This privacy policy applies when CSRM AB (“CSRM “, “we”, “our”, “us”), organization number 559422-0609, Stockholm, processes personal data relating to employees of organizations that use CSRMs services (“you”, “you”, “your”).
CSRM’s processing of personal data complies with the General Data Protection Regulation (EU) 2016/679, (“Data Protection Regulation”).
Our processing of personal data takes place on the basis of an agreement and, for special processing, with your consent.
PURPOSE
We process personal data when this is necessary to perform according to the agreement and must process personal data in order to deliver our services and products. Personal data is used, among other things, for invoicing, information and delivery of products, performance of services and contact with our customers.
If you have chosen to contact us for information about our services via our contact form, we will use your contact details to contact you.
PERSONAL DATA PROCESSED
We will collect the following personal data from when you use our services:
Contact details – for invoice and delivery, e-mail address, telephone number.
Payment information – information to make payments to CSRM, or issue an invoice.
IT data – in order for you to be able to communicate with our systems, we must process data about the device you use (i.e. your computer, smart phone or the like), for example the device’s IP address.
RECEIVERS OF PERSONAL DATA
CSRM’s services in the field of cyber security are advanced and require us to cooperate with and interact with other actors in our field and that we cooperate with our partners and suppliers. CSRM will therefore transfer your personal data and enlist the help of other actors to process your personal data when it is necessary to (i) fulfill the agreement with you, (ii) comply with the law, constitution or decision. The following types of recipients may be relevant:
Partners – CSRM collaborates with leading actors in the cyber security field and may need to share contact details in order to fulfill our commitments in agreements with our customers.
Developers and consultants – CSRM uses developers and consultants from other companies to build CSRM IT infrastructure and further develop our services. Such developers and consultants may need access to contact details of our customers.
Authorities – CSRM may need to disclose information to authorities if we are required to do so by law or if you have requested us to do so. In some cases, CSRM may be prevented by law from telling you that personal data has been requested by an authority.
Notification Services – where CSRM uses services to communicate automatically with confirmations or reminders.
CSRM processes as much of its data as possible within the EU/EEA.
PRESERVATION OF PERSONAL DATA
Personal data is kept for as long as is necessary to fulfill our commitments to our customers.
CSRM is obliged according to the Accounting Act (1999:1978) to keep invoices and accounting documents for seven years. Personal data kept for accounting purposes will only be used for that purpose.
Personal data is deleted when the data is no longer needed.
Once we have deleted personal data, these can no longer be recalled/recreated.
CYBER SECURITY
As a personal data controller, we take appropriate technical and organizational measures to protect the personal data we process.
If your personal data is covered by a security incident that has occurred (so-called “personal data incident”), we may contact you.
COOKIES
Our website uses cookies. Cookies are small text files that are stored on the website visitor’s computer and that make it possible to follow what the visitor does on the website.
We use cookies for www.csrm.se to function and for statistics.
Visitors can also set the browser so that he or she receives a prompt each time the website attempts to place a cookie on the visitor’s computer. Through the browser, previously stored cookies can also be deleted. See your browser’s help pages for more information on this.
The Swedish Post and Telecommunications Agency, which is the supervisory authority in the area, provides further information about cookies on its website ( http://www.pts.se/).
YOUR RIGHTS
You have the right to withdraw consent to a certain treatment free of charge without this affecting the legality of the treatment before the withdrawal.
You have the right to request that the processing be limited to storage and to object to the processing.
You also have the right to request a register extract, in electronic format or on paper. We will compile information about how your personal data is processed and send this to you, normally within a month.
You have the right to request that we correct personal data that you consider to be incorrect and to submit additional personal data.
You have the right to request that we delete your personal data. CSRM will then delete personal data that does not need to be kept to fulfill legal obligations. We will also continue to process personal data in certain other cases, including when personal data must be processed to fulfill an agreement with our customer.
If you want to request a register extract, revoke a consent or correct/delete an item, please contact gdpr@csrm.se