Privacy Policy

IST Group

This Privacy Policy was updated 2018-10-26.

Index

1. Background
2. Definitions
3. Data controllers and scope
4. Why and when do we Process your Personal Data?
5. What Personal Data is Processed on what legal ground?
6. Social media platforms
7. Children’s Personal Data
8. Cookies
9. How long is your Personal Data stored?
10. Your rights
11. Consent to the Processing of Personal Data
12. To whom do we transfer your Personal Data?
13. How do we protect your Personal Data?
14. Supervision and compliance
15. Third parties’ terms and conditions
16. Changes to the Privacy Policy
17. How do you contact us?

1. Background

Your privacy is important to us. This policy (“Privacy Policy") has been designed to make you aware of how the IST Group (“IST", “we", “us") Process your Personal Data in a legal, appropriate and safe manner when you require or use our Service, visit our Website or otherwise come into contact with us via social media platforms or e-mail.

The Privacy Policy explains when, how, and why we collect, use, distribute and store your personal data and what rights you have according to the rules in the EU’s General Data Protection Regulation (EU) 2916/679 with associated statutes of implementation and supplementary statutes on data protection (the “Data Protection Rules").

2. Definitions

In this Privacy Policy, the term "personal data" includes any information that can be attributable to an identified or identifiable natural person, such as e.g. name, address, date of birth, e-mail address, phone number, photo, and IP-address (“Personal Data").

This Privacy Policy describes how we Process your Personal Data. The term "processing" includes e.g. our registering, storing, compiling, transmitting, erasing and in other ways using your Personal Data in such a manner as is described in this Privacy Policy (“Processing").
In this Privacy Policy the definition (“Service" or “Services") is used for all services provided by IST in connection with ordering, downloading, purchases in, registration and use of the applications stated below in Section 5.

In this Privacy Policy the definition (“Private User") is used to describe a private person using the Service for private purposes.

3. Data controllers and scope

IST Group AB, Reg. No 556254-0806, Ingelstadsvägen 9, SE-352 34 Växjö, Sweden, is the data controller for the Processing of Personal Data that occurs in accordance with this Privacy Policy.

IST is the data controller for the Processing of Personal Data that you as a user provide to IST in connection with the registration of your account within the scope of the Service.

Regarding such material that users who are provided the Service through a municipality, school, preschool or another organisation (“Organisation") upload, save, or share within the scope of the Service(s), the Organisation is the data controller for the Processing of Personal Data that occurs. IST is in such cases acting as a data processor for the Organisation and Processes the Personal Data in according to the Organisation’s instructions in accordance with separate data processing agreement with the Organisation.

Regarding such information that a Private User uploads, saves, shares or otherwise processes within the scope of the Service and that is encompassed by the Private User’s private sphere, IST is not the data controller as this is only for private use and IST neither requires nor has a purpose with such information.

4. Why and when do we Process your Personal Data?

IST Processes Personal Data for specific purposes. The Processing occurs in order for IST to be able to:
(i) provide the Service;
(ii) enable general customer relationship management (quality management, statistics, market- and customer analysis, as well as business- and methodological development), support and customer service, e.g. when you contact us via social media platforms, e-mail, phone or https://home.ist.com/ (the “Website") or in connection to use of the Service;
(iii) inform about the Service and IST inter alia through publishing of customer references;
(iv) leave information about events, updates, discounts and offers, as well as send out newsletters and information via social media platforms or e-mail regarding the Service and IST;
(v) prevent fraud and perform risk management; and
(vi) comply with applicable legislation.

We only collect such Personal Data that is necessary for the purposes described in this Privacy Policy. What Personal Data we collect about you depends inter alia on which of our Services you required, use or bought and how you interact with us.

When you are asked to provide us with Personal Data, you may choose not to do so. If you choose not to provide information necessary to obtain access to the Service, this may lead to us not being able to provide the Service and in such case you will be informed of this.

