1. INTRODUCTION
1.1 SoSafe International AB, org. no. 559246-3862 (“SoSafe”, “we” or “us”) values your personal privacy. We always handle your personal data responsibly and with your privacy in mind. The personal data we process is handled in accordance with applicable data protection legislation (including the General Data Protection Regulation “GDPR”, EU 2016/679, and other relevant regulations such as national laws and directives).
1.2 SoSafe is the data controller for the personal data processing that takes place within the scope of our operations. To ensure that you, as a registered user, are well informed about how your personal data is handled, we have adopted this privacy policy. It outlines which categories of personal data we collect and process, why they are processed, and what rights you have as a data subject. You will also find information on how you can exercise your rights. The most recently updated version of this policy can always be found on our website.
2. WHAT IS PERSONAL DATA AND WHAT CONSTITUTES PROCESSING OF PERSONAL DETA
2.1 Personal data includes all information relating to an identified or identifiable living person. This includes, for example, names, personal identification numbers, phone numbers, addresses, email addresses, and IP addresses. Photos of individuals are also considered personal data, as are certain audio recordings stored digitally.
2.2 Any action taken regarding personal data constitutes processing of personal data. This means, for example, that collecting, storing, or transferring personal data constitutes personal data processing.
3. LEGAL BASIS FOR PROCESSING PERSONAL DATA
3.1 According to the EU General Data Protection Regulation no. 2016/679 (“GDPR”), all processing of personal data must be justified by a legal basis for processing. Processing of personal data is justified by:
3.2 When the right to data processing is based on your consent, you have the right to withdraw your consent at any time and thereby prevent the processing.
4. HOW WE PROCESS YOUR PERSONAL DATA
SoSafe only collects and processes the personal data that is necessary in relation to the specific purposes set out in advance.
4.1 IN CONNECTION WITH YOUR REGISTRATION AS A USER OF OUR SERVICES AND INSTALLATION OF OUR APP
4.1.1 When you register as a customer with us, we process your name, address, phone number, personal identification number, and payment information. We do this to manage the order, handle customer service matters, and deliver the agreed service to you. The legal basis for this processing is to fulfill the agreement with you.
4.1.2 We also process a photograph of you if you choose to upload a picture of yourself. We process the image to share it with your emergency contacts. The legal basis is that you have consented to the processing.
4.1.3 We will also process contact details, such as names and phone numbers, of the people you list as emergency contacts. We need this information to connect you and your emergency contacts in an emergency situation. We will contact these people to obtain their consent to the processing of their personal data. By providing personal data for other people, we assume that you have also informed them that their personal data will be used by us to enable you to contact them in an emergency and that it is in your and our legitimate interest to process their personal data for that purpose. SoSafe provides this privacy policy to your emergency contacts after their personal data has been collected.
4.1.4 Furthermore, we may process your personal data, such as name, email address, and address details, to provide you with marketing and offers about our services. The legal basis for this processing is that we have a legitimate interest in providing you with marketing and offers about our services. For already established customer contacts, we use the collected data to follow up on customer satisfaction. This also includes the possibility for us to evaluate, develop, and improve our services, products, and systems for all our customers. The legal basis is that we have a legitimate interest in developing and improving our services and products.
4.2 IN CONNECTION WITH YOUR USE OF OUR SERVICES
4.2.1 When you use our services, we process your name, address, personal identification number, phone number, and other contact information. We also save information about your use of our services and your contacts with us. The legal basis for this processing is to fulfill the agreement with you.
4.2.2 If an emergency situation arises, we process your contact details and the time you started and ended the alarm. We also save your GPS position and audio recordings from the conversation between you and the emergency contact you choose to contact. We process this information so that the security company we cooperate with can obtain the necessary information and for you to contact your emergency contacts. Furthermore, the data is saved so that you can later access information about where you were during the alarm, what was said during the conversation, etc. This history is accessible to you through our app. The legal basis for this processing is to fulfill the agreement with you.
5. HOW LONG WE KEEP PERSONAL DATA
5.1 SoSafe retains registered personal data as long as it is needed for the purpose for which it was collected. Thereafter, we are obliged to delete them. After the end of the customer relationship, personal data is usually deleted after one year unless you have requested that we keep the data for a longer period.
5.2 The storage period may, however, be extended if required or permitted by applicable law to which we are bound. This applies, for example, to tax and accounting obligations.
