This privacy notice was adopted by Winningtemp AB on 17/02/2023.
We at Winningtemp AB (”Winningtemp”, “we”, ”our” och ”us”) care about your privacy and want you to feel safe when we process your personal data.
This privacy notice is not applicable if you are using Winningtemp as an employer and responding to questions. Please reach out to your employer, who is the data controller.
In this privacy notice we want to inform you who interact with us in different situations, e.g. as a representative of our current or potential customer, supplier or partner. This privacy notice also applies to you who visit our website or communicate with us on social media.
With this text we provide information on how and why we process your personal data. We also describe your rights, the legal basis for processing and the storage period for which we keep your personal data.
In short: Why do we process your personal data?
Depending on the relationship we have with you, we process your personal data for all or only some of the above stated purposes. A detailed description of our processing of your personal data is provided in the sections below. By clicking on the links above you can read more about what specifically applies to you.
When we refer to “your organisation” in this privacy notice, we refer to your employer or the organisation that you represent. We will only process data about you in your professional role, which for example means that we will only send marketing to your organisation and not to you in your capacity as a private individual.
If you are a user of Winningtemp, i.e. only use Winningtemp services as provided by your employer, your employer is responsible for the processing of your personal data (controller). If you have any questions relating to the personal data that your employer is responsible for please contact your employer.
Winningtemp AB (Swedish registration number 556862-3101), is responsible for the processing of your personal data that is described in this policy. Winningtemp is only responsible (controller) for your personal data related to you in your professional role, e.g. if you are a representative of your organisation.
Should you have any questions regarding our processing of your personal data, or if you wish to exercise any of your rights under data protection legislation, please contact us via our e-mail address firstname.lastname@example.org, or give us a call at 031-13 21 00. Our postal address is Winningtemp AB, Östra Hamngatan 31, 411 10 Gothenburg, Sweden.
We collect your personal data directly from you, for example when you contact us. We may also collect your personal data from your organisation, e.g. if one of your colleagues state you as the organisation’s representative.We will also collect your personal data from other sources in the following situations:
- If you represent a potential customer, supplier or partner (i.e. a business lead), we may collect your personal data from the internet or a third-party service.
- If you use our website, we will collect information on your browsing of our website to analyse your use of our website.
In general, and with some exemptions, you are not required to provide your personal data to us. You find a description of when you are needed to provide your personal data in the charts below when the so called legal basis is stated to be ”Legal obligation”. If you don’t provide such personal data to us, we at Winningtemp will not be able to administrate our relationship with your organisation or fulfil the agreements with your organisation.
The below charts describe in detail why we process your personal data, what personal data we process, when you need to provide the personal data to us and the legal basis for our processing. The legal basis is the basis for processing your personal data according to the GDPR. You will also find information about how long we process your personal data.
Don’t hesitate to contact us if you have any questions regarding our processing of your personal data. Our contact details can be found in the beginning of this privacy notice.
If you are in contact with us without having a business relationship with us, e.g. by contacting us through our chat or contact forms on our website or by sending us an e-mail or a message at our social media account, we will process your personal data as we describe in the charts below. We process the personal data which you provide to us and information from your social media account (if you use such account to communicate).
When contacting us through a social media platform, we suggest you also familiarise yourself witht he privacy information of that platform.
We analyse how our website is used and show you relevant marketing on social media and other websites you visit based on such analysis. This means that your personal data is processed when you visit our website. To protect your privacy, we have taken measures to avoid identifying you when you visit our website. For instance, we only store an encrypted version of your IP address to reduce the risk of being able to identify you.
When you visit our website, we will gather your personal data from your device and from the companies we cooperate with (see below).Such companies will also use previous information they have about you to show you interesting offers.
When you use our website, we will gather personal data by using cookies. How we do this is described in our text about cookies which you find here.
*Profiling: We use so called profiling to be able to show you offers that are relevant to you and to provide you with customized marketing.We use profiling because without it, you would instead see offers and information which you are probably not interested in. You have the right to object to profiling as described below under the section explaining your rights.
We always strive to keep a good relationship with your organisation and answer all questions you or your organisation may have. If you or your organisation have any questions, would want to make a complaint regarding one of our services or if we would have a claim against your organisation, we will process your personal data as described below. We will collect your personal data from you or your organisation or provide the information ourselves.
