On this day, 2018-04-18, the following policy has been established for Connoisseur International AB, 556667 - 1037

Purpose

We care about your privacy. We want you to feel safe when you entrust us with your personal data. That's why we've created this policy. The purpose of this policy is to ensure that Connoisseur International handles personal data in accordance with the EU General Data Protection Regulation (GDPR). The policy covers all processing operations where personal data is handled and includes both structured and unstructured data.

This policy is embedded in all our employees.

The purpose of this policy is to let you know how we process your personal data, what we use it for, who can access it and under what conditions, and how you can exercise your rights.

Concepts and abbreviations

Concepts Meaning

Personal data Personal data is any information that can be directly or indirectly attributed to a natural person who is alive.

Data subject The person to whom a personal data item relates, i.e. the natural person who can be identified, directly or indirectly, by the personal data contained in a register.

Personal data processing An operation or combination of operations on personal data - whether or not carried out by automated means - such as collection, recording, organisation and structuring.

Background

We process your personal data primarily to fulfil our obligations to you. Our policy is not to process more personal data than is necessary for the purpose of the processing.

We process your personal data in order to provide you with good service, for example in terms of marketing, follow-up and information. We may also process your personal data to comply with laws and perform customer and market analysis.

You have the right to object to our use of personal data for direct marketing purposes. When we collect personal data about you for the first time, we will provide you with more information about this and how you can object.

What personal data do we process?

We only process personal data when we have a legal basis. We do not process personal data other than when it is needed to fulfil obligations under contract and law. The following are examples of the personal data we process:

  • Name
  • Address
  • E-mail address
  • Telephone number
  • Age
  • Date of birth
  • Sex
  • Photographs
  • Data that you registered voluntarily and voluntarily provide
  • Content that you publish yourself, so-called user-generated content
How do we access your personal data?

We obtain your consent before we start processing your personal data. We do this by having you fill in explicit consent clauses where processing is based on consent.

You have the right to withdraw your consent at any time. We will then no longer process your personal data or obtain new ones, provided that it is not necessary for the performance of our obligations under the contract or by law. Please note that withdrawing consent may mean that we cannot fulfil our obligations to you.

We may also access your personal data in the following ways:

  • Data you provide to us directly
  • Data we obtain from public registers
  • Information we receive when you sign up for newsletters and other mailings
  • Information we receive when you respond to surveys and polls
  • Information we receive when you contact us, apply for employment with us, visit us or otherwise make contact with us
What information do we give you?

When we collect your personal data for the first time, we will inform you about how we have collected the personal data, what we will use it for, what rights you have under data protection law and how you can exercise them. You will also be informed of who is responsible for the processing of your personal data and how you can contact us if you have any questions or need to make a request or enquiry relating to your personal data and/or rights.

Is your personal data processed in a secure manner?

We ensure that your personal data is handled in a secure manner. We ensure that only employees and other persons within the organisation who need the personal data to perform their duties have access to it.

In the case of sensitive personal data, we have put in place specific access controls, which provide a higher level of protection for your personal data, such as food allergies.

Our IT systems are designed with your privacy in mind and protect your personal data against intrusion, destruction and other changes that may put your privacy at risk.

We do not transfer personal data in cases other than those explicitly stated in this policy or in the terms and conditions of the respective membership/subscription.

When do we disclose your personal data?

Our policy is not to disclose your personal data to third parties unless you have consented to it or it is necessary for the performance of our obligations under the contract or by law. Where we do disclose personal data to third parties, we will draw up confidentiality agreements and ensure that personal data is processed in a secure manner.

Responsibility

Connoisseur International is a data controller, which means that we are responsible for how your personal data is processed and that your rights are safeguarded.

The CEO has overall responsibility for the content of this policy and for ensuring that it is implemented and complied with by the business. The CEO may delegate responsibility and implementation to the appropriate person within the company. The CEO has delegated the implementation of this policy to Erik Leander Administrative Manager.

All employees are responsible for acting in accordance with this policy and what it seeks to ensure.

Any incidents concerning personal data that we process should be reported without delay to Erik Leander at info@connoisseurint.se. Erik Leander shall, without undue delay and at the latest within 72 hours, notify the incident to the Swedish Data Protection Authority and otherwise take the necessary measures as a result of the incident.

Our requirements that personal data is handled in accordance with the GDPR must always be ensured when procuring and developing IT solutions and services, and must be part of the requirements specification and any contract.