Pagero’s data Privacy Notice
Data protection laws and regulations aim to protect the privacy and integrity of individuals (data subjects) when organisations process their personal data. Pagero processes personal data on behalf of its customers but is also processing personal data in relation to employees, job applicants and business contacts in the course of Pagero’s daily operations.
In order to protect the privacy and integrity of data subjects, Pagero works continuously to ensure that personal data are processed in a lawful and secure manner. These efforts are the collective responsibility of everyone at Pagero who has access to personal data in their work role.
This privacy notice explains why and how we collect and use personal data relating to business contacts, visitors on webpages and customer data, and provides information about the rights of data subjects in relation to their personal data. This privacy notice ensures that we:
- Comply with data protection laws and regulations and data protection good practice
- Protect the rights of business contacts, employees, job applicants and prospective customers
- Are open about how we store and process personal data.
2. Who is covered by this Privacy Notice
This Privacy Notice covers you who:
- use our websites and digital channels,
- use our services, for example Pagero Online,
- contacts us or otherwise communicates with us, for example via email,
- is a representative of a customer, prospective customer, supplier or partner to us,
- follows us or interacts with us on our social media, and
- signs up for or attends an event or similar activities that we arrange.
3. Responsibility for the use of your personal data
As used in this privacy notice, “Pagero”, “us” and “we” refer to Pagero as a group, including Pagero AB (the parent company) and any of its affiliates. Pagero AB is a company registered in Sweden with company registration number 556581-4695, of Västra Hamngatan 1, SE-411 17 Gothenburg, Sweden. Each affiliate within Pagero is a separate legal entity but follows the same principles and standards for the protection of personal data, and the means and purposes of processing personal data is established at group level by Pagero AB unless explicitly stated otherwise. Contact details to each affiliate can be found on our website: www.pagero.com/contact-us.
Processing of personal data on behalf of our customers
We also process personal data on behalf of and in accordance with the instructions of our customers as a processor. Our processing of personal data on behalf of our customers is governed by Data Processing Agreement(s) (DPAs), which is a part of our service agreement with each customer. This Privacy Notice does not cover our processing of personal data as a processor, since it is our customers that are responsible for this processing. If you have any questions relating to this, please contact email@example.com and we will support you and guide you to the correct responsible organization for the processing of your data.
4. Personal data that we collect
We collect and use different categories of personal data about you. Please note that it is not certain that we collect and use all categories of personal data about you. Which personal data that we actually collect and use about you depends on how you interact with us and which role you have, for example if you are a user of our website or services or a contact person of a customer or supplier of ours.
We collect and use the following categories of personal data:
- Identity information, which makes it possible to identify you, for example your name.
- Contact information, which makes it possible to contact you, including your address, email address and telephone number.
User generated information that is generated based on your activity and use of our websites, digital channels, and services, including clicks and visits on our websites.
- Profile information, which concerns your profile including your username, title, and name and address to the company or organisation that you work for.
- Communication with us, including contents in email or the responses you provide when participating in a survey.
- Picture, video and audio material which includes video footage of you, your picture or voice, as may be found in photographs and video and audio recordings,
- Technical information about the device that you use when using our websites and digital channels, including type of device, version of browser and operating system.
Based on the personal data that we collect about you, we also use personal data that is derived or compiled from this information:
- Case history relating to support matters,
- User behaviour on our websites and in our digital channels,
- Customer profile, and
- Communication history.
5. Sources from which we collect personal data
The personal data that we collect about you is mainly collected directly from yourself when you provide your personal data to us, for example when you use our websites, our services, participate in a survey or an event, or contact or otherwise communicates with us.
We also collect where necessary personal data from other sources:
- Affiliates of the Pagero group, which has collected your personal data in the same way as described above,
- The company or organisation that you work for,
- Social network platforms if you follow or interact with us on social media,
- Partners that we collaborate with, for example to carry out an event or similar activities,
- Publicly available sources for example websites or public records,
- External persons that provide your personal data to us, for example in connection with communication or an event or similar activity, and
- Employees or hired personnel that provide your personal data to us.
6. Our use of personal data
We use the personal data that we collect for various purposes. Please note that all purposes for our use of personal data may not apply to you. For which purposes we use your personal data depends on how you interact with us and which role you have for example if you are a user of our website or services or a contact person of a customer or supplier of ours.
In summary, we use personal data to manage the relationship with our customers, suppliers and partners, provide our services, communicate with you and others, develop and improve our business and services, carry out events and other activities, and to fulfill our legal obligations and manage and defend legal claims and rights.
Below we have listed the purposes for which we collect and use personal data within different areas. To read more about which categories of personal data, which legal basis that we rely on for our use of personal data and for how long personal data is stored in relation to each purpose, please see our detailed information on our use of personal data.
