Personal data processing policy

A Society AB [including all subsidiaries] (henceforth referred to as “we”) respect your integrity and the right to control the use of personal data. Our guiding principles are easy to follow. We are fully transparent in what data we collect and why we do it. We handle personal data in accordance with applicable rules and regulations in force at any given time. This includes the common EU General Data Protection Regulation, GDPR, EU 2016/679.

 

How we treat your personal data
We collect personal data primarily based on your relationship with us. Perhaps you are the contact person at one of our clients, suppliers and/or partners or as sub-contractor or seeking employment. In short, individuals that we interact with within the realm of our business may be subject to personal data collection and processing in a bid to maintain and nurture business relations with your employer or you personally.
Some examples of personal data that we may process are your mobile phone number, address, e-mail address, your resumé, your LinkedIn-profile and profile on other social media platforms. We may gather and update data about you from other public organisations such as Bolagsverket, SPAR etc. if it is considered favourable in our efforts to keep our records about you in good order. We may also collect personal data when you digitally interact with us in the following manners:

  • When entering your name, resumé, social security number, mailing address, e-mail address and/or your mobile phone number on any of our websites.
  • In you contact us via e-mail, through our websites or social media platforms.
  • If you sign up to receive our newsletters or subscribe to any of our e-services.
  • Your visit our websites, and/or apps, including, but not limited to traffic data, geo-data, weblogs and other data produced when communicating digitally, such as your IP-address, type of device, operating system and browser used at the time of your visit.

 

Purposes and jurisdiction

We process your personal data based on the following purposes and legal base.

Purpose: To administer our relations with customers, suppliers or partners where you might be employed or with you personally as subcontractor/partner, in order to fulfil our commitments in regards to contracts, commissions and inquiries, which may lead to processing personal data within our Customer Relations Management system and supplier databases.

Legal base: A legitimate purpose to administer our business relations and fulfil expected commitments.

Purpose: To handle administrative work, invoicing, correspondence etc. in order to maintain proper service, rectify mistakes and or provide relevant information upon request or that might be considered to be in your’s (or your employer’s) interest, in accordance with mutual business relations.

Legal base: A legitimate purpose to administer our business relations and fulfil expected commitments.

Purpose: to administer and maintain our relation to you as sub contractor or seeking employment with intent to match open positions with our customer’s requests.

Legal base: A legitimate purpose to administer our business relations and fulfil expected commitments and to fulfil our commitment according to any contract/agreement that you may have have signed up for.

Purpose: To fulfil, adminster ,develop and improve our digital services (websites, apps, databases etc.), which may involve user behaviour, aggregated statistical data, storing and analysis.

Legal base: A legitimate reason to provide and ensure fully functional digital services and maintain an efficient distribution of information and marketing of our business.

Purpose: To be able to contact you via e-mail, web apps, text message or post regarding offers, kampanjer or services that we thing may be of interest to you. (Plesase note that you are able to opt out of these marketing activities).

Legal base: A legitimate purpose to market and offer services and products that may be of interest to you or your employer.

 

Personal data that may be distributed
We may forward your personal data to subsidiaries within our corporate group, within the framework of our collaboration and that we deem appropriate and relevant to and supports our business relations with you or your employer. Furthermore, we may forward personal data to external service providers hired by us to administer and handle the purposes with our collecting your personal data. Such service providers may involve IT and marketing services, unless otherwise specified. If you seek employment or commissions, we may distribute your personal data to external customers or partners, with an intent to find commissions for you.
We only collaborate with partners that administer personal data within the EU/EES år with companies maintaining the same level of protection as within the EU/EES. All transfer of personal data is executed in accordance with GDPR.

Storage and deselecting personal data
Actions are executed according to applicable rules and regulations, meaning that we do not store your personal data longer that what is necessary in regards to its use.  We will store your personal data for as long as you are an active or potential customer, supplier (including sub contracted partner or if you are seeking employment) or if you are one of our partners. Should our business relation cease and reactivation is unlikely, we are obligated to deselect your personal data. This occurs periodically, at least once per annum. Unless we have otherwise clearly communicated or actively requested and received your approval, your personal data will be deselected after three years of inactivity in relation to us.
Some information may be kept longer if necessary in order to comply with rules and regulations such as the Book keeping Act.
All administration of personal data is handled securely, both in regards to technical and organisational aspects. Measures of security are taken based on risk assessment concerning the contents of the data that we handle.

 

Your rights and options
You are entitled to influencing your personal data and what we store. We will, at our own, yours or our partner’s initiative, correct any data that is discovered and found to be incorrect. You are also entitled to ask us to erase or limit access to your data, upon your request. (to contact us, refer to the section “How to get in touch with us”)
If you feel that we don not honour your rights, please contact us or  The Commission on Security and Integrity Protection.
In certain instances, you are entitled to extract digitally administered personal data, previously provided to us by you. This data may also be requested by you to be transferred to a different party with authorisation to handle your personal data (data portability). You also have rights to object agains our use of your personal data, even if it occurs within our jurisdiction. Should this occur, we must justify reasons strongly motivating overriding your interests, right and latitude.

You may at any time ask to abstain from further marketing from us by, where applicable, update your account settings by clicking ”Receive more or less…” in e-mails or text messages from us. Furthermore you are always welcome to contact us directly to unsubscribe to our communication.

