Personal data refers to any type of information that can be used directly or indirectly to identify a living individual. For example, images and sound recordings that are processed on a computer can be personal data even if no names are mentioned. Encrypted data and different types of electronic identities (such as IP addresses) are considered personal data if they can be linked to a physical person.

Processing of personal data means all ways in which personal data are used. Any operation relating to personal data is regarded as processing, whether performed with or without automated means, such as collection, registration, organisation, structuring, storage, alteration, transmission and erasure.

PFM Research i Sverige AB, co. reg. no. 556555–5942, address Klammerdammsgatan 2, 302 43 Halmstad, Sweden, is the data controller of personal data held by the company.

If you have any questions, please contact us at personuppgifter@pfmresearch.se

Website
We care about each visitor’s data privacy and do not collect any information about visitors on the website www.pfmresearch.se except visitor and user statistics.

When you use one of the contact forms on our website to contact us, we ask you to enter your name, e-mail address, company and telephone number. We need this information in order to fulfil your request to be contacted.

The legal basis for our processing is legitimate interest. The data processing is necessary in order for us to contact you.

We retain your data for one year after we cease to be in contact. When you use our contact form to seek work with us, we ask you to enter your name, telephone number, e-mail address, degree of employment and which city you want to work in.

The legal basis for our processing is legitimate interest. The data processing is necessary in order for us to contact you.

We retain your data for as long as you are interested in working for us. After that we erase your data.

Cookies
Our website identifies your computer’s operating system, screen resolution and the web browser you are using in order to optimise the website for your system. This is done through cookies, which are temporarily stored on your device. The data are sent back to us and stored in aggregated form, and are only used for statistical purposes.

We do not collect or retain any personal information. You can erase or block cookies by changing your web browser settings.

E-mail
If you have subscribed to offers or information from us, you can unsubscribe at any time. All the e-mails we send you contain clear information on how to easily unsubscribe to future e-mails.

You can also find out at any time what data, if any, we hold about you.

Links to other websites
Our website contains links to other websites. This Privacy Policy only applies to our website. If you click on links to other websites while visiting our website, you should read the policies applicable to these websites.

Marketing surveys and opinion polls
When conducting marketing surveys and opinion polls, we ask members of the Swedish public questions by means of postal questionnaires, telephone interviews, online interviews and/or personal interviews. The personal data that we process for this purpose are your name, address, e-mail address and telephone number.

The legal basis for our processing is legitimate interest. The processing of your personal data is necessary for purposes in the Swedish public’s interests. This means that we consider our interests in processing your personal data for these purposes to outweigh the infringement of your privacy caused by the processing. We have made this assessment on the grounds that we believe the processing to be in your interests as well as in the interests of the whole Swedish public.

We retain your data until the survey is completed.

Customer and employee surveys
We carry out customer and employee surveys for our clients. We ask questions by means of postal questionnaires, telephone interviews, online interviews and/or personal interviews. The personal data that we process for this purpose are your name, date of birth, gender, address, phone number, form of housing, company registration number (if you are a sole proprietor) and other relevant information.

In cases where we carry out surveys on behalf of customers, PFM Research i Sverige AB has the role of data processor. Under our data processing agreement, we have the same obligations to comply with the General Data Protection Regulation as the data controller.

We retain the data until the survey is completed.

Payment for survey participation
For the purposes of administering and issuing the promised payment for participation in our surveys, we may need to collect the participant’s name, company name, address, phone number and e-mail address.

The legal basis for the processing is legitimate interest. This collection of your personal data is necessary to enable us to fulfil our contractual obligations. If you do not supply these data, we will be prevented from meeting our obligations and issuing your payment.

We will retain your data until the payment has been issued.

Marketing activities
In order to carry out and manage participation in competitions and/or events, we collect your name, personal identity number or age, address, e-mail, telephone number, T-shirt size and any allergies or special dietary requirements you may have. We do this in order to register participants and carry out satisfactory events or competitions.

Your data may be transmitted to third parties (data processor), such as the competition organiser or the hotel or restaurant used by the participant. We always enter into a data processing agreement with our subcontractors, under which they have the same obligations as we do to comply with the General Data Protection Regulation.

The legal basis for our processing of the personal data is legitimate interest. The data processing is necessary in order for us to process your participation in competitions and events in our and your interests. We retain your data for the duration of the competition/event (including evaluation if applicable).

Service and support
In order to administer, develop and supply services and support, we may need to collect your name, company name, address, telephone number and e-mail address. This enables us to provide you, as our customer, with optimal and full service and support.

Our legal basis for the data processing is fulfilment of purchasing contracts (terms of sale).

We retain your data for as long as we are obliged to do so under applicable law.

Compliance with legal obligations
We may need to retain your name, address, phone number and e-mail to ensure that we can meet our legal obligations, for instance under the Accounting Act. This enables us, if necessary, to answer questions from authorities.

Our legal basis is compliance with legal obligations, and we retain your data for as long as we are obliged to under applicable law.

In addition to the data that the data subject supplies to PFM Research i Sverige AB, or that we collect from our employees, customers and suppliers under their agreements with us, we may also collect personal data from third parties. We collect the following data from third parties:
1. Address details (address, telephone number, e-mail address) from public registers for the purpose of carrying out public surveys.

Data processors.
When necessary in order for us to offer our services, we share personal data with companies that act as our data processors. A data processor is a company that processes personal data on our behalf and according to our instructions. We have data processors who help us with:

1. Address details (address, telephone number, e-mail address) from public registers for the purpose of carrying out public surveys.
2. Companies that handle operation, technical support and maintenance for our IT solutions).

