Privacy Notice

Pagero’s data Privacy Notice

1. Introduction

Data protection laws and regulations aim to protect the privacy and integrity of individuals (data subjects) when organisations process their personal data. Pagero processes personal data on behalf of its customers but is also processing personal data in relation to employees, job applicants and business contacts in the course of Pagero’s daily operations.

In order to protect the privacy and integrity of data subjects, Pagero works continuously to ensure that personal data are processed in a lawful and secure manner. These efforts are the collective responsibility of everyone at Pagero who has access to personal data in their work role.

This privacy notice explains why and how we collect and use personal data relating to business contacts, visitors on webpages and customer data, and provides information about the rights of data subjects in relation to their personal data. This privacy notice ensures that we:

  • Comply with data protection laws and regulations and data protection good practice
  • Protect the rights of business contacts, employees, job applicants and prospective customers
  • Are open about how we store and process personal data.

2. Who is covered by this Privacy Notice

This Privacy Notice covers you who:

  • use our websites and digital channels,
  • use our services, for example Pagero Online,
  • contacts us or otherwise communicates with us, for example via email,
  • is a representative of a customer, prospective customer, supplier or partner to us,
  • follows us or interacts with us on our social media, and
  • signs up for or attends an event or similar activities that we arrange.

3. Responsibility for the use of your personal data

As used in this privacy notice, “Pagero”, “us” and “we” refer to Pagero as a group, including Pagero AB (the parent company) and any of its affiliates. Pagero AB is a company registered in Sweden with company registration number 556581-4695, of Västra Hamngatan 1, SE-411 17 Gothenburg, Sweden. Each affiliate within Pagero is a separate legal entity but follows the same principles and standards for the protection of personal data, and the means and purposes of processing personal data is established at group level by Pagero AB unless explicitly stated otherwise. Contact details to each affiliate can be found on our website: www.pagero.com/contact-us.

For the section “Pagero EU-US transfers”, the recipient Pagero entity is Pagero Inc, 150 North Michigan Avenue Suite 1950 Chicago, IL 60601.

Processing of personal data on behalf of our customers

We also process personal data on behalf of and in accordance with the instructions of our customers as a processor. Our processing of personal data on behalf of our customers is governed by Data Processing Agreement(s) (DPAs), which is a part of our service agreement with each customer. This Privacy Notice does not cover our processing of personal data as a processor, since it is our customers that are responsible for this processing. If you have any questions relating to this, please contact [email protected] and we will support you and guide you to the correct responsible organization for the processing of your data.

4. Personal data that we collect

We collect and use different categories of personal data about you. Please note that it is not certain that we collect and use all categories of personal data about you. Which personal data that we actually collect and use about you depends on how you interact with us and which role you have, for example if you are a user of our website or services or a contact person of a customer or supplier of ours.

We collect and use the following categories of personal data:

  • Identity information, which makes it possible to identify you, for example your name.
  • Contact information, which makes it possible to contact you, including your address, email address and telephone number.
  • User generated information that is generated based on your activity and use of our websites, digital channels, and services, including clicks and visits on our websites.

  • Profile information, which concerns your profile including your username, title, and name and address to the company or organisation that you work for.
  • Communication with us, including contents in email or the responses you provide when participating in a survey.
  • Picture, video and audio material which includes video footage of you, your picture or voice, as may be found in photographs and video and audio recordings,
  • Technical information about the device that you use when using our websites and digital channels, including type of device, version of browser and operating system.

Based on the personal data that we collect about you, we also use personal data that is derived or compiled from this information:

  • Case history relating to support matters,
  • User behaviour on our websites and in our digital channels,
  • Customer profile, and
  • Communication history.

5. Sources from which we collect personal data

The personal data that we collect about you is mainly collected directly from yourself when you provide your personal data to us, for example when you use our websites, our services, participate in a survey or an event, or contact or otherwise communicates with us.

We also collect where necessary personal data from other sources:

  • Affiliates of the Pagero group, which has collected your personal data in the same way as described above,
  • The company or organisation that you work for,
  • Social network platforms if you follow or interact with us on social media,
  • Partners that we collaborate with, for example to carry out an event or similar activities,
  • Publicly available sources for example websites or public records,
  • External persons that provide your personal data to us, for example in connection with communication or an event or similar activity, and
  • Employees or hired personnel that provide your personal data to us.

6. Our use of personal data

We use the personal data that we collect for various purposes. Please note that all purposes for our use of personal data may not apply to you. For which purposes we use your personal data depends on how you interact with us and which role you have for example if you are a user of our website or services or a contact person of a customer or supplier of ours.