Note that an ongoing matter may mean that we cannot delete all your personal data after your request.
We will store information about you who have chosen to object to receiving marketing from us – see the below chart for information about this. We have received the personal data we store from you.
Your personal data is initially collected and processed by us and we do not sell your personal data. This means that your personal data will be handled by our employees, but only personnel who need such access to conduct their work.
To conduct our business, we need to work with suppliers and partners who therefore will process your personal data. We are responsible for any sharing of your personal data to such suppliers or partners and to make sure your personal data is safe when shared with third parties as set out below.
We will share your personal data with the following recipients:
If you have any questions regarding how we share yourpersonal data or want to know more about who we share your personal data with, please feel free to contact us.
We, as well as our processors, mainly process your personal data within the EU/EEA. In some instances, we will transfer your personal data outside of the EU/EEA, however only to a limited extent. Such transfer will only take place in accordance with applicable data protection legislation.
If you use our website and have consented to us using services from Google, Facebook and LinkedIn your personal data may be considered transferred outside of the EU/EEA. These parties may transfer your personal data to the United States since they are located there.
We have de-identified your personal data as far as possible to avoid your personal data being transferred outside of the EU/EEA. We only transfer your personal data outside of the EU/EEA when we can ensure an adequate level of protection of your personal data. Google, Facebook andLinkedIn rely on Standard Contractual Clauses for the transfer of personal data outside of the EU/EEA. Standard Contractual Clauses are one safe guard to provide a safe transfer of your personal data.
If you want to know more about who we share your personal data with, please feel free to contact us. Our contact information can be found at the beginning of this privacy notice.
You have certain rights that you can exercise to affect how we process your personal data. You can read about what those rights are below.
If you want to know more about your rights or if you want to exercise any of your rights, please contact us and we will help you. Our contact information can be found in the beginning of this privacy notice.
You have a right to withdraw any consent you have given us, partly or completely.
You always have a right to object to our processing of your personal data when the processing is performed for marketing and profiling purposes, such as sending newsletters and customising marketing. You can read more about profiling in the charts above.
You also have a right to object to our processing of your personal data when the processing is based on the legal basis “legitimate interest”. In some instances, we may continue to process your personal data based on our legitimate interest even if you have objected to our processing (e.g. when we need to store your personal data). This can be the case if we can show compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms in us not processing your personal data or if the purpose of the processing is to establish, exercise or defend against a legal claim.
You have the right to obtain confirmation as to whether we are processing personal data about you or not. If we do process your personal data, you also have a right to obtain a copy of the personal data processed by us as well as information about how we process your personal data.
You have a right to correct any inaccurate personal data concerning you that we may be processing and to ask us to have incomplete personal data completed.
Under certain circumstances, you have a right to request that we delete your personal data. This is the case for example when the personal data is no longer necessary for the purposes for which they were collected or otherwise processed or if you have withdrawn your consent the processing was based on and there is no other legal basis for processing.
Under certain circumstances, you also have a right to request that we restrict our processing of your personal data. That is the case for example when the accuracy of the personal data is contested by you, or the processing is unlawful, and you do not want us to delete your personal data but instead you request that we restrict our use of them.
Under certain circumstances, you have a right to receive your personal data from us in a structured, commonly used and machine-readable format and, where technically feasible, have your personal data transferred to another organisation (“data portability”). This applies to personal data that you have provided to us in a structured, commonly used and machine-readable format, if our processing of your personal data is carried out by automated means and the legal basis for our processing is based on the performance of a contract or consent.
As we state above, for some purposes, we process your personal data based on our “legitimate interest”. By carrying out a legitimate interest assessment concerning our processing of your personal data, we have concluded that our legitimate interest for the processing outweighs your interests or rights which require the protection of your personal data.
If you want more information in relation to our balancing of interests assessments, please do not hesitate to contact us. Our contact information can be found at the beginning of this privacy notice.
You always have the right to lodge a complaint with our Data Protection Officer at email@example.com you feel that we have not complied with this policy or relevant rules and legislation.
In addition, you have the right to lodge a complaint with a supervisory authority. You may do this in the EU/EEA member state where you live, work or where an infringement of applicable data protection laws is alleged to have occurred. The supervisory authority in Sweden is the SwedishData Protection Authority (Integritetsskyddsmyndigheten).