If you wish to receive additional information on the processing of your personal data, you are welcome to contact us. You will find our contact details in Section VI below herein.
I. PERSONAL DATA AND HOW WE PROCESS IT
Why do we process your personal data (purpose and lawful basis)?
PEPICON processes your personal data for a variety of purposes. However, we must always have a lawful basis (i.e., a reason prescribed by law) for processing your personal data. The table in Appendix A, Section 3 therein, sets out the purpose for the processing of the relevant category of your personal data including the corresponding lawful basis thereto. We mainly process your personal data for the purpose of providing and administrating our Services, managing User relations, complying with legal obligations, for tax and accounting purposes, improving the Services, as well as for communicating with you by sending information, direct marketing or market research. PEPICON may also disclose personal data to our partners to fulfil our obligations towards you.
a) In order to fulfil our obligations in accordance with an agreement to which you are a party or to take action at the request of you prior to conclusion of such an agreement;
b) In order to fulfil our legal obligations pursuant to applicable legislation, such as preventing fraud and similar crime in transactions;
c) For purposes relating to our legitimate interest to process your personal data; and
d) To offer services or conduct processing activities if we have your consent thereto.
If we process your personal data for any specific purpose which requires your consent under the GDPR, or any other legislation, we will obtain your consent in advance.
If we process personal data for any specific purpose upon which we have a legitimate interest, we always prior thereto and in each individual case conduct an assessment of balance of interests in order to for example evaluate whether our legitimate interest is overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data in accordance with GDPR. We only process personal data based on our legitimate interest if we make the assessment that our legitimate interest is not overridden by the interests and rights of the relevant data subject.
What kind of personal data do we collect and process?
Personal data refers to information which, directly or indirectly, may be associated with a living natural person. PEPICON processes such personal data as is necessary for us to offer you our Services, such as the following main categories of personal data (i) contact information (ii) identity and other regulatory information (iii) matter and billing information (iv) marketing preferences (v) user related data and browsing and device usage information, (vi) correspondence with customer services and feedback. The personal data that PEPICON processes is either provided (i) directly by you in connection with your use of our Services, (ii) automatically through your use of our Services, (iii) by the company which you represent (if applicable), and which uses our Services. We may also, if necessary subject to any of our purposes for the processing, collect personal data from private and public registers, publicly accessible sources as well as from public authorities.
You are responsible for any personal data obtained, published, or shared with us via the Platform or otherwise, including such personal data which you have obtained from a third party. You shall also be able to confirm that you have such third party’s’ consent to provide such personal data to us (if applicable).
PEPICON always strives to process as limited amount possible of your personal data based on the purpose of the processing. The table in Appendix A, Section 2 therein, sets out the details of the categories and types of personal data we process as well as how such data is obtained by us.
With whom is your personal data shared?
Personal data will always be processed confidentially and protected by appropriate security measures. Your personal data will only be disclosed to the extent that it is relevant to the purpose of the processing. PEPICON employs data processors to perform certain tasks, such as for example, operating and supporting the IT environment, archiving, and for e-mailing. We may also disclose your personal data when we have a legal obligation to do so (e.g., due to anti-money laundering legislation, tax legislation, court orders or requests from government authorities), to safeguard PEPICON’s legal interests, or to detect, prevent or alert fraud and other security or technical issues. This means that the data processors also may receive access to certain information about you as a registered person. However, these parties may not process your personal data for any other purposes other than those the personal data initially was collected. We ensure that companies that manage personal data on our behalf, uses a high level of security measures in order to protect your personal data and always ensure that agreements are entered into with each such relevant party to whom we disclose your personal data in accordance with GDPR.
Further details of the categories of external parties whom we disclose your personal data to, as well as the purpose and lawful basis in each such case are set out in Appendix B hereto. If you wish to receive any additional information on the disclosure of your personal data to such external parties, you are welcome to contact us at: firstname.lastname@example.org.
Is your personal data processed outside the EU/EEA?
Further details of the relevant safeguards used by us to protect the transfer of your personal data are set out in Appendix C. If you wish to receive any additional information on the transfer of your personal data to a Third Country, you are welcome to contact us at: email@example.com.
What security measures do we take?
Personal data will always be processed confidentially and protected by appropriate security measures. PEPICON ensures that companies that process and/or manage personal data on our behalf, uses a high level of security measures in order to protect your personal data. However, please note that, in relation to any personal data you submit to us online, we cannot guarantee the security of data sent to us in this way. Transmission of data over the internet is at your own risk. You are responsible for keeping any passwords you use to access our platforms safe.
If we are to process personal data in a way that is likely to result in a high risk to the rights and freedoms of natural persons, we will prior to such processing carry out an assessment according to the GDPR of the impact of the envisaged processing operations on the protection of personal data (data protection impact assessment). Such assessment will at least contain (i) a systematic description of the envisaged processing operations and the purposes of the processing, (ii) an assessment of the necessity and proportionality of the processing operations in relation to the purposes, (iii) an assessment of the risk to the rights and freedoms of the relevant data subjects, (iv) the envisaged security measures to address the risks and to ensure protection of personal data and demonstrate compliance with GDPR. We only use processes subject to a data protection impact assessment pursuant to the GDPR, that have been approved by us subject to such assessment as described herein. Such approved processes are monitored and reassessed continuously in accordance with our internal routines from time to time.
How long do we store your personal data?
