On this day, April 18, 2018, the following policy has been established for Connoisseur International AB, 556667 – 1037.
Purpose
We protect your privacy. You should feel secure when you entrust us with your personal data. That is why we have established this policy. The purpose of this policy is to ensure that Connoisseur International handles personal data in accordance with the EU's General Data Protection Regulation (GDPR). The policy covers all processing where personal data is handled and includes both structured and unstructured data.
This policy is firmly established among all our employees.
The purpose of this policy is to inform you about how we process your personal data, what we use it for, who has access to it and under what conditions, and how you can exercise your rights.
Terms and abbreviations
Concept Meaning
Personal data Personal data is any information that can be directly or indirectly attributed to a living natural person.
Registered person: The person to whom personal data relates, i.e., the natural person who can be directly or indirectly identified by the personal data in a register.
Personal data processing Any action or combination of actions concerning personal data, whether automated or not, such as collection, recording, organization, and structuring.
Background
We process your personal data primarily to fulfill our obligations to you. Our starting point is not to process more personal data than is necessary for the purpose of the processing.
We process your personal data to provide you with good service, for example in terms of marketing, follow-up, and information. We may also process your personal data to comply with laws and perform customer and market analyses.
You have the right to object to our use of personal data for direct marketing purposes. When we collect personal data about you for the first time, you will receive more information about this and how you can object to it.
What personal data do we process?
We only process personal data when we have a legal basis for doing so. We do not process personal data in any other circumstances than when it is necessary to fulfill obligations under agreements and the law. Here are some examples of the personal data we process:
- Name
- Address
- Email address
- Phone number
- Age
- Date of birth
- Gender
- Photographs
- Information that you registered yourself and provided voluntarily
- Content that you publish yourself, known as user-generated content
How do we access your personal data?
We obtain your consent before we start processing your personal data. We do this by asking you to fill in explicit consent clauses in cases where the processing is based on consent.
You have the right to withdraw your consent at any time. We will then no longer process your personal data or collect new data, provided that this is not necessary to fulfill our obligations under contract or law. Please note that withdrawing your consent may mean that we are unable to fulfill our obligations to you.
We also obtain access to your personal data in the following ways:
- Information you provide to us directly
- Information we obtain from public registers
- Information we receive when you sign up for newsletters and other mailings
- Information we receive when you respond to surveys and questionnaires
- Information we receive when you contact us, apply for a job with us, visit us, or otherwise get in touch with us
What information do we provide to you?
When we collect your personal data for the first time, we will inform you about how we have obtained the personal data, what we will use it for, what rights you have under data protection legislation, and how you can exercise those rights. You will also be informed about who is responsible for the processing of personal data and how you can contact us if you have any questions or need to submit a request or inquiry regarding your personal data and/or rights.
Is your personal data being handled securely?
We ensure that your personal data is handled securely. We ensure that only employees and other persons within the organisation who need the personal data to perform their duties have access to it.
When it comes to sensitive personal data, we have established special access controls, which means greater protection for your personal data, such as food allergies.
Our IT systems are developed with your privacy in mind and protect your personal data against intrusion, destruction, and other changes that could pose a risk to your privacy.
We do not transfer personal data in cases other than those expressly stated in this policy or in the terms and conditions for the respective membership/subscription.
When do we disclose your personal data?
Our starting point is not to disclose your personal data to third parties unless you have consented to this or unless it is necessary to fulfill our obligations under contract or law. In cases where we disclose personal data to third parties, we establish confidentiality agreements and ensure that the personal data is processed in a secure manner.
Responsibility
Connoisseur International is the data controller, which means that we are responsible for how your personal data is processed and that your rights are upheld.
The CEO has overall responsibility for the content of this policy and for ensuring that it is implemented and complied with by the business. The CEO may delegate responsibility and implementation to a suitable person within the company. The CEO has delegated implementation of this policy to Erik Leander, Administrative Manager.
All employees are responsible for acting in accordance with this policy and what it aims to ensure.
Any incidents involving personal data that we process must be reported without delay to Erik Leander at info@connoisseurint.se. Erik Leander must report the incident to the Swedish Data Protection Authority without undue delay and within 72 hours at the latest, and otherwise take the necessary measures in response to the incident.
Our requirements that personal data be handled in accordance with the GDPR must always be ensured in the procurement and development of IT solutions and services, and must be included in the requirements specification and any agreements.