Privacy policy

sepago respects your privacy and is committed to protecting your personal data. This Privacy Policy tells you how we treat your personal data, including when you visit our website (regardless of where you visit it from), and informs you about your privacy rights and the legal protection of your data. We will update this Privacy Policy from time to time as we implement new procedures to protect personal information or adopt new privacy policies.

Introduction

• This website is operated by sepago, a company of Proact IT Group AB, Reg. No. 556494-3446, a company incorporated under the laws of Sweden, with its principal place of business in Stockholm, Sweden.
• Through this website, you can learn about our products and services, register to attend events, access or subscribe to reference materials, or interact with tools or applications we provide.
• You can access most parts of the Website without providing your personal information to ahd. However, we use cookies and similar technologies that provide us with personal information about you. For more information about our cookies and your choices, please see our Cookie Policy.
• Certain sections of the website require you to provide us with additional information. In these sections, you may be asked to provide information such as your name, email address, and address, among other things.
• Specific terms and conditions and/or privacy policies apply to certain services, such as those managed by other group companies.
• We are part of an international group of companies and share administrative resources and systems. Therefore, we may share some or all of your personal information with affiliates for our administrative purposes or for our legitimate purposes described in this Privacy Policy.
• Proact has appointed a Privacy Officer who you can contact if you have any questions or concerns about our policies or practices regarding personal information: dpo@proact.eu
• By using this website, you agree to the terms contained in this Privacy Policy. If you do not agree to any of these terms, you should not use this website. You agree that any dispute over privacy or the terms contained in this Privacy Policy shall be governed by the laws of Sweden.

1. Important information and who we are

This privacy notice tells you how Proact collects and processes your personal data, including data you provide to us when you access or subscribe to informational materials or newsletters, purchase products or services, attend events, or interact with tools or applications we provide.Our website is not intended for children, and we do not knowingly collect data about children.It is important that you read this privacy notice along with any other notices we provide on specific occasions when we collect or process personal data about you so that you understand exactly how and why we use your data. This privacy notice supplements those other notices and is not intended to override them.

Contact information

If you have any questions about this Privacy Policy or wish to exercise your legal rights, please contact our Data Protection Officer (Rowena Finn) at dpo@proact.eu.

You have the right to file a complaint with the supervisory authority responsible for data protection issues for you at any time. We would be grateful if we could first deal with your concern before you contact the supervisory authority. Therefore, please feel free to contact us directly - if this is not possible, you can find details of the relevant supervisory authorities here.

Data controller

Proact is made up of different legal entities, details of which can be found here. So when we mention "Proact", "we", "us" or "our" in this Privacy Policy, we are referring to the relevant company within the Proact group that is responsible for processing your data. The relevant company is the company that provided you with the link to this Privacy Policy.

Name and address of the data protection officer

Rowena Finn
E-mail: dpo@proact.eu

Appointed representatives

Where a Proact entity based in the UK processes personal data of data subjects located in the EU or EEA in the UK, the appointed EU representative, where required by law, is Proact IT Group AB.

If a Proact entity located outside the United Kingdom processes personal data of data subjects located in the United Kingdom outside the United Kingdom, the designated United Kingdom representative, to the extent required by law, is Proact IT UK Limited.

You can contact one of our representatives at: dpo@proact.eu

Third party links

Our website may contain links to third-party websites, plug-ins, and applications. When you click on these links or enable these connections, third parties may collect or share information about you. We have no control over these third party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy statements of each website you visit.

2. The data we collect about you

Personal data or personal information is any information that relates to a person and from which that person can be identified. This does not include data where the identity has been removed (anonymous data). We may use any information you provide to us as set out in this privacy notice.

We may also collect personal information about you from third parties, including publicly available information sources (including social media and websites), third party marketing agencies, vendors, and our customers or suppliers, which may also be used by us as set forth in this Privacy Policy.

Personal Data may include identity data, contact information, images or videos, financial information, details of your transactions with Proact or related parties, technical data resulting from your use of our website or our products and services, profile and usage data of our services that you access, and marketing and communication interests and preferences.

We may also collect, use and share aggregated data such as statistical or demographic data for our internal purposes. Aggregate data may be derived from your personal data, but is not considered personal data under the law because such data does not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users who access a particular feature of the Site. However, if we combine or link aggregated data with your personal data so that it can directly or indirectly identify you, we will treat the combined data as personal data used in accordance with this Privacy Notice.

We do not collect special categories of personal data about you (this includes information about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political views, trade union membership, information about your health, and genetic and biometric data). We also do not collect information about criminal convictions and offenses.

It is important that the personal data we hold about you is accurate and up to date. Please inform us if your personal data changes during your connection/relationship with us.

