Eklund Foundation Data Protection Policy

At Eklund Foundation we are concerned about your integrity, and it is important to us that you feel comfortable in sharing your information with us. We have chosen to be transparent regarding the use of your information, and in accordance with the GDPR (General Data Protection Regulation), we have now updated our privacy policy.

1. Background

Eklund Foundation (hereinafter “Eklund Foundation”, “we”, “our”, “us”) respect your privacy. This Data Protection Policy (the “Data Protection Policy”) describes how we obtain and process your personal data. The Data Protection Policy also describes your rights in relation to us and how you can assert these rights.

All our processing of your personal data is in accordance with our Data Protection Policy and current data protection legislation, such as the General Data Protection Regulation (EU) 2016/679 (“GDPR”). We ask you to carefully read this Data Protection Policy before you share any personal data with us.

2. Scope

This Data Protection Policy addresses the processing of all personal data of any person in commercial contact with us, such as our customers, suppliers, business partners, prospects and its contact persons, representatives, users of any of our services or any other physical person connected to such party (“contact persons”), as well as visitors to our website.

This Data Protection Policy applies to all business processes in Eklund Foundation and to all Eklund Foundation websites, domains, mobile solutions, cloud services and communities as well as Eklund Foundation-branded websites and third party social networks.

3. How do we collect personal data?

3.1  Information from you

3.1.1  In general, we collect personal data directly or indirectly from you in a variety of ways, both online and offline, such as:

(a) when you or a party for which you are a contact person request or engage us for our services,

(b) when we request or engage you or a party for which you are a contact person for services,

(c) when you or a party for which you are a contact person request or purchase our products,

(d) when we request or purchase products from you or a party for which you are a contact person,

(e) when we enter into an agreement with you or a party for which you are a contact person or perform such agreement,

(f) when we perform our services on behalf of you or a party for which you are a contact person,

(g) when you submit an order form on our website,

(h) when we meet at meetings, events, seminars, fairs, etc.,

(i) when you sign up for our newsletter subscription service,

(j) when you participate and sign up to participate in our events,

(k) when you interact on our social medias,

(l) when you participate in our surveys,

(m) when you contact us through our website, by e-mail, letter or phone or face-to-face, or

(n) when you in any other way interact with us.

3.1.2  We will also, with your consent, use cookies and other tracking technology when you use our web site (www.eklundfoundation.org) in order to optimize your experience of these. Please see the paragraph describing automatic data collection tools for more information about these technologies and your rights in this context.

3.2  Information from other sources 

3.2.1  We may collect data about you from other persons linked to the company where you are employed. These persons may be a manager or colleague.

3.2.2  If the company you act as a contact person for enters into an agreement with us via one of our partner companies, we may collect information about you from the partner company.

3.2.3 We may combine personal data collected in one way (such as from our website) with personal data collected in another way (e.g. from customer meetings).

3.3  Automatic data collection tools

3.3.1  We use cookies and other digital tracking technologies to collect information about your movements on our website (www.Eklund Foundation.com) and when interacting with us.

3.3.2  A cookie is a text-only string of information that a website transfers to the cookie file of the browser on your computer’s hard disc so that the website can remember who you are.

3.3.3  When you visit our website a cookie will be sent to your computer. Cookies are used to help recognize you as a unique visitor when you return to our website. It is also used to allow us to tailor content to match your preferred interests. We cannot identify you personally this way.

3.3.4  You have the ability to accept or decline cookies by modifying the settings in your browser. However, you may not be able to use all the interactive features of our website if cookies are disabled.

3.3.5  We use the following cookies and other digital tracking technologies for the following purposes

Google cookies and technologies

(a) Google Analytics: This cookie allows us to see information on user website activities including, but not limited to page views, source and time spent on a website. The information is depersonalized and is displayed as numbers, meaning it cannot be traced back to individuals. This will help to protect your privacy. Using Google Analytics we can see what content is popular on our websites, and strive to give you more of the things you enjoy reading and watching. This information will be deleted after 26 months. 