You may also acquire information on what personal data we administer by requesting an experpt from our files.

Links to external websites
Should our website contain links to a third party’s websites or material published at a third party, these links are only meant for informative purposes. As we do not influence the content on these platforms, we cannot be held accountable for what content is published. We do not take responsibility for damages or losses that occur while using aforementioned links.

 

Cookies

We use "cookies" to collect information about you and your activity across our site. A cookie is a small piece of data that our website stores on your computer, and accesses each time you visit so we can understand how you use our site and serve you content based on preferences you have specified. If you do not wish to accept cookies from us, you should instruct your browser to refuse cookies from our website, with the understanding that we may be unable to provide you with some of your desired service without them. This policy covers only the use of cookies between your computer and our website; it does not cover the use of cookies by any advertisers. The information collected in the cookies will be available to us and our provider of our website. You will find information about the cookies we use and the providers of those cookies below.

Hotjar 

To learn more about Hotjar and your privacy, visit https://www.hotjar.com/privacy. You can opt out of such tracking at any time by using a “Do Not Track” header. You can read more about how to do that by visiting https://www.hotjar.com/opt-out.

 

Cookie ID Description Expire
_hjIncludedInSample This session cookie is set to let Hotjar know whether that visitor is included in the sample which is used to generate Heatmaps, Funnels, Recordings, etc. 365days

 

Hubspot 

To learn more about Hubspot and your privacy, visit the “How Hubspot uses data when you use our partners' sites or apps” page at www.legal.hubspot.com. To opt out of being tracked by Hubspot when using our website, clicking the unsubscribe link included on the bottom of all such communications, or by contact us at gdpr@asociety.se

Funcional cookies

Cookie ID Description Expire
__hs_opt_out This cookie is used by the opt-in privacy policy to remember not to ask the user to accept cookies again. This cookie is set when you give users the choice to opt out of cookies. 2 years
__hs_do_not_track This cookie is used by the opt-in privacy policy to remember not to ask the user to accept cookies again. This cookie is set when you give users the choice to opt out of cookies. 2 years
__hs_testcookie This cookie is used to test whether the visitor has support for cookies enabled. Session cookie
hs_ab_test This cookie is used to consistently serve visitors the same version of an A/B test page that they’ve seen before. Session cookie
hs_lang_switcher_choice This cookie is used to consistently redirect visitors to the language version of a page in the language they’ve selected on this top-level private domain in the past (if such a language version exists).  

 

  

Consent banner cookies

Cookie ID Description Expire

__hstc

The main cookie for tracking visitors. It contains the domain, utk (see below), initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session)

2 years

hubspotutk

This cookie is used for to keep track of a visitor's identity. This cookie is passed to HubSpot on form submission and used when de-duplicating contacts.

10 years

__hssc

This cookie keeps track of sessions. This is used to determine if we should increment the session number and timestamps in the __hstc cookie. It contains the domain, viewCount (increments each pageView in a session), and session start timestamp.

30 min 

__hssrc

Whenever HubSpot changes the session cookie, this cookie is also set. We set it to 1 and use it to determine if the user has restarted their browser. If this cookie does not exist when we manage cookies, we assume it is a new session.

Session cookie

  

Google Analytics 

To learn more about Google Analytics and your privacy, visit the “How Google uses data when you use our partners' sites or apps” page at www.google.com/policies/privacy/partners/. To opt out of being tracked by Google Analytics when using our website, visit http://tools.google.com/dlpage/gaoptout.

 

Cookie ID Description Expire
_ga Used to distinguish users. 2 years
_gid Used to distinguish users. 24 hours
_gat Used to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_<property-id>. 1 minute
AMP_TOKEN Contains a token that can be used to retrieve a Client ID from AMP Client ID service. Other possible values indicate opt-out, inflight request or an error retrieving a Client ID from AMP Client ID service. 30 seconds to 1 year
_gac_<property-id> Contains campaign related information for the user. If you have linked your Google Analytics and AdWords accounts, AdWords website conversion tags will read this cookie unless you opt-out. 90 days
__utma Used to distinguish users and sessions. The cookie is created when the javascript library executes and no existing __utma cookies exists. The cookie is updated every time data is sent to Google Analytics. 2 years from set/update
__utmt Used to throttle request rate. 10 minutes
__utmb Used to determine new sessions/visits. The cookie is created when the javascript library executes and no existing __utmb cookies exists. The cookie is updated every time data is sent to Google Analytics. 30 mins from set/update
__utmc Not used in ga.js. Set for interoperability with urchin.js. Historically, this cookie operated in conjunction with the __utmb cookie to determine whether the user was in a new session/visit. End of browser session
__utmz Stores the traffic source or campaign that explains how the user reached your site. The cookie is created when the javascript library executes and is updated every time data is sent to Google Analytics. 6 months from set/update
__utmv Used to store visitor-level custom variable data. This cookie is created when a developer uses the _setCustomVar method with a visitor level custom variable. This cookie was also used for the deprecated _setVar method. The cookie is updated every time data is sent to Google Analytics. 2 years from set/update
 

 

Contact us here
For more information on GDPR and personal integrity or other questions, please contact us here:
A Society AB
Att: Dataskyddsansvarig
Postadress: Södra Förstadsgatan 2,
211 43 Malmö

e-postadress:
gdpr@asociety.se