Manage our relationships with customers, suppliers and partners and to provide our services
- Manage the business relationship with customers, suppliers and partners
- Provide support services
- Enable functionality on our websites
- Provide our services
- Communicate internally and externally in the course of the business
Marketing & Sales activities
Analytics & assessments
Secure, test & troubleshooting our services
- Troubleshooting and customer setups
- Ensure technical functionality and security in our IT systems and services
Fulfil legal obligations and manage, defend and exercise legal claims and rights
7. Transfers of personal data
Transfers of personal data to various recipients
We share personal data with various recipients if it is necessary for the purposes that we use personal data, please see “Our use of personal data” in section 6 above. To read more about for which purposes and which categories of personal data we share with recipients and which legal basis we rely on for sharing personal data, please see our detailed information on our use of personal data.
We share personal data with:
- Affiliates of the Pagero group. The Pagero group companies collaborate and therefore share personal data with each other, for example to manage our relationships with customers, suppliers and partners and to provide our services where several affiliates are involved in the provision of the services and in connection with communication.
- The company or organisation that you work for or belong to example to manage our relationships with customers, suppliers and partners and to provide our services and in connection with communication.
- Partners that we collaborate with for example when carrying out events and similar activities and in connection with communication.
- Social network platforms that we use to provide offers and direct marketing and to communicate about us, our business and our services. When we automatically share personal data by using cookies and similar technologies with these platforms, we are – where applicable – jointly responsible for the collection and transfer of your personal data to the social network platform together with the relevant platform. However, each party is separately responsible for its own subsequent use of your personal data shared with the social network platform. Where the social network platform processes your personal data on our behalf and in accordance with our instructions in connection with any subsequent use of your personal data shared with the social network platform, the relevant platform is a processor for the processing of your personal data. To ensure that your personal data is protected, we have entered into specific arrangements with the relevant social network platforms which outlines the roles and responsibilities of each party in relation to your personal data where we and the social network platform is jointly responsible for the use of your personal data. Please see our detailed information on our use of personal data to read more about the social network platforms that we are jointly responsible with for the use of your personal data.
- Service providers that provide services to us and which needs access to your personal data to provide such services. These service providers provide, for example, IT services (for example business office tools) and communication services (which enable us to send you messages and newsletters). Where the service providers process personal data on our behalf, they act as processors for us, and we are responsible for the processing of your personal data. They must not use your personal data for their own purposes and are contractually and legally obliged to protect your personal data.
- Other recipients such as external advisors, public authorities and law enforcement where needed for example to fulfil legal obligations or manage, defend and exercise legal claims and rights.
Recipients that we are jointly responsible with
Facebook Ireland Limited
Grand Canal Square, Grand Canal Harbour, Dublin 2, D02C525, Ireland
Information regarding Facebook Ireland’s use of your personal data, including their legal basis and the ways that you can exercise your rights against Facebook Ireland can be found in their Data Policy.
We and Facebook Ireland have entered into a joint controller addendum to determine the respective responsibilities in relation to the use of your personal data for which we and Facebook Ireland is jointly responsible
Transfers of personal data to third countries outside the EU/EEA
We have subsidiaries and affiliates in various countries both inside and outside of the EU/EEA. We share personal data between affiliates of the Pagero Group and your personal data will when shared between relevant affiliates be transferred to third countries outside the EU/EEA which may not provide an adequate level of protection for personal data. We have an intra-group data transfer agreement to ensure an essentially equivalent level of protection for your personal data and that personal data is processed by each Pagero affiliate in a lawful, fair, secure, and transparent manner. We comply with laws on the transfer of personal data between countries to help ensure your data is protected, wherever it may be.
Moreover, we use service providers, which also may use sub-contractors, that are established in third countries outside the EU/EEA. To ensure an essentially equivalent level of protection for your personal data when transferred (or otherwise made available) to service providers in third countries outside of the EU/EEA which do not provide an adequate level of protection, we use the EU Commission’s adopted standard contractual clauses for international transfers according to decision 2021/914 and implement – in light of the law and practices of the third country – necessary supplementary measures. Supplementary measures include technical, contractual and organisational measures that are necessary to bring the level of protection of the personal data transferred to an essentially equivalent level protection.
For more information on the safeguards that we have taken to protect personal data, please contact us. You will find contact details under “If you have questions” in section 12 below.
8. Your rights
Rights in relation to the use of your personal data
You have certain rights in relation to the use of your personal data. For example, you have the right to request access and a copy of your personal data, and request that we, under certain circumstances, rectify, delete or restrict the use of your personal data. You can read more about these rights below in this section, or visit the Swedish supervisory authority’s website page on data subject rights. If you wish to exercise your rights, please contact us at firstname.lastname@example.org. For additional contact details, please see “If you have questions” in section 12 below.
We normally reply to your request within one month
We normally reply to your request within one month following the date that we received the request. If your request is complex or if you have submitted several requests at the same time, we may need additional time to respond to your request. If we consider it necessary to extend the time to respond to your request, we will notify you of this and the reason as to why we need more time to respond to your request within one month following the date that we received your request. The time to respond to your request can be extended with up to a maximum of two months.
Moreover, if we for some reason cannot, wholly or partly, respond to your request, we will notify you of this and the reason as to why we cannot reply to your request within one month following the date that we received the request.