(b) Google Analytics Remarketing: Places cookies on your computer which means that after you leave our website, Google can show you advertisements about us that you might be interested in, based on your previous behaviour on our website. This information is not personally identifiable.

(c) Google AdWords: By using Google AdWords code, we are able to see which pages helped lead to contact form submissions. This allows us to make better use of our paid search budget. This information is not personally identifiable.

(d) Google Adwords Remarketing: Places cookies on your computer which means that after you leave our website Google can show you advertisements about us that you might be interested in, based on your previous behaviour on our website. This information is not personally identifiable.

You can prevent the information generated by the Google cookie about your use of our website from being collected and processed by Google in the future by downloading and installing Google Analytics Opt-out Browser Add-on for your current web browser. This Add-on is available at http://tools.google.com/dlpage/gaoptout.

Facebook cookies

(e) Facebook Remarketing: the Facebook pixel tag places cookies on your computer which can send an alert back to Facebook telling Facebook that you have checked out the website. We then assume that you have an interest for us and the content on our website. When visiting Facebook, you will then be exposed to information or adds with similar content. Please use your privacy settings on Facebook to limit exposure to marketing of this kind.

WordPress cookies

(f) The WordPress cookie stores the frontend user session identifier and the backend user session identifier and also the PHP session identifier in order for us to show you the user specific information on our website.

Internal extensions

(g) Language: used by country redirect extension to track if it already redirected the user to correct market website.

(h) Login information: a custom cookie for Google Analytics which is used to track frontend user logins and logouts.

(i) Cookie warning: Stores whether cookie warning message was already displayed or not.

AddThis

(j) AddThis: a suite of technologies owned by Oracle to allow an End User to share, follow, view, recommend, and interact with our content.

4. What personal data do we process?

4.1.1  The type of personal data that we process about you may be:

(a)  Identity information, such as date of birth, age, nationality, gender, etc.

(b)  Contact information, both personal and professional, such as name, organisation (company) name, registration number, VAT registration number, postal address, phone number, mobile phone number, e-mail address, fax number, etc.

(c)  Employment information, i.e. information regarding your employment or other relationship with the party for which you are a contact person, such as job title, role, position, etc.

(d)  Information regarding products and services, such as product name, product description, case name, case description, details regarding sold or purchased products, etc.

(e)  Unique user information, such as login ID, username, password, security question, etc.

(f)  Device information, such as IP address, language settings, browser type, browser settings, time zone, operating system, platform, screen resolution, response time, download error, etc.

(g)  Traffic and usage information regarding our external systems, such as which links you click and when, which functions you use and when, how you reached and left the service, session time, session ID, delivery notifications when we contact you, etc.

(h)  Traffic and usage information regarding our website, such as which links you click and when, the address of the website from which you arrived, etc.

(i)  Geographic information, your geographical location.

4.1.2  We do not process sensitive personal data (i.e. special categories of personal data) about you.

5. What do we do with your information?

5.1  The purposes of and legal basis for our processing of your personal data

5.1.1  Personal data is processed only to the extent that it is necessary for the purposes described in this Data Protection Policy.

5.1.2  The data we process is mainly used to provide, perform and improve our business, products and services as well as to enter into and to fulfil our obligations and exercise our rights arising from a contract with you or a party for which you are a contact person.

5.1.3  We save your personal data only for as long as it is necessary for the purposes of our processing or for as long as required by law or any other regulated time limit. For further information, please see below.

