This document implement SunRoof International Holding AB’s (hereinafter “Administrator”, “we”, “us” etc.) and any of its affiliated companies' information policy towards users of the platform called ‘My SunRoof’, a platform for clients to track their projects and communicate with the Administrator (hereinafter referred to as the "System"). This Privacy Policy target the processing and protection of the user’s personal data within the System. We attach great importance to the protection, collection, processing, and use of your personal data in accordance with applicable laws.
The Administrator makes every effort to keep the information concerning you private. Accordingly, in this policy you can read more about how we collect, process and use information about the you as a user of the System. Please read the document carefully to understand our privacy policy and how we use your personal information.
1.1 Sunroof International Holding AB, org.nr 559251-2783 is the administrator of the System and therefore the data controller which is responsible for the processing of your personal data.
1.2 We have our registered address at Svarvargatan 6, 462 56 Vänersborg. If you have questions or want to get in contact with us, please contact us by sending us an e-mail to my@sunroof.se.
2.1 The Administrator processes the personal data you provide for the purposes necessary to:
a. Provide the different functions of the System and the proper operation of the System,
b. Contact through the System or by other means, communication, including in matters of
sending commercial information, use of contact tools if introduced,
c. Conclusion and performance of the contract, including contracts for electronically
provided services,
d. Implementation of System activities,
e. Your exercise of the opportunity to cooperate with the Administrator or your taking
advantage of opportunities to cooperate with entities that cooperate with the
Administrator or the services of those entities,
f. For marketing and analytical purposes, including the transmission of information
(including commercial information) that the Administrator believes may be of interest to
you, including information about products, services, promotions.
3.1 For the above purposes, the Administrator stores your personal data such as:
• Name
• Address
• E-mail
• Login credentials
• Language preferences
• Data concerning your contract and project
• Content of text messages created by you in the System
• Pictures, videos, voice messages or other content uploaded by you.
3.2 When entering into a contract, the provision of personal data is necessary for the performance of the contract, which also applies to the contract for the provision of electronic services, setting up an account, use of contact forms, etc. Collection of certain data displayed above is thus necessary in order to give you access to the System and the functions therein. In turn, such access and functions are part of the contract between the Administrator and the user.
3.3 If the processing is optional, the data will be processed on the basis of consent that you explicitly have given us in the System. We would like to emphasize that if you have consented to a certain processing of personal data, you have the right to withdraw such consent at any time by contacting us.
3.4 Data may also be processed on the basis of the legitimate interest of the Administrator. This means that the Administrators interests in processing certain personal data about you is weighted against your interest of data protection and privacy rights. We are processing personal based on legitimate interests when we are sending you newsletters and other type of direct marketing.
3.5 With respect to your personal data, the Administrator does not make automated decisions, decisions resulting from automated processing, including profiling within the meaning of the GDPR regulation.
3.6 The Administrator shall retain your personal data only for the period necessary for the performance of the contract, including the assertion of claims and compliance with the requirements of applicable laws, including tax laws, as well as for the time necessary for the other purposes of processing indicated in this Privacy Policy. If you ask us to delete your user account, data related to your account (such as e-mail, login credentials etc.) will be deleted if data retention is not necessary under applicable law. Your data may be kept according to our general terms agreed at the time of purchase if the Administrator still have reason to process such data about you.
3.7 In the case of personal data processed on the basis of your consent, the Administrator will keep the personal data you provide for the period necessary for the purpose of processing or until you withdraw your consent. After these periods, your personal data will be deleted.
4.1 You have the right to obtain from the Administrator confirmation as to whether it processes your personal data, the right to request access to such data, and the right to obtain from the Administrator information regarding the purposes of processing and the categories of personal data processed, information on the recipients or categories of recipients to whom the personal data are disclosed, the intended period of storage of the personal data, the source of the data in case it was collected not from the data subject, and information on whether the Administrator makes automated decisions with respect to the data subject, including, but not limited to, on the basis of profiling. You also have the right to obtain a copy of the data.
4.2 In addition, you have the right to request rectification of personal data, the right to request erasure of personal data, the right to request restriction of processing, the right to data portability, and the right to object to processing. You may exercise these rights:
4.2.1 Regarding the request for data rectification: when your data is incorrect or incomplete;
4.2.2 With regard to a request for erasure: when your data are no longer necessary for the purposes for which they were collected by the Administrator; you withdraw your consent to the processing of your data; you object to the processing of your data; your data are being processed unlawfully; your data should be erased in order to comply with a legal obligation, or your data were collected in connection with the offering of information society services;
4.2.3 With regard to a request for restriction of data processing: when your data is incorrect - you may request restriction of processing for a period allowing the Administrator to verify the correctness of the data; processing of your data is being carried out unlawfully, but you do not want it to be deleted; your data will no longer be needed by the Administrator, but will be needed by you to establish, assert or defend claims; or you have lodged an objection to data processing - until it is determined whether the legitimate grounds on the part of the Administrator override the grounds for the objection;
4.2.4 Regarding the request for data portability: when the processing of your data takes place on the basis of a contract or the consent you have given, and when this processing is carried out by automated means;
4.2.5 With regard to the right to object: when the processing of your personal data is carried out on the basis of a legitimate interest and the objection is justified on the grounds of your particular situation, and also when your personal data is processed for direct marketing purposes, including profiling.
