×

Privacy Policy

This privacy policy was adopted by Curity AB on May 23, 2018.


Why do we have a privacy policy?

Curity AB (“Curity” or “we”) cares about your privacy. Therefore, we always strive to protect your personal data in the best possible way and to comply with all applicable laws and regulations for the protection of personal data.

The purpose of this privacy policy is to inform you about how we process your personal data as the representative of a company that we are interacting with.

Who is responsible for the processing of your personal data?

Curity AB, with Swedish company registration number 559017-0196, is responsible for the processing of your personal data (the controller) when Curity is processing the data for its own purposes.

If you want to contact us regarding our processing of your personal data or exercise any of your rights as described below, please contact us at dataprotection@curity.io or give us a call at [+46 8-410 737 70]. Our postal address is [Box 133, 447 23 Vårgårda, Sweden].


How and why do we process your personal data?

We conduct all our processing of your personal data for the following overall purposes (the “Services”):

  • Customer relationship management
  • Support our customer's use of our product
  • Administrate your account on our developer portal
  • Communicate news and updates to you by sending you our newsletters

Transparency

Our aim is to be as transparent as possible regarding how and why we process your personal data. In the tables below, we inform you about why we process your personal data (the purposes of processing), what personal data we process, our legal basis for processing your personal data and how long we process your personal data for each purpose.

For purposes of customer relationship management

For what purposes do we process your personal data?What personal data do we process?What is our legal basis for processing your personal data?How long do we process your personal data?
To enter into an agreement between the company you represent and Curity.Your name, phone number and e-mail address.Our legal basis is our legitimate interest to get in contact with you as the representative of a potential customer to Curity for the purpose of being able to enter an agreement between the company you represent and Curity, which in our assessment outweighs your interest of not having your personal data processed.Until the process to enter into an agreement is completed
To contact you as the representative of our customer during the duration of the agreement we have entered with the company you represent.Your name, phone number and e-mail address.Our legal basis is our legitimate interest to get in contact with you as the representative of our customer for the purpose of being able to communicate with the company you represent, which in our assessment outweighs your interest of not having your personal data processed.Until the agreement with the company that you represents has ended, or until you or the customer gives us new contact details to another person.
To name you as reference on invoices to our customer if this is required by the customer (the company you represent).Your name.Our legal basis is our legitimate interest to name you as reference when Curity is invoicing the company you represent, which in our assessment outweighs your interest of not having your personal data processed.Your personal data will be stored and otherwise processed, in accordance with the Swedish Accounting Act, for a period of seven (7) years.
To contact you as the representative of a former customer by e-mail and/or phone to try to re-initiate a customer relationship with the former customer.Your name, phone number and e-mail address.Our legal basis is our legitimate interest to get in contact with you for the purpose of re- initiating a customer relationship with you and your company, which in our opinion outweighs your interest of not having your personal data processed.Your personal data will be processed for a maximum of two (2) years after the customer relationship and our agreement with you has ended.

For you who have been appointed by our customer as a support person

For what purposes do we process your personal data?What personal data do we process?What is our legal basis for processing your personal data?How long do we process your personal data?
To verify you as an support person for the company you represent in case of a support errand.Your name and contact details.Our legal basis is our legitimate interest to verify you as an support person for the company you represent, which in our assessment outweighs your interest of not having your personal data processed.For as long as you remain in the role as your company's support person.
To administrate support errands that you as an support person has reported to us.Your name and contact details.Our legal basis is our legitimate interest of being able to administrate support errands for the company that you represent, that you as an support person has reported to us, which [in our opinion] outweighs your interest of not having your personal data processed.For as long as you remain in the role as your company's support person.

To administrate your account on our developer portal

For what purposes do we process your personal data?What personal data do we process?What is our legal basis for processing your personal data?How long do we process your personal data?
To create your account when you register an account on our developer portal or ask us to do so.Your name and e- mail address.The processing is necessary for the performance of the contract with you.Until your account has been created.
To enable you access to the developer portal, including access to download the latest releases, read documentation and get support.Your name and e- mail address. To download a trial license also your company name and phone number.The processing is necessary for the performance of the contract with you.Until you request us to delete your account.
To reset your password in case you have forgotten it.Your e-mail address.The processing is necessary for the performance of the contract with you.Until your password is reset.

To communicate news and updates

For what purposes do we process your personal data?What personal data do we process?What is our legal basis for processing your personal data?How long do we process your personal data?
To send newsletters and relevant offers to you in the role of your profession.Your e-mail address.Our legal basis for sending you newsletters and relevant offers is your given consent to receive such information.Until you unsubscribe to our newsletter.

