Why do we have a privacy policy?
Curity AB (“Curity” or “we”) cares about your privacy. Therefore, we always strive to protect your personal data
in the best possible way and to comply with all applicable laws and regulations for the protection of personal
data.
The purpose of this privacy policy is to inform you about how we process your personal data as the representative
of a company that we are interacting with.
Who is responsible for the processing of your personal data?
Curity AB, with Swedish company registration number 559017-0196, is responsible for the processing of your
personal data (the controller) when Curity is processing the data for its own purposes.
If you want to contact us regarding our processing of your personal data or exercise any of your rights as
described below, please contact us at dataprotection@curity.io or give us a call at [+46 8-410 737 70]. Our
postal address is [Box 133, 447 23 Vårgårda, Sweden].
How and why do we process your personal data?
We conduct all our processing of your personal data for the following overall purposes (the “Services”):
- Customer relationship management
- Support our customer’s use of our product
- Administrate your account on our developer portal
- Communicate news and updates to you by sending you our newsletters
Transparency
Our aim is to be as transparent as possible regarding how and why we process your personal data. In the tables
below, we inform you about why we process your personal data (the purposes of processing), what personal data we
process, our legal basis for processing your personal data and how long we process your personal data for each
purpose.
For purposes of customer relationship management
| For what purposes do we process your personal data? |
What personal data do we process? |
What is our legal basis for processing your personal data? |
How long do we process your personal data? |
| To enter into an agreement between the company you represent and Curity. |
Your name, phone number and e-mail address. |
Our legal basis is our legitimate interest to get in contact with you as the representative of a
potential customer to Curity for the purpose of being able to enter an agreement between the company you
represent and Curity, which in our assessment outweighs your interest of not having your personal data
processed.
|
Until the process to enter into an agreement is completed |
| To contact you as the representative of our customer during the duration of the agreement we have
entered with the company you represent.
|
Your name, phone number and e-mail address. |
Our legal basis is our legitimate interest to get in contact with you as the representative of our
customer for the purpose of being able to communicate with the company you represent, which in our
assessment outweighs your interest of not having your personal data processed.
|
Until the agreement with the company that you represents has ended, or until you or the customer gives
us new contact details to another person.
|
| To name you as reference on invoices to our customer if this is required by the customer (the company
you represent).
|
Your name. |
Our legal basis is our legitimate interest to name you as reference when Curity is invoicing the company
you represent, which in our assessment outweighs your interest of not having your personal data
processed.
|
Your personal data will be stored and otherwise processed, in accordance with the Swedish Accounting
Act, for a period of seven (7) years.
|
| To contact you as the representative of a former customer by e-mail and/or phone to try to re-initiate a
customer relationship with the former customer.
|
Your name, phone number and e-mail address. |
Our legal basis is our legitimate interest to get in contact with you for the purpose of re- initiating
a customer relationship with you and your company, which in our opinion outweighs your interest of not
having your personal data processed.
|
Your personal data will be processed for a maximum of two (2) years after the customer relationship and
our agreement with you has ended.
|
For you who have been appointed by our customer as a support person
| For what purposes do we process your personal data? |
What personal data do we process? |
What is our legal basis for processing your personal data? |
How long do we process your personal data? |
| To verify you as an support person for the company you represent in case of a support errand. |
Your name and contact details. |
Our legal basis is our legitimate interest to verify you as an support person for the company you
represent, which in our assessment outweighs your interest of not having your personal data processed.
|
For as long as you remain in the role as your company’s support person. |
| To administrate support errands that you as an support person has reported to us. |
Your name and contact details. |
Our legal basis is our legitimate interest of being able to administrate support errands for the company
that you represent, that you as an support person has reported to us, which [in our opinion] outweighs
your interest of not having your personal data processed.
|
For as long as you remain in the role as your company’s support person. |
To administrate your account on our developer portal
| For what purposes do we process your personal data? |
What personal data do we process? |
What is our legal basis for processing your personal data? |
How long do we process your personal data? |
| To create your account when you register an account on our developer portal or ask us to do so. |
Your name and e-mail address. |
The processing is necessary for the performance of the contract with you. |
Until your account has been created. |
| To enable you access to the developer portal, including access to download the latest releases, read
documentation and get support.
|
Your name and e-mail address. To download a trial license also your company name and phone number. |
The processing is necessary for the performance of the contract with you. |
Until you request us to delete your account. |
| To reset your password in case you have forgotten it. |
Your e-mail address. |
The processing is necessary for the performance of the contract with you. |
Until your password is reset. |
To communicate news and updates
| For what purposes do we process your personal data? |
What personal data do we process? |
What is our legal basis for processing your personal data? |
How long do we process your personal data? |
| To send newsletters and relevant offers to you in the role of your profession. |
Your e-mail address. |
Our legal basis for sending you newsletters and relevant offers is your given consent to receive such
information.
|
Until you unsubscribe to our newsletter. |
What happens if you do not provide us the requested information?