Further, we Process Personal Data through the use of cookies (small text files that are stored on your unit) on our Website. This is done so that our Website and our online services can function as well as possible and provide you with a pleasant customer experience. Read more on our use of cookies under Section 8.

5. What Personal Data is Processed on what legal ground?

The following Personal Data is Processed by us for the purposes stated in Section 4:

The app “Hit & Dit" (Eng. “Here & There")
(i) first and last name;
(ii) phone number;
(iii) e-mail address;
(iv) password;
(v) photo; and
(vi) information that you as a user upload, e.g. activities, tours that include time, place, and information about driver and passengers, as well as invites.
In connection with you using the Service “Hit & Dit" IST processes the above-mentioned Personal Data. The Processing of your Personal Data is necessary in order for IST to provide you with the Service and fulfil the agreement which has been entered into with you as a Private User.

The App “Syssla" (Eng. “Chore")
(i) first and last name:
(ii) phone number;
(iii) e-mail address;
(iv) password;
(v) photo; and
(vi) information and metadata which is made available when you as a user upload information about who is to perform a chore, when the chore starts, when the chore is completed, what reward system is being used as well as invites.

In connection with you using the Service “Syssla" IST processes the above-mentioned Personal Data. The Processing of your Personal Data is necessary in order for IST to provide you with the Service and fulfil the agreement which has been entered into with you as a Private User.

Support and customer service
(i) first and last name;
(ii) phone number;
(iii) e-mail address;
(iv) IP-address and other information on how you interact with the Website and the Service;
(v) customer references; and
(vi) correspondence with you.

The Personal Data is Processed with the purpose of providing the Service and thereby fulfil the agreement which has been entered into with you as a Private User. The Processing also occurs in order to cater to our legitimate interest of handling customer service and customer relationship management, as well as develop the Service and communicate with you in an efficient manner. What Personal Data we Process for this purpose depends on how you interact with us as well as what Personal Data you provide to us in this context.
Newsletters and other information about the Service
(i) first and last name; and
(ii) e-mail address.

Personal Data is Processed for dispatches of invites for different types of events, upon providing offers or other information that we consider to be relevant for you as a Private User or contact person within an Organisation. This Processing is based on our legitimate interest of being able to provide those who have relationship with us with relevant information. For this Processing we have conducted a balancing of interests where we have, inter alia, considered that the Processing does not include any sensitive Personal Data and that we have a legitimate interest in being able to provide information about our Services to you in an efficient manner.

We may also come to Process your e-mail address after receiving your consent. This happens, e.g, when you subscribe to our newsletter via our Website or upon signing up for an event.

Your Personal Data is also in certain situations Processed in order for us to comply with legal obligations according to applicable legislation, court rulings, or decisions taken by the authorities. Such obligations may e.g. follow from the Accounting Act (1999:1078).

6. Social media platforms

We use Facebook, Instagram and YouTube as platforms in order to come into contact with our customers and other business partners, as well as to market and inform about our business. In connection with this, we are the data controller for publications and information on the social media platforms that contain Personal Data and are provided by you as a user in the form of e.g. comments, photos and video clips. We do not in any way accept any offensive material being published or made available on our social media platforms. We ask our users to report unfit content to us in order for us to be able to ensure that no such content exists on our social media platforms. We may also, based on what we deem necessary, remove content from our social media platforms.

7. Children’s Personal Data

The Services can be used by children. In connection with this IST will Process Personal Data relating to children (ages 0-18). It is however the adult Private User or Organisation that creates the account and enters into the agreement with IST. Children can thereafter be offered to use the Service from them. Thereby any Processing of children’s Personal Data will have been preceded by a guardian’s consent to IST Processing a child’s Personal Data.

8. Cookies

We use cookies on our Website. More information on how we treat cookies and similar tracking technology can be found in our Cookie Policy.

9. How long is your Personal Data stored?

Your Personal Data is stored only for as long as there is a need to store it in order to fulfil the purposes for which the Personal Data was collected in accordance with this Privacy Policy. We Process your Personal Data as long as you use the Service or as long as you have a relationship with us.

