Version 1.0 190628
1.2 Itiden is the Personal Data controller for the processing of the User's Personal Data (see definition under section 2 below) which is registered with Itiden via the User's user account in the Mobile Application, or which Itiden collects directly from the User or any third party.
1.4 By using the Mobile Application and the Website (together hereinafter referred to as the "Services"), the User agrees to Itiden’s processing of the User's Personal Data, where the processing is needed for Itiden to provide the Services to the User. If the User does not provide the required information or explicit consent when needed, the User may not be able to access the Services or part of the Services.
2 PERSONAL DATA TREATMENT, OBJECTIVES AND LEGAL BASIS
2.1 Personal Data refers to a any information that can be attributed to an identified or identifiable living individual. Different pieces of information, which collected together can lead to the identification of a particular person, also constitute Personal Data.
2.2 The purpose of processing the Personal Data is to enable Itiden to offer the Services in full, provide information about the Services and market the Services. Itiden collects and processes the User's Personal Data only to the extent it is necessary to provide the Services to the User.
2.3 The collection and processing of the User's Personal Data is conducted solely with the User's consent or on the premise of an existing agreement or legal obligation, e.g. when Itiden must save the data according to accounting rules. Exceptions are made for cases where a prior consent is not possible for practical reasons, the processing of the data is permitted by law, and Itiden has a legitimate interest in processing the Personal Data, e.g. for marketing, follow-up of the Services, or for exercising or defending Itiden against legal claims, according to a so called balance of interests.
2.4 Any Personal Data that Itiden processes in connection with the registration of the User’s user account in the Mobile Application or the use of the Mobile Application is referred to below as "Registration Data".
2.5 Itiden processes the Registration Data to administer the User's user account in the Mobile Application and to be able to offer the Services to the User. The legal basis for the processing is Itiden's contractual relationship with the User in accordance with Itiden’s General Terms and Conditions for the Mobile Application, which can be found here [insert link].
2.6 When a User contacts Itiden via Itiden's support service, provided through an encrypted email system, Itiden saves the Personal Data that Itiden needs to be able to provide the support service as part of the Services, administer support and complaint cases and be able to contact the User. In addition to Registration Data, Itiden may process Personal Data relating to case/ticket numbers. The legal basis for the treatment is Itiden's contractual relationship with the User in accordance with Itiden’s General Terms and Conditions for the Mobile Application.
2.7 Itiden processes the User’s Registration Data for direct contact with the User via email, in order to conduct user surveys or to deliver updated user terms, newsletters etc. The legal basis for the processing is a so called balance of interests.
2.8 Itiden may process the Registration Data to fulfill its legal obligations based on legal requirements, judgments or decisions by authorities etc. In such cases, the legal basis for the processing is Itiden’s legal obligation.
3 SENSITIVE PERSONAL DATA
3.1 Itiden does not process any User sensitive Personal Data.
3.2 Sensitive Personal Data refers to data which reveals a User’s ethnic origin, political opinions, religious beliefs or membership of the trade union, as well as Personal Data relating to health or sex life.
4 SHARING OF PERSONAL DATA TO THIRD PARTIES
5 STORING OF PERSONAL DATA
5.1 The Services have been developed by Itiden and Itiden owns and controls the Services. The User's Personal Data is stored in Itiden's own database, which is linked to the Services, but may also be stored stored locally on the mobile device that the User uses to access the Services. The database is stored on an external server provided by Itiden's Personal Data assistant in the EU/EEA.
5.2 The User's Personal Data will not be stored for any longer than necessary, with regards to the purpose of the processing and taking into account Itiden’s eventual legal obligations regarding to accounting regulations etc. If certain Registration Data is not provided, Itiden’s legal obligations cannot be fulfilled and Itiden can therefore be forced to deny the User access to the Services.
5.3 Itiden regularly deletes all Personal Data which is no longer needed with regards to the purpose of the processing, in accordance with the relevant laws and regulations in force at any time.
6 TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES
Itiden will not transfer Personal Data to third countries (i.e. countries outside the EU/EEA). Should Itiden need to do so in the future, inter alia due to Itiden choosing a digital service provider based in a third country, Itiden will only transfer Personal Data if the third country has an adequate level of protection according to applicable privacy laws and regulations.
9 THE RIGHT TO REQUEST INFORMATION
9.1 The User has a right to request and obtain, free of charge, information regarding what Personal Data (if any) that is being processed by Itiden, a so called register extract. The User also has the right have any incorrect Personal Data corrected. If the User wishes to know if Itiden processes any Personal Data about the User, he or she can send a written and signed request to Itiden in accordance with section 18 below. In the request, the User needs to indicate specifically what kind of information the User is interested in receiving (unless the User is interested in receiving information about all Personal Data). That way, Itiden can provide the User with information that is relevant. If the User repeatedly sends requests for an extract from the register, Itiden may charge a fee or, in some cases, in accordance with statutory law, refuse to comply with the request.
9.2 The extract from the register will be sent to the User within 30 days from the time Itiden received the request. If the extract is extensive and Itiden needs more time or if Itiden for some reason cannot comply with the User’s request, Itiden will without undue delay notify the User thereof.
