personal Data Policy before you purchase or use the Service. All processing of personal data within the Company takes place in accordance with applicable personal data legislation. Within the EU / EEA, the Data Protection Regulation (GDPR) applies.

Content of this Privacy Policy:

1. Key concepts
2. Data processed
3. Purpose of the treatment
4. Legal basis
5. Security and transfer of personal data
6. Storage and thinning of personal data
7. Your rights and choices
8. Cookies
9. Links to websites and social plug-ins
10. Changes in the Personal Data Policy
11. Choice of law and dispute resolution
12. Contact information

1. Key concepts

A personal data is information that can be linked directly or indirectly together with other data to a physically living person. Examples of personal information are name, address, telephone number, social security number and e-mail address. Information about IP numbers and about your user behavior when using the Service may also constitute personal data. Personal data processing includes all handling of personal data, such as collection, analysis, modification, registration and storage. The person responsible for personal data is the person who alone or together with another person determines the purpose and means for the processing of personal data and who is responsible for such processing taking place in accordance with applicable legislation.

2. Data processed

The personal information the Company collects and processes about you as a user of the Service is:

• Identification number (name, social security number, national ID, etc.).
• Communication information such as address, telephone number, e-mail address, etc.
• Profile data (such as age, age range, gender, role or similar).
• Location data.
• Order information such as customer number.
• Payment information such as card details, telephone number (eg for Swish or similar), billing address, etc.
• IP address, device information, access data.
• Other information that you may provide yourself within the framework of the Service.

The company needs the above information to be able to fulfill the agreement with you to carry out an order or services. If you choose not to provide certain personal information, this may result in the Company not being able to carry out the requested order or service.

In the event that you as a customer or employee choose to create a user account with the Company, the Company will save the above personal information about you also for this purpose. Certain information is automatically collected when you use the Service or create a user account, including:

• Information about your use of the Service, e.g. how often you use the service,
• Technical data about the devices you use to access the Service such as, IP address, Hardware type, Operating system and Browser version, etc.

In order to keep your personal information up to date and correct, we may also update your information from public registers, primarily in Sweden e.g. SPAR.

3. Purpose of the treatment

We process the personal data for the purposes stated below, as well as for any additional purposes stated at the time of collection:

• If you have a user account for the Service, we will collect the data you send by using the Service,
• In order for you to use the Service, we may disclose your personal information to a subcontractor or a third party for the purpose of fulfilling your request services or products (such as to make payment for the service performed),
• In order for us to be able to communicate with you via mail, telephone, electronic communication (such as text messages, e-mails, e-mail forms or accounts in social media) or in another way, e.g. in case of contact via customer service, to send notifications and inform you about our updates of the Service and terms of use,
• To ensure the technical functionality of the Service,
• To improve and develop the Service and new services and products, to continuously improve the security of our networks and information systems, and to analyze your and other users’ use of the Service (eg which mobile device or equipment you use) to better understand how our customers interact and use the Service,
• To send you newsletters via e-mail,
• To offer you to participate in competitions. When you participate in such a contest, we may ask you to provide your name, address, e-mail address and telephone number,
• To administer marketing activities such as contests and prizes,
• For marketing purposes, including for the marketing of our products and services, via e-mail and sms / mms (which you can opt out of via a link in each mailing made via e-mail or sms / mms),
• To control, prevent, investigate or take other measures in connection with misuse of the Service or in connection with the use of the Service in violation of the terms of use of the Service or in connection with legal measures, suspicion of fraud or potential threats to the Company’s or others’ rights,
• To fulfill a legal obligation.

4. Legal basis

Necessary treatment to fulfill our agreement with you:

• The company processes your personal data in order to fulfill our agreement with you (eg for the purposes stated in the points above).
• Necessary processing for purposes concerning the Company’s or third parties’ legitimate interests (balancing of interests).

In cases where the processing is necessary for purposes concerning the Company’s or third parties’ legitimate interests, the Company may process personal data based on a balance of interests. Such interests include the Company’s commercial interest in maintaining a good customer relationship with you, providing you with information that is relevant to your use of the Service, improving and further developing the Service and marketing the Company’s products and services (eg for the purposes stated). in the points above). By “legitimate interests” is thus meant our interest in conducting and managing our business to enable us to provide you with the best possible Services and a good and safe user experience. For example, we have a legitimate interest in ensuring that the marketing is relevant to you, therefore we can process your personal data to adapt the marketing to your interests, e.g. adapted to your use of Services. Legitimate interests may also refer to treatment that is also in your own or a third party’s interest.

We may also process your personal data in order to:

• fulfill an obligation under law and regulations or by court order,
• when negotiating the sale of our business or assets, provide a potential buyer with the necessary information about our customer registers (in such cases a potential buyer will not have the right to use the information for any purpose other than for the valuation of our business),
• transfer them to a third party who has purchased our business or a significant part of our assets and personal data is included as part of the sale, or
• it is necessary to enforce or enforce our Terms and Conditions, or to protect our rights, assets, security, customers or other persons.