In summary, we use personal data to manage the relationship with our customers, suppliers and partners, provide our services, communicate with you and others, develop and improve our business and services, carry out events and other activities, and to fulfill our legal obligations and manage and defend legal claims and rights.

Below we have listed the purposes for which we collect and use personal data within different areas. To read more about which categories of personal data, which legal basis that we rely on for our use of personal data and for how long personal data is stored in relation to each purpose, please see our detailed information on our use of personal data.

Manage our relationships with customers, suppliers and partners and to provide our services

Marketing & Sales activities

Analytics & assessments

Secure, test & troubleshooting our services

Fulfil legal obligations and manage, defend and exercise legal claims and rights

7. Transfers of personal data

 

Transfers of personal data to various recipients

We share personal data with various recipients if it is necessary for the purposes that we use personal data, please see “Our use of personal data” in section 6 above. To read more about for which purposes and which categories of personal data we share with recipients and which legal basis we rely on for sharing personal data, please see our detailed information on our use of personal data.

We share personal data with:

  • Affiliates of the Pagero group. The Pagero group companies collaborate and therefore share personal data with each other, for example to manage our relationships with customers, suppliers and partners and to provide our services where several affiliates are involved in the provision of the services and in connection with communication.
  • The company or organisation that you work for or belong to example to manage our relationships with customers, suppliers and partners and to provide our services and in connection with communication.
  • Partners that we collaborate with for example when carrying out events and similar activities and in connection with communication.
  • Social network platforms that we use to provide offers and direct marketing and to communicate about us, our business and our services. When we automatically share personal data by using cookies and similar technologies with these platforms, we are – where applicable – jointly responsible for the collection and transfer of your personal data to the social network platform together with the relevant platform. However, each party is separately responsible for its own subsequent use of your personal data shared with the social network platform. Where the social network platform processes your personal data on our behalf and in accordance with our instructions in connection with any subsequent use of your personal data shared with the social network platform, the relevant platform is a processor for the processing of your personal data. To ensure that your personal data is protected, we have entered into specific arrangements with the relevant social network platforms which outlines the roles and responsibilities of each party in relation to your personal data where we and the social network platform is jointly responsible for the use of your personal data. Please see our detailed information on our use of personal data to read more about the social network platforms that we are jointly responsible with for the use of your personal data.
  • Service providers that provide services to us and which needs access to your personal data to provide such services. These service providers provide, for example, IT services (for example business office tools) and communication services (which enable us to send you messages and newsletters). Where the service providers process personal data on our behalf, they act as processors for us, and we are responsible for the processing of your personal data. They must not use your personal data for their own purposes and are contractually and legally obliged to protect your personal data.
  • Other recipients such as external advisors, public authorities and law enforcement where needed for example to fulfil legal obligations or manage, defend and exercise legal claims and rights.

Recipients that we are jointly responsible with

RecipientInformation

Facebook Ireland Limited

Grand Canal Square, Grand Canal Harbour, Dublin 2, D02C525, Ireland

Information regarding Facebook Ireland’s use of your personal data, including their legal basis and the ways that you can exercise your rights against Facebook Ireland can be found in their Data Policy.

We and Facebook Ireland have entered into a joint controller addendum to determine the respective responsibilities in relation to the use of your personal data for which we and Facebook Ireland is jointly responsible

Transfers of personal data to Pagero Inc under the EU-US Data Privacy Framework

Pagero complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.  Pagero has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.  Pagero has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/ 

Accountability for Onward Transfer
We will not share, sell or distribute any of the information you provide to us without your consent, except as described in this privacy notice.

Pagero may share your information with external third parties, such as vendors, consultants and other service providers who are performing certain services on behalf of Pagero. Such third parties have access to Personal Data solely for the purposes of performing the services specified in the applicable service contract, and not for any other purpose. Pagero requires these third parties to undertake security measures consistent with the protections specified in this privacy notice.

Pagero will remain responsible for the processing of personal data it receives under the DPF and subsequently transfers to a third party acting as an agent on its behalf, unless Pagero proves that it is not responsible in an event giving rise to damage.

In the event Pagero transfer personal data covered by this DPF Policy to a third party acting as a controller, we will do so consistent with any notice provided to data subjects and any consent they have given (where applicable), and only if the third party has given us contractual assurances that it will (i) process the personal data for limited and specified purposes consistent with any consent provided, (ii) provide at least the same level of protection as is required by the DPF Principles and notify us if it makes a determination that it cannot do so; and (iii) cease processing of the personal data or take other reasonable and appropriate steps to remediate if it makes such a determination. If Pagero has knowledge that a third party acting as a controller is processing Personal Data covered by this DPF Policy in a way that is contrary to the DPF Principles, Pagero will take reasonable steps to prevent or stop such processing.