10 THE RIGHT TO RECTIFICATION
10.1 In order to fulfill its obligations to always have accurate and relevant Personal Data, Itiden systematically works with its registers and updates Personal Data where necessary. If the User notices that the Personal Data Itiden processes is incorrect or if Itiden lacks important Personal Data, the User has the right to have their Personal Data corrected. Itiden normally performs simple data corrections without consideration, but in some cases Itiden may need to consider the User's request. Itiden will not approve the User's request if it is impossible or requires an unreasonable amount of work. Upon a request by the User, Itiden will inform the User about whom the correction has been submitted to.
10.2 In the event that the User's Personal Data is changed at the User's request, Itiden will inform any subcontractors and partners that processes the Personal Data about the change.
11 THE RIGHT TO ERASURE
11.1 The User has the right to request that Itiden erases the User's Personal Data when:
- they are no longer needed for the purposes for which they have been collected and for which they are being processed;
- Itiden processes Personal Data under the User's consent and the User withdraws said consent;
- Itiden processes Personal Data for direct marketing and the User opposes the continued processing for this purpose;
- Itiden processes Personal Data on the legal basis of a balance of interests and there are no legitimate interests that weigh heavier than the User's interest;
- Itiden does not process Personal Data in accordance with applicable rules;
- It is required that Personal Data is erased in order to fulfill a legal obligation; or
- there is another relevant legal basis for the Users request to erase the Personal Data.
11.2 Itiden has the right to refrain from erasing the User's Personal Data if Itiden needs to retain these in order to fulfill a legal obligation or to be able to make legal claims against the User or in defense against legal claims from the User.
11.3 When Itiden receives the User’s request regarding erasure, Itiden will conduct an assessment in order to evaluate if there are reasons to erase the User’s Personal Data. The User will then be informed about Itiden’s assessment. If the User’s Personal Data are erased at the User’s request, Itiden will inform potential suppliers and third party partners to which Personal Data has been transferred that the Personal Data has been erased. However, Itiden will not do this if it is impossible or requires an extensive amount of work.
12 THE RIGHT TO RESTRICTION OF PROCESSING
12.1 The User has the right to request the restriction of Itiden’s processing of the User's Personal Data when:
- the User has disputed the accuracy of the Personal Data, during the time Itiden has the opportunity to check whether the Personal Data are correct;
- the processing is illegal, and the User opposes that the Personal Data is deleted and instead requests a limitation of its processing;
- Itiden no longer needs the Personal Data for the purposes of the processing, but the User needs the Personal Data to be able to determine, enforce or defend legal claims; or
- the User has objected to processing in accordance with section 14 below, when awaiting information of the legitimacy of whether Itiden’s interests weigh heavier in relation to the interests of the User.
12.2 Restriction of processing implies that the Personal Data will be marked, so that they in the future may only be processed for certain limited purposes.
13 DELETION OF PERSONAL DATA
13.1 The Personal Data will not be retained for any longer than is necessary with regard to the purposes of the processing, and Itiden will otherwise delete Personal Data in the manner that follows from applicable legislation, where an examination is made on a case-by-case basis when different types of Personal Data should be culled.
13.2 If the User chooses to deactivate his or her user account, the User’s Registration Data will be deleted or de-identified no later than 30 days from the deactivation of the User account. This is provided that the Personal Data is not required to be saved in the future in order for Itiden to fulfill its legal obligations or to be able to exercise its legal claims.
14 THE RIGHT TO WITHDRAW CONSENT AND OBJECT TO PROCESSING
14.1 The User has the right to object to Itiden's processing of the User's Personal Data which Itiden conducts with the support of so called balancing of interests according to law. If the User wishes to exercise this right, the User needs to specify in writing which processing the User objects to. In the event of such an objection, Itiden may only continue to process the User’s Personal Data if Itiden can show that there are compelling, entitling reasons for why the Personal Data must be processed, and provided such reasons weigh heavier than the User's interests.
14.2 If the User's Personal Data is processed for direct marketing, the User always has the right to object to the processing at any time.
15 THE RIGHT TO DATA PORTABILITY
If the User has provided his or her Personal Data to Itiden, the User may, in some cases, be entitled to extract his or her Personal Data in order to, for example, move them to another company. In order for the User to be able to use his or her right to so called data portability, the User's request must relate to Personal Data that the User himself/herself has provided to Itiden and which Itiden processes with the consent of the User or to fulfill an agreement with the User. The right to data portability does not apply when Itiden's processing of the User's Personal Data is based on a balance of interests or a legal obligation for Itiden. The right to data portability does not apply when data portability is technically difficult to implement.
16 THE RIGHT TO COMPLAIN
In the event that the User has complaints or objections in connection with Itiden's Processing of the User's Personal Data, Itiden kindly asks the User to initially contact Itiden, so that Itiden can help the User in the best way possible. However, the User always has the right to submit his or her complaints directly to the Swedish Data Protection Authority (Datainspektionen).
Itiden undertakes all appropriate technical and organizational security measures, that are required in accordance with applicable regulatory frameworks governing the processing of Personal Data, to ensure a high level of security appropriate to the risks and to protect the Personal Data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to processed Personal Data.
18 CONTACT INFORMATION
18.1 If the User wishes to exercise his or her rights under these Terms, a request shall be made in written form and sent to Itiden by email to firstname.lastname@example.org. Since it is important that Itiden does not disclose the User's Personal Data to anyone but the User, the request must be made in writing, signed by the User, scanned and sent by email to Itiden. To the request, the User shall also attach a copy of a valid ID document, i.e. passport or driving license.
18.2 If the User has any questions about this policy or Itiden's Personal Data processing, the User can contact Itiden by email to email@example.com.