You can at any time refrain from receiving marketing communications from us and / or our partners by clicking “unsubscribe” in an email we send you. We may process your personal data to protect you (and other customers, suppliers and partners) against fraud, intrusion and other irregularities in the use of our Services and to ensure that our Services and systems are secure. When we process personal data on the basis of a balance of interests, we ensure that we take into account and balance the possible impact of the processing on you (both positive and negative) as well as your interests and rights under applicable data protection legislation.

Treatment with the express consent:

The company may also process personal data with the support of the express consent of you as a customer or employee (eg for the purposes stated in the points above).

• Treatment necessary to fulfill a legal obligation.
• The company may need to process personal data in order to fulfill legal obligations, e.g. for accounting purposes or as a result of a court or government decision.

It may happen that the same personal data is processed for several purposes and / or on the basis of more than one of the legal grounds stated above.

5. Security and transfer of personal data

Transfer of personal data to third parties

We will not share, sell, transfer or otherwise disclose personal information in addition to what is stated in this Personal Data Policy, unless we are obliged to do so by law or as a result of a court decision or if we have obtained your consent to such disclosure. The company may disclose personal information to third parties, such as the police or other authority, if it concerns the investigation of suspected crime or if we are otherwise obliged to disclose such information on the basis of law or government decision. The Company may engage external suppliers to perform tasks on behalf of the Company, e.g. to provide IT services, update address information or assist with marketing and analytics. The performance of these services may mean that the Company’s suppliers, both within the EU / EEA and outside the EU / EEA, gain access to personal data. These providers process the information on our behalf in accordance with written personal data assistant agreements and our instructions. Personal data assistants who gain access to your personal data (eg when we use a third party, to collect address data or store information on a server), are not given any right to use your personal data for purposes other than those stated in this Personal Data Policy, but will primarily be used to the extent necessary to be able to provide the Service.

Transfer of personal data to third countries

The company may collaborate with partners who process personal data within and outside the EU / EEA. In the event that the Company chooses to hire suppliers outside the EU / EEA, e.g. cloud service providers, the Company will in such case take special protection measures, such as signing agreements that include standardized model clauses for data transmission which have been adopted by the European Commission and which are available on the European Commission’s website or companies that maintain the same level of protection as within the EU / EEA.

Security for the protection of personal data

The company safeguards your privacy and a high level of security for your personal information. The company has taken appropriate security measures to protect your personal information from unauthorized access, alteration, dissemination or destruction. All processing of your personal data takes place under strict confidentiality.

6. Storage and thinning of personal data

The processing takes place in accordance with current legislation and means that personal data is not stored for a longer period than is necessary with regard to the purposes of the processing. We will store your personal information as long as you choose to have a user account with us or, if you do not have a user account, until the service you have chosen to perform is completed. When the personal data no longer fulfills the purpose, these will be deleted. The same personal information can be stored in several different places for different purposes. This may mean that information that has been deleted from a system because it is no longer necessary may remain in another system where it is stored on the basis of a different legal basis or for another purpose where the personal data is still needed. If you subscribe to our newsletter, your contact information will be saved as long as you choose to continue receiving the newsletter. In practical terms, this means that data is thinned out and deleted when they are no longer relevant or necessary for analysis or direct marketing for the purposes for which they have been collected. Some information can be retained longer when required due to other legal requirements, such as the Accounting Act.

7. Your rights and choices

With regard to the processing of your personal data, you have a number of rights that follow from applicable data protection legislation. To exercise your rights, you are welcome to contact the Company via the contact information stated at the end of this Personal Data Policy.

Right of access

You have the right to request and receive confirmation of whether the Company processes personal data about you. If this is the case, you have the right to receive information about the processing free of charge and a copy of the personal data that is being processed. For any additional copies, the Company is entitled to charge a reasonable fee based on the Company’s administrative costs for such copies. If the request is manifestly unfounded or unreasonable, the Company may, in accordance with the provisions of applicable data protection legislation, charge a reasonable fee for such a request or refuse to comply with such a request.

Right to correction of incorrect personal data

You have the right to have incorrect personal information about you corrected without undue delay. Depending on the purpose of the processing, you also have the right to supplement incomplete personal data.

Right to delete (“the right to be forgotten”)

In some cases, you have the right to have your personal data deleted, e.g.

• if the personal data are no longer necessary for the purposes for which they were collected;
• if the processing is based on your consent, you have the right to withdraw your consent at any time and thereafter the right to delete the data (provided that there is no other legal basis for the processing);
• if you object to processing based on a balance of interests and there are no legitimate reasons for the processing that weighs heavier (however, you always have the right to delete personal data used for direct marketing on the basis of a balance of interests);
• if the personal data has been processed illegally or they have to be deleted due to legal obligation;

However, the right to delete does not apply in certain cases, e.g. if the processing is necessary for the Company to fulfill a legal obligation or for the Company to be able to establish, assert or defend legal claims.