We only share your personal data with data processors for purposes for which the data was collected, e.g. to fulfil our obligations under an employment or purchasing contract. We screen all our data processors to make sure they can adequately guarantee the security and confidentiality of the data. We have written agreements in place with all our data processors under which they guarantee the security of the processed data and undertake to follow our security requirements as well as restrictions and requirements regarding international transfer of personal data.

Companies that are independent data controllers.
We also share your personal data with certain companies that are independent data controllers, for instance government agencies. When a company is an independent data controller, we have no control over how the data supplied to the company is processed.

In cases where we carry out surveys on behalf of customers, PFM Research i Sverige AB has the role of data processor. In such cases, we are under the same obligations to comply with the General Data Protection Regulation as the data controller.

We always strive to ensure that your personal data is processed within the EU/EEA, and all our own IT systems are located within the EU/EEA. However, for IT support and maintenance, we may be obliged to transfer your data to a non-EU/EEA country, for instance if we share your data with a data processor who, either directly or through a subcontractor, is established or stores information in a non-EU/EEA country.

In such cases, the data processor only has access to information that is relevant for the purpose (e.g. log files). Regardless of what country your data is processed in, we take all reasonable legal, technical, and organisational measures to ensure that the level of data protection is the same as within the EU/EEA.

When personal data is processed outside the EU/EEA, the level of protection is guaranteed, either through a decision of the EU Commission that the country in question ensures an adequate level of protection, or through the use of appropriate safeguards. Examples of appropriate safeguards are an approved code of conduct in the recipient country, standard contractual clauses, binding corporate rules or Privacy Shield. Please contact us if you would like a copy of the safeguards applied or details of where you can access this information.

We never retain your data for longer than necessary for the purpose at hand. You can find more information on specific retention periods under each purpose.

Right of access
(register extracts). We are always open and transparent about how we process your personal data. If you want to know more about what data we process about you, you can request access to the data (the data is provided in the form of a register extract specifying purposes, categories of personal data, categories of recipients, retention periods, the sources the data was collected from, and the existence of automated decisions).

Bear in mind that if we receive a request for access, we may ask for additional information to ensure effective management of your request and that the information is given to the right person.

Please note that it will not be possible to access or trace your personal data if the retention period has expired.

Right to rectification
You can request to have your data rectified if they are incorrect. Within the scope of the specified purpose, you can also request to have your data supplemented if they are incomplete.

Right to erasure
You can request to have the personal data we hold about you erased if, for instance:

• You do not want to participate in our surveys.
• The data are no longer necessary for the purpose for which they were collected or processed.
• You object to a balancing of interests conducted by us on the basis of legitimate interest and your grounds for objection outweigh our legitimate interest.
• Your personal data is being processed illegally.
• Your personal data need to be erased to comply with a legal obligation that we are covered by.

Note that we may have a right to reject your request if we are bound by legal obligations that prevent us from immediately erasing certain personal data, for instance under accounting or tax legislation. We may also have grounds to reject your request if the data is necessary for the establishment, exercise or defence of legal claims. If we are prevented from granting a request for erasure, we will block the personal data from being used for purposes other than the purpose that prevents erasure of the data. Please note that it will not be possible to access or trace your personal data if the retention period has expired.

Right to restrict processing
You have the right to restrict our processing of your personal data. If you contest the accuracy of the personal data we process, you may request that processing be restricted for the period of time we need to ascertain whether your data are accurate. If we no longer need your personal data for the established purposes, but you need the data to establish, exercise or defend legal claims, you can request that processing of your personal data be restricted. This means that you can request that we do not delete your data.

If you have objected to a balancing of legitimate interests that we have made as legal grounds for a purpose, you may request that processing be restricted for the period of time we need to ascertain whether our legitimate interests outweigh your interests in having the data erased.

If processing has been restricted as per any of the situations above, we may, in addition to simply retaining the data, only process the data to establish, exercise or defend legal claims, to protect the rights of a third party, or if you have given your consent.

Right to object to certain types of processing
You always have a right to object to any processing of your personal data that relies on a balancing of interests.

Legitimate interest:
If we have used a balancing of interests as legal grounds for a purpose, you have the right to object to processing of your data. In this case we must stop processing your personal data unless we are able to show compelling legitimate grounds for the processing of the data in question which override your interests, rights, or freedoms. Otherwise we may only process the data to establish, exercise or defend legal claims.

Direct marketing:
You are entitled to object to processing of your data for direct marketing. The right also refers to the analysis of personal data (profiling) carried out for direct marketing purposes. Direct marketing refers to all types of outreach marketing methods (e.g. by telephone, post and e-mail). Marketing resulting from customers or interested parties actively contacting us to enquire about our services does not count as direct marketing.

If you object to direct marketing, we will discontinue the processing of your personal data for that purpose as well as all types of direct marketing actions.

Right to data portability
If our right to process your personal data is based on your consent or the fulfilment of an agreement with you, you have the right to request that your personal data you have provided us with be transferred to another data controller. This is known as data portability. A precondition for data portability is that the transfer is technically possible and can be carried out by automated means.

We will only process your personal identity number when it is clearly warranted with consideration to the purpose, necessary for reliable identification, or for any other significant reason. We always minimise use of your personal identity number as far as possible.

We use IT systems to protect the confidentiality, privacy and accessibility of your personal data. We have taken special security measures to protect your personal data from unlawful or unauthorised treatment (such as illegal access, loss, destruction or damage). Only persons who actually need to process your personal data to fulfil our specified purposes have access to your data.

The Swedish Data Protection Authority is responsible for monitoring the application of data protection laws. If you believe that a company has processed personal data incorrectly, you can make a complaint to the Data Protection Authority.

We take data protection very seriously. For this reason we have dedicated employees who deal with these matters. You can contact them on personuppgifter@pfmresearch.se

We may make changes to our Privacy Policy. The latest version of our Privacy Policy is available here on our website.