Your personal data will only be retained for as long as there is a need to preserve it in order to fulfill the purposes for which the data was collected, and in accordance with current legislation and relevant guidelines to which our business is subject. PEPICON may save the data longer if it is necessary to comply with legal requirements or to monitor legal interests, for example if a legal process is in progress. This will depend on a number of factors, including for example (i) the laws and regulations that we are required to follow, (ii) whether we are in a legal or other type of dispute with each other or a third party, (iii) the type of information that we hold about you, (vi) whether we are asked by you or a regulatory authority to keep your personal data for a valid reason. If processing of your personal data is no longer necessary, it will be erased in accordance with our erasure procedure from time to time. We make the assessment in each case regarding if we are entitled to store your data, which you can find more information about in Appendix A, Section 3 therein.
Depending on the relevant purpose of the processing of your personal data, we may store the data in accordance with what is specified in the below list (a)-(c) in this Section. In the event that we are processing your personal data based on the legal obligations described below herein, we cannot delete the personal data even if you were to request such action. Should we no longer be required to save your personal data due to a legal obligation, we will make an assessment whether we are in need of the data in order to safeguard our interest in any legal or other type of dispute.
a) Personal data processed as a result of an agreement between you and PEPICON are stored during the term of the agreement and a maximum of ten (10) years thereafter due to statute of limitation.
b) Personal data we store as a result of applicable legislation such as anti-money laundering and accounting legislation are normally stored for five (5) respective seven (7) years.
c) Should we no longer have a legal obligation for the processing of the personal data, the data is stored as long as necessary in order to fulfil each applicable purpose of the processing (normally we erase or anonymize the personal data three (3) months thereafter), more information hereto is set out in Appendix A, Section 3 therein.
By terminating your paid subscription of the Service with PEPICON, your will stay on our free subscription of our Service, meaning that we will continue to process and preserve your name and email address (and such other information and personal data that PEPICON is required by law to preserve) until such free subscription also is terminated by you. Furthermore, following termination of your subscription of our Service, we will continue to provide you with our electronic newsletters and email campaigns, provided that you have not previously unsubscribed from such electronic marketing materials and communication from us. Note that you may unsubscribe from our newsletters or similar communication at any time, by using your right to object in accordance with Section II (e) below herein. In such event we will no longer store or process your personal data for that particular purpose, and we will cease to provide you with such marketing materials and communication.
Personal data is thinned/pseudonymized/de-personalized when the data is no longer to be retained in accordance with current legislation.
How do we use automated decision making and profiling?
PEPICON (or an appointed third-party provider that acts on our behalf as a data processor to us) conducts profiling of you when using our own Services. “Profiling” means that we may automize the processing of your personal data in order to determine certain characteristics, such as for example to analyse or predict your personal preferences, like interest in a specific offering. At the same time, we compare your data with our other users of our Services, which have similar user activities of our Services as you. The purpose of PEPICON’s profiling and the personal data of each such processing are further described in Appendix A, Section 3 therein. Profiling subject to these purposes does not have a significant effect on you.
We use profiling in order to (i) provide our adapted Services to you, which adjusts its content based on what we assume is more interesting to you (this concerns the Platform, the different functions in it, and [add applicable example]), and (ii) provide an adapted marketing to you via our Platform as well as via external platforms.
PEPION does not use such automatized individual decision making which could entail legal effects concerning you or would have similar significant effect on you.
If you have any questions regarding our automated individual decision-making process, you may contact us at: firstname.lastname@example.org. You can always object to our profiling for marketing purposes by contacting us and we will thereafter cease such profiling for marketing purposes. You can also end our profiling for our Services by terminating the Services.
II. YOUR RIGHTS
As a data subject, you have the following rights:
a) Right to withdraw your consent – meaning that you have the right to withdraw your consent where PEPICON process your personal data based on consent by submitting a request in accordance with what is stated below in this Section II. In such event, we will no longer store or process your personal data for the relevant purpose;
b) Right to access – meaning that you have the right to request a confirmation of our processing of your personal data, to receive information about the processing, access to the personal data in question, and the right to obtain a copy of your personal data. You will find more information about the right to access at the webpage of Swedish Authority for Privacy Protection (Sw. Integritetsskyddsmyndigheten) (“IMY”);;
c) Right to rectification – meaning that you have the right to have any incorrect personal data about you as a data subject corrected by PEPICON. You will find more information about the right to rectification at IMY’s webpage;
d) Right to erasure – meaning that you have the right have your personal data erased under certain circumstances (such as if there no longer is a legitimate purpose for our processing of your personal data). This right is limited, and we may be obligated to save your personal data in accordance with applicable law. You will find more information about the right to erasure at IMY’s webpage;
e) Right to object – meaning that you have the right to object to PEPICON’s processing of your personal data in certain specific cases (for example you may object to processing of your personal data if we base such processing on our legitimate interest and you have the right at any time to object to PEPICON’s processing of your personal data for direct marketing purposes etc.). You will find more information about the right to object at IMY’s webpage;
f) Right to restricted processing – meaning that you have the right to have PEPICON restrict the processing of your personal data, but not delete it, if you find that the processing is in conflict with applicable law or that we no longer are in need of your personal data for a specific purpose. You will find more information about the right to restricted processing at IMY’s webpage; and
g) Right to data portability – meaning that you may request that PEPICON provides you with a copy of your personal data we process, to fulfil an agreement with you or based on your consent, in order to (if it is technically feasible) transfer your personal data to another data controller. You will find more information about the right to data portability at IMY’s webpage.
If you believe that the processing of your personal data is contrary to the GDPR, and applicable data protection legislation, then you have the right to file a complaint with IMY. You will find more information about your right to lodge a complaint at IMY’s webpage.
You may unsubscribe from our newsletters or similar communication at any time, by using your right to object in accordance with Section e) above. In such event we will no longer store or process your personal data for such purposes, and we will cease to provide you with such marketing materials.
III. LINKS TO THIRD PARTY SITES
V. CONTACT DETAILS