6. HOW WE PROTECT YOUR PERSONAL DATA
6.1 SoSafe takes the necessary technical and organizational security measures to ensure a high level of protection. This means that we actively work to prevent the misuse, loss, unauthorized access, destruction, or other handling of personal data that is contrary to this privacy policy or applicable law. To guarantee a high level of protection, SoSafe regularly reviews its internal security policies and procedures and updates and modifies them as needed.
7. WITH WHOM WE SHARE YOUR PERSONAL DATA
7.1 If you have chosen to connect to the Alarm Center and Guard Service, we share your contact information with the security company we cooperate with. We do this so that the security company can contact you in an emergency and, if necessary, respond to your location.
7.2 If an emergency arises, your personal data, such as your GPS position and audio recording, is shared with the emergency contacts you choose to contact. Depending on the service you have chosen, your personal data may also be shared with the security company we cooperate with. You can remove the ability for your emergency contacts to view the stored information at any time.
7.3 SoSafe may also share your personal data with certain third parties. When we share your personal data, we take all reasonable measures to ensure that your data is processed with an adequate level of protection and in accordance with applicable law.
7.4 We may share your personal data with our IT service providers and our payment service provider. In these cases, the providers and our partners are data processors and handle the personal data on our behalf. All data is stored in a country within the EEA. The data processors engaged are only permitted to process personal data in accordance with the purposes and instructions provided by SoSafe for the processing. The processor and those acting under the direction of the processor may never access more data than is required to perform the service covered by the agreement with SoSafe.
8. YOUR RIGHT AS A DATA SUBJECT
8.1 We will, at your request or on our initiative, rectify, delete, or complete information that is found to be incorrect, incomplete, or misleading.
8.2 You have the right to object to the processing of personal data performed on the basis of a legitimate interest. If you object to such processing, we will only continue to process your personal data if there are legitimate reasons for the processing that outweigh your interests.
8.3 If you do not want us to process your personal data for direct marketing purposes, you always have the right to object to such processing by contacting us, see contact information below. When we receive your objection, we will cease the processing of your personal data for such marketing purposes.
8.4 You also have the right to request:
a) Access to your personal data: This means that you have the right to request a record of the personal data processed about you. You have the right to request, once per calendar year, through a written request, a copy of the personal data processed, the purpose of the processing, and information about to whom we have disclosed your data.
b) Correction of your personal data: We will correct any incorrect or incomplete information we have stored about you as soon as possible upon your request.
c) Deletion of your personal data: This means that you have the right to request that your personal data be deleted if it is no longer necessary to store them for the purpose they were collected. This right is, however, limited by the fact that there may be legal requirements preventing us from immediately deleting your personal data, such as accounting and tax rules. In such cases, we will stop processing your personal data for other purposes than complying with applicable law.
d) Restriction of data processing: This means that your personal data may only be used for specific purposes that you have approved. For example, you can request a restriction when you consider your data to be incorrect and you have requested a correction according to this privacy policy. While the accuracy of the data is being investigated, the processing will be restricted.
e) Data portability: This means that you have the right, under certain conditions, to extract and transfer your personal data in a structured, commonly used, and machine-readable format to another data controller.
9. TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES
9.1 SoSafe always strives to only process your personal data within the EU/EEA. However, it is possible that some of our suppliers have all or part of their operations in countries outside Sweden or the EU/EEA (so-called “third countries”). In supplier relationships where this is relevant, we will ensure that necessary contractual arrangements are in place and that appropriate technical and organizational measures are taken to ensure an adequate level of protection for your personal data that is comparable to and at the same level as the protection offered within the EU/EEA.
10. POLICY CHANGES
10.1 It is possible that we may occasionally change this privacy policy. The current policy is always available on our website, and we encourage you to review this policy regularly.
11. IF YOU HAVE COMMENTS ON OUR PROCESSING OF YOUR PERSONAL DATA
11.1 To exercise any of your rights described above or if you have questions or comments about our processing of personal data, you can contact us by email at gdpr@sosafe.se, or via the following postal address: SoSafe International AB (559246-3862) Hammarbybacken 27 120 30 Stockholm 0775 54 54 54 www.sosafe.se
11.2 You also have the right to submit any complaints regarding our processing of your personal data to the Swedish Authority for Privacy Protection, which is the supervisory authority for personal data processing in Sweden.
Contact details for the Swedish Authority for Privacy Protection can be found below:
Phone number: 08-657 61 00 Email: imy@imy.se