Incessant logs and error logs are stored for 90 days.

If your account has been inactive for over a year, we will contact you via e-mail with an inquiry regarding deleting the account. If the inquiry is not replied to, we will send two additional inquiries before the account is automatically deleted after two years’ inactivity.

If you have given consent to the Processing of your Personal Data, we Process your Personal Data for the specific purpose, until you withdraw your consent. You can withdraw your consent at any time by (i) contacting us, or (ii) if the consent regards receiving our newsletter or other mailshots, following the link in the mailshot.

In order to enable IST’s compliance with the legal obligations stemming from applicable legislation or in order to safeguard our legal interests we may store your Personal Data for a longer period of time. The Personal Data is however never stored for longer than is necessary or statutory for each purpose respectively.

10. Your rights

You have a right to receive information regarding the Processing of your Personal Data we carry out. Below you find a statement of the rights you can claim by contacting us. Contact information can be found at the very end of this Privacy Policy.

Right to access
You have a right to, free of charge, request information regarding our Processing of your Personal Data. You also have a right to receive a copy of your Personal Data that we Process. Such a request shall be submitted to us in writing with a clarification regarding what information you wish to receive and shall include information regarding your name, your date of birth and be signed by you. We will respond to your request as swiftly as possible. If we cannot grant you access to the information your request concerns, we will provide a reason as to why. The copy of your Personal Data will be sent to your registered address unless otherwise is agreed with you in writing. In order to ensure the right person will be receiving the Personal Data we may come to request additional information from you.

Right to rectification
The main responsibility to ensure that the Personal Data we Process is correct lies with IST as data controller. If you inform us that the Personal Data you have provided us with is no longer correct, we will promptly correct, block or erase such Personal Data.

Right to erasure
You have the right to request that IST, without unnecessary delays, erases your Personal Data. Personal Data shall be erased in the following cases:
(i) if the Personal Data is no longer necessary for the purposes for which it was collected;
(ii) if you withdraw your consent and the Processing was based solely on your consent;
(iii) if Processing is carried out for purposes of direct marketing and you oppose your Personal Data being used for such purposes;
(iv) if you oppose the Processing of Personal Data after a balancing of interests has been carried out and your interest outweighs ours;
(v) if your Personal Data has not been Processed in accordance with the Data Protection Rules; or
(vi) if erasure is necessary in order to comply with a legal obligation.
There may be obligations that hinder us from immediately erasing all your Personal Data. These obligations stem from applicable legislation regarding e.g. accounting. If certain Personal Data cannot be erased due to applicable legislation we will inform you of this as well as ensure that the Personal Data will be used solely for the purpose of complying with such legal obligations and not for any other purposes.

Right to restriction
You have a right to request that IST temporarily restricts the Processing of your Personal Data. Such a restriction can be requested in the following cases:
(i) if you consider the Personal Data we have about you to be incorrect and in connection with this have requested rectification;
(ii) when the Processing of your Personal Data that is carried out is not compliant with the Data Protection Rules, but you still do not want your Personal Data to be erased but rather restricted; and
(iii) when we no longer need your Personal Data for the purposes of our Processing but you need it in order to establish, exert, or defend a legal claim.
If you have objected against the Processing of your Personal Data the use of your Personal Data may be restricted during the time of the investigation. Upon the restriction of your Personal Data IST will only store your Personal Data and for further Processing obtain your consent.

Right to data portability
You have a right to, in the cases where we Process your Personal Data with your consent or in order to fulfil contractual obligations toward you, require that we provide you with all Personal Data we have about you and that is Processed in an automated manner, in a machine-readable format, which may be e.g. an Excel-file or a CSV-file. If it is technically possible you further have the right to require that we transfer your Personal Data to another data controller.

Right to object
You have a right to object to our Processing of your Personal Data if the Processing is based on our legitimate interest. IST will in such a case ask you to specify which Processing you object to. If you object to any Processing we will only continue our Processing of the Personal Data if we have legitimate interests for Processing that outweigh your interests. We will always inform you about our decision.

