Privacy Policy

Privacy Policy

Introduction

In this privacy policy, you can read about how Scandinavian Cargo AB with company reg. no: 559332– 5888 (hereinafter referred to as "ShipPlace" and referred to as "we", "our", "us") processes personal data. References to "you", "your" refer to the data subjects whose personal data we process.

Here we have compiled information on, among other things, why personal data is processed and where it is stored. We also describe who we share them to, what rights the data subjects have according to the GDPR and other information about our personal data processing. This privacy policy covers all types of personal data, in both structured and unstructured data.

Our processing of your personal data takes place in accordance with the GDPR (and SCC where applicable) and the data protection principles. Below you can read about how we process your personal data that we get access to when you enter into an agreement with us, contact us or when we otherwise come into contact with you.

The contents of this Privacy Policy may be updated from time to time, without prior notice. For example, if it is necessary to clarify something, due to changed or new legislation or if our processing of personal data changes. The latest version is always published on our website which is available to the public. You are responsible for reading the contents of this Privacy Policy and keeping up to date on any changes.

Definitions

Website: shipplace.eu.

Customer: refers to a natural or legal person who hires ShipPlace.

Third-party: refers to other than Customer or ShipPlace.

GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).

All references to "personal data", "processing" (of personal data), "data subject", "personal data breach", "supervisory authority" and other GDPR-related terms not defined herein shall have the same meaning in this Privacy Policy as set forth in Article 4 of the GDPR.

SCC: Commission implementing decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council, or later updated version.

Personal Data Controller

ShipPlace is the personal data controller regarding all processing of personal data performed by us or on our behalf, and we are responsible for ensuring that the processing takes place in accordance with the GDPR (according to the principle of accountability).

Categories of processed personal data

In accordance with the principle of data minimization, we only process personal data that is adequate, necessary and relevant to fulfill the purposes for which they were collected.

We mainly process the categories of personal data listed below, which we can access when you contact us, enter into an agreement with us or otherwise in connection with the performance of our services:

  • Identification information: first name, last name, social security number or equivalent.
  • Contact information: telephone number, e-mail address, address, user ID for social media.
  • Other personal information: any personal information that is provided to us, such as that which is included in a message sent to us.

The purpose of the processing of personal data

In accordance with the principle of purpose limitation, we only process personal data for special, explicitly stated and justified purposes. In addition, any processing is legally justified and legal in accordance with the provisions of the GDPR. Below you can read more about the legal basis and purpose of the processing of personal data.

  1. When you visit our Website:

    Our Website uses cookies. We may obtain information about visitors' use of the Website, device identification, operating system, operating version, device ID, access time, configuration settings, time zone, country and other user information provided through, among other things, web analysis and/or traffic measurement providers through cookies. The use of non-essential cookies takes place only if you give your consent to it. You can revoke a given consent at any time (without this affecting the legality of the treatment performed with the support of the consent before it was revoked). In addition, you can manage the storage of cookies through your browser settings. Legal basis for the processing of personal data: Consent. You can read more information about how we use cookies on the Website in our Cookie Policy: LINK.

  2. When we get in touch through e-mail, telephone, social media or contact form:

    We can contact you, and you can contact us, through e-mail, telephone or social media and in such case we will have access to your personal data that appears in connection with such contact. For example, we may have access to the following personal information belonging to you: first name, last name, telephone number, e-mail address, user ID from social media (if applicable) and other information that you provide to us. This information is processed by us so that we can know who we are talking to and to keep in touch in the matter. Legal basis for the processing of personal data: Legitimate interest.

    You can also contact us by sending a message to us through the contact form on the Website. We will then have access to the following personal information that belongs to you: first name, last name, telephone number, e-mail address, and the information that you include in the message. This information is processed by us so that we can know who we are talking to and in order for us to respond to the message. Before sending the message to us, you give your active consent to our processing of your personal data in accordance with this Privacy Policy, by ticking a check box for approval. Legal basis for the processing of personal data: Consent.

  3. When you enter into an agreement with us regarding our services:

    We process personal data belonging to the Customer's contact person and/or signatory in order to fulfill the agreement regarding our services. Personal data that we process belonging to the Customer's contact person and/or signatory refers to, among other things, but not exclusively: first name, surname, telephone number, e-mail address. Legal basis for the processing of personal data: Agreement.

    We process and store invoices and other items that constitute accounting documents that we are obliged to process and store in accordance with current legislation, such as the Accounting Act (1999: 1078). Accounting documents and vouchers may in some cases contain personal information, such as contact information for the Customer's contact person and/or signatory. Such accounting documents is stored for at least seven (7) years or as long as required by law. Legal basis for the processing of personal data: Legal obligation.

  4. When you register to receive newsletters from us:

    You can choose to receive newsletters from us by giving your voluntary and active consent for us to process your e-mail address for that purpose. You can cancel your subscription at any time by clicking on the link in the newsletter to unsubscribe from the newsletters or email us. Legal basis for the processing of personal data: Consent.

  5. Other purposes for our processing of personal data:

    If we are obliged by law, court or authority decision to process certain personal data, the processing takes place on the basis of a “legal obligation” as a legal basis. In such cases, the processing takes place only to the extent necessary for us to fulfill our legal obligations and in such cases we process only necessary personal data, for as long as the law requires it (in accordance with the principle of storage limitation).