5.1.4  Below we have compiled our various purposes with our processing of your personal data, the categories of personal data pertaining to the respective process, the legal basis for the processing and how long we store your personal data:

Purpose Personal data Legal basis Storage period
Provide offers on products and services E.g. to create, estimate and provide offers on our products and services. Identity information Contact information Employment information Information regarding products and services If to you personally
Take steps at the request of you prior to entering into a contract If to a party for which you are a contact person
Legitimate interest
Until the offer is denied or, if it is accepted, during our contractual relationship. Thereafter, necessary information is stored up to ten years, as long as you can take legal action against us, deriving from our offer or our contractual relationship, with respect to the regulation concerning statute of limitation.
Manage and perform our contractual relationship E.g. to fulfil our obligations and exercise our rights arising from any contract with you or a party for which you are a contact person and to administrate our relationship to you or such party, such as identification, process orders, invoicing, payments and other financial follow ups, delivery (including notification and contact regarding delivery), handling of customer service issues, complaints, product liability and warranty cases, etc. Identity information Contact information Employment information Information regarding products and services If to you personally
Perform our contract with you If to a party for which you are a contact person 
Legitimate interest      
During our contractual relationship and thereafter as long as there are any outstanding rights or obligations deriving from our contractual relationship. Thereafter necessary information is stored (i) as long as there is any outstanding product liability in order to handle any complaints and warranty cases, normally at least five years and (ii) up to ten years, as long as you can take legal action against us, deriving from our contractual relationship, with respect to the regulation concerning statute of limitation.
Manufacture and provide our products, perform our assignments and provide our services Including plan, organize, lead, perform and follow-up on our business, e.g. to (a) administer our products and services, (b) design and manufacture our products, (c) perform control of conflicts of interests, (d) administer and allocate customer responsibility, (e) administer and allocate case responsibility, (f) administer and allocate work tasks, (g) administer cases and assignments, (h) administer customer teams (inter alia based on competence and ability), (i) administer timekeeping and billing in cases, (j) collecting information regarding the case, etc. Identity information Contact information Employment information Information regarding products and services If to you personally 
Perform our contract with you If to a party for which you are a contact person 
Legitimate interest  
During our contractual relationship and thereafter as long as there are any outstanding rights or obligations deriving from our contractual relationship. Thereafter, necessary information is stored for up to ten years, as long as you can take legal action against us, deriving from our contractual relationship, with respect to the regulation concerning statute of limitation.
Improve our products and services and general business development E.g. improving the quality of our current products, services and website, developing new products, services, features and new business opportunities, performing customer analyses, carrying out external surveys (for example polls about customer satisfaction), etc. Identity information Contact information Employment information Information regarding products and services Unique user information Device information Traffic and usage information regarding our external systems Traffic and usage information regarding our website Geographic information Legitimate interest During our contractual relationship and thereafter for three years.
Market and inform about our business E.g. to invite you to our events, to communicate relevant news and information within our practise areas to you, to communicate relevant information about us and our products and services to you, to inform about and present products or service offers and promote new products or services that are closely related to the products or services already purchased or used. Identity information Contact information Employment information If you are a customer or its contact person 
Legitimate interest If you are a prospect or its contact person (or otherwise) 
Your consent
If you are a customer or its contact person 
During our contractual relationship and thereafter as long as there are any outstanding rights or obligations deriving from our contractual relationship. Otherwise 
For as long as we have your consent. We will refresh your consent as appropriate.
Provide and manage our website E.g. to manage our website and your access it, to optimize your experience of our website, to ensure that content is presented effectively to you and your device, including troubleshooting, data analysis, testing, research and for statistical purposes. Contact information Unique user information Device information Traffic and usage information regarding our website Geographic information Your consent For as long as we have your consent. We will refresh your consent as appropriate.
Comply with any applicable legislation or other legal obligations E.g. to comply with obligations arising from our business, collective agreements, applicable laws, case law, regulations, other regulations or similar, such as rules on money laundering, accounting laws, tax legislation, etc.   Identity information Contact information Employment information Information regarding products and services Unique user information Device information Traffic and usage information regarding our external systems Traffic and usage information regarding our website Geographic information Comply with legal obligations During our contractual relationship and thereafter as long as there are any outstanding rights or obligations deriving from our contractual relationship. Thereafter, necessary information is stored for (i) up to ten years, as long as you can take legal action against us, deriving from our contractual relationship, with respect to the regulation concerning statute of limitation and (ii) for up to seven years, in order to comply with statutory storage time regarding accounting.
Manage mergers, restructurings and transfers E.g. to facilitate negotiations on and execute a merger, a restructuring, a transfer of shares or a business transfer relating to any part of our business, etc. Identity information Contact information Employment information Information regarding products and services Traffic and usage information regarding our external systems Legitimate interest During our contractual relationship and thereafter as long as there are any outstanding rights or obligations deriving from our contractual relationship.

