Privacy Policy
VERSION: 1/2024
When using Phygrid’s digital platform, content, apps or other products and services made available from time to time on Phygrid Grid or Phygrid Marketplace (the “Services”), you will provide us with certain personal data. We collect personal data when you create an account for the Services and through secure tracking technologies that collect information about your behaviour and usage of the Services.
This Privacy Policy describes how and why Phygrid process your personal data and also explains your rights as a data subject.
This Privacy Policy will be updated from to time as the Services are developed and improved. We will notify you in the Services or via email in case of significant or substantial changes to the Privacy Policy.
WHO IS RESPONSIBLE FOR YOUR PERSONAL DATA?
Phygrid AB, Swedish reg. no. 556841-1333 (“Phygrid” or “We”), is the data controller for the processing of the personal data described in this Privacy Policy. Please read this policy carefully to receive information on how and why Phygrid collect and process your personal data and what your rights are.
This Privacy Policy is only applicable where Phygrid is the data controller. Please be aware that certain Apps on Phygrid Marketplace/Grid may have another personal data controller (for example your employer), meaning that the privacy policy of such party will apply instead of Phygrid’s Privacy Policy.
Please contact us if you have any questions about our processing, see our contact details below
PERSONAL DATA THAT WE PROCESS AND HOW WE COLLECT THEM
In order to create an account, you will be required to provide certain personal data, such as name, email address and phone number.
Phygrid may also collect personal data about you and your usage of the Services, such as IP address and user behaviour, through cookies or similar tracking technologies (see below).
Your information will be stored securely using advanced technical and organisational security measures implemented by us or by our subcontracts.
OUR PURPOSES, LEGAL GROUND FOR PROCESSING PERSONAL DATA AND RETENTION PERIODS
Why We Process Personal Data | Legal Ground for Processing Personal Data | Retention Periods |
---|---|---|
We process personal data in order to ensure that We provide secure and efficient Services and optimize or improve user experience. | The legal ground for this processing is our legitimate interest to provide the Services in a secure and efficient manner. It would not be possible to provide the Services without the use of actual personal data, i.e. the only way to fulfil this purpose is by using personal data. | We only process personal data for this purpose for as long as you have an active account for the Services, and for a maximum period of 12 months thereafter. |
We process personal data in order to analyze user behavior within the Services, in order to develop our products and Services. | The legal ground for this processing is our legitimate interest to further develop and improve the Services. Such analysis cannot be made without actual personal data, i.e. the only way to fulfil this purpose is by using personal data. | We only process personal data for this purpose for as long as you have an active account for the Services, and for a maximum period of 12 months thereafter. |
We process personal data in order to provide relevant marketing and advertising of our Services. | The legal ground for this processing is our legitimate interest to market our Services. | We only process personal data for this purpose for as long as you have an active account, and for a maximum period of 12 months thereafter. |
We process personal data in order to contact and communicate with you if you contact us through the Services. | The legal ground for this processing is our legitimate interest to communicate with our users. This cannot be done without using personal data, i.e. the only way to fulfil this purpose is by using personal data. | We only process personal data for this purpose for as long as you have an active account for the Services, and for a maximum period of 12 months thereafter. |
We process personal data in order to be able to charge and bill for the Services. | The legal ground for this processing is to perform a contract and our legitimate interest of receiving payment for our Services. | We only process personal data for this purpose for as long as is required according to applicable law (e.g. tax and accounting laws). |
We process personal data in order to be able to investigate errors or other anomalies in the Service or system and to defend Phygrid from potential legal claims. | The legal ground for this processing is our legitimate interests to defend Phygrid from claims regarding errors in the Services. To be able to do so and fulfil this purpose, We must log transactions carried out in the Services. | Operators have the right to present legal claims regarding errors and anomalies in the Services during a period of ten years, We must store personal data for ten years as well in order to defend Phygrid from such claims |
RECIPIENTS OF PERSONAL DATA
We may share your personal data with your employer and our IT suppliers, affiliates, resellers, agents, partners and subcontractors inside or outside the EU. We will never sell or share your personal data with any third party, except for our affiliates, subcontractors, agents, resellers or partners. We may disclose your personal data to relevant public authorities if required by applicable laws and regulations, or if such disclosure is otherwise necessary by law, court order or governmental order
Your personal data is protected by appropriate technical and organizational measures and safeguards in accordance with applicable data protection laws and good industry practice. Such measures may include encryption, pseudonymization and other information security measures, as well as stringent data processing agreements ensuring protection of your rights as a data subject and ensuring that your personal data is only used for the legal purposes for which it is collected, as described above.
CROSS-BORDER DATA TRANSFERS
Your personal data may be transferred across national borders for the purposes set out herein, inside or outside the EU/EEA. Your employer will determine and decide in what region your personal data will be stored and processed, as agreed with Phygrid.
We also certain standard cloud services such as Microsoft Azure, Google Analytics, Youtube plug-ins and HubSpot in order to provide our Services. The purpose of using these standard services is to ensure the best possible user experience and for Phygrid to be able to understand and improve our Services in an effective manner. In addition, these cloud services are necessary for Phygrid to provide efficient support services to you and/or to your employer. Please note that standard cloud services may involve cross-border data transfers inside or outside the EU/EEA, and that Phygrid will have no control over such data transfers. For further information, please refer to the privacy policies and statements made available by Microsoft, Google, Youtube and HubSpot.
