/Privacy Policy
Privacy Policy2018-07-17T11:32:34+00:00

Privacy Policy

Pagero’s data privacy policy

Data protection laws and regulations aim to protect the privacy and integrity of individuals (data subjects) when organisations process their personal data. Pagero processes personal data on behalf of its customers,but is also processing personal data in relation to employees, job applicants and business contacts in the course of Pagero’s daily operations.

In order to protect the privacy and integrity of data subjects, Pagero works continuously to ensure that personal data are processed in a lawful and secure manner. These efforts are the collective responsibility of everyone at Pagero who has access to personal data in their work role.

As used in this privacy policy, “Pagero”, “us” and “we” refer to Pagero as a group, including Pagero AB (the parent company) and any of its affiliates that may process personal data. Pagero AB is a company registered in Sweden with company registration number 556581-4695, of Västra Hamngatan 1, SE-411 17 Gothenburg, Sweden. Each affiliate within Pagero is a separate legal entity but follows the same principles and standards for the protection of personal data. Contact details to each affiliate can be found on our website, www.pagero.com

Why this policy exists

This privacy policy explains why and how we collect and use personal data relating to business contacts, visitors on webpages and customer data, and provides information about the rights of data subjects in relation to their personal data. This privacy policy ensures that we:

  • Comply with data protection laws and regulations and employ good practice
  • Protect the rights of business contacts, employees, job applicants and prospective customers
  • Are open about how we store and process personal data

The basic principles for our processing of personal data

To ensure the privacy and integrity of data subjects, our processing shall abide by the following principles:

  • Lawfulness, fairness and transparency – We only process personal information in a lawful, fair and transparent manner in relation to the individual to whom the data concerns and ensure that the personal data processed are accurate and, where necessary, updated.
  • Purpose limitation – We only process data gathered for specific, explicit and legitimate purposes.
  • Data minimisation – We only process personal data required for the actual purpose of the processing
  • Storage limitation – We do not store personal data for longer than is necessary to fulfil the stated purpose or to comply with legal requirements.
  • Privacy and confidentiality – We implement technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, dissemination and other prohibited processing.

Use of personal data

Products and services

We use personal data to:

  • Provide our services
  • Administer, manage and develop our businesses and services, which includes managing our relationships with customers and prospective customers
  • Develop our businesses and services
  • Administer and manage IT systems, websites and applications

The categories of personal data processed by us on behalf of our customers in accordance with our agreement:

  • Data provided by Customer to us as a part of Customer’s use of the service (e.g invoices and other business documents, including customer employee contact information and other invoice data)

The categories of personal data typically processed by us in relation to the services we provide are, based on our legitimate interest:

  • Contact details for customer representatives (e.g. e-mail address, contact number)
  • Service desk enquiries (e.g name, issue, error logs and support requests)

The categories of personal data processed by us in relation to our websites based on our legitimate interest are:

  • IP-address
  • Information collected though cookies (e.g technical information such as browser type, session time, error codes)
  • Information that you provide to us through web forms (e.g contact information, information for participation in an event)

Marketing

We use personal data based on our legitimate interest for our direct marketing purposes that we collect:

  • Directly from the individual through meetings, web forms or cookies
  • From the data subject’s employer or from referrals from one of our customers or someone other than the data subject

The categories of personal data processed by us for marketing purposes are:

  • Contact details to representatives of potential customers (Name, title, email, phone)
  • IP-addresses collected though cookies for ad campaigns

In all our marketing activities, we offer the option to not receive direct marketing communications from us or to not receive any further marketing communications at all.

How long are personal data retained?

We do not retain personal data longer than necessary with regard to the purpose of the processing, unless the data must or may be retained for a longer period of time by law.

Personal data processed on behalf of our customers:
Such personal data is kept in accordance with our customers instructions and our agreement with them, including personal data relating to support enquiries.

Personal data relating to potential or current customer representatives:
Customer representatives contact information is kept for the duration of our agreement with the customer or until that specific individual no longer represents our customer. Information relating to representatives of potential customers is kept no longer than 1 year after the collection was made, unless the potential customer is or is in the process of becoming a customer. Pagero will however always delete information relation to a representative of a potential customer per that individuals request.

Personal data collected through websites etc:
Personal data collected through web forms are kept no longer than for the purposes they were collected, e.g responding to questions, managing event participations etc. Personal data collected through cookies are kept in accordance with our cookie section.

Transfer of personal data

Transfer within Pagero Group

We may share personal data with other companies within Pagero Group where necessary in connection with the purposes described in this privacy policy. For example, when providing services to a customer we may share personal data within Pagero Group in different territories that are involved in providing the service. Pagero Group has established an intra group data transfer agreement to ensure that personal data is processed fairly and lawfully in each Pagero subsidiary. Please also see the section “transfers outside the EEA” for more information on intra-group transfers to group companies outside of EU.

Third parties

We may transfer or disclose the personal data that we collect to third-party contractors, subcontractors, and/or their subsidiaries and affiliates who may be supporting us in providing services to our customers.

We may also disclose personal data to professional advisers to establish, exercise or defend our legal rights and to obtain advice in connection with running our business or when explicitly requested by our customers.

Such third parties may engage additional parties in the processing of personal data. We only engage with third parties that are bound to maintain the appropriate levels of security and confidentiality, to process personal data only as instructed by us and to implement the same obligations downstream to their third parties.

Finally, we may also disclose personal data to law enforcement, regulatory or other government agencies if required under applicable laws or regulations.

