This information is our Privacy Notice. It explains what we do with your personal information, why we want to use it, how we protect it, and what rights you have to control our use of your personal data.
The most important fact is that it’s your personal data. We have complete respect for your rights, and we will only use it where necessary to deliver our services, or to keep you up to date about developments.
Information about Data Controller
The data controller is Sofies SA and its affiliated subsidiaries (hereinafter together referred to as Sofies).
If you want to contact us about any of the points on this notice, or just generally about how we protect your privacy, please email us at firstname.lastname@example.org.
We use this email address for all data protection and data access matters.
The purpose and lawful basis for processing your personal data
We use information for a few different purposes and these each have a different lawful basis. This section describes these in detail and, although it’s technical, we’re required by law to explain this to you.
If you are an existing Sofies client, we hold your name and contact details because we have a contractual obligation to deliver services to you. We need your contact details to deliver our services (such as send you update emails when you need to take actions, send you invoices and so on.)
If you are a previous Sofies client, in the six-year period following the end of our contract, we may continue to contact you with information about Sofies’s services because we think you will find it useful. We believe we have a legitimate interest in this activity, but you are always able to unsubscribe by emailing us at email@example.com.
If you are a supplier or other business associated with Sofies’s field of work, we will hold your contact details because we have a legitimate interest in doing business with your company. We will aim to hold this information for three years since we were last in contact with you.
If you visit our website or other social media
We use Google Analytics on our website, LinkedinInsights on our Linkedin account and TwitterAnalytics on our Twitter account to track user activity on our site, so we can improve our service. We may record your computer’s IP address so we can tell how each user and repeat visitor is using our site (your IP address is also a piece of your personal data). We have a legitimate interest in tracking user journeys on the site so that we can improve our service. We will hold IP information for a maximum of three years from the time of your last visit to our site or application.
If you’re not an existing client we may have your contact details on our marketing list so we can send you emails and newsletters about our service, along with information we think you’ll find interesting and useful. We will only send you this information if we have your consent (which you gave to us by ticking a consent box when you signed up to our lists.) You may withdraw consent at any time – usually this is easiest by choosing the “unsubscribe” option at the bottom of information we send to you. You can also email us at firstname.lastname@example.org any time. Please note that if you do this, we will delete your records on our marketing list.
If you remain on our marketing list, we will hold your information for two years from the time we last checked that you wanted to receive communication from us.
If you are an applicant, we hold your contact details and other information to help us make our selection. We will hold this information for a maximum of six months after the vacancy has been filled.
Who we share your data with
We use a number of different service providers (acting as “data processors”) who provide IT and system administration services to enable us to operate our business and the services we provide to our clients and partners. Your personal data is transferred to (and stored by) these data processors, who generally fall under the following categories:
Website analytics service providers
Website and data hosting service providers
Document storage service providers
Email, contacts and calendar service providers
CRM and newsletter distribution service providers
Accounting software service providers
For security reasons (to reduce the risk of phishing attacks to our clients) we do not name all our service providers in this privacy notice. The types of personal data we hold about you (and that may be transferred to our data processors) are set out above. Please contact us at email@example.com.
if you want further information on specific data processors or the types of personal data they process for us.
Other circumstances in which we may share personal data with third parties
We may also share your personal data with the following third parties in certain circumstances:
We will share personal information with law enforcement or other authorities (such as tax authorities) if required by applicable law.
We may share personal information with third parties to whom we may choose to sell, transfer, or merge parts of our organization or our assets. Alternatively, we may seek to acquire other organizations or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
We may share personal information with professional advisors such as lawyers, accountants or auditors in order for them to provide legal, accounting or auditing services to us.
We will not sell or rent your information to third parties and we will never share your information with third parties for marketing purposes other than our own marketing activity.
International transfers of personal data, and the measures in place to safeguard it
Some of our data processors may transfer your personal data outside the European Economic Area (EEA) and this section explains the impact of these international transfers and how your information is protected.
Many of our data processors operate “cloud-based systems”, which means the information is held in information data centers in different locations. All the cloud-based systems we use reserve the right to hold copies of your personal information outside the EEA to hold back-up copies, so they can guarantee recovery.
In each case we and/or our processors use one or more of the following means that are designed to help safeguard your privacy rights and give you remedies in the unlikely event of abuse:
Certain processors may transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
Where personal data is transferred outside the EEA or countries the EC deems to have adequate privacy protection, we use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
- Providers storing data in the US may be self-certified to the EU-US Privacy which requires them to provide similar protection to personal data shared between the Europe and US.
Please contact us at firstname.lastname@example.org if you want further information on the specific mechanisms used by our data processors when transferring your personal data out of the EEA.
Your personal data rights
The personal data we hold about you is your data, so you have certain rights over them. This section summarizes your rights. You can exercise any or all these rights when you choose, and the easiest way is by dropping us an email at email@example.com.
Where we are processing your data based on your consent (e.g. for marketing purposes) you can withdraw that consent and we must immediately stop processing your data.
You have the right to request a copy of all personal data we hold relating to you and we must provide this within 30 days. You also have the right to require us to correct any records that are wrong.
You have the right to require us to erase personal data and we must comply unless we need it for one of the purposes described above. We also retain the right to keep data that is needed to establish, exercise or defend a legal claim.
Where we process your data based on a “legitimate interest” (underlined in the section on Purpose and Lawful Basis, above) you still have the right to object to our processing of that data. From that point, we must stop processing your data until we have determined whether your rights override our interests.
Finally, you may have the right to have your personal data transferred to another organization, and we’re obliged to provide it to you in a clear and reasonable format.
Our contractual requirements to use your personal data
If you’re a Sofies client, it’s a requirement that we collect personal information from you so that we can enter into a contract with your company.
Other purposes for processing personal data
We don’t process your personal data for any other purpose than we’ve described here. We won’t sell your personal data to other companies.
Changes to this privacy notice
This privacy notice was last updated on 25th May 2020. We may change this privacy notice from time to time by amending this page.
How to contact us
If you have any questions, concerns or just want some more information about our privacy management, drop us a line at firstname.lastname@example.org.