PRIVACY POLICY

Last updated 19 February 2019

Orio AB and its subsidiary undertake to respect and protect your personal data and your personal privacy in accordance with applicable legislation, industry rules and other relevant standards. In this privacy policy (hereinafter ”Policy”) we inform you about why Orio collects, uses and shares your personal data within the framework of your relationship with Orio. Please read this Policy carefully.

1. CONTROLLER

The controller responsible for your personal data in accordance with applicable da-ta protection legislation is Orio AB (hereinafter ”Orio”, ”we”, ”us” or ”our”). Orio is responsible for ensuring that your personal data is processed in accordance with this Policy and applicable data protection legislation.

Contact details for the controller:

Orio AB
Corp. reg. no.: 556602-9277
Address: Flättnaleden 1, 611 45 Nyköping, Sweden
Telephone no.: +46155244000
E-mail: info@orio.com

If you would like to contact us, you are welcome to e-mail or post a letter. Mark letters and e-mails with “GDPR”.

2. COLLECTION OF PERSONAL DATA

We process the personal data that you have provided us when you became a customer of ours or a member, or when you have otherwise contacted us (for example using the form on our website or via customer service. The personal data that we collect include e.g. the following categories of information:

• Names, e-mail addresses and telephone numbers. From corporate customers we can also collect relevant information concerning your position and contact details within the company you represent.

• Information within the framework of the customer relationship, such as customer contact, customer communication, payment and invoice information.

• We use cookies to give you a better user experience when you visit our websites, allow you to set personal preferences, ensure the security of our websites, and create statistical information about the use of our websites, and to measure the effectiveness of advertising. When you enter our web-site you can accept or refuse cookies through your browser settings. To read our cookie policy click here, or read further down under the heading “6. Cookies”.

At the end of this privacy policy is specified the type of information that we collect about you from each website and the legal ground, i.e. what right we have to process your personal data, how long we save them and who has access to them.

3. PURPOSE AND LEGAL GROUND FOR PROCESSING OF PERSONAL DATA

We process personal data for the following purposes:

3.1 Provision of services and handling of your customer relationship

The primary purpose for collecting your personal data is to provide you with our services and to handle the customer relationship between us and you or the company that you represent. Processing is necessary for fulfilment of the agreement between us pursuant to 6(1) b GDPR.

3.2 Marketing

We process personal data in order to administer the sending of e-mail notifications and text messages to you regarding news about our services, request your feedback or provide you with other relevant information about our services. In this respect, our processing of your personal data is based upon our legitimate in-terest in providing you with relevant information about Orio and to promote our services pursuant to 6(1) f GDPR. You may at any time choose not to receive such marketing notifications by clicking here.

If you are not a customer of ours but you choose to sign up to our newsletter via any of our platforms, we will obtain consent to such processing pursuant to 6(1) a GDPR.

3.3 Development of technology and services, and information security

We will also process personal data in order to improve the quality of our services and to develop new ones. In these cases, our processing of personal data is based upon our legitimate interest, pursuant to 6(1) f GDPR, in ensuring that we have sufficient and relevant information to develop our services.

3.4 Invoice-related information

We will also process personal data in order to fulfil our legal obligations pursuant to applicable accounting and tax legislation. In these cases, our processing of personal data is based upon our obligation to fulfil mandatory provisions in law, pursuant to 6(1) c GDPR, that require us to store certain information for the purposes of accounting.

4. TRANSFER AND SHARING OF PERSONAL DATA

We may also share personal data with third parties:

• Within the Orio group, in order to carry out our daily business and to the extent required to fulfil our obligations to you.

• When we are required to do so by law, e.g. to meet the demands of an authorised body or in conjunction with legal proceedings.

• When our trusted service-suppliers provide us with service on our behalf and in accordance with the instructions we have given them. We will always control and be responsible for the use of your personal data.

• If we are subject to a merger, an acquisition or a disposal of all or part of our assets.

• When we believe, in good faith, that it is necessary to share personal data to protect our rights, protect your security or the security of others, investigate fraud or respond to an enquiry from the state.

5. TRANSFER OF PERSONAL DATA OUTSIDE EU/EES

The information we collect from you is primarily stored within the EU/EES but may also be transferred and processed in a country outside the EU/EES. In the event of a transfer to a third-party country, we warrant that we take sufficient security measures in accordance with the GDPR. For example, we use a service supplier that stores data in the USA. This company is connected to Privacy Shield, which ensures that a company maintains an adequate level of protection for personal da-ta. You are welcome to contact is if you would like more information.

6. COOKIES

We use cookies and other similar technology on our websites. Cookies are small text files that are placed on your device to collect and save usable information, with the purpose of increasing the functionality of our website and to make it easier to use. We may also use cookies and other similar technology for statistical purposes to collate, anonymously, aggregated statistics concerning e.g. use of our website, which enables us to understand how a user uses the website and to improve the user experience.

You can set your web browser not to accept cookies, restrict the use of cookies or to remove cookies from your browser. But cookies are an important part of how our website works, which is why restricting cookies may affect the website’s functionality.

To read more about how we use cookies, please see our cookie policy.

7. STORAGE OF PERSONAL DATA

Your personal data will only be stored as long as it is necessary to fulfil the purposes defined in the Policy. You will find more detailed information about how long we store your data for each service at the end of this document.

8. YOUR RIGHTS

You have the right to access the personal data that we process regarding you. You have the right at any time to change, update and remove your personal data. You have the right to withdraw your consent at any time (Art. 13(2) point (c) GDPR). Please note, however, that certain information is necessary to be able to fulfil the purposes defined in this Policy and that may additionally be required under law. As a result of this, you cannot remove such personal data.

You have the right to object to certain processing, such as direct marketing and profiling. To the extent required under applicable data privacy legislation, you are entitled to restrict processing of personal data.

In certain cases, you have the right to have the processing of your personal data restricted. If you have the right to have the processing restricted, we may then only – with the exception for storage – continue to process your personal data with your consent or to determine, assert or defend a legal claim, or to protect another natural or legal person, or for reasons concerning important public interest.

You have the right to data portability, i.e. the right to receive your personal data in a structured, commonly-used and machine-readable format and to have these transferred to another data controller, to the extent required under applicable law.

Please send aforementioned request to use via the contact details in section 1 at the top of the Policy.

If you are not satisfied with the way we handle your personal data, you have the right to submit a complaint to a supervisory authority in the EU/EES. In Sweden the Swedish Data Protection Authority is the appropriate supervisory authority. You will find the contact details for the Swedish Data Protection on this link.

9. SECURITY

We maintain an appropriate level of security (comprising physical, electronic and administrative security) to protect personal data from loss, destruction, abuse and unlawful access or unlawful disclosure. For example, we restrict the personal data to authorised employees or consultants who need to know the information to perform their duties.

10. CHANGES TO THIS POLICY

We reserve the right to change this Policy. If we make any changes to this Policy, we will communicate this via our applications and websites, on which we will also keep the most recent version of this Policy available.

11. CONTACT US

If you have any questions concerning this Policy or the personal data we process regarding you, please contact us using the contact details in section 1 at the top of this Policy.