4.3 You also have the right to lodge a complaint to a supervisory authority if you consider that the processing of personal data concerning you violates the provisions of the GDPR regulation. At the end of this Privacy Policy you will find what supervisory authority is handling complaints which depends in what country you reside in.
4.4 The security procedures implemented mean that we may ask for proof of identity before exercising your rights.
5.1 In cases where data processing is optional, e.g. if the Administrator processes personal data that is not necessary for the performance of a service or contract, the provision of such data by you always occurs voluntarily, after you have given your consent to the processing of the data provided. Consent may also include the transfer of your data by the Administrator to other entities.
5.2 When we collect your consent, we also provide you with this Privacy Policy. In this case, you consent to the Administrator's collection and processing of the personal data you have provided for the purpose expressly indicated when you give your consent, in the manner specified within the consent, e.g. afterby checking the appropriate box.
5.3 You may withdraw your consent at any time, in particular by sending a statement of withdrawal of consent to the Administrator according to the contact information above in this Privacy Policy.
5.4 Withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal.
6.1 The Administrator may also make partial use of third-party service providers who process personal data on behalf of the Administrator, such as hosting providers, email service providers, entities that technically implement certain services, platform administrators - for example, Systems that handle payments, provide server maintenance, provide technical maintenance of the System, or other entities with which the Administrator cooperates in this regard. However, the transfer of data may only be for the purpose of performing their service.
6.2 We will only contract entities that provide sufficient guarantees for the data protection and that ensure the rights of data subjects. If the entities in question are not independent data controllers or do not operate under authorizations within the Administrator's structure, the processing of personal data by these entities is carried out on the basis of written agreements concluded with the Administrator. These entities follow the Administrator's guidelines and are subject to audits conducted by the Administrator.
6.3 The recipients of your data will be:
a) the Administrator's contractors and their subcontractors, insofar as your data will be necessary for the performance of the contract or other cooperation linking the Administrator with the above entities. In the absence of such need, the Administrator's contractors will not be recipients of the data;
b) entities cooperating with the Administrator for the purpose of performing a contract or cooperation, fulfilling legal obligations or other purposes for which the Administrator may process your data, such as companies providing hosting services, accounting services, auditors, legal advisors, etc.
c) bodies entitled to receive data under the law;
6.4 Your data as a rule will not be transferred outside the EEA. However, exceptionally, in connection with the Administrator's use of the services of certain entities, data may be transferred outside the EEA, but only with the guarantee of ensuring an adequate degree of protection, e.g. resulting from the standard contractual clauses approved by the European Commission.
6.5 The Service may work in conjunction with social network sharing features and other related tools that will allow the user to share information about activities on the Service with other applications, sites or media, and vice versa. Your use of these features allows you to share information with friends or the general public, depending on the settings you have applied on the social network. For information on the use of the data you provide or share through them, please refer to the privacy policies of these social networks.
6.6 By providing data for registration and creating a Profile, the User agrees to create a search result based on them with certain parameters. They are used to analyze User behavior, collect data about Users in order to personalize the content of the website. In this regard, they are also used to personalize advertising and related links, message content and other information related to the use of services. These data are collected automatically. They form the basis for research and analysis aimed at preserving and improving the level of protection, improving the services provided so far and developing new services.
7.1 We provide appropriate technical and organizational measures to ensure the security of personal data provided electronically and in writing, in particular to prevent access to them by third parties or their processing in violation of the law, to prevent data loss, damage or destruction.
8.1 The Administrator has the rights at any time to change this Privacy Policy, by posting an amended version of this document in the System. The Administrator also has full right to make changes to the System at any time, to discontinue providing the System, to sell the System to third parties.
8.2 The supervisory authority where you as a data subject can file complaints about wrongful processing of personal data is in Sweden: Integritetsskyddsmyndigheten and their contact information can be found here: https://www.imy.se/
8.3 The supervisory authority where you as a data subject can file complaints about wrongful processing of personal data is in Poland: Urząd Ochrony Danych Osobowych and their contact information can be found here: https://www.uodo.gov.pl/pl
8.4 The supervisory authority where you as a data subject can file complaints about wrongful processing of personal data is in Gemany: Datenschutz-Grundverordnung and their contact information can be found here: https://gdprinfo.eu/de