5.1.5  If you choose not to provide us with certain personal data or limit our right to process your personal data, that may result in that we cannot fulfill our obligations to you or to the party you represent and that you, or the party you represent, cannot assert your, or its, rights against us.

5.2  What are our legitimate interests?

5.2.1  As you can see in the list above under section 5.1.4 we may process your personal information because it is necessary for the purposes of our legitimate interests.

5.2.2  Our “legitimate interest” corresponds to the purpose for which we perform each processing based on our interest.

5.2.3  When we process your personal information for our legitimate interests, we make sure to consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. Our legitimate business interests do not automatically override your interests – we will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

5.2.4  We do not consider that our processing disadvantages you in any way. We use your information only in ways you would understand and reasonably expect and which have a minimal privacy impact, or where there is a compelling justification for the processing.

5.2.5  You have a right to object to processing that is based on our legitimate interests. If you wish to do so please contact the GPO (see contact information). For more information on your rights, please see “Your rights” section below.

5.3  If you do not want to receive marketing information from us

5.3.1  As described in section 5.1.4 above, we may process your data to invite you to our events, to communicate relevant news and information within our practise areas to you, to communicate relevant information about us and our services etc. If you do not want to receive such communication, you are welcome to email us.

5.4  How to revoke your consent

5.4.1  The processing described in section above is based on your consent. Your consent may be given freely on our website or telephone when applicable. You have a right to revoke your consent to this processing of your personal data at any time. If you would like to make use of this right and revoke your consent, please contact us.

5.4.2  If you revoke your consent, it does not affect the legality of the processing we have performed based on your consent before it was revoked.

5.5  Automated decision-making

5.5.1  We do not perform any processing that includes automated decision-making (including profiling).

6. Disclosure of your information

6.1  To whom may we disclose your information?

6.1.1  We may disclose your personal information to, chosen third parties in accordance with the provisions below. In the event of such sharing or transfer we will take every reasonable legal-, technical- and organizational action in order to make sure that your personal data is handled in a safe manner and that the level of security is adequate. Any third party that process your information on our behalf are bound by processor contracts which includes a provision that such third party shall follow our instructions, take the measures that we find necessary, observe confidentiality and respect this Data Protection Policy.

Employees

6.1.2  We may disclose your personal information to any of our employees or officers insofar as reasonably necessary for the purposes set out in this policy.

Our group of companies

6.1.3  We may disclose your personal information to any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries) insofar as reasonably necessary for the purposes set out in this policy.

Advisers, suppliers, subcontractors and other business partners

6.1.4  We may disclose your personal information to any of our insurers, professional advisers, agents, suppliers, subcontractors or business partners insofar as reasonably necessary for the purposes set out in this policy. Hence, we might share your personal data when a third party provide us with services such as providing, hosting and maintaining IT systems, technical support, marketing, etc. on our behalf.

Other

6.1.5  We may disclose your personal information:

(a) to the extent that we are required to do so by law or a court order;

(b) in connection with any ongoing or prospective legal proceedings;

(c) in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk);

Transfer

6.1.6  If we buy or sell a business or assets we may provide a potential seller or buyer of such business or assets with your personal data. If we, or a substantial part of our assets, are acquired by a third party, your personal data may be disclosed to such acquirer.

7. How do we protect your information?

You should always feel secure when you provide us with your personal data. Therefore, we have taken the suitable legal, technical and organisational precautions to prevent unauthorized access, use, change and deletion of your personal information. We have adopted an IT policy which applies to all our employees that set up the provisions for how we use our information systems. All our processing of your personal data is in accordance with current applicable data protection legislation.

