GleSYS protects your privacy and security. Our privacy policy explains how we collect and use your personal data in our business, as well as your rights with respect to us.

The controller is GleSYS AB, org. no. 556647-9241, ("GleSYS", "we", "us" or "our"). The way in which we process your personal data varies depending on whether you are a customer or a customer’s representative (e.g. using our services), a potential customer or the representative of a potential customer, the representative of a supplier or a business partner, or whether you are visiting our website, shopping in our online store or applying for a job with us.

The privacy policy also explains your rights as a data subject and how your rights are enforced. We always apply applicable privacy legislation, such as the General Data Protection Regulation ("GDPR") and other supplementary legislation.

If you have any questions about our processing of your personal data, please feel free to contact us at dpo@glesys.se.

We continually strive to improve our processes and handling of your personal data. As a result, we may update our data protection policy and we recommend that you read through the document at regular intervals. In the event of significant changes to the policy, we will always inform everyone who has an ongoing relationship with us (e.g. customers and representatives of partners) directly.

In cases where we process personal data on behalf of third parties, e.g. if we are instructed to store your information for you as a customer, we become the processor and we will need to enter into a personal data processing agreement. Contact us via support@glesys.se and we will be glad to help you.

Personal data consists of all information that can be linked to a living natural person in any way. This could for example be information which directly identifies an individual, such as a name, social security number or photograph, or indirectly such as information which, when combined with other information, can be linked to a particular person.

The personal data we may process are names, contact details (address, e-mail address and telephone number), organisation number, billing information, login details, information in and about communication between us, and IP addresses and other information collected through cookies and other similar technologies. We collect most of the personal data directly from you when we establish a contract with you, when we communicate with you by phone or email, and when we provide you with support or you apply for a job with us. Other possible sources of data include public registers for marketing purposes, information published on websites and the device you use when you visit our website.

1.1 Customer

If you are a private individual or a sole trader and a customer of ours, basically all the information about you that we access and process will consist of personal data. We also store and manage information about your use of our services. The personal data is processed to enable us to:

• create your user account with us and provide you with the services we have undertaken to deliver and to receive payment for the services, all in accordance with our agreement. We will contact and communicate with you in various ways, e.g. when we provide you with support. We also process personal data in connection with troubleshooting and service disruption. The processing is necessary to fulfil our agreement.


• improve existing services and develop new services. The processing is necessary to fulfil our legitimate interest in product development.
  
  
• market GleSYS and our services. We use direct marketing via email (which you can of course easily reject), where we send you relevant product recommendations and offers. The processing is necessary to fulfil our legitimate interest in marketing GleSYS.


• fulfil our legal obligations. Your personal data will be processed, transferred and stored insofar as is necessary to enable us to fulfil our obligations under applicable law or other legal obligations, such as accounting or reporting to public authorities.


• protect you, GleSYS and others. We may process your personal data if it is necessary to defend or assert our, your or others' legal, commercial or other legitimate interests. This could for example be necessary if you or someone else makes a claim against us. The processing is necessary to fulfil our legitimate interest in protecting you and others, as well as to safeguard other legitimate interests, such as our interest in defending ourselves against or asserting legal claims.

1.2. Representative of customer and user of our services

If you come into contact with GleSYS as an employee of a customer of ours or as a user of our services, we will process your personal data, including information about your use of our services, to enable us to:

• create your user account with us and provide the services we have undertaken to provide in the agreement with your employer or client. We will contact and communicate with you in various ways, e.g. when we provide you with support.We also process personal data in connection with troubleshooting and service disruption. The processing is necessary to fulfil our legitimate interest in fulfilling the agreement with your employer/client.


• improve existing services and develop new services. The processing is necessary to fulfil our legitimate interest in product development.


• market GleSYS and the services we provide that we believe would be of interest to your employer/client. We use direct marketing via email (which you can of course easily reject), where we send you relevant product recommendations and offers. The processing is necessary to fulfil our legitimate interest in marketing ourselves.

1.3. Potential customer or representative of a potential customer

We will process your personal data to enable us to:

• market GleSYS and the services we provide that we believe are of interest to you or your employer. We use direct marketing via email (which you can of course easily reject), where we send you relevant product recommendations and offers and also contact you by telephone. The processing is necessary to fulfil our legitimate interest in marketing ourselves.

1.4. Representative of a supplier or business partner

If you are employed by a company that is a supplier or business partner of ours, we will process your personal data to enable us to:

• fulfil our rights and obligations under the agreement your employer has entered into with us, such as the performance of administration, billing and payment, as well as for communication. The processing is necessary to safeguard our legitimate interest in fulfilling the agreement with your employer.

1.5. Visitors to our website

When you visit our website, we collect information via cookies. More information about our cookies and how we use them can be found in our cookie policy. If the information we collect contains personal data, we will process it to enable us to:

• provide a website with basic features. The processing is necessary to fulfil our legitimate interest in the website and our services working optimally.


• receive statistical information, such as information about how long the visit lasts, which areas of the website you look at, which device you use and other information about behaviour on the website. The processing is based on your consent.

