1. General
The protection of your personal privacy is crucial for Heatit Controls AB and we therefore aspire to the highest possible standard for data protection. We process personal data in accordance with the European Data Protection Regulation (EU) 2016/679 and other applicable laws and regulations on data protection.This Privacy Policy provides details on how Heatit Controls AB collect and use personal information. The policy also describes what rights customers have and how they may exercise their rights.
2. Personal data controller
Heatit Controls AB (organization number 559108-9866), Läkarvägen 4, 454 31 BRASTAD, SWEDEN, is responsible for the personal data processing described in this policy.
3. Use of personal information
The following areas are used when gathering, storing and using personal data:
3.1 Order and Purchases
Purpose
To be able to handle orders/purchases
Treatments performed
Categories of personal data
Legal basis: Completion of the purchase agreement. This collection of your personal data is required in order for us to be able to fulfill our obligations under the purchase agreement. If the information is not provided, no purchase agreement can be entered into.
Storage time: Until the purchase is completed (including delivery and payment) and for an additional period of 36 months in order to be able to handle any claims and warranty cases[PHG1] [PHG2] .
We may, in exceptional cases, process the information longer than the above stated period if it is necessary for the purpose of determining, claiming or defending legal claims. Such treatment is based on Heatit Controls ABs legitimate interest.
3.2 Legal Obligations
Purpose
In order to fulfill Heatit Controls ABs legal obligations.
Treatments performed
Necessary handling for fulfilling our legal obligations according to legal requirements, court decisions or other authority's decisions (eg. the Accounting Act, the Money Laundering Act or the rules on product liability and product safety which may require the preparation of communication and information to the public and customers about product alarms and product recalls at, for example, a defective or hazardous product).
Legal basis: Legal obligation. This storage of collected personal data is required by law.
Storage time: Until the purchase is completed (including delivery and payment) and for the additional time required by the current legislation[PHG3] .
We may, in exceptional cases, process the information longer than the above stated period if it is necessary for the purpose of determining, claiming or defending legal claims. Such treatment is based on Heatit Controls ABs legitimate interest.
3.4 Customer Service
Purpose
To be able to handle customer service issues.
Treatments performed
Legal basis: legitimate interest. The treatment is necessary to satisfy our interest in being able to handle customer service issues.
Storage period: Until the customer service case has been completed and for an additional period of up to 12 months.
We may, in exceptional cases, process the information longer than the above stated period if it is necessary for the purpose of determining, claiming or defending legal claims. Such treatment is based on Heatit Controls ABs legitimate interest.
3.5 Abuse and Crime Prevention
Purpose
In order to prevent abuse of a service or to prevent, prevent and investigate crimes against us.
Treatments performed
Legal basis: Compliance with legal obligation (if any) or legitimate interest. If there is no legal obligation, the processing is necessary to meet our legitimate interest in preventing abuse of a service or in preventing and investigating crimes against us.
Storage time: From collection and for a period of 12 months thereafter. If the treatment is due to a legal obligation, the data is stored for the time required by the current legislation.
We may, in exceptional cases, process the information longer than the above stated period if it is necessary for the purpose of determining, claiming or defending legal claims. Such treatment is based on Heatit Controls ABs legitimate interest.
3.6 Marketing Purposes
Purpose
Marketing
Treatments performed
Legal basis: legitimate interest. We have a legitimate interest in marketing our offerings and goods and building and maintaining good relations with our customers.
Storage time: Data is stored for marketing purposes for up to 12 months after the last mailing or the termination of the customer relationship.
We may, in exceptional cases, process the information longer than the above stated period if it is necessary for the purpose of determining, claiming or defending legal claims. Such treatment is based on Heatit Controls AB legitimate interest.
3.7 User- and Customer Account Management
Purpose
To provide an account with Heatit Controls AB.
Treatments performed
Legal basis: legitimate interest. We have a legitimate interest in giving you access to your customer information, offering some functionality and overview of your customer history.
Storage time: Information is stored for marketing purposes for up to [24 months after the last login] or until you have chosen to delete your profile on your account with us.