If and when We transfer personal data across national borders, We will take appropriate technical and organisational measures to protect your privacy, including for example using Standard Contractual Clauses issued by the EU Commission (a copy of which can be obtained from us upon your written request, see contact details below), or other appropriate measures and legal mechanisms in accordance with applicable data protection laws.
COOKIES AND OTHER TRACKING TECHNOLOGIES
This section will describe what cookies and other tracking technologies We use in the Services and why. We will use “cookies” as a general term for web beacons, pixel tags and other identifiers and/or tracking technologies.
What are cookies and why do We use them?
A cookie is a small piece of data that is stored on your computer or mobile device when you use the Services. A cookie is a text file and incapable of causing any damage. We use cookies for a number of purposes, for example to keep track of who is logged into the Services, to receive information about how the Services is used and how We can improve the user experience. We also use them for statistical purposes, for example in order to analyze the number of unique users. Further, Phygrid can recognise your unit when you return to the Services and save information about your activities through cookies.
What types of cookies do We use?
The cookies used are either session cookies, that are temporary cookies that remain in your device only during a session and are deleted when you log off and/or close your browser, or persistent cookies, that remain in your device for a limited period of time as set out below or earlier if you choose to delete them in advance.
We use different types of cookies for different purposes:
Necessary cookies, which are required in order to provide and operate the Services. You cannot use our Services if you do not accept necessary cookies.
Functionality cookies, which contain a unique ID which enables the Services to save your settings, such as language and other preferences chosen by you. The purpose of such cookies is to ensure that you do not have to choose user settings each time you log into the Services.
Performance cookies, which are used to analyze and improve the performance of the Services, e.g. to detect and remedy any possible interruptions or malfunctioning.
Analytics cookies, which also contain a unique ID which enables us to measure and obtain information about your use of the Services and measure user experience and behavior on the Services. We may use data from analytics cookies to develop our products and services, to create statistics, for benchmarking purposes and to provide targeted advertising.
Specifically, We use the following types of cookies in the Services:
Name of the cookie | Type of cookie | Retention Period | Purpose |
---|---|---|---|
__hssc | Persistent | 13 months | This cookie keeps track of sessions in HubSpot. This is used to determine if HubSpot should increment the session number and timestamps in the __hstc cookie. It contains the domain, viewCount (increments each pageView in a session), and session start timestamp. |
__hssrc | session | Whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser. If this cookie does not exist when HubSpot manages cookies, it is considered a new session. It contains the value "1" when present. | |
__hstc | Persistent | 13 months | The main cookie for tracking visitors in HubSpot. It contains the domain, utk (initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session). |
_ga | Persistent | 2 years | Used by Google Analytics to identify unique users and their activity on the website. |
_ga_158GJDEKMV | Persistent | 2 years | Used by Google Analytics to identify unique users and their activity on the website. |
_ga_SJYHJMPQG7 | Persistent | 2 years | Used by Google Analytics to identify unique users and their activity on the website. |
hubspotutk | Persistent | 13 months | This cookie keeps track of a visitor's identity. It is passed to HubSpot on form submission and used when deduplicating contacts. It contains an opaque GUID to represent the current visitor. |
We use Google Analytics and a Youtube plug-in to provide you with the best possible user experience. We use available IP address anonymization functionality whenever possible. These are standard services provided by Google, Inc and may involve collection and transfer of unique identifiers and other personal data to Google entities in the US and worldwide. You can find further information about Google’s data collection and data processing on https://policies.google.com/privacy?hl=en.Please note that you can always delete and disable cookies from your device. However, depending on the type of cookie to disable, this could mean that the functionality of the Services will be limited, and that you can not use the Services unrestricted. You may also need to manually set your user settings, such as language, every time you log into the Services.
YOUR RIGHTS AND HOW TO EXERCISE THEM
You have the following rights:
You have the right to request and obtain information about how We process your personal data and receive access to the personal data (right of access). • If you consider your personal data to be inaccurate and/or incomplete, you have the right to request rectification and/or completion of your personal data (right to rectification). Under some circumstances, you have the right to request erasure of personal data concerning you or request restriction of our processing of personal data. Restriction means that personal data will only be processed for certain limited purposes. When our legal ground for processing is our legitimate interest, you have the right to object to such processing. You are welcome to contact Phygrid if you wish to make any request in accordance with above, or if you have any question about our processing of personal data. See contact details below.
If you consider our processing to be wrongful or in breach of the GDPR or other EU data protection laws, you have the right to lodge a complaint or report an infringement of the GDPR to the supervisory authority in Sweden (Sw: Integritetsskyddsmyndigheten, https://www.imy.se/) or to your local authority in the EU member state of your habitual residence, place of work or place of an alleged infringement of the GDPR.
CONTACT DETAILS TO PHYGRID
You are welcome to contact us via [email protected] if you have any questions about this Privacy Policy, or if you would like to exercise any of your rights set out above.