Our Integrity Policy
Personal integrity is something we at the Oddo group care about every day and we always strive to offer a high level of data protection. We constantly attempt to minimise the scope, storage time and availability of personal data and continuously train and update employees about the subject.
This policy briefly describes what personal data we handle in our external relationships and how it is used. It also describes your rights and how you can enforce them.
The Oddo group consists of the following companies:
Halleluja AB, company registration number: 556911-1619
Heja Eventbyrå AB, company registration number: 556689-8762
Huxflux AB, company registration number: 559104-9548
Oddo AB, company registration number: 556778-9416
Punktpr AB, company registration number: 556778-9424
All the above companies are located at the following address (postal and visiting):
903 26 Umeå
Each company manages your personal data via an appointed Personal Data Controller who has an obligation to ensure data management takes place in accordance with this policy and any other relevant and current personal data legislation. As a registered person you always retain the right to contact us to enforce your rights.
Each company has in turn established operational-specific routines for personal data management. For questions about the group’s work with integrity and data protection please contact email@example.com
The four companies mentioned above are hereby referred to in the policy as “The Companies”.
Personal data management
Oddo’s activities (as well as the activities of The Companies) do not primarily involve the collection and storage of personal data. However, just like all other companies, we handle personal data to some extent.
Establishing business relationships in order to develop The Companies’ services and products, as well as new business activities and projects, is an important part of our core business. In order to be able to contact you as a potential or existing customer to discuss The Companies, our services and products and marketing activities, The Companies need to collect your personal data. This data is collected either via internal networks or from third parties such as public registers or social media and is stored in The Companies’ business or marketing systems. The purpose of this is to allow The Companies to establish or manage a business relationship with you and/or invite you to marketing activities.
Management of personal data
The way we manage personal data is centred around The Companies’ legitimate interest in establishing and maintaining strong business relationships and developing our services, products and systems.
This policy is made available through each of The Companies’ websites and can be obtained as a document upon request. If contact has been made via telephone or any digital medium other than email this contact must be followed up with an email according to policy routine. All marketing material and direct mail from any of The Companies must include reference to this policy and how the policy can be obtained.
Your personal data is stored at the relevant company for the purposes of communication and information distribution. The company will only conduct mailings that are deemed relevant to your professional occupation. Whenever a mailing is sent you will always be given the opportunity to deregister via a so-called opt-out option.
The Companies also manage certain personal data in accordance with current laws such as the Bookkeeping Act, and with the support of agreements such as customer agreements, in order to be able to fulfill the obligations of our agreements.
Data selection and deletion
The relevant company will manage your personal data until it is no longer needed to fulfill the purpose stated above, or for a period of up to two (2) years after the termination of any agreement, or until you request to no longer be registered. Personal data that has become obsolete i.e. a contact has retired, will be deleted by The Companies without undue delay as soon as The Companies have received notification of such information.
If a business relationship has not been entered into within twelve (12) months of first contact your personal information will be deleted. The Companies have also established data selection routines to enable regular deletion of contact information that no longer fulfills any purpose.
Information collected on the basis of legitimate interest will also be deleted without undue delay at your specific request. Data managed in accordance with specific laws will be deleted in accordance with legal requirements.
Requests for data extraction or deletions should be sent to: firstname.lastname@example.org.
Personal data categories: what we collect and manage:
- First and last name
- Contact information such as email address, telephone number, professional title and workplace address
- Personal number
- Correspondence between you and The Companies
- IP address and browser settings
- Information about dietary preferences in connection with lectures, events, etc. (this information is deleted within one (1) month of the activity’s completion)
Using personal data specialists
In order to offer the best service possible to our customers and other partners we employ a number of personal data specialists who may manage personal data on our behalf.
These specialists may only manage transferred data on behalf of The Companies and in accordance with The Companies’ explicit instructions. The Companies will only ever transfer your personal data to personal data specialists for purposes consistent with the objectives for which The Companies collected the data. It is the responsibility of the Personal Data Controller to ensure that these specialists comply with The Companies’ security requirements, restrictions and requirements regarding any international transfer of personal data.
Where your personal data is processed
The Companies’ goal is to, whenever possible, process your personal data within the EU/EEA. However, it may occur that your personal data is shared with personal data specialists who are either themselves or through subcontractors physically located in or store information in a country outside the EU/EEA.
In such cases The Companies will take all reasonable legal, organisational and technical measures necessary to ensure the level of data protection is the same as in the EU/EEA.
It is the responsibility of The Companies to account for their respective personal data specialists. At any time you can request a list of the personal data specialists each company uses. For questions please contact: email@example.com
Cookies, pixels and tagging
Overview of personal data in The Companies’ communication channels
Articles on these sites may contain embedded content (such as video clips, images, articles, etc.). Embedded content from external websites behaves just as though the visitor has visited the external site.
These websites may collect information about you, use cookie files, embed additional third-party tracking and monitor your interaction with the aforementioned embedded content, including tracking your interaction with this embedded content if you have an account and are logged into the site in question.
We operate an email policy in which we regularly delete and/or transfer personal data to a secure system.
We have also established a telephone policy in which we regularly delete and/or transfer personal data to a secure system.
Withdrawal of consent
If you wish – in whole or in part – to withdraw your consent for us to manage your personal data you can do so by contacting us via the contact details provided at the end of this policy.
Request for corrections or deletion
You have the right to request your personal data be corrected or deleted. You also have the right to request that the handling of your personal data be limited or to object to such handling in accordance with data protection regulations or national privacy laws. Following any such request we will examine whether there is reasonable cause for any such changes.
Request for data extraction
You have the right to request data extracts from your personal data stored in our records/systems. Such extracts will inform you of what personal data The Companies manages and how The Companies deal with this information.
If you have any questions about the management of your personal data, or if you consider your personal data to be incorrect, want to request a correction, request the deletion of data, limit the amount of personal data we use or want to object to our personal data management policy please send an email to: firstname.lastname@example.org
The Swedish Data Protection Authority
The Swedish Data Protection Authority is the supervisory authority for the processing of personal data and data protection in Sweden. You have the right to lodge a complaint regarding the management of personal data to The Swedish Data Protection Authority. Contact information can be found at www.datainspektionen.se.
The Companies’ limitations
In addition to this policy each company has established policies and operational guides specific to each business. These are revised and updated on an ongoing basis to ensure they remain in accordance with current conditions and legislation.
If you want to know more please contact: email@example.com.
Oddo • Halleluja • Heja! • Huxflux • Punkt PR
903 26 Umeå