Schain Research is committed to protect your your personal data and comply with applicable data protection law, in particular the EU General Data Protection Directive (“GDPR”), and only process your personal data on the basis of a statutory provision or if you have declared your consent.
This privacy notice describes how Schain Research processes personal data of business customers and suppliers who have entered a business relationship with Schain Research, who use our services and interact with us.
The controller responsible for the processing of personal data described in this privacy notice is Schain Research AB (Schain Research”, “we”, “us”); Ioffice, Drottninggatan 33, SE-111 51 Stockholm, Sweden; +46 70-428 40 66; email@example.com; Corporate ID: 559303-2162.
Our data protection officer is Christina Jones and may be contacted at firstname.lastname@example.org.
What kind of data we hold about you
In connection with our business relationship, we will collect and process various types of personal data such as:
- Personal details – including your contact details (such as your name, address, phone number, and email address) and demographic data (such as your gender, age, language, nationality, professional details).
- Agreement and transaction data – such as information about your agreements, orders, purchases, payments and invoices; and your other transactions with us such as service requests and messaging with our customer service.
- Payment and credit data – such as payment card information and bank account information that are needed for purchases or creditworthiness.
How is your personal data collected
The personal data which we process about you comes from different sources:
- You: when you order our services and interact with us.
- Third parties, such as public websites, credit reference agencies
What are the purposes and legal bases for processing personal data
We will use your personal data for predefined purposes based on contract, consent, legal obligation and legitimate interest. We will use your personal data for the following purposes:
- Service delivery and customer service
We collect and use personal data, about you to process orders, deliver services, to provide customer service and to manage payments, contracts and transactions. The basis for processing your data for service delivery and customer service is the contract and legitimate interest.
- Marketing and sales
Based on legitimate interest, we can send marketing messages that relate to your customer or business relationship with us.
- Stakeholder relations
We manage stakeholder relationships by communicating about relevant topics. Communications are sent directly by email to the contact addresses received from the stakeholders or their company.
- Legal obligations
We process personal data to comply with our legal requirements, for example, accounting and tax laws, and anti-money laundering laws.
- Defense of legal rights and ensuring the security of our services and customers
We use personal data to defend and secure our own rights and our customers’ rights. The basis for processing data for the defence of legal claims, debt collection, credit checking, information security, and prevention of fraud and misconduct is typically legitimate interest.
If you fail to provide personal information
The provision of personal information is necessary for entering into and maintaining a business relationship with us. Without the provision of these data (e.g. payment information), we may not able to enter into and maintain an employment relationship with you.
Who can access your personal data
Where applicable, we may access or share your personal data with:
- Schain Research
Your personal data are generally processed within Schain Research. Personal data for the purposes defined in this notice, based on a legitimate interest to the extent permitted by applicable law, may be processed by relevant employees and contractors in the execution of service delivery, accountancy/financial and customer service. We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way. In addition, we limit access to your personal data to those employees and contractors who have a business need-to-know.
- Our subcontractors
Where applicable, and to the extent permitted by law, we may transfer your personal data to third-party service providers we use to provide services (eg IT services, payment and invoicing partners) outside of our company. All our third-party service providers are required to take appropriate security measures to protect your personal data in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
- Authorities, legal proceeding and law
We will disclose your data to competent authorities, such as the police, to the extent required by law. We may also disclose your personal data in relation to legal proceedings or at the request of an authority on the basis of applicable law, or court order or in connection with a trial or authority process, or as otherwise required or permitted by law.
Transfer of personal data outside of the EU/EEA
Your personal data is processed only within the European Union or the European Economic Area; we do not intend to transfer your personal data to other countries (“third countries”). Should a situation arise where the data must be processed in, and thereby transferred to, a destination outside of the EU/EEA by us or one of our third-party service providers, we will take all reasonable legal, technical, and organizational measures to ensure that your data is treated securely and with an adequate level of protection compared to and in line with at least the level of protection offered within the EU/EEA.
Schain Research generally deletes or anonymizes personal data when it is no longer necessary for the purposes it was collected and we have no justified interest in the retention of such data. In general, basic data and the additional data collected in the course of the business relationship is stored at least until the end of the respective business relationship. We may continue to store the data if there is a legal obligation (e.g. to comply with statutory retention obligations), and access to such data is usually restricted so that the data are only accessible if needed for the purpose of the retention obligation.
Rights of access, correction, erasure and restriction
Your rights in connection with personal data.
Under certain circumstances, by law you have the right to:
- Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data and to check that we are lawfully processing it.
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data corrected.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.
- Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal data to another party.
If you want to review, verify or correct your personal data, request erasure of your personal data or object to the processing of your personal data, please send an email to email@example.com.
Data protection queries
We have appointed a Data Protection Officer [DPO] to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal data, please contact Christina Jones at firstname.lastname@example.org.
You have the right to make a complaint at any time to Datainspektionen, the Swedish supervisory authority for data protection issues.