Personal data processing policy

By accessing our website and/or by using our products and services, you agree to and consent to the following:

A Society AB [including all subsidiaries] (henceforth referred to as “we”) respect your integrity and the right to control the use of personal data. Our guiding principles are easy to follow. We are fully transparent in what data we collect and why we do it. We handle personal data in accordance with applicable rules and regulations in force at any given time. This includes the common EU General Data Protection Regulation, GDPR, EU 2016/679, and the California Consumer Privacy Act of 2018 (Title 1.18.5 [1798.100 – 1798.199]) (“CCPA”). For the purposes of this policy, all references to Personal Data also refers to Personal Information as defined in the CCPA.

How we collect and treat your personal data

We collect personal data primarily based on your relationship with us. Perhaps you are the contact person at one of our clients, suppliers and/or partners or as sub-contractor or seeking employment. In short, individuals that we interact with within the realm of our business may be subject to personal data collection and processing in a bid to maintain and nurture business relations with your employer or you personally.


Some examples of personal data that we may process includes personal data you give us, such as your mobile phone number, address, e-mail address, your resumé, and personal data we may collect from public-facing third-party sources such as your LinkedIn-profile and profile on other social media platforms. We may gather and update data about you from other public organizations if it is considered favorable in our efforts to keep our records about you in good order. We may also collect personal data when you digitally interact with us in the following way:

  • When entering your name, resumé, social security number, mailing address, e-mail address and/or your mobile phone number on any of our websites.
  • In you contact us via e-mail, through our websites or social media platforms.
  • If you sign up to receive our newsletters or subscribe to any of our e-services.
  • Your visit our websites, and/or apps, including, but not limited to traffic data, geo-data, weblogs and other data produced when communicating digitally, such as your IP-address, type of device, operating system and browser used at the time of your visit.

We may also collect cookies when you access our website. Our cookie collection policy is explained below.  We may also employ third-party analytics to glean data from you and from third-party sources.

Purposes and Jurisdiction

We process your personal data based on the following purposes and legal basis.

Purpose: To administer our relations with customers, suppliers or partners where you might be employed or with you personally as subcontractor/partner, in order to fulfil our commitments in regards to contracts, commissions and inquiries, which may lead to processing personal data within our Customer Relations Management system and supplier databases.

Legal basis: A legitimate purpose to administer our business relations and fulfil expected commitments.

Purpose: To handle administrative work, invoicing, correspondence etc. in order to maintain proper service, rectify mistakes and or provide relevant information upon request or that might be considered to be in yours (or your employer’s) interest, in accordance with mutual business relations.

Legal basis: A legitimate purpose to administer our business relations and fulfill expected commitments.

Purpose: to administer and maintain our relation to you as subcontractor or seeking employment with intent to match open positions with our customer’s requests.

Legal basis: A legitimate purpose to administer our business relations and fulfil expected commitments and to fulfil our commitment according to any contract/agreement that you may have signed up for.

Purpose: To fulfill, administer, develop and improve our digital services (websites, apps, databases etc.), which may involve user behavior, aggregated statistical data, storing and analysis.

Legal basis: A legitimate reason to provide and ensure fully functional digital services and maintain an efficient distribution of information and marketing of our business.

Purpose: To be able to contact you via e-mail, web apps, text message or post regarding offers, campaigns or services that we think may be of interest to you. (Please note that you are able to opt out of these marketing activities).

Legal basis: A legitimate purpose to market and offer services and products that may be of interest to you or your employer.

Personal data that may be distributed

We may forward your personal data to subsidiaries within our corporate group, within the framework of our collaboration and that we deem appropriate and relevant to and supports our business relations with you or your employer. Furthermore, we may forward personal data to external service providers hired by us to administer and handle the purposes of our collecting your personal data. Such service providers may involve IT and marketing services, unless otherwise specified. If you seek employment or commissions, we may distribute your personal data to external customers or partners, with an intent to find commissions for you. All transfer of personal data is executed in accordance with GDPR and CCPA.

 

Storage and deletion of personal data

Actions are executed according to applicable rules and regulations, meaning that we do not store your personal data longer that what is necessary for our legitimate business purposes.  For example, we will store your personal data for as long as you are an active or potential customer, supplier (including subcontracted partner or if you are seeking employment) or if you are one of our partners. Should our business relations cease and reactivation be unlikely, we will delete your personal data. This occurs periodically, at least once per annum. Unless we have otherwise clearly communicated or actively requested and received your approval, your personal data will be deleted after three years of inactivity in relation to us. Some information may be kept longer if necessary, in order to comply with rules and regulations. All administration of personal data is handled securely, both in regard to technical and organizational aspects. Measures of security are taken based on risk assessment concerning the contents of the data that we handle.

