Privacy policy

Background

We care about your privacy. We want to ensure that you feel safe entrusting us with your personal data. This is why we have drawn up this policy. The policy is based on current data protection legislation, including the EU’s General Data Protection Regulation (GDPR), and clarifies what we do to safeguard your rights and privacy.

The aim of this policy is to make sure you know how we process your personal data, what we use it for, who can access it and under what conditions, and how you can safeguard your rights.

Torraka is a data controller and can be contacted by post, telephone or email:

Post: Torraka, Annebergsvägen 3, 432 48 Varberg, Sweden
Telephone: +46 340-66 69 00
Email: info@torraka.com

If you have any questions or are unhappy with how we process your personal data, you are always welcome to contact us. You can also contact a competent supervisory authority.

We process your personal data primarily to fulfil our obligations to you. We work on the basis of not processing any more personal data than is needed for the task at hand, and we aim to always use the least sensitive data possible.

We need your personal data to provide you with a good level of service and relevant information, in terms of marketing, follow-up measures and news, for example. We may also need your personal data to meet legal requirements and to carry out customer and market analyses.

What personal data do we process?

The personal data we process includes:

  • Name
  • Address
  • E-mail address
  • Telephone number
  • Personal ID number for sole traders
  • Title
  • Username and password
  • Payment card number, credit card number and other banking details
  • Credit rating
  • Business history
  • Details you provide voluntarily (obligatory details are always indicated as such)
  • IP address, web browser settings, your usage of our website

How do we access your personal data?

We access your personal data via the following means:

  • Data you provide to us directly
  • Data registered when you visit our website
  • Data we access from public registers and credit reference agencies
  • Data we receive when you register for one of our courses or seminars
  • Data we receive when you register for our newsletter and other communications
  • Data we receive when you respond to surveys and research
  • Data we receive when you contact us, apply for a job with us, visit us, or contact us in any other way

Purposes and lawful basis

Your data will primarily be processed for the following purposes:

Registration and identification

  • Lawful basis: Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (Article 6, paragraph 1 (b) GDPR)
  • Automated decision-making: yes (in order to confirm your identity and verify your contact information)
  • Retention period: your account will remain active for as long as you keep it active. If no activity is registered on your account for three (3) years, your account will be closed
  • Transfer to a third party: suppliers of IT services

Account administration

  • Lawful basis: Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (Article 6, paragraph 1 (b) GDPR)
  • Automated decision-making: no
  • Retention period: your account will remain active for as long as you keep it active. If no activity is registered on your account for three (3) years, your account will be closed
  • Transfer to a third party: suppliers of IT services

Receiving orders via our website

  • Lawful basis: Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (Article 6, paragraph 1 (b) GDPR)
  • Automated decision-making: yes (in order to confirm your identity)
  • Retention period: your account will remain active for as long as you keep it active. If no activity is registered on your account for three (3) years, your account will be closed
  • Transfer to a third party: name, email address and any necessary technical information required for secure internet transfers will be transferred to the supplier of the payment service (Nets Payment Services). Suppliers of IT services

Ongoing support and customer contact

  • Lawful basis: Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (Article 6, paragraph 1 (b) GDPR)
  •  Automated decision-making: no
  • Retention period: personal details processed will be deleted 36 months after the end of the matter in question
  • Transfer to a third party: no

Delivering goods ordered

  • Lawful basis: Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (Article 6, paragraph 1 (b) GDPR)
  • Automated decision-making: no
  • Retention period: your purchase history will be stored for as long as your account is active. If no activity is registered on your account for three (3) years, your account will be closed
  • Transfer to a third party: suppliers of IT and shipping services

Developing and maintaining our website

  • Lawful basis: Weighing up of interests (Article 6, paragraph 1 (f) of the GDPR). Processing is necessary to ensure that we can provide a secure, attractive and user-friendly website:
  • Automated decision-making: no
  • Retention period: statistical data will be deleted after assessment, however at the latest after six (6) months
  • Transfer to a third party: suppliers of IT services. Visitor statistics on the website are transferred to Google Inc. as we use the tool Google Analytics

Security checks and troubleshooting

  • Lawful basis: Weighing up of interests (Article 6, paragraph 1 (f) of the GDPR). Processing is necessary to ensure that we can provide a secure, attractive and user-friendly website:
  • Automated decision-making: yes, (to allow for automatic blocking of attempted abuse of the website and malware)
  • Retention period: statistical data will be deleted after assessment, however at the latest after six (6) months. Personal data processed in troubleshooting or security checks will be deleted when the matter in question is completed
  • Transfer to a third party: suppliers of IT services

Sending information and marketing to registered users

  • Lawful basis: Weighing up of interests (Article 6, paragraph 1 (f) of the GDPR). Our newsletter is aimed at people in their professional roles, with the objective of garnering interest in the company’s products
  • Automated decision-making: no
  • Retention period: the data will be stored until the account is closed, you request it is deleted, or we are informed that it is out of date
  • Transfer to a third party: suppliers of marketing and IT services

Credit data obtained

  • Lawful basis: Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (Article 6, paragraph 1 (b) GDPR)
  • Automated decision-making: no
  • Retention period: the data will be stored until the transaction is completed
  • Transfer to a third party: suppliers of IT services

Processing job applications

  • Lawful basis: Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (Article 6, paragraph 1 (b) GDPR)
  • Automated decision-making: no
  • Retention period: the data will be stored until a decision on potential employment has been reached
  • Transfer to a third party: suppliers of IT services

Contact with suppliers and other stakeholders by email

  • Lawful basis: Weighing up of interests (Article 6, paragraph 1 (f) of the GDPR). The processing is necessary in order to communicate efficiently with suppliers and other stakeholders
  • Automated decision-making: no
  • Retention period: emails containing sensitive personal data will be deleted immediately if they are not relevant to a specific task, and in other instances when the specific task is completed. Otherwise, emails are cleared out every year
  • Transfer to a third party: suppliers of IT services

How long do we retain your personal data for?

In general, we retain your personal data for as long as is necessary to carry out our undertakings and to provide a good service. When an account is closed, all personal data is deleted, excluding data we are obliged to retain by relevant legislation, such as the Swedish Book-keeping Act.

Is your personal data processed using secure procedures?

We establish processes and ways of working to ensure that your personal data is processed securely. We work on the basis of only employees and other people within the organisation who require personal data in order to do their job having access to said personal data.

Our security systems have been developed to protect against intrusion, destruction and other changes that could pose a risk to your privacy.

Personal data provided via forms on our website is protected using encryption for transfer to our server.

When do we disclose your personal data?

We work on the basis of not disclosing your personal data to third parties unless necessary to fulfil our contractual or legal obligations. Recipients who may receive access to your personal data are suppliers of IT, shipping, credit data, payment and marketing services.

We do not sell your personal data or allow any third party to use your data for other reasons, for their own purposes.

Transfer to countries outside the EU/EEA

Generally, we only process personal data within the EU/EEA. However, in certain situations personal data may be transferred to suppliers or subcontractors in countries outside the EU/EEA. This applies primarily in relation to fulfilment of orders originating from countries outside the EU/EEA.

Cookies etc.

We use cookies to develop our website and to ensure that it is easy to use. You can read more about how we use cookies in our Cookie Policy.

Your rights concerning personal data

You have the right to, by request, have access to your personal data, have your personal data rectified or deleted without undue delay, and to have the processing of your personal data restricted. You also have the right to have the personal data you have provided us with transferred to another party. Finally, you have the right to request that your personal data is not used for direct marketing.