Data Privacy Statement
1. Name and contact information of the controller
This data privacy statement provides information on the processing of personal data on the website of:
Controller: Prime Lake Technology Sweden AB, Box 1529, 75145, Uppsala, Sweden.
Contact information of the data protection officer: Our data protection officer can be reached at the above address and at firstname.lastname@example.org
2. Scope and purpose of the processing of personal data
2.1 Accessing the website
When the www.primelake.se website is accessed, the Internet browser used by the visitor automatically sends data to the server of this website and stores them for a limited time in a log file. The following data are stored without further input by the visitor until their automatic erasure:
- IP-address of the visitor’s terminal;
- Date and time of access by the visitor;
- name and URL of the page accessed by the visitor;
- Website from which the visitor accesses our website (so-called referrer URL);
- Browser and operating system of the visitor’s terminal and the name of the access provider used by the visitor.
The processing of these personal data is justified pursuant to point (f) of Art. 6(1) first sentence GDPR. We have a legitimate interest in processing the data for the following purposes: to quickly establish a connection to our website, to enable a user-friendly use of the website, to recognise and guarantee the safety and stability of the systems and to facilitate and improve the administration of the website.
The processing is expressly not for the purpose of gaining knowledge about the visitor of the website as a person.
3. Disclosure of data
Personal data will be transferred to third parties where
- the data subject has given explicit consent to the transfer pursuant to point (a) of Art. 6(1) first sentence GDPR;
- the transfer pursuant to point (f) of Art. 6(1) first sentence GDPR is necessary for the establishment, exercise or defence of legal claims and there is no reason to assume that the data subject has an overriding interest worthy of protection in not disclosing his/her data;
- the data transfer is necessary pursuant to point (c) Art. 6(1) first sentence GDPR for compliance with a legal obligation; and/or
- this is necessary pursuant to point (b) Art. 6(1) first sentence GDPR for the performance under a contractual relationship with the data subject.
In all other cases, personal data will not be transferred to third parties.
The website uses so-called cookies. These are data packages that are exchanged between the server of our website and the visitor’s browser. When visiting the website, the cookies are stored by the devices used in each case (PC, notebook, tablet, smartphone, etc.). In this respect, cookies cannot cause any damage to the devices used. In particular, they contain no viruses or other malware. The information stored in the cookies is the information arising in the context of the specific terminal used during each visit. Under no circumstances will this enable us to obtain direct knowledge of the identity of the visitor to the website.
Cookies are largely accepted under the browser’s basic settings. The browser settings can be set up such that cookies are either not accepted on the devices used, or that a special notice is displayed before a new cookie is created. However, it should be noted that disabling cookies may cause that not all features of the website can be used in the best possible way.
Temporary cookies are used to improve user-friendliness. They are stored on the visitor’s device for a temporary period of time. When the website is visited again, it automatically recognises that the visitor has previously visited the site and what inputs and settings have then been made so that they do not have to be repeated.
Cookies are also used to analyse website views for statistical purposes and for the purpose of improving the services offered. These cookies enable the automatic recognition of repeat visits to the website by the visitor who visited it before. These cookies will be automatically deleted after a specified period.
The processing of data with the help of cookies is justified pursuant to point (f) of Art. 6(1) first sentence GDPR for the purposes specified above to safeguard our legitimate interests.
5. Your rights as a data subject
Where your personal data are processed at the occasion of your visit to our website, you have the following rights in your capacity as the “data subject” within the meaning of the GDPR:
You have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed by us. The right to access does not apply if the information must be kept secret because of an overriding legitimate interest of a third party. In deviation from the aforesaid, there may be a duty to provide information if your interests outweigh the confidentiality interest, in particular when taking potential loss or damage into account. The right to access is also excluded if the data are stored only because they may not be erased due to retention periods provided under the law or under company bylaws or if they serve solely backup and data protection control purposes, provided that granting the right to access would involve a disproportionate effort and the processing of the data for other purposes by suitable technical and organisational means is excluded. To the extent that in your case, the right to access is not excluded and your personal data are processed by us, you may request information on the following from us:
- the purpose of the processing;
- categories of your personal data concerned;
- the recipients or categories of recipients to whom your personal data have been disclosed, in particular recipients in third countries;
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- the existence of the right to request rectification or erasure or restriction of processing of your personal data or to object to such processing;
- the right to lodge a complaint with a data protection supervisory authority;
- where the personal data are not collected from you, any available information as to their source;
- where applicable, the existence of automated decision-making, including profiling and meaningful information about the logic involved, as well as the significance and the envisaged consequences of automated decision-making;
- where applicable, in the event of transfer to recipients in third countries, in the absence of a decision by the EU Commission regarding the adequacy of the level of protection pursuant to Art. 45(3) GDPR, information on what appropriate safeguards pursuant to Art. 46(2) GDPR are in place for the protection of personal data.