8. Where are we processing your information?

It is our objective to process all your personal data within the EU/EEA. In some situations however, your personal data might be transferred to and processed by a company within our company group or by supplier, subcontractor or other business partner with registered office in a country outside the EU/EEA. All such sharing and processing of information will be in accordance with current applicable data protection legislation and we will take all reasonable legal-, technical- and organisational actions to make sure that your personal data will be processed securely and with an adequate level of protection comparable with, and at the same level as, the protection that is provided within the EU/ EEA.

9. Your rights

9.1  Right of access and to information

9.1.1  You have the right to obtain a confirmation from us as to whether or not personal data concerning you are being processed by us, and, where that is the case, you have the right to access that personal data.

9.1.2  We will provide a copy of your personal data undergoing processing. For any further copies requested, we may charge a reasonable fee based on administrative costs. If you make the request by electronic means, and unless otherwise requested by you, the information will be provided in a commonly used electronic form.

9.2  Right to rectification

You have the right to obtain from us, the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you also have the right to have incomplete personal data completed.

9.3  Right to erasure (”right to be forgotten”)

9.3.1  You have the right to obtain from us, the erasure of personal data concerning you and we have the obligation to erase your personal data in some situations, for example:

(a) if the personal data is no longer necessary in relation to the purposes for which they were collected,

(b) if the processing is based on your consent and you withdraw that consent,

(c) if the processing is based on our legitimate interests and you object to the processing and there are no overriding legitimate grounds for the processing,

(d) if the personal data have been unlawfully processed, or

(e) if the personal data have to be erased for compliance with a legal obligation, etc.

9.3.2  There might be reasons as to why we cannot immediately erase all your personal data. Our continuous processing of your personal data might for example be necessary in order for us to fulfil a legal obligation that requires processing of your personal data, for example bookkeeping and tax legislation, or to establish, exercise or defend a legal claim. In that case we will block the information that could not be immediately erased from use for any other purposes than the ones that hindered the information from being erased immediately.

9.4  Right to restriction of processing

You have the right, under certain conditions; to obtain from us restriction of processing of your personal data. Restriction of processing means that your stored personal data will be marked with the aim of limiting their processing in the future to certain given purposes. The right to restriction applies for example when you have contested the accuracy of your personal data, for a period enabling us to verify the accuracy of the personal data, and when you have objected to our processing based on our legitimate interests, pending the verification whether our legitimate grounds override yours.

9.5  Right to data portability

9.5.1  You have the right, under certain conditions, to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format and the right to transmit those data to another controller without hindrance from us.

9.5.2  When exercising your right to data portability you have the right to have your personal data transmitted directly from us to another controller, where technically feasible.

9.6  Right to object

9.6.1  You have the right to object, on grounds relating to your particular situation, at any time to certain processing of your personal data.  The right to object applies e.g. when we process your personal data on the basis of our legitimate interests.

9.6.2  Where personal data are processed for direct marketing purposes, you have the right to object at any time to our processing of your personal data for such marketing.

9.7  Right to object to automated individual decision-making (including profiling)

You have the right, with certain exemptions, not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

9.8  Right to lodge a complaint

If you consider that our processing of your personal data infringes the GDPR you have the right to lodge a complaint with the supervisory authority.

9.9  Exercise your rights

If you wish to exercise any of your rights you can easily do that by contacting us, using the contact information under section 11. In order to protect your integrity and your personal data we might require that you identify yourself when you require our assistance.

10. Controller

Eklund Foundation, org.nr 802479-1025, with address c/o TePe Munhygienprodukter AB, Bronsåldersgatan 5, SE-213 76 Malmö is the controller for the processing of your personal data as described in this Data Protection Policy. That means that it is our obligation to make sure that all the processing is carried out in a safe manner and in accordance with applicable laws and regulations.

11. Contact information

If you have any questions concerning integrity and data protection you are welcome to contact info@eklundfoundation.org. Our Data Protection Policy was updated 2019-11-14.