On our website, you can get in touch with us directly by using our chat feature or by filling in a form. We will then process your e-mail so that we can get in touch with you. The processing is necessary to fulfil our legitimate interest in being able to communicate with you and provide you with the information you are looking for. We may save and process e-mail addresses and other information which you provide for other purposes; see sections 1.1, 1.2 and 1.3. above.

1.6. Customers in our online store

Our online store is available through the website and if you place an order with us, we will process your personal data to enable us to:

• provide the products you ordered and receive payment for them. The processing is necessary in order to fulfil our agreement.


• fulfil our legal obligations. Your personal data will be processed, transferred and stored insofar as is necessary to enable us to fulfil our obligations under applicable law or other legal obligations, such as accounting or reporting to public authorities.


• protect you, GleSYS and others. We may process your personal data if it is necessary to defend or assert our, your or others' legal, commercial or other legitimate interests. This could for example be necessary if you or someone else makes a claim against us. The processing is necessary to fulfil our legitimate interest in protecting you and others, as well as to safeguard other legitimate interests, such as our interest in defending ourselves against or asserting legal claims.

1.7. Jobseekers

If you apply for a job with us, we will also process information which is provided in personal letters and CVs, such as skills, expertise, work experience, education, grades, references and other information which you include in your application. We will process the personal data to enable us to:

• assess your application and your ability to obtain employment with us, and implement the necessary measures before entering into any employment contract. The processing is necessary to fulfil our legitimate interest in appointing new personnel.


• save your application and personal data in case you become a candidate for future employment with us. The processing is based on your consent.


• fulfil our obligations and rights as an employer within the framework of the recruitment process. The processing is necessary in order to fulfil a legal obligation and to pursue our legitimate interest in being able to assert our rights.

Sensitive personal data will only be processed as and when necessary or if you expressly consent to such processing. For example, sensitive personal data may be processed if you have a disability or other special needs that we need to take into account in the recruitment process.

Your personal data will be shared with selected companies to help us provide our services. For example, we use suppliers that provide CRM tools, mailings, payment solutions, accounting services, analysis tools and recruitment services. The suppliers who process personal data on our behalf have entered into personal data processing agreements with us in accordance with applicable legislation. Companies which we hire to assist us with regard to recruitment and which select people for us have separate responsibilities as regards their processing of your personal data.

Your personal data may sometimes need to be shared with authorities, courts and other parties. This applies if we are required to do this in order to comply with the law, in connection with a legal process or to respond to a request from supervisory or other authorities.

In the event that we decide to sell or transfer all or part of GleSYS in the future, your personal data may have to be shared with or transferred to parties involved in that process.

We will save your personal data for as long as is justified for the purpose of the processing. The data will then be erased or de-identified ("anonymised").

The length of time we save your personal data for depends on the type of data concerned. The same information can sometimes be saved for different purposes. For example, data may be saved because the law requires it, even though it has been singled out and anonymised for other purposes.

We regularly check the need to save your data, taking into account applicable legal requirements.

GleSYS strives to minimise its transfer of personal data to third countries. In the event of such transfer, e.g. because a service provider is based in a third country, the transfer is executed in accordance with applicable law.

• Right to receive information about and access to your data. You have the right to request information about how we process your personal data and to receive a copy of the personal data we hold. In the event of repeated requests for copies of other personal data, we may charge an administrative fee.


• Right to rectification. If the information we hold about you is out of date or inaccurate, you have the right to request the rectification and completion of the data.


• Right to be forgotten. You have the right to request the erasure of data, provided that the data is no longer required for the purpose for which it was collected or otherwise processed, or if there is no legal basis for processing the data.


• Right to restriction. You have the right to request that the processing of your personal data be restricted until inaccurate data has been rectified or an objection from you has been processed.


• Right to object to processing. If the processing of personal data is based on a legitimate interest, you have the right to object to the processing. We must cease the processing if we are unable to demonstrate that there are compelling and legitimate reasons to continue the processing.


• Right to data portability. In some cases, you have the right to receive personal data relating to you in order to use it elsewhere, such as transferring the data to another controller.


• Right to withdraw your consent. If the processing of personal data is based on consent, you have the right to withdraw the consent you have given to us at any time. Withdrawal of consent will not affect any processing that was carried out before the consent was withdrawn.


• Right to file a complaint with the supervisory authority. You have the right to contact and lodge a complaint with the Swedish Authority for Privacy Protection (IMY). You can find their contact details at imy.se.

When you wish to exercise your rights, please use the contact details for our Data Protection Officer given below. To ensure that we share the information with the right person, you must submit a photograph of a valid ID document when you submit your request. The photograph on the ID document will be deleted as soon as your request has been processed.

As a customer or user, you can log in to GleSYS Cloud at any time and check the information that has been saved to your account. In most cases, you can also change or delete the information. You have the right to ask us to delete all the information we have saved about you (right to erasure). Please note that, for certain purposes e.g. due to the Swedish Accounting Act (1999:1078) and other relevant laws, we are sometimes required to save data even after a request for erasure has been processed.

If you have any questions regarding the processing of your data, please contact our Data Protection Officer at the following e-mail address dpo@glesys.se.

Last updated: 31 March 2021