What happens if you do not provide us the requested information?

Information about your name and e-mail address is necessary for the performance of the contract with you when you sign up for an account on our developer portal. If you do not provide the requested information, we will not be able to create or administrate your account on our developer portal. Nor will we be able to reset your password to your developer account.


Who, other than us, may get access to your personal data?

In order to fulfill our services or to administrate your account on our development portal, we may share your personal data outside of Curity. We will also share your personal data with our selected internal and external IT suppliers and any other suppliers, however limited to the extent necessary to fulfill their obligations towards Curity. All of our suppliers, sponsors and partners will before they receive your personal data consent to being compliant with the GDPR regulations.


Do we transfer your personal data outside of the EU/EEA?

When transferring your personal data outside of the EU/EEA, Curity will ensure this is done in accordance with applicable data protection laws and regulations. This means we will only transfer your personal data outside of the EU/EEA where there is a legal basis for doing this.

Curity may transfer your personal data to the USA. If you have signed up to receive our newsletter, Curity will share your e-mail address with our Privacy Shield certified processor as part of our process for sending you your newsletter. According to a decision adopted by the European Commission, personal data may be transferred to a recipient in the USA provided that the recipient is Privacy Shield certified. Privacy Shield is an agreement between the EU and the USA, which rationale is to protect the fundamental rights of Europeans and to ensure legal certainty for businesses transferring personal data to the USA. American companies are able to sign up to be Privacy Shield certified with the U.S. Department of Commerce who will then verify that their privacy policies comply with the high data protection standards required by the Privacy Shield.


What possibilities do you have to affect our processing of your personal data?

As follows by the data protection legislation, you are entitled to a variety or rights regarding our processing of your personal data. In case you wish to exercise any of your rights, please contact us at dataprotection@curity.io.

Right to withdraw consent

At any given time, you have a right to, wholly or partly, withdraw a given consent for the processing of your personal data when the legal basis for our processing is your consent. Your withdrawal will have no effect on our processing of your personal data for the period prior to the withdrawal took place.

Right to access

In accordance with applicable data protection legislation, you have a right to access. This means that you have the right to obtain confirmation as to whether or not we are processing personal data concerning you and, where this is the case, access to the personal data in accordance with applicable data protection legislation.

Right to rectification

You have, without undue delay, a right to obtain rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you also have a right to have incomplete personal data completed, including by means of providing a supplementary statement.

Right to erasure (“the right to be forgotten”)

Under certain circumstances, you have a right to request that personal data concerning you be erased. This is the case where:

  • The personal data is no longer necessary for the purposes for which they were collected or otherwise processed;
  • You withdraw your consent on which the processing is based on and where there is no other legal ground for continuance of the processing;
  • You object to the processing, the legal basis is our legitimate interest, and there exists no legitimate grounds that overrides your interest of not having your personal data processed;
  • The personal data have been unlawfully processed;
  • The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which Curity is subject to; or
  • The personal data have been collected in relation to the offer of information society services.

Curity will erase your personal data upon request unless we have the right to keep the personal data in accordance with the applicable data protection legislation.

Right to restriction of processing

You have a right to request that Curity restrict its processing of your personal data where one of the following circumstances applies:

  • The accuracy of the personal data is contested by you (for a period enabling Curity to verify the accuracy of the personal data);
  • The processing is unlawful and you oppose the erasure of the personal data and instead requests restriction of its use;
  • You are in need of the personal data for the establishment, exercise or defense of legal claims despite Curity no longer having need for the personal data for the purposes which they were collected or otherwise processed; or
  • You have objected to processing pending the verification whether Curity's legitimate grounds override your legitimate grounds for not having your personal data processed.

Right to object

You have a right to object to the processing of your personal data, which has its basis in a legitimate interest of ours. You also have a right to, at any time, object to our processing for marketing purposes.

Right to lodge a complaint to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the EU/EEA member state of your habitual residence, place of work or of an alleged infringement of the General Data Protection Regulation. In Sweden, the supervisory authority is The Swedish Data Protection Authority.

Right to data portability

You are entitled to receive personal data concerning you that you have provided us in a structured commonly used, machine-readable and interoperable format, and to transmit the personal data to another controller (data portability). This right will apply when:

  • The processing is based on consent or on a contract; and
  • The processing is carried out by automated means.

In exercising your right to data portability, you have the right to have personal data transmitted directly from Curity to another controller, where technically feasible.