If you do not provide personal data

If we are required by law or by a contract we have with you to collect personal data and you do not provide that data to us when requested, we may not be able to fulfill the contract we have entered into or are trying to enter into with you (for example, to provide you with goods/services or managed services). In this case, we may need to cancel a product or service or managed services that you or your organization (if it is our customer) has contracted with us to provide to you

3. How we collect your personal data

We use various methods to collect information from and about you, including through:

• Direct Interactions. You may provide us with your personal information by filling out forms or corresponding with us by mail, phone, email or other means. This includes personal information collected when you:
  • are interested in our products or services
  • have conversations with us to offer us your products or services
  • use the services on our website or interact with services
  • Subscribe to our service or publications
  • request the sending of marketing material to you
  • Participate in our events or would like to visit or attend them
  • respond to job advertisements
  • participate or wish to participate in a contest, promotion or survey
  • give us feedback or get in touch with us.

  Automated technologies or interactions.When you interact with our website, we may automatically collect Technical Data about your device, browsing actions and behavioral patterns. We collect this personal data using cookies, server logs and other similar technologies. For further details, please see "Web tracking technologies - managed with Usercentrics".

• Third Parties or Public Sources. We may obtain personal information about you from various third parties and public sources located within or outside the EU and the UK, as described below:
  • technical data, including standard Internet log data and details of visitor behavior, from the following parties:
    • Analytics providers like Google
    • Advertising and marketing networks
    • Search engine providers.
  • Contact, financial, and transactional data from providers of technical, payment, credit reporting, and delivery services.
  • Identity and contact information of data brokers or aggregators.
  • Identity and contact information from publicly available sources.

4. How we use your personal data

Processing purposes

Below you will find a description of all the ways in which we may use your personal data and the legal bases on which we rely. Where necessary, we have additionally set out our legitimate interests.

Note that we may process your personal data for more than one legal ground, depending on the specific purpose for which we use your data.

• To register you or your organization as a new customer or supplier
• When the processing enables us to improve, modify, personalize or otherwise optimize our services/communications for the benefit of our customers or suppliers
• To use data analytics to improve our website, products/services, marketing, customer and supplier relationships, and experiences
• To detect and prevent fraud
• To optimize customer service
• To deliver goods, products, services or managed services to you or your organization
• To process invoices for goods, products, services or managed services that you or your organization have provided to us or our customers
• To personalize the user experience
• To continuously optimize the security of our network and information systems
• To better understand the user behavior of our website visitors,
• To communicate with you,
  • via telephone by means of information that may be of interest to you
  • via postal communications that we believe may be of interest to you
  • via regular e-mails with information that may be of interest to you
  • To respond to a request or provide you with assistance
  • To respond to you when you apply for a job with us
• To determine the effectiveness of advertising campaigns and advertising
• To share with our suppliers, vendors and/or subcontractors to deliver our products and services or to invite you to events that we believe will be of interest to you
• To maintain our business relationship with you or, for example, to ask you to provide a review or participate in a survey.

Legal basis

We will only use your personal information when the law allows us to do so. In most cases, we will use your personal data in the following cases:

• If we need to fulfill the contract that we want to conclude or have concluded with you.
• If it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
• If we have to comply with a legal or regulatory obligation.

We may also rely on your explicit consent as the legal basis for processing your personal data, for example, in relation to sending you third-party direct marketing communications by email or text message.

Our legitimate interests

• to collect the amounts owed to us
• to keep our records up to date
• Manage supplier relationships
• to investigate how customers use our products/services
• to develop our products/services
• to expand our business, including through direct marketing
• for the management of our business, the provision of administrative and IT services
• for network security
• to prevent fraud
• in the context of a corporate reorganization or group restructuring
• to inform our marketing strategy
• to define the target groups for our products and services
• to keep track of the number of users on the various parts of our websites to keep them interesting, relevant and up to date.

Most of the personal information we use for our legitimate interests described above is not sensitive. The use of your information as set forth in this Privacy Policy is important for Proact to function as an efficient organization.

It is necessary for Proact to collect and process certain information, which is kept to a minimum and subject to additional safeguards, in order to, for example, conduct transactions requested by our customers, manage our shared systems across the Proact group of companies, understand our customers and website visitors, and fulfill our obligations to our customers and other third parties.

Marketing / Opt-Out

If you no longer wish to receive marketing communications from us, you may let us know by following the unsubscribe links in any marketing communication sent to you or by contacting us at any time.

If you choose not to receive these marketing messages, please note that if you ask us not to contact you by email at a particular email address, we will retain a copy of that email address in order to honor your request.

Cookies

You can set your browser to reject all or some browser cookies or to warn you when websites set or use cookies. If you disable or refuse cookies, please note that some parts of our website may no longer be accessible or may not function properly. For more information about the cookies we use, see "Web Tracking Technologies - Managed with Usercentrics".

Change of purpose

We will only use your personal information for the purposes for which we collected it, unless we believe we need to use it for an additional purpose that is compatible with the original purpose.