Right to restriction

In certain cases, you have the right to request that the Company limit the processing of your personal data, e.g. if you do not believe that the personal data is correct so that the Company has time to check this, if the processing is illegal and you do not want us to delete the data. If the Company no longer needs the information but you need it for legal claims or if you object to the Company’s processing on the basis of a balance of interests pending the verification of whether the Company’s or third parties’ legitimate reasons outweigh your legitimate reasons.

Right to object

You have the right to object at any time to the processing of your personal data based on a balance of interests, including profiling. The Company may not continue to process such personal data unless the Company can present compelling legitimate reasons for such processing that outweigh your interests, rights and freedoms. The company may, however, continue the processing for determination, exercise or defense of legal claims. If you object to processing for direct marketing that takes place on the basis of a balance of interests, the Company may no longer process your personal data for such a purpose. You can at any time refrain from receiving marketing communications from us by clicking on “unsubscribe” in the email and SMS communications we send you.

Right to data portability

In some cases, you have the right to transfer your personal data to another personal data controller, e.g. if the processing is based on a consent or on an agreement between you and the Company and provided that the processing takes place automatically. When it is technically possible, such transfer shall take place directly from the Company to another person responsible for personal data.

The right to lodge a complaint

If you believe that your rights are not respected by us, you are welcome to contact us and you also have the right to submit a complaint to the Data Inspectorate.

8. Cookies

To make visits to our website as attractive as possible and to enable certain functions, we use so-called cookies on various pages. Cookies are small text files that are stored in your (user’s) browser. Some of the cookies we use are deleted at the end of a browser session, ie when you close the browser. Other cookies remain in your browser and allow us or a company close to us to recognize your browser on your next visit. They are called persistent cookies. You can set your browser so that you are informed about the settings for cookies and individually decide whether you want to accept cookies or not, in special cases or in general. If you do not accept cookies, it may limit the functionality on our website and in our Service.

We divide cookies into three categories:

• Mandatory
• Functional
• Personal

Below you will find more information about your choices and a detailed list of the cookies we use.

• Mandatory cookies are required to navigate our website and to use the services we provide. If these cookies are not used, the correct functionality of our website (for example, entering text) is not guaranteed when visitors browse pages on the website. These cookies also collect information about how visitors use our website, such as which pages they visit most often and whether they receive error messages from websites. These cookies collect complex, anonymous information that does not identify visitors. The cookies also allow our website to remember users’ choices, such as language or region, to provide better features. By law, no action is required of you to accept them. We also use these cookies to store information about whether you have given your consent to use cookies or to temporarily store information that you have entered.

• Functional cookies collect anonymous information. They cannot track your navigation on other websites. They can also be used to send targeted ads / offers or to measure how effective an advertising campaign has been. They can be used to determine which online marketing channels are most effective. With these cookies, we also store your login information in your browser, so that you can log in automatically the next time you visit our website. Because we want to present a website to you that is designed for optimal user-friendliness, functional cookies are usually activated when you visit our website. To enable the described measures, we also use cookies from third parties in this category. By analyzing your anonymized use, we can find areas where our site can be improved.

• Personal cookies are used to show more targeted ads that are relevant to the user and tailored to the user’s interests. These cookies help us provide customized target audience lists for marketing to our marketing partners. We need your consent to activate these cookies.

Objection to the use of cookies

If you do not want us to collect and analyze information about your visit, you can object to it at any time with future effect (so-called opt-out, deregistration). To implement the objection technically, an opt-out cookie is set in your browser. This cookie is for the sole purpose of identifying your objection. Please note that for technical reasons, an opt-out cookie can only be used for the browser for which it has been set. If you clear your cookies or use a different browser, you will need to redo the process (object again).

9. Links to websites and social plugins

In cases where the Service refers (links) to a website or material, which belongs to a third party, such reference is only intended as a service for the user and the Company disclaims all responsibility for it and its possible personal data processing. In the Service, you may sometimes be offered to share data from the Service on social media, such as Facebook or Twitter, via an implemented social plug-in (such as a like button). We have no influence over the information that social media collects using these plug-ins if you choose to use them. We therefore urge you to stay informed about the purpose, and scope, of data collection through social plug-ins.

10. Changes in the Personal Data Policy

We reserve the right to change this Personal Data Policy without prior notice. In the event of significant changes, this will be announced on our respective websites or sent to you by e-mail. The latest version is available on our website.

10. Choice of law and dispute resolution

Processing of your personal data in accordance with this Personal Data Policy and your use of the Service shall be interpreted and applied in accordance with Swedish law. Disputes shall be decided by a Swedish general court unless otherwise provided by mandatory law.

11. Contact information

For further information about personal data management, you are welcome to contact us via email: info@byhart.se