Last updated: April 17th, 2020
Occtoo AB (”Occtoo”) operates websites, including but not limited to, occtoo.com and pz.occtoo.com (”Sites”), as well as providing software as a service (SaaS) for businesses (”Services”). It is Occtoo’s policy to respect your privacy regarding any information we may collect while operating our Sites and Services in accordance with applicable laws.
Personal data we collect & process
We process personal data in several different instances.
When you visit and use our Sites, we process personal data about you, e.g. by using cookies. The personal data we process will normally be of non-sensitive nature. This data is used to improve our website, including to collect statistics about the usage and effectiveness of our website, and the user experience, to perform costumer support and target advertising to personalize your experience and to tailor our interactions with you.
We also process your personal data when you use functions on our Sites as signing up for one of our newsletters or webinars, send us data or request information about one or more of our services. If you request something from us (e.g. a product or service, a call back, or specific marketing materials), we will use the data you provide to fulfil your request. In connection with a transaction, we may also contact you as part of our customer satisfaction surveys or for market research purposes.
Furthermore, we process personal data when your organization enter into agreement with us regarding delivery of our Services. We will use this personal data to fulfill our agreement with your organization. We may also contact you as part of our customer satisfaction surveys or for market research purposes.
Finally, we process personal data when you use our Services including user names, passwords, email addresses, name, company name, job position, phone number & usage data. Usage data is collected automatically when using the Services. Usage data may include information such as your device’s IP address, browser type, browser version, unique device identifiers and other diagnostic data. When you access the Services by or through a mobile device, we may collect additional information including, but not limited to, the type of mobile device you use. We may also use technologies to determine whether you have opened an e-mail or clicked on a link contained in an e-mail.
The personal data that we collect, either directly or indirectly, may be combined to help us improve its overall accuracy and completeness and to help us better tailor our interactions with you. The personal data you provide may also be used for direct marketing purposes. Before we do so, however, we will ensure that either we have obtained your specific consent to have your personal data used in this way or that it is necessary for the purposes of the basis legitimate interest pursued by us in securing delivery of our products and services.
Cookies are typically categorized as ”session” cookies or ”persistent” cookies. Session cookies help you navigate through the website efficiently, keeping track of your progression from page to page so that you are not asked for information you have already provided during the current visit. Session cookies are stored in temporary memory and erased when the web browser is closed. Persistent cookies, on the other hand, store user preferences for current and successive visits. They are written on your device’s hard disk and are still valid when you restart your browser. We use session ID cookies. We do not use persistent cookies.
You can avoid cookies by changing your browser settings. You can also delete existing cookies. If you reject cookies, you may still use our site, but your ability to use some areas of our site, such as contests or surveys, will be limited.
We have choosen to treat cookies as if they were subject to the Data Protection Act, which means that legally speaking they are handled in the same way as your personal data. We believe privacy is extremely important. But it is also important for us to be able to store your cookies to be able to create a relevant experience.
Disclaimer if you choose "I don't accept" cookies. We won't track your information when you visit our site. But in order to comply with your preferences, we'll have to use just one tiny cookie so that you're not asked to make this choice again.
Legal right for processing
The Company use Personal Data for the following purposes:
- To manage our Sites: to make available and improve our website, to customize its content to visitors, to perform customer support and to analyze website trends. To create user profiles to provide tailored promotions and marketing offers based on e.g. location, behavior or other tracking, e.g. via cookies. Our legitimate interest in making our website available and customizing it to visitors etc.(Article 6 Sentence 1(f) GDPR). We request consent to place cookies on the terminal equipment the visitors, cf. Executive Order no. 1148 of 9 December 2011 on Information and Consent Required in Case of Storing or Accessing Information in End-User Terminal Equipment.
- To manage your requests: to attend and manage your requests to us and enable data subjects to use services provided by us, including provision of e-mails, newsletters, webinars, etc. We only process the personal data that are strictly necessary to manage or resolve your requests. The data is processed insofar as it is necessary for the use of our services or the fulfillment of a contract, in particular, for the management of requests related to your account or the services after registration (Art. 6 Sentence 1 (b) GDPR) or because we have a legitimate interest in answering the requests or consultations raised by you (Art. 6 Sentence 1 (f) GDPR).
- To manage your account: to manage your registration as a user of the Services. The personal data you provide can give you access to different functionalities of the Services that are available to you as a registered user. In the course of your registration to our services, we will collect and store your data exclusively for the purpose of unambiguous allocation as well as to enable the rights of use of the Services during the period of a contract. The data is processed insofar as it is necessary for the use of our Services or the fulfilment of a contract (Art. 6 Sentence 1 (b) GDPR), or because we have a legitimate interest in making the use of the Services as easy and efficient as possible (Art. 6 Sentence 1 (f) GDPR).