Information about your name and e-mail address is necessary for the performance of the contract with you when you
sign up for an account on our developer portal. If you do not provide the requested information, we will not be
able to create or administrate your account on our developer portal. Nor will we be able to reset your password
to your developer account.
Who, other than us, may get access to your personal data?
In order to fulfill our services or to administrate your account on our development portal, we may share your
personal data outside of Curity. We will also share your personal data with our selected internal and external
IT suppliers and any other suppliers, however limited to the extent necessary to fulfill their obligations
towards Curity. All of our suppliers, sponsors and partners will before they receive your personal data consent
to being compliant with the GDPR regulations.
Do we transfer your personal data outside of the EU/EEA?
When transferring your personal data outside of the EU/EEA, Curity will ensure this is done in accordance with
applicable data protection laws and regulations. This means we will only transfer your personal data outside of
the EU/EEA where there is a legal basis for doing this.
Curity may transfer your personal data to the USA. If you have signed up to receive our newsletter, Curity will
share your e-mail address with our Privacy Shield certified processor as part of our process for sending you
your newsletter. According to a decision adopted by the European Commission, personal data may be transferred to
a recipient in the USA provided that the recipient is Privacy Shield certified. Privacy Shield is an agreement
between the EU and the USA, which rationale is to protect the fundamental rights of Europeans and to ensure
legal certainty for businesses transferring personal data to the USA. American companies are able to sign up to
be Privacy Shield certified with the U.S. Department of Commerce who will then verify that their privacy
policies comply with the high data protection standards required by the Privacy Shield.
What possibilities do you have to affect our processing of your personal data?
As follows by the data protection legislation, you are entitled to a variety or rights regarding our processing
of your personal data. In case you wish to exercise any of your rights, please contact us at
dataprotection@curity.io.
Right to withdraw consent
At any given time, you have a right to, wholly or partly, withdraw a given consent for the processing of your
personal data when the legal basis for our processing is your consent. Your withdrawal will have no effect on
our processing of your personal data for the period prior to the withdrawal took place.
Right to access
In accordance with applicable data protection legislation, you have a right to access. This means that you have
the right to obtain confirmation as to whether or not we are processing personal data concerning you and, where
this is the case, access to the personal data in accordance with applicable data protection legislation.
Right to rectification
You have, without undue delay, a right to obtain rectification of inaccurate personal data concerning you. Taking
into account the purposes of the processing, you also have a right to have incomplete personal data completed,
including by means of providing a supplementary statement.
Right to erasure (“the right to be forgotten”)
Under certain circumstances, you have a right to request that personal data concerning you be erased. This is the
case where:
- The personal data is no longer necessary for the purposes for which they were collected or otherwise
processed;
- You withdraw your consent on which the processing is based on and where there is no other legal ground for
continuance of the processing;
- You object to the processing, the legal basis is our legitimate interest, and there exists no legitimate
grounds that overrides your interest of not having your personal data processed;
- The personal data have been unlawfully processed;
- The personal data have to be erased for compliance with a legal obligation in Union or Member State law to
which Curity is subject to; or
- The personal data have been collected in relation to the offer of information society services.
Curity will erase your personal data upon request unless we have the right to keep the personal data in
accordance with the applicable data protection legislation.
Right to restriction of processing
You have a right to request that Curity restrict its processing of your personal data where one of the following
circumstances applies:
- The accuracy of the personal data is contested by you (for a period enabling Curity to verify the accuracy
of the personal data);
- The processing is unlawful and you oppose the erasure of the personal data and instead requests restriction
of its use;
- You are in need of the personal data for the establishment, exercise or defense of legal claims despite
Curity no longer having need for the personal data for the purposes which they were collected or otherwise
processed; or
- You have objected to processing pending the verification whether Curity’s legitimate grounds override your
legitimate grounds for not having your personal data processed.
Right to object
You have a right to object to the processing of your personal data, which has its basis in a legitimate interest
of ours. You also have a right to, at any time, object to our processing for marketing purposes.
Right to lodge a complaint to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a
supervisory authority, in particular in the EU/EEA member state of your habitual residence, place of work or of
an alleged infringement of the General Data Protection Regulation. In Sweden, the supervisory authority is The
Swedish Data Protection Authority.
Right to data portability
You are entitled to receive personal data concerning you that you have provided us in a structured commonly used,
machine-readable and interoperable format, and to transmit the personal data to another controller (data
portability). This right will apply when:
- The processing is based on consent or on a contract; and
- The processing is carried out by automated means.
In exercising your right to data portability, you have the right to have personal data transmitted directly from
Curity to another controller, where technically feasible.
This privacy policy was adopted by Curity AB on May 23, 2018.