    When a processing of personal data takes place on the basis of a ”legitimate interest” as a legal basis, our assessment is that the processing does not constitute an infringement of your right to privacy. We have come to this conclusion, after making a balancing between, on the one hand, what the processing in question means for your interests and the right to privacy, and on the other hand our legitimate interest in the processing in question. However, we never process sensitive personal data on legitimate interest as the legal basis.

    Based on our legitimate interest, we may process personal data in order to:

    • protect our rights and property,
    • carry out direct marketing of our services,
    • ensure the technical functionality of the Website,
    • collect anonymous statistics, performance measurements, etc. regarding our services.

Storage location and duration

We strive to store all personal data that we process within the EU/EEA, in accordance with the principle of integrity and confidentiality. If personal data is stored in a country outside the EU/EEA, we shall ensure that such a storage site ensures an adequate level of protection in accordance with the provisions of the GDPR and SCC.

Personal data is stored for as long as it is necessary to fulfill the purposes for which it was collected. When personal data no longer need to be stored for the purposes, they are either deleted (erased) or anonymized, in accordance with the principle of storage limitation.

We follow internal guidelines and written routines regarding erasure and logging of erased personal data, to ensure that the processing of personal data takes place in accordance with the GDPR.

Personal data that is registered in your user account for the Website is stored for as long as your user account is active. You can choose to delete your user account at any time through the user panel or by contacting us and requesting that we delete your user account. Personal data may be stored in our backup storage for up to three (3) months after it has been deleted manually, before all backup-stored copies are permanently deleted.

Sharing of personal data

Personal data that we process is not shared with unauthorized persons. We may share personal data to, for example, authorities or personal data processors that we hire to fulfill our obligations under agreements and current legislation. Below is a short summary of different situations where we can share personal data that we process.

Authorities: We may share personal data that we process if necessary, to prevent, detect, prevent or investigate criminal activity and to protect our interests and our property.

Other service providers: We employ various service providers in their capacity as personal data processors, in order to, among other things:

  • safeguard or legal interests,
  • fulfill our contractual and legal obligations,
  • detect and prevent technical, operational or safety problems, and
  • provide, improve and maintain the Website (software maintenance).

Examples of service providers that we hire are suppliers of accounting consultant, web developer, document management system, etc.

Before we share any personal data with such service providers, we enter into a data processing agreement with them in accordance with the provisions of the GDPR (alternatively SCC if the personal data processor is located in a country outside the EU / EEA). This is done to ensure a secure and correct processing of personal data.

If you want to know more about which service providers we share your personal data with, you can contact our contact person for personal data matters to request a current overview.

Technical and organizational security measures

We implement various technical and organizational security measures with a focus on the integrity of the data subjects. The measures are intended to protect against intrusion, abuse, loss, destruction and other changes that may pose a risk to privacy (according to the principle of privacy and confidentiality).

Below are examples of some security measures we implement:

  • Internal routines have been established with instructions regarding the processing of personal data that all staff must follow. Among other things, internal routine for erasure of personal data and handling / documentation of personal data breaches.
  • Internal routines, policies and instructions are reviewed regularly, at least annually and when necessary, and are approved by the company's board.
  • A contact person for personal data matters has been appointed, who also responds directly to the company's top management.
  • The staff has knowledge of how the processing of personal data may take place.
  • Access to databases, IT systems and parts of the IT infrastructure and network requires a password.
  • The suppliers and sub-processors hired guarantee an adequate level of technical and organizational security for the services provided and the tasks performed.
  • All employees have entered into a confidentiality agreement and thereby undertaken an obligation to observe confidentiality regarding, among other things, personal data that is processed within the framework of the business and the performance of the work.
  • We follow the seven data protection principles in all processing of personal data. The principles are documented in internal routines, which our employees have access to and which they follow in all processing of personal data.

Your rights under the GDPR

If we process your personal data, you have different rights according to GDPR regarding our processing of your personal data.

Below are the rights you have under the GDPR, right to:

  • access your personal data that we process.
  • have incorrect personal data corrected.
  • request a restriction on the processing of your personal data.
  • have your personal data that we process deleted.
  • move your personal data (data portability).
  • receive information about personal data incidents concerning your personal data.
  • object to the personal data being used for direct marketing and profiling.

We hereby inform you that some of the rights only apply in certain situations and only if it is legal and possible for us to implement your request. You are welcome to contact us through the contact information provided below, if you would like to invoke any of the above rights regarding your personal data that we process.

Personal Data Breaches

We follow the provisions of the GDPR regarding the handling, reporting and documentation of personal data breaches. When required by the GDPR, we will report personal data breaches to the Swedish Authority for Privacy Protection within 72 hours and notify the data subjects affected by the personal data breaches.

Questions or complaints

If you have any questions or concerns or are dissatisfied with our processing of your personal data, you are always welcomed to contact us. Below are our company details:

Company: Scandinavian Cargo AB.
Company reg. no: 559332–5888.
Email: office@shipplace.eu
Postal address: Gyllbyvägen 10, 748 42 Örbyhus.

You can also submit complaints through the form available under the tab "Complaints" on our Website.

Our contact person for personal data matters:

We have appointed a contact person for personal data matters who you can contact if you have questions regarding our processing of personal data.
Name: Grzegorz Kornas.
Email: office@shipplace.eu

You also have the right to contact the Swedish Authority for Privacy Protection to submit a complaint.
Name: Integritetsskyddsmyndigheten (IMY).
Phone: 08-657 61 00.
Email: imy@imy.se.
Postal address: Integritetskyddsmyndigheten, Box 8114, 104 20 Stockholm.