The Federal Trade Commission (FTC) has jurisdiction over Pagero’s compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. Pagero may be required to disclose Personal Data in response to lawful requests by public authorities, including meeting national security or law enforcement requirements.

Dispute Resolution under the Data Privacy Framework

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Pagero commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.To contact us regarding any transfers made under the Data Privacy Framework, please see section 13 “If you have questions”. If you have not received timely response to your concern, or we have not addressed your concern to your satisfaction, you may seek further assistance, at no cost to you, from the EU Data Protection Authorities panel. You can invoke this right by contacting your national data protection Authority (DPA).   You may also invoke binding arbitration to determine whether a Pagero Inc has violated its obligations under the Data Privacy Framework Principles. Further information can be found on the official DPF website.

Transfers of personal data to third countries outside the EU/EEA

We have subsidiaries and affiliates in various countries both inside and outside of the EU/EEA. We share personal data between affiliates of the Pagero Group and your personal data will when shared between relevant affiliates be transferred to third countries outside the EU/EEA which may not provide an adequate level of protection for personal data. We have an intra-group data transfer agreement to ensure an essentially equivalent level of protection for your personal data and that personal data is processed by each Pagero affiliate in a lawful, fair, secure, and transparent manner. We comply with laws on the transfer of personal data between countries to help ensure your data is protected, wherever it may be.

Moreover, we use service providers, which also may use sub-contractors, that are established in third countries outside the EU/EEA. To ensure an essentially equivalent level of protection for your personal data when transferred (or otherwise made available) to service providers in third countries outside of the EU/EEA which do not provide an adequate level of protection, we use the EU Commission’s adopted standard contractual clauses for international transfers according to decision 2021/914 and implement – in light of the law and practices of the third country – necessary supplementary measures. Supplementary measures include technical, contractual and organisational measures that are necessary to bring the level of protection of the personal data transferred to an essentially equivalent level protection.

For more information on the safeguards that we have taken to protect personal data, please contact us. You will find contact details under “If you have questions” in section 12 below.

8. Your rights

 

Rights in relation to the use of your personal data

You have certain rights in relation to the use of your personal data. For example, you have the right to request access and a copy of your personal data, and request that we, under certain circumstances, rectify, delete or restrict the use of your personal data. You can read more about these rights below in this section, or visit the Swedish supervisory authority’s website page on data subject rights. If you wish to exercise your rights, please contact us at [email protected]. For additional contact details, please see “If you have questions” in section 13 below.

We normally reply to your request within one month

We normally reply to your request within one month following the date that we received the request. If your request is complex or if you have submitted several requests at the same time, we may need additional time to respond to your request. If we consider it necessary to extend the time to respond to your request, we will notify you of this and the reason as to why we need more time to respond to your request within one month following the date that we received your request. The time to respond to your request can be extended with up to a maximum of two months.

Moreover, if we for some reason cannot, wholly or partly, respond to your request, we will notify you of this and the reason as to why we cannot reply to your request within one month following the date that we received the request.

If you have submitted your request electronically, for example via email, we will also respond to your request electronically, unless you request otherwise.

We need to confirm your identity to reply to your request

When you submit a request to exercise your rights, we need to confirm your identity to ensure that you are not somebody else than who you claim to be. This to avoid that we for example disclose personal data to an unauthorised person or in error delete personal data. If we do not have sufficient information to confirm your identity, we can request that you provide supplementary information about yourself needed to confirm your identity. We only request such information that is reasonable and necessary to your identity.

If you use an authorized agent

We may request evidence of that you have provided such agent with an power of attorney, or that the agent otherwise has valid signed authority to submit requests on your behalf, and ask that you verify your identity directly with us.

Additional information on your rights

You have the right to:

  • Request confirmation if we process personal data about you.
  • Request access to and a copy of your personal data.
  • Request rectification of your personal data that is incorrect or incomplete. Please note that previously provided personal data that may be seen as outdated may not, depending on the circumstances and the context, be incorrect.
  • Withdraw your consent to our use of your personal data that is based on your consent.
  • Request erasure of your personal data in some circumstances, but not in cases where we, for example, are legally obligated to keep your personal data.
  • Unsubscribe from marketing communications which you for example can do by clicking on an unsubscribe link in the communication. Where applicable you can unsubscribe from communication in Your account.
  • Request restriction of your personal data in certain circumstances and you can then, at least for a certain period of time, prevent us from using your personal data for other purposes that for example to manage and defend a legal claim or to comply with legal obligations that we are subject to.
  • Object to the processing of your personal data that is based on our or another party’s legitimate interest for reasons related to your specific situation and if we cannot show that we have a compelling reason for our use of personal data we will stop using your personal data for the relevant purpose.
  • Transfer your personal data (data portability) under certain circumstances by requesting a copy of your personal data that you have provided to us in a structured format that you can transfer to another recipient.

