Our privacy policy for your personal data (GDPR)
WHY A PRIVACY POLICY?
We therefore always strive to protect your personal data in the best possible way, complying with applicable laws and regulations for personal data protection. Through this privacy policy, we want to inform you about how your personal data is processed by Crest. This policy helps you as a customer/contact to understand, among other things, what kind of information Crest collects and how it is used.
WHO IS RESPONSIBLE FOR YOUR PERSONAL DATA?
Crest AB, org.nr. 559333-4641, KIVRA 559333-4641, 106 31 Stockholm, is responsible for the processing of your personal data. Crest has an IT infrastructure where all business transactions with associated personal data and databases ("Data") are managed and owned by Crest. Crest is thus the data controller for the processing of your personal data and is therefore responsible for ensuring that your data is handled correctly and securely in accordance with applicable legislation.
PERSONAL DATA WE PROCESS ABOUT YOU
We collect and store information about you that you provide to us. The information we receive and store is your name, postal and delivery address, e-mail, telephone number and bank account. We also store information about your position/role, and the company you represent. If you participate in an event, visit us on crestea.se, social media etc. or contact us, we also collect your personal data regarding this. We need to collect the above information in order to fulfill our obligations to you as a customer.
Personal data we have collected from you
When you order services from Crest , we collect your personal data in order to fulfill our commitments to you as a customer.
HOW DO WE USE YOUR PERSONAL DATA?
We use your personal data for the following purposes:
-
To establish your identity and update your contact details
-
To provide you with information about and process your purchases/services, e.g. order confirmations, delivery information and support cases.
-
To deliver your purchases to your specified address
-
Invoicing and accounting
-
To send you newsletters and other marketing material
-
To improve our communication, service, products and services to you
-
In order to answer your questions
-
Invite to events and activities
-
Customer surveys
We process your personal data for the following purposes
-
to fulfill a legal obligation: Crest processes information about your purchase to fulfill requirements under, for example, the Accounting Act, the Purchase Act and the Consumer Purchase Act.
If you do not provide us with your personal data, we will not be able to perform our contract or fulfill our obligations to you.
LEGAL BASIS FOR OUR PROCESSING
The processing of personal data takes place on the legal basis that Crest must be able to fulfill a contract. The agreement covers the purchase itself. As a customer/contact, you have the right to have your personal data deleted at any time by notifying customer service, see further under the heading Your rights. When it comes to personal data processing to fulfill requirements such as the Accounting Act, the VAT Act, the Purchase Act and the Consumer Purchase Act, the legal basis for processing is a legal obligation.
DIRECT MARKETING AND PROFILING
Crest will process your personal data for marketing purposes. Your information may be used for newsletters, customer surveys and for statistical purposes and may be used for mailings by mail, e-mail and SMS to you until you withdraw your consent. You can contact us at any time to customize how you want Crest to have ongoing contact with you for this purpose.
WHO CAN ACCESS YOUR PERSONAL DATA?
Your personal data will not be transferred or sold to third parties for advertising purposes. However, your personal data may be disclosed to third parties (data processors) if this is necessary to provide services to you. Exceptions to this are made if a customer has violated our contract terms, if there are legal actions or if an authority requests this under Swedish law. Examples of such authorities are tax authorities, police authorities, enforcement authorities and supervisory authorities in the countries concerned.
HOW DO WE PROTECT YOUR PERSONAL INFORMATION?
Crest take the technical and organizational security measures required by law to ensure that your personal data is not manipulated, lost or destroyed or accessed by unauthorized persons. Our security practices are constantly changing in line with technological developments.
WHERE IS YOUR DATA STORED?
Crest stores all personal data collected from you within the EU and EEA. We do not disclose personal data to third parties, except in situations where this is required by a legal obligation or to fulfill our commitments to you as a customer. See more information under the section "Who can access your personal data".
HOW LONG DO WE KEEP YOUR PERSONAL DATA?
We process personal data for the period of time permitted by applicable law, regulation, practice or government decision. For example, data may be stored for longer if required by the Sale of Goods Act, the Consumer Sales Act or the Accounting Act. Personal data is stored and processed in Crest's IT system.
YOUR RIGHTS
You have the right to request access to your personal data and to be informed, inter alia, of the personal data stored by us, the purposes of the processing of that personal data, the recipients or categories of recipients to whom the personal data have been or will be disclosed. You can contact us at the address below and request to receive this information by post or email. For your security, we will ask you to provide identification documents proving that you are you. Thereafter, this information will only be sent to your registered address. The cost of register extracts will be charged to you for repeated requests. If you believe that the personal data that Crest has processed is incorrect or has been processed in violation of applicable law, you also have the right to request that this personal data be corrected, blocked or deleted. You can do this by contacting us. Crest is in some cases required by law to process your personal data even if you have requested that they be deleted. As a customer of Crest , you can at any time revoke or change the consent you have given or decline further communication by contacting us. Crest However, we have the right to continue processing your personal data to the extent necessary to fulfill our obligations to you as a contracting party. If you wish to have the personal data you have provided transferred for use elsewhere (data portability), please contact us.
CONTACT DETAILS
Contact aRway AB in cooperation with Crest.
Address: c/o aRway AB KIVRA 5567561591, 106 31 Stockholm contact@crestea.se Tel: 08-700 5000. When it comes to handling personal data, you can also talk to The Swedish Authority for Privacy Protectionwhich is the supervisory authority for this processing. https://www.imy.se
This document is updated regularly.
Last revision: 2022-03-04