- For the performance of a contract: the development, compliance and undertaking of the purchase contract for the Services you, or your company, have purchased or of any other contract with us through the Services. The data is processed insofar as it is necessary for the use of our Services or the fulfillment of a contract (Art. 6 Sentence 1 (b) GDPR), or because we have a legitimate interest in making the use of the Services as secure, easy and efficient as possible (Art. 6 Sentence 1 (f) GDPR).
- To contact you: To contact you by email, or other equivalent forms of electronic communication, such as a mobile application’s push notifications regarding updates or informative communications related to the functionalities, products or contracted services, including the security updates, when necessary or reasonable for their implementation. The legal basis for contacting you for the purposes set out above is as it is required for fulfilling our contractual obligations (Art. 6 (1)(b) GDPR) or because we have a legitimate interest to comply with your requests (Art. 6 Sentence 1 (f) GDPR).
Protection of personal data
We take the protection of your personal data very seriously and implement several technical and organisational safeguards to protect your data. Technical safeguards include things like firewalls, encryption functions and antivirus software while organisational safeguards relate to the organisation of our security work, security procedures, instructions and policies. In cases where we use partners to handle your data, we ensure that we only use partners who also take the handling of personal data very seriously and are able to show that they have implemented equivalent safeguards and handle the data securely.
Retention of your personal data
We will also retain usage data for internal analysis purposes. Usage data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Services, or we are legally obligated to retain this data for longer time periods.
If you wish to request that we no longer use your personal data, please contact us (see ’Contact Us’ section at the end of the page). We reserve the right to retain and use your personal data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements, etc.
Disclosure of your personal data
If the company is involved in a merger, acquisition or asset sale, your personal data may be transferred. You will be notified via a prominent notice of any change in ownership or uses of your personal data, as well as any choices you may have regarding your personal data.
Under certain circumstances, we may be required to disclose your personal data if required to do so by law or in response to valid requests by public authorities.
We may disclose your personal data in the good faith belief that such action is necessary to comply with a legal obligation, protect and defend the rights or property of the company, prevent or investigate possible wrongdoing in connection with the Services, protect the personal safety of users of the Services or the public or protect against legal liability.
Sharing personal data with 3rd parties
We may pass your personal data on to third-party service providers contracted by us. We use software service providers for storing of data, providing support to our services, managing and administering customer relations and managing and administering our marketing and sales activities. All contracted third-party service providers are obliged to keep you details securely, and to use them only to fulfil the service they provide us, or our customers on our behalf. We will only share Personal Data to third-parties listed under Service Providers below, unless legally required to do so.
To ensure the safety of your personal data, we only use third-party service providers in the EU or the U.S., bound to compliance with either the European Data Protection legislation (including the EU General Data Protection Regulation 2016/679 “GDPR”) or the EU – U.S. Privacy Shield.
Apart for contracted third-party service providers your information will not be shared with anyone else. Please note however, that we can provide access to your personal data in case of illegal or abusive use, or in case we receive orders from a competent legal authority.
We may disclose aggregated information about the use of our Services to subscribers, service providers, business partners, prospective investors, and others. Additionally, we may produce industry-standard traffic reports for assessing use of Services. This information cannot be traced back to you personally.
We use the following providers where we store your personal data.
HubSpot: A marketing automation system. You can read more about which cookies HubSpot uses here.
Microsoft Azure: Provisioning and operations of infrastructure services (PaaS) for our Services. Read more about compliance here.
Rights to information
Our processing of your personal data is carried out in accordance with the European Data Protection legislation, which prevents us from making unlawful use of your personal data.
At any time, you have the right to:
- request a copy of the information that we hold about you
- correct the data that we hold about you
- ask for the data we hold about you to be erased from our records
- ask for restriction of our use of your personal data
- object to certain types of processing
- have your personal data transferred to another organization
All this is provided to you free of charge. To exercise your rights, please contact us. If you have a complaint about how we use your personal data, you have the right to lodge a complaint with the supervisory authority (in Sweden; Datainspektionen, Box 8114, 104 20 Stockholm).
The data controller responsible for your personal data for the purpose of the applicable European Union data protection law is:
Södra Flinksgatan 3
235 33 Vellinge
For any inquiries concerning personal data and privacy, please contact us at the address or email address listed above.