5.2 Rectification and completion
Where you determine that we have inaccurate personal data concerning you in our possession, you have the right to obtain from us without undue delay the rectification of these inaccurate data. In the event of incomplete personal data concerning you, you have the right to obtain from us the completion of such data.
Unless the processing is necessary for the purpose of exercising the right of freedom of expression and information, or compliance with a legal obligation, or performance of a task carried out in the public interest, you have a right to erasure (‘right to be forgotten’) where one of the following grounds applies:
- The personal data are no longer necessary in relation to the purposes for which they were processed.
- The basis of justification for the processing was exclusively your consent, which you have withdrawn.
- You have objected to the processing of your personal data, which we have made public.
- You have objected to the processing of personal data not made public by us and there are no overriding legitimate grounds for the processing.
- Your personal data have been unlawfully processed.
- The personal data have to be erased for compliance with a legal obligation to which we are subject.
The right to erasure will not apply if the erasure is not possible or would require a disproportionate effort in the case of legal, non-automated data processing due to the particular manner of storage, and your interest in the erasure is low. In this case, a processing restriction will take the place of erasure.
5.4 Restriction of processing
You have the right to obtain from us restriction of processing where one of the following reasons applies:
- You have contested the accuracy of the personal data. In this case, the restriction may be requested for a period necessary to allow us to verify the accuracy of the data.
- The processing is unlawful and you request the restriction of the use of the personal data instead of their erasure.
- We no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims.
- You have objected pursuant to Art. 21(1) GDPR. The restriction of the processing can be requested pending the verification whether our legitimate grounds override yours.
Restriction of processing means that personal data will only be processed with your consent or for the establishment, exercise or defence of legal claims, or to protect the rights of another natural or legal person, or for reasons of important public interest. Before we lift the restriction, we have a duty to inform you accordingly.
5.5 Data portability
You have a right to data portability provided that the processing is based on your consent (point (a) of Art. 6 (1) first sentence or point (a) of Art. 9(2) GDPR) or on a contract to which you are a party and the processing is carried out by automated means. The right to data portability includes in this case the following rights to the extent that they will not adversely affect the rights and freedoms of others: You may request to receive from us the personal data which you have provided to us, in a structured, commonly used and machine-readable format. You have the right to transmit those data to another controller without hindrance from us. You have the right to have the personal data transmitted directly from us to another controller, where technically feasible.
5.6 Withdrawal of consent
You have the right to withdraw your consent at any time with effect for the future. You may give notice of your withdrawal of the consent informally by telephone, email, or by fax, or by letter to our mailing address. Your withdrawal will not affect the lawfulness of processing based on consent up until receipt of the withdrawal. After having received the withdrawal notice, the data processing, which was based exclusively on your consent, will be discontinued.
If you believe that the processing of your personal data is unlawful, you may lodge a complaint with a data protection supervisory authority having jurisdiction at your habitual residence, place of work or place of the alleged infringement.
Right to object
To the extent that the processing is based on point (e) of Art. 6(1) first sentence GDPR (performance of a task carried out in the public interest or in the exercise of official authority) or on point (f) of Art. 6(1) first sentence GDPR (legitimate interests pursued by the controller or by a third party) you have the right to object at any time to processing of personal data concerning you on grounds relating to your particular situation pursuant to Art. 21 GDPR. This also applies to profiling based on point (e) or point (f) of Art. 6(1) first sentence GDPR. Once you have exercised your right to object, we will no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of establishing, exercising or defending legal claims.
You may notify us informally of your objection by telephone, email, or by fax, or to our mailing address stated at the beginning of this data privacy statement.
Current version and updating of this data protection declaration
This data privacy statement was last updated on 08th March 2019. We reserve the right to update the data privacy statement in due course in order to improve data protection and/or adapt it to changes in government practice or case law.