If you have submitted your request electronically, for example via email, we will also respond to your request electronically, unless you request otherwise.
We need to confirm your identity to reply to your request
When you submit a request to exercise your rights, we need to confirm your identity to ensure that you are not somebody else than who you claim to be. This to avoid that we for example disclose personal data to an unauthorised person or in error delete personal data. If we do not have sufficient information to confirm your identity, we can request that you provide supplementary information about yourself needed to confirm your identity. We only request such information that is reasonable and necessary to your identity.
If you use an authorized agent
We may request evidence of that you have provided such agent with an power of attorney, or that the agent otherwise has valid signed authority to submit requests on your behalf, and ask that you verify your identity directly with us.
Additional information on your rights
You have the right to:
- Request confirmation if we process personal data about you.
- Request access to and a copy of your personal data.
- Request rectification of your personal data that is incorrect or incomplete. Please note that previously provided personal data that may be seen as outdated may not, depending on the circumstances and the context, be incorrect.
- Withdraw your consent to our use of your personal data that is based on your consent.
- Request erasure of your personal data in some circumstances, but not in cases where we, for example, are legally obligated to keep your personal data.
- Unsubscribe from marketing communications which you for example can do by clicking on an unsubscribe link in the communication. Where applicable you can unsubscribe from communication in Your account.
- Request restriction of your personal data in certain circumstances and you can then, at least for a certain period of time, prevent us from using your personal data for other purposes that for example to manage and defend a legal claim or to comply with legal obligations that we are subject to.
- Object to the processing of your personal data that is based on our or another party’s legitimate interest for reasons related to your specific situation and if we cannot show that we have a compelling reason for our use of personal data we will stop using your personal data for the relevant purpose.
- Transfer your personal data (data portability) under certain circumstances by requesting a copy of your personal data that you have provided to us in a structured format that you can transfer to another recipient.
Please note that these rights are not absolute and that there may be exceptions. You can learn more about data subject rights and how they work by visiting the Swedish supervisory authority’s page on data subject rights.
9. Additional information for California residents
The California Consumer Privacy Act, together with the California Consumer Privacy Rights Act (“CCPA”) affords consumers residing in California certain rights in relation to their personal information. If you are a California resident, this section applies to you.
Our preceding 12-month collection, use, disclosure and sources of Personal Information
- Categories of Personal Information: For information about the categories of Personal Information we collect, please refer to section 4 PERSONAL DATA THAT WE COLLECT, in this Privacy Notice.
- Sources of Personal Information: For information about the sources of where Personal Information is collected, please refer to section 5. SOURCES FROM WHICH WE COLLECT PERSONAL DATA in this Privacy Notice.
- Business or Commercial Purpose for Collecting and Disclosing Personal Information: For Information about for which business purposes we may collect and disclose your Personal Information, please refer to section 6 in this Privacy Notice. If you wish to have more specified information, please access each activity for more details at the end of this Privacy Notice.
We do not use or disclose sensitive personal information for purposes that would require us to offer consumers the right to limit such use under the CCPA.
Pagero’s services are not intended for or directed towards children, and Pagero does not knowingly collect or sell Personal Information of children under the age of 16.
“Do Not Track” disclosure
Your privacy rights as a California resident
As a California resident you have certain rights in relation to the use of your personal data. You can read more about these rights on the California Privacy Protection Agency’s website FAQ page or the California Attorney General’s website page relating to your privacy rights. If you wish to exercise your rights, please contact us at email@example.com. For additional contact details, please see “If you have questions” in section 12 below. Please note that the rights provided for herein are subject to limitations which you can learn more about in the websites referred to above.
Selling or Sharing of Personal Information – Do not Sell/Share my Personal Information
- If you have chosen the option to “Reject all” in our cookie banner, there is no sale of your personal information.
10. We protect your personal data
We use technical and organisational security measures to protect your personal data against unauthorised disclosure of, or access to, personal data. This involves detecting, investigating and resolving incidents. If you would like to know more regarding how we work with security, please visit our page on information security.
12. Updates to this Privacy Notice
We regularly update this Privacy Notice. Our use of personal data may change, for example we may collect personal data for new purposes, collect additional categories of personal data or share your personal data with other recipients than outlined in this Privacy Notice. If our use of personal data changes, we will update this Privacy Notice to reflect such changes. At the top of this page, you can see when this Privacy Notice was last updated. If we make material changes that are not only editorial to this Privacy Notice, we will notify you of any such changes and what they mean to you in advance.
13. If you have questions
If you have questions about this Privacy Notice, our use of your personal data or if you wish to exercise your rights, please contact us at firstname.lastname@example.org. Contact details to each Pagero affiliate can be found on our contact page.
If you are not satisfied with our response, you have the right to lodge a complaint with the relevant data protection authority in your country. A list of the data protection authorities within EU and contact details can be found on the European Data Protection Board’s website.
Detailed information regarding the use of personal data
Our use of personal data