I. PERSONAL DATA AND HOW WE PROCESS IT
Why do we process your personal data?
PEPICON processes your personal data for a variety of purposes. We mainly process your personal data for the purpose of providing and administering our Services, managing User relations, complying with legal obligations, for tax and accounting purposes, improving the Services, as well as for communicating with you by sending information, direct marketing or market research. PEPICON may also disclose personal data to our partners to fulfill our obligations towards you. Social security numbers are registered when registering an account at the PEPICON Platform in order for us to obtain a secure identification of you as a customer.
We process personal data when necessary to provide our Services and fulfill our obligations towards you, in accordance with the Terms of Service, applicable legislation, to send out newsletters and other communication and otherwise when there is a legitimate interest for us to process your personal data. If we process your personal data for any specific purpose which requires your consent under the GDPR, or any other data protection legislation, we will obtain your consent in advance. [The processing of your personal data is necessary for example]
a) To execute an agreement to which you are a party or to take action at the request of you prior to conclusion of such an agreement;
b) To fulfill legal obligations, such as preventing fraud and similar crime in transactions;
c) For purposes relating to our legitimate interest. The legitimate interest of PEPICON is to conduct direct marketing of its Services and products; and
d) To fulfill obligations to the customer and to offer services that have been done by consent.
What kind of personal data do we collect?
Personal data refers to information which, directly or indirectly, may be associated with a living natural person. PEPICON processes such personal data as is necessary for us to offer you our Services, such as your name, email address, telephone number, home address, social security number, bank details. We have collected the personal data that PEPICON processes directly from you, the registered person, for example when you registered a user account on behalf of yourself or an entity on PEPICON Platform. We may also obtain information on how to use our website through cookies.
PEPICON always strives to process as limited amount of your personal data as possible based on the purpose of the processing.
With whom is your personal data shared?
Personal data will always be processed confidentially and protected by appropriate security measures. Your personal data will only be disclosed to the extent that it is relevant to the purpose of the processing. PEPICON employs data processors to perform certain tasks, such as, for example, operating and supporting the IT environment, archiving, and for e-mailing. This means that the data processors also may receive access to certain information about you as a registered person. However, these parties may not process your personal data for any other purposes other than those the personal data initially was collected. We ensure that companies that manage personal data on our behalf, use a high level of security measures in order to protect your personal data.
Your personal data may be processed in a country outside Sweden or the EU/EEA (“third country”) in case a data processor has a part of its activities located in a third country. If PEPICON transfers your personal data to a data processor in a third country, PEPICON will take appropriate safeguards and ensure that the transferred data is handled in accordance with applicable law. PEPICON undersigned agreements with the data processor, containing clauses approved by the European Commission regarding data protection, in order to ensure that they meet the necessary level of data protection.
Personal data may also be disclosed if necessary, to comply with applicable law or regulatory requirements, to safeguard PEPICON’s legal interests, or to detect, prevent or alert fraud and other security or technical issues.
How long do we store your personal data?
Your personal data will only be retained for as long as there is a need to preserve it in order to fulfill the purposes for which the data was collected, and in accordance with current legislation and relevant guidelines to which our business is subject. PEPICON may save the data longer if it is necessary to comply with legal requirements or to monitor legal interests, for example if a legal process is in progress.
By terminating your account with PEPICON, your personal data will be deleted or unidentified in accordance with our procedures, except such information PEPICON is required by law to preserve.
Personal data is thinned/pseudonymized/de-personalized when the data is no longer to be retained in accordance with current legislation. [PEPICON uses professional services in order to [destroy physical documents and] manage digital information. The professional service providers ensure integrity and confidentiality of information contained in any physical documents and digital information and are specialised in accommodating our needs for digital integrity and confidentiality.]
II. YOUR RIGHTS
As a data subject, you have certain rights as regards your personal data. The rights are however not absolute, meaning that there are exceptions to some of the rights where we cannot proceed and fulfil your request.
As a data subject, you have the following rights:
a) Right to withdraw your consent – meaning that you have the right to withdraw your consent where PEPICON process your personal data based on consent;
b) Right to access – meaning that you have the right to request a confirmation of our processing of your personal data, to receive information about the processing, access to the personal data in question, and the right to obtain a copy of your personal data;
c) Right to rectification – meaning that you have the right to have any incorrect personal data about you as a data subject corrected by us;
d) Right to erasure – meaning that you have the right have your personal data erased under certain circumstances (such as if there no longer is a legitimate purpose for our processing of your personal data);
e) Right to object – meaning that you have the right to object to PEPICON’s processing of your personal data in certain specific cases;
f) Right to restricted processing – meaning that you have the right to have PEPICON restrict the processing of your personal data, but not delete it; and g) Right to data portability – meaning that you may request PEPICON to transfer your personal data to another data controller.
If you believe that the processing of your personal data is contrary to the General Data Protection Regulation, then you have the right to file a complaint with the Swedish Data Protection Authority (Sw. Datainspektionen).
III. LINKS TO THIRD PARTY SITES
IV. CONTACT DETAILS