We may, in exceptional cases, process the information longer than the above stated period if it is necessary for the purpose of determining, claiming or defending legal claims. Such treatment is based on Heatit Controls ABs legitimate interest.
3.8 Evaluation and Development of Services
Purpose
To be able to evaluate, develop and improve our services, products and systems for the customer collective in general.
Treatments performed
Legal basis: legitimate interest. The handling is necessary to satisfy our legitimate interest in evaluating, developing and improving our services, products and systems.
Storage time: From collection and for a period of up to 12 months thereafter.
We may, in exceptional cases, process the information longer than the above stated period if it is necessary for the purpose of determining, claiming or defending legal claims. Such treatment is based on Heatit Controls ABs legitimate interest.
4. From which sources are your personal data collected
In addition to the information that you provide to us, or which we collect from you as a result of correspondence, telephone calls, e-mail and other forms of communication between you and us, we may also collect personal data from someone else, so-called Third Party. The personal data we collect from such third parties is as follows:
5. Disclosure of your personal data
5.1. In connection with any of the purposes described in section 3. "How we use your personal data" we may disclose information about you to:
5.2. The main rule for all personal data processing carried out by Heatit Controls AB is that it must take place in the EU / EEA area. We may transfer your personal data to countries outside the EU / EEA area when.
Note! Heatit Controls AB does not sell nor distribute products to either the United States or Canada.
Because of this the potential for exchange- or export of data are very limited:
6. Google-services
Our website, www.heatit.com, uses Google services like Google Analytics etc.
Google uses the collected personal information to track and investigate the use of www.heatit.com, to produce reports on the activity on the website, to target marketing, and to share the information with other Google services. Google may use the collected personal information in accordance with Google's own privacy policy found here: https://policies.google.com/technologies/partner-sites?hl=en
7. The protection of your personal data
In order to protect your personal data and to keep the protection updated and effective, we have taken a number of measures. These measures include:
8. Your rights
9.1. You have different rights related to the processing of your personal data. Your rights under the Data Protection Regulation are as follows:
8.2 The right to access
You have the right to access to the personal information about you that we process (so-called transcript). Please note that we may ask for additional information to ensure efficient handling of your request and that the information is provided to the right person.
8.3 The right to supplement
If your personal data is incorrect, you can have them corrected. You may also have the right to supplement any incomplete information.
8.4 The Right to Erase
You can request erasure of the personal information we possess if:
8.5 Prevention of Erasure
We may be prevented from deleting certain personal data due to requirements according to e.g. accounting or consumer law. It may also happen that the treatment is necessary for us to be able to determine, assert or defend legal claims. Should we be prevented from meeting a request for erasure, you have the opportunity to request that the personal data be blocked from being able to be used for purposes other than for which they must be saved.
8.6 The right to limitation
In some situations, you have the right to request that we limit our processing of your personal data. If the treatment is to be limited, we may only, in addition to the actual storage, process the data in order to establish, enforce or defend legal claims.
8.7 Oppose legitimate interest
You always have the right to avoid direct marketing and to object to the processing of personal data based on a balance of interests. In order to process your personal data after such an objection, we need to be able to show a justified reason for the current treatment that weighs heavier than your interests, rights or freedoms. Otherwise, we may only process the data to determine, exercise or defend a legal claim.
8.8 The right to data portability
If our processing of your personal data is based on your consent or on the fulfillment of an agreement with you, you have the right to request that the information that concerns you and which you have submitted to us transferred to another data controller (so-called data portability). One prerequisite for data portability is that the transmission is technically possible and can be done in an automated way.
9. Competent Authority
10.1. If you are dissatisfied with our processing of your personal data, you are always able to contact the Data Inspectorate at https://www.datainspektionen.se/other-lang/in-english/ in Sweden or Datailsynet in Norway https://www.datatilsynet.no/en/
More information may be found here: https://ec.europa.eu/info/law/law-topic/data-protection/reform/rules-business-and-organisations_en