 

Your rights and options

You have a say in how we treat your personal data, and what data we store. We will, at our own, yours or our partner’s initiative, correct any data that is discovered and found to be incorrect. You are also entitled to ask us to erase or limit access to your data, upon your request. (to contact us, refer to the section “How to get in touch with us”). If you feel that we are not complying with your wishes with regard to personal data, please contact us The Commission on Security and Integrity Protection.

In certain instances, you are entitled to view or receive a copy of the personal data collected by us. This data may also be requested by you to be transferred to a different party with authorization to handle your personal data (data portability).

 

You also have rights to object to certain uses of your personal data, even if it occurs within our jurisdiction. If you object, we will no long reprocess your personal data unless we demonstrate a compelling legitimate ground for the processing that overrides your interests, rights, and freedoms. If you object to our processing of your personal data for direct marketing purposes, we will refrain from processing for such purposes.


You may at any time ask to abstain from further marketing from us by, where applicable, updating your account settings by clicking “Receive more or less…” in e-mails or text messages from us. Furthermore, you are always welcome to contact us directly to unsubscribe to our communication.

You may also, upon request, acquire information on what personal data and what categories of personal data we collect and administer.

 

Links to external websites

Should our website contain links to a third party’s websites or material published at a third party, these links are only meant for informative purposes. As we do not influence the content on these platforms, we cannot be held accountable for what personal data is collected or what content is published. We do not take responsibility for damages or losses that occur while using third-party websites, nor are we responsible for any personal data collected and/or processed by third-party websites.  We strongly recommend you familiarize yourself with the privacy policy of any third-party website you access.

 

Cookies

We use “cookies” to collect information about you and your activity across our site. A cookie is a small piece of data that our website stores on your computer, and accesses each time you visit so we can understand how you use our site and serve you content based on preferences you have specified. If you do not wish to accept cookies from us, you should instruct your browser to refuse cookies from our website, with the understanding that we may be unable to provide you with some of your desired service without them. This policy covers only the use of cookies between your computer and our website; it does not cover the use of cookies by any advertisers. The information collected in the cookies will be available to us and our provider of our website. You will find information about the cookies we use and the providers of those cookies below.

Hotjar 

To learn more about Hotjar and your privacy, please visit https://www.hotjar.com/privacy. You can opt out of such tracking at any time by using a “Do Not Track” header. You can read more about how to do that by visiting https://www.hotjar.com/opt-out.

Cookie ID

Description

Expiration

_hjIncludedInSample

This session cookie is set to let Hotjar know whether that visitor is included in the sample, which is used to generate Heatmaps, Funnels, Recordings, etc.

365days

 

HubSpot 

To learn more about Hubspot and your privacy, please visit the “How Hubspot uses data when you use our partners' sites or apps” page at www.legal.hubspot.com. To opt out of being tracked by Hubspot when using our website, clicking the unsubscribe link included on the bottom of all such communications, or by contact us at gdpr@asociety.se

Functional cookies

Cookie ID

Description

Expiration

__hs_opt_out

This cookie is used by the opt-in privacy policy to remember not to ask the user to accept cookies again. This cookie is set when you give users the choice to opt out of cookies.

2 years

__hs_do_not_track

This cookie is used by the opt-in privacy policy to remember not to ask the user to accept cookies again. This cookie is set when you give users the choice to opt out of cookies.

2 years

__hs_testcookie

This cookie is used to test whether the visitor has support for cookies enabled.

Session cookie

hs_ab_test

This cookie is used to consistently serve visitors the same version of an A/B test page that they’ve seen before.

Session cookie

hs_lang_switcher_choice

This cookie is used to consistently redirect visitors to the language version of a page in the language they’ve selected on this top-level private domain in the past (if such a language version exists).

 

 

Consent banner cookies

Cookie ID

Description

Expiration

__hstc

The main cookie for tracking visitors. It contains the domain, utk (see below), initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session)

2 years

hubspotutk

This cookie is used for to keep track of a visitor's identity. This cookie is passed to HubSpot on form submission and used when de-duplicating contacts.