Please note that these rights are not absolute and that there may be exceptions. You can learn more about data subject rights and how they work by visiting the Swedish supervisory authority’s page on data subject rights.

9. Additional information for California residents

The California Consumer Privacy Act, together with the California Consumer Privacy Rights Act (“CCPA”) affords consumers residing in California certain rights in relation to their personal information. If you are a California resident, this section applies to you.

Our preceding 12-month collection, use, disclosure and sources of Personal Information

  • Categories of Personal Information: For information about the categories of Personal Information we collect, please refer to section 4 PERSONAL DATA THAT WE COLLECT, in this Privacy Notice.
  • Sources of Personal Information: For information about the sources of where Personal Information is collected, please refer to section 5. SOURCES FROM WHICH WE COLLECT PERSONAL DATA in this Privacy Notice.
  • Business or Commercial Purpose for Collecting and Disclosing Personal Information: For Information about for which business purposes we may collect and disclose your Personal Information, please refer to section 6 in this Privacy Notice. If you wish to have more specified information, please access each activity for more details at the end of this Privacy Notice.
    We do not use or disclose sensitive personal information for purposes that would require us to offer consumers the right to limit such use under the CCPA.

Children’s privacy

Pagero’s services are not intended for or directed towards children, and Pagero does not knowingly collect or sell Personal Information of children under the age of 16.

“Do Not Track” disclosure

Privacy regulations in the United States, such as the laws of California, require Pagero to indicate whether our website honours your browser’s “Do Not Track” settings concerning targeted advertising. Pagero adheres to the standards set out in this Privacy Notice and the Cookie Policy and Pagero adheres to the standards set out in this Notice and your cookie preference settings, but does not monitor or respond to Do Not Track browser requests.

Your privacy rights as a California resident

As a California resident you have certain rights in relation to the use of your personal data. You can read more about these rights on the California Privacy Protection Agency’s website FAQ page or the California Attorney General’s website page relating to your privacy rights. If you wish to exercise your rights, please contact us at [email protected]. For additional contact details, please see “If you have questions” in section 12 below. Please note that the rights provided for herein are subject to limitations which you can learn more about in the websites referred to above.

Selling or Sharing of Personal Information – Do not Sell/Share my Personal Information

Pagero does not sell personal data to third parties in exchange for money. However, the use of third-party cookies on our website, as provided by our Cookie Policy qualifies as selling/sharing of personal information under the CCPA. We are therefore required, as provided in the section Your privacy rights as a California resident above, to provide you with means for you to opt-out of such sale.

  • If you have chosen the option to “Reject all” in our cookie banner, there is no sale of your personal information.
  • If you have accepted cookies and now want to Opt Out of the Sale or Sharing of your personal information, you can do so by visiting our Cookie Policy, where you can manage your preferences and opt out from the sale or sharing of your information.

10. We protect your personal data

We use technical and organisational security measures to protect your personal data against unauthorised disclosure of, or access to, personal data. This involves detecting, investigating and resolving incidents. If you would like to know more regarding how we work with security, please visit our page on information security.

11. Use of cookies and similar technologies

We use cookies and other technologies on our websites. To read more about our use of cookies and similar technologies, please see our cookie policy.

12. Updates to this Privacy Notice

We regularly update this Privacy Notice. Our use of personal data may change, for example we may collect personal data for new purposes, collect additional categories of personal data or share your personal data with other recipients than outlined in this Privacy Notice. If our use of personal data changes, we will update this Privacy Notice to reflect such changes. At the top of this page, you can see when this Privacy Notice was last updated. If we make material changes that are not only editorial to this Privacy Notice, we will notify you of any such changes and what they mean to you in advance.

13. If you have questions

If you have questions about this Privacy Notice, our use of your personal data or if you wish to exercise your rights, please contact us at [email protected]. Contact details to each Pagero affiliate can be found on our contact page.

If you are not satisfied with our response, you have the right to lodge a complaint with the relevant data protection authority in your country. A list of the data protection authorities within EU and contact details can be found on the European Data Protection Board’s website.

Detailed information regarding the use of personal data

Our use of personal data

Manage our relationships with customers, suppliers and partners and to provide our services

Marketing & Sales activities

Analytics & assessments

Secure, test & troubleshooting our services

Fulfil legal obligations and manage, defend and exercise legal claims and rights

Other important information