11. Consent to the Processing of Personal Data

If you have consented to the Processing of your Personal Data you are free to decide if and when your wish to withdraw your consent to the Processing of your Personal Data. You can do this by (i) contacting us, or (ii) following the link in the mailshot if the consent regards receiving mailshots with marketing information and other information.

12. To whom do we transfer your Personal Data?

In order to provide some of our services we appoint select third parties. This entails that we share some of the Personal Data we have collected e.g. with suppliers of IT-services or print and distribution. IST may also share Personal Data with companies within the IST company group. In connection with such sharing or transferring of your Personal Data IST takes organisational and technical measures in order to ensure that your Personal Data is handled in a safe and secure a manner. These select third parties will only Process your Personal Data in manners that follow from this Privacy Policy and in order to fulfil one or more of the purposes that are listed in this Privacy Policy. In cases where these suppliers are data processors for IST, we are responsible towards you for ensuring that these third parties Process your Personal Data in a correct and legal manner. In such cases we also have agreement in place with the suppliers regarding safety and instructions for the Processing of Personal Data in accordance with the Data Protection Rules.

IST may transfer your Personal Data to countries outside the EU/EES, if any of our group companies, suppliers or business partners are located there. If Personal Data is transferred to a country outside the EU/EES, IST will take measures to ensure that the Personal Data will remain protected as well as take the measures needed in order to transfer Personal Data to a country outside the EU/EES in a legal manner.

We will disclose your Personal Data if it is required by law, authority decision, or court ruling, or if we, as a company, reasonably deem the disclosure to be necessary in order to protect IST’s rights.

IST will not sell your Personal Data to a third party unless we have previously obtained your consent. However, we may, in the case that IST decides to divide, sell, buy, merge with another company or organisation, or in any other way reorganise the business, transfer your Personal Data to potential or actual buyers and their potential advisors.

13. How do we protect your Personal Data?

In order to protect your personal integrity, discover, prevent and limit the risks of a hacking attack etc., IST takes several technical and organisational safety measures. IST also takes measures in order to protect your Personal Information against unauthorised access, misuse, reveals, changes and damages. IST ensures that access to your Personal Information is only granted to employees who need it in order to fulfil their work assignments, and that they abide by confidentiality.

14. Supervision and compliance

If you are dissatisfied with how your Personal Data has been Processed or believe that your Personal Data has been Processed contrary to the Data Protection Rules you can at first-hand contact us in accordance with the information below. You can also turn to the supervisory authority in the Member State where you have your place of residence, your workplace, or where the alleged breach has been conducted, and file a complaint. In Sweden the current supervisory authority is Datainspektionen. For more information, visit datainspektionen.se.

IST annually reviews this Privacy Policy.

15. Third parties’ terms and conditions

IST’s service may in some cases be subject to third parties’ terms and conditions. IST is not responsible for such third parties’ use of your Personal Data as they themselves are data controllers and responsible for the Processing of your Personal Data. Therefore, it is important that you observe and read through the terms and conditions of such third parties. This applies e.g. if there is a link on our Website to other websites.

16. Changes to the Privacy Policy

We reserve the right to change this Privacy Policy when we deem it to be necessary. Such changes are especially warranted upon potential changes in legislation, due to guidance statements or recommendations from the supervisory authority or other authorities issuing statements pertaining to the Data Protection Rules. Further, this Privacy Policy will be updated when it is necessary due to changes in our business or regarding our Services.

If IST makes material changes to this Privacy Policy or changes concerning how we Process your Personal Data, you will be informed of this before such a change becomes applicable.

17. How do you contact us?

If you have questions pertaining to this Privacy Policy or the current Processing of your Personal Data, wish to file a request in accordance with the Privacy Policy or whish to report a violation of this Privacy Policy etc., you are welcome to contact us via e-mail or mail according to the information below.

IST Group AB
Data Protection Officer
Ingelstadvägen 9
352 34 Växjö
Send mail