10 years

__hssc

This cookie keeps track of sessions. This is used to determine if we should increment the session number and timestamps in the __hstc cookie. It contains the domain, viewCount (increments each pageView in a session), and session start timestamp.

30 min 

__hssrc

Whenever HubSpot changes the session cookie, this cookie is also set. We set it to 1 and use it to determine if the user has restarted their browser. If this cookie does not exist when we manage cookies, we assume it is a new session.

Session cookie

  

Google Analytics 

To learn more about Google Analytics and your privacy, please visit the “How Google uses data when you use our partners' sites or apps” page at www.google.com/policies/privacy/partners/.

To opt out of being tracked by Google Analytics when using our website, please visit http://tools.google.com/dlpage/gaoptout.

Cookie ID

Description

Expiration

_ga

Used to distinguish users.

2 years

_gid

Used to distinguish users.

24 hours

_gat

Used to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_<property-id>.

1 minute

AMP_TOKEN

Contains a token that can be used to retrieve a Client ID from AMP Client ID service. Other possible values indicate opt-out, inflight request or an error retrieving a Client ID from AMP Client ID service.

30 seconds to 1 year

_gac_<property-id>

Contains campaign related information for the user. If you have linked your Google Analytics and AdWords accounts, AdWords website conversion tags will read this cookie unless you opt-out.

90 days

__utma

Used to distinguish users and sessions. The cookie is created when the javascript library executes and no existing __utma cookies exists. The cookie is updated every time data is sent to Google Analytics.

2 years from set/update

__utmt

Used to throttle request rate.

10 minutes

__utmb

Used to determine new sessions/visits. The cookie is created when the javascript library executes and no existing __utmb cookies exists. The cookie is updated every time data is sent to Google Analytics.

30 mins from set/update

__utmc

Not used in ga.js. Set for interoperability with urchin.js. Historically, this cookie operated in conjunction with the __utmb cookie to determine whether the user was in a new session/visit.

End of browser session

__utmz

Stores the traffic source or campaign that explains how the user reached your site. The cookie is created when the javascript library executes and is updated every time data is sent to Google Analytics.

6 months from set/update

__utmv

Used to store visitor-level custom variable data. This cookie is created when a developer uses the _setCustomVar method with a visitor level custom variable. This cookie was also used for the deprecated _setVar method. The cookie is updated every time data is sent to Google Analytics.

2 years from set/update

 

Certain Rights Under the CCPA

Right of Access/Right to Request: Upon receipt of a verified request, we will disclose and/or deliver to you, free of charge, any personal data we have collected from you.  We will provide that personal data in electronic format.

Right to Know Which Data Was Collected: Upon receipt of a verified request, we will disclose to you the following: (1) the categories of personal data collected from you; (2) the sources from which the personal data was collected; (3) the business or commercial purpose for collecting or selling the personal data; (4) the categories of third parties with whom we share the information; and (5) the specific pieces of personal data collected.

Right to Delete: Upon receipt of a verified request, we will delete any personal data we have collected from you.  Note that if we delete certain data, we may not be able to provide you with goods and services you have requested.  In addition, please note that, while we make reasonable efforts to comply with your request to delete data, under the CCPA, we are under no obligation to delete personal data where we need the personal data to (1) compute the transaction for which the personal data was collected, provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between us and you; (2) detect security incidents; protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity; (3) debug to identify and repair errors existing intended functionality; (4) exercise free speech, ensure the right of another consumer to exercise his/her right of free speech, or exercise another right provided for by law; (5) comply with the California Electronic Communications Privacy Act; (6) engage in public or peer-received scientific, historical, or statistical research in the public interest; (7) enable solely internal uses that are reasonably aligned with your expectations based on your relationship with the business; (8) comply with a legal obligation; (9) otherwise use your personal data internally in a lawful manner that is compatible with the context in which you provided the information.

Right to Opt Out of a Sale of Personal Data: You have the right to opt out of the sale of personal data by us.  Please note that WE DO NOT SELL YOUR PERSONAL DATA, NOR WILL WE EVER SELL YOUR PERSONAL DATA WITHOUT INFORMING YOU BEFOREHAND.

 

Contact us here

For more information on GDPR and personal integrity or other questions, or to exercise your rights under the CCPA, please contact us here:

A Society AB

Att: Dataskyddsansvarig
Sodra Forstadsgatan 2,
SE-211 43 Malmo, Sweden

email: gdpr@asociety.se
telephone number: +46 40 611 66 00