Transfer to countries outside the European Economic Area (EEA)

Personal data may be transferred to and stored in countries other than the country in which our customers are located. This includes countries outside the European Economic Area (EEA) and countries that do not have laws providing specific protection for personal data. We only transfer personal data on behalf of our customers when we have been instructed to do so in accordance with our agreements.

Where we collect personal data within the EEA, transfer outside the EEA will only take place:

  • To a recipient located in a country that provides an adequate level of protection for your personal information; and/or
  • Under an agreement that satisfies EU requirements for the transfer of personal data outside the EEA, such as standard contractual clauses approved by the European Commission or the Privacy Shield framework.
  • Pagero Inc. participates in and has certified its compliance with the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield Framework set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal information transferred from the European Union and Switzerland to the United States. Pagero Inc. adheres to the Privacy Shield Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement for personal data. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield Principles and to assess our certifications, please visit the Privacy Shield website(https://www.privacyshield.gov).

Onward transfers under the Privacy Shield Framework
Where we transfer personal data that Pagero Inc has received under the Privacy Shield framework, we remain responsible and liable for that personal data if we were to transfer it to a third party acting as an agent on our behalf, unless we can prove that we were not responsible for the events giving rise to the damage.

Security

We have implemented multiple physical and cyber security measures in order to protect our and our customer’s information (including personal data). This involves detecting, investigating and resolving security threats.
Each year, we subject ourselves to a security evaluation performed by an independent auditor in order to ensure and document that our systems maintain a satisfactory level of security and that we work continuously with security processes in our day-to-day operations. If you would like to know more how we work with security, please visit pagero.com/why-pagero/information-security.

Cookies

A cookie is a small text file that a website asks to store on the visitor’s device and contains a certain amount of information and a time stamp. The web browser saves the information on the device and returns the information in the cookie to the visited website each time the browser requests pages/pictures from the website.

Cookies are used in our services to improve the user experience and to optimise the website and mobile applications. There are two kinds of cookie:

  • The first kind, which is commonly referred to as a permanent cookie, saves a file that remains on the visitor’s device. This is used, for example, to be able to adapt a website to the visitor’s preferences and choices such as language settings etc, as well as for producing statistics.
  • The second kind, which is called a session cookie, is stored temporarily in the memory of the visitor’s device during the time they visit a website. Session cookies are deleted when you close your web browser.

We use both session and permanent cookies to track the number of visitors on our sites, which pages are most frequented and to find and assess technical issues. We use Google Analytics, and you can read more about how Google Analytics processes cookie data and how you can manage your cookie settings at: https://policies.google.com/privacy/partners

If you do not agree to the use of cookies, you can disable cookies in your web browser’s security settings. You can also set your web browser to provide a warning each time a website attempts to store a cookie on your device. You can even delete previously stored cookies from within your browser settings.

See the web browser’s help pages for more information about how to check which cookies are stored in your browser, how to remove them and even how to change the settings for accepting cookies.

Legal rights of data subjects

Where we act as data controller, data subjects have the right to request information about which of their personal data we process. Data subjects are also entitled to request that incorrect or incomplete personal data be corrected or deleted. Further to this, data subjects are entitled to object to certain processing of personal data and to request the restriction of such processing, and also have a right to opt-out from onward transfers and uses outside the original purposes from which they were originally collected under the Privacy Shield framework. Finally, data subjects have the right to request their provided personal data in a machine-readable format that can be transferred to another controller. Data subjects also have a right to issue complaints to a supervisory authority relating to Pagero’s processing of their personal data, please see the section “complaints and dispute resolution” below for more information.

Note that the abovementioned rights may be limited due to confidentiality or other mandatory rules and regulations.

Where we act as data processor, including transfers of personal data under the Privacy Shield Framework, data subjects should in the first instance contact the data controller. Any direct communications from data subjects will be forwarded to the data controller, unless otherwise prescribed by mandatory rules and regulations. This also applies to the right to opt-out from onward transfers and uses outside the original purposes from which they were originally collected under the privacy shield framework.

For questions or complaints about how we process personal data, or requests to exercise your legal rights, please contact us by e-mail at dpo@pagero.com or by letter at the above address.

Complaints and dispute resolution

Pagero will investigate and attempt to resolve complaints and disputes regarding our use and disclosure of personal information. Any questions or complaints should first be sent to our Data Protection Officer dpo@pagero.com. Complaints that cannot be solved between you and the Pagero can be referred to a relevant Data Protection Authority, and Pagero will work with relevant Data Protection Authority to resolve such matter. You can find contact information to your relevant Data Protection Authority by following this link: https://edpb.europa.eu/about-edpb/board/members_en. Complaints relating to transfers of an EU resident’s personal data under the Privacy Shield Framework shall also be referred to the Data Protection Authorities. A Swiss resident whose complaint has not been satisfactorily addressed may contact the Federal Data Protection and Information Commissioner (FDPIC) of Switzerland using the information provided on their website. Pagero Inc is also subject to the investigatory and enforcement powers of the United States Federal Trade Commission.

A binding arbitration option is also available as a possibility to resolve complaints relating to our transfers of personal data in accordance with the Privacy Shield Framework, more information can be found here: https://www.privacyshield.gov/article?id=ANNEX-I-introduction

Other important information

Dette website benytter sig af cookies og tredjeparts-tjenester til at analysere trafik i overenstemmelse med vores privatlivspolitik. Du kan når som helst ændre dine indstillinger for cookies ved at følge instruktionerne i vores privatlivspolitik. OK