If we consider using your personal information for a new purpose, we will notify you or, if necessary, ask for your permission or obtain your consent.

5. Disclosure and transfer to third parties

We share your personal data within the Proact group of companies and with our sub-processors and service providers who facilitate the provision of our services to our customers (e.g. hosting partners, service desk, etc.). This may include processing your data outside of the European Union, European Economic Area and the United Kingdom. A list of our current subcontractors can be found below:

Learn more about our subcontractors

Some of our third party processors are located outside the EU, the EEA and the UK, so their processing of your personal data involves a transfer of data outside these territories. Whenever we transfer your personal data from the EEA to a jurisdiction or territory outside the EEA or from the UK to a jurisdiction or territory outside the UK, we will ensure that a similar level of protection is provided by implementing at least one of the following safeguards:

• If such transfer is due to Proact employees needing access to your personal information, it will be for the same legitimate business purposes set forth in this statement, and we will ensure that appropriate technical measures are taken to protect such access.
• If such a transfer is made to a third party processor, we will comply with applicable data protection laws, in particular, but not limited to, ensuring that such transfer is made either on the basis of an EU and/or UK adequacy decision or (in the absence of an adequacy decision) on the basis of standard data protection clauses (e.g. e.g., the EU standard contractual clauses approved by the European Commission) that contain requirements for the implementation of controls that provide the same level of protection for personal data as exists in the EU/EEA, together with any additional measures that may be necessary.

We require all third parties to respect the security of your personal information, to treat it in accordance with the law, and to only allow them to process your personal information for specific purposes in accordance with our instructions.

Forced disclosure

We may also disclose your personal information if we are required to do so by law, a competent law enforcement agency, a regulatory authority, a government agency, a court or a third party: (i) to the extent permitted or required by applicable law or regulation.

We may disclose personal information to a prospective buyer (and its agents and advisors) in connection with a proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer that it may use your personal information only for the purposes set forth in this Privacy Policy.

6. Data security

Personal data managed by Proact is stored and processed in accordance with applicable data protection laws. We take measures to ensure that the information we process is treated in accordance with this Privacy Policy and applicable laws.

When necessary or appropriate and feasible, we obtain written assurances from third parties who have access to your information that they will protect the information with equivalent safeguards as Proact.

To protect your data, we take technical and organizational security precautions and regularly update and test our security measures. However, please note that no information system is completely secure and we cannot guarantee the absolute security of your information. We are not responsible for the security of any information you transmit to us over networks that we do not control, including the Internet.

In addition, we restrict access to your personal data to those employees, agents, contractors and other third parties who need such access to fulfill any of the purposes described in this Privacy Policy. They will only process your personal data on our instructions and are bound to confidentiality.

We have established procedures in the event of a suspected personal data breach and will notify you and the appropriate supervisory authorities of a breach if we are required to do so by law.

7. Data retention

How long we will use personal data

We will retain your personal information only as long as necessary to fulfill the purposes for which we collected it, including to comply with legal, accounting, or reporting/reporting requirements.

In determining the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes by other means, and applicable legal requirements.

Details of the retention periods for the various aspects of your personal data can be found in our internal retention and deletion policy, which you can request from us by contacting us at dpo@proact.eu.

8. Your legal rights

With regard to the personal data concerning you, you have the right to

• to information about your personal data
• and/or to demand their correction or deletion,
• restrict the processing of your personal data by us,
• object to the processing of your personal data, as well as
• make use of the right to data portability as well as
• revoke any consent you have given.

You may contact our Privacy Officer with inquiries about your personal information at dpo@proact.eu.

Usually no fee required

You do not have to pay a fee for concerns about your personal data (or the exercise of other data subject rights). However, we may charge a reasonable fee if your request is clearly unfounded or disproportionate. Alternatively, we may refuse to respond to your request in these circumstances.

What we may need from you

We may need to request certain information from you to confirm your identity and ensure your right to access your personal data (or exercise your other rights). This is a security measure to ensure that personal information is not disclosed to anyone who does not have a right to receive it. We may also contact you to ask for more information about your request in order to expedite our response.

Deadline for response

We aim to respond to all legitimate requests within one month. Occasionally, it may take longer than one month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you informed.

9. Changes and updates of this data protection declaration

As our processes and policies change, so does this Privacy Policy. We reserve the right to change and update this privacy statement at any time, for any reason, without notice to you. We encourage you to periodically visit this page to stay informed about our privacy practices. For earlier versions, please feel free to contact us.

Web tracking technologies - managed with Usercentrics

To manage all cookies, website and tracking technologies that require consent or opt-out in a privacy-compliant manner, we use the Consent Management Platform of Usercentrics GmbH, Rosental 4, 80331 Munich, Germany, with which we have integrated the following services: