Privacy Policy

Version 1.3, February 2022

PSA Consulting are committed to protecting and respecting your privacy. We want you to feel safe when we process your personal data. Our Privacy Policy explains how we process your personal data, how we comply with applicable legislation, and applies to all of our processing of personal data relating to our clients and clients’ representatives and to other contacts, such as representatives of potential clients, suppliers, and partners, event attendees; website visitors; newsletter subscribers, and other business contacts.

We only use your personal data for the purposes specified in the Privacy Policy. Kindly see our Privacy Policy for further information about our use of personal data and your rights related thereto.

Do not hesitate to contact us at contact-se@psaconsulting.com if you have any questions about this Privacy Policy, our processing of your personal data or if you wish to exercise your rights.

  1. GENERAL

1.1 PSA Consulting, (“PSA”) is committed to protecting and respecting your privacy. We want you to feel safe when we process your personal data. Our Privacy Policy explains how we process your personal data, how we comply with applicable legislation, and applies to all of our processing of personal data relating to our clients and clients’ representatives and to other contacts, such as representatives of potential clients, suppliers, and partners, event attendees; website visitors; newsletter subscribers, and other business contacts.

1.2 We need to use your personal data to be able to operate our business and meet our obligations and responsibilities in relation to our client, applicable legislation and good industry practice.

  1. DATA CONTROLLER

2.1 PSA is the Data Controller for the processing of your personal data, except as set out below, and is responsible for ensuring that the processing is carried out in accordance with applicable legislation. If you have any questions regarding the processing of your personal data you will find our contact details at the end of this Privacy Policy.

  1. OUR USE OF YOUR PERSONAL DATA

We use your personal data for the following purposes:

  • To analyse the use of our web page.
  • To ensure our clients’ and partners’ interests and otherwise prepare, deliver and evaluate our service.
  • To market our services e.g. through newsletters, social media, publications and events.
  • To manage our relationship with you and our clients, partners and vendors, and maintaining our contact lists.
  • To comply with legal obligations.

Below you can find more information about our processing of your personal data.

PURPOSES

To analyse the use of our web page

Why we process your data: We analyse and process your personal data to improve, develop, maintain and manage our website and services. For this purpose, we may use third party tracking services that employ to collect aggregated data about visitors to our websites.

Categories of personal data:

  • Usage data such as cookie information and behaviour on web site.
  • Device data such as IP-number.

Legal basis:

When processing personal data in the form of cookies which is necessary for the functioning of the website, we base such processing on our legitimate interest. However, when processing personal data in the form of non-necessary cookies in order to analyse the use of our website we base the processing on your consent.

To ensure our clients’ and partners’ interests and otherwise prepare, deliver and evaluate our service

Categories of personal data:

  • Contact information such as name, address, email address, phone number.
  • Payment information.
  • Work related data such as employer and title.
  • Information that you share relating to meetings or event
  • Project related data, such as data provided to us to manage client projects.

Legal basis:

Processing is necessary for the purposes of our legitimate interests to engage in projects relating to the services that we provide, and your, or the client’s, legitimate interests in the project in which PSA is engaged. 

To market our services e.g. through newsletters, social media, publications and events

Why we process your data: We process your personal data to market PSA and our services. We may use your data to, for example, send you our newsletters and invites to events. You can easily opt out from such communication. Information about how to opt-out will be given in each communication to you. Further, we conduct marketing activities on social media platforms, such as Facebook, Twitter, Linkedin and Instagram.

Categories of personal data:

  • Contact information such as name, address, email address, phone number.
  • Work related data such as employer and title.
  • Information that you share relating to meetings or events.

Legal basis:

Processing is necessary for the purposes of our legitimate interests to be able to market our services.

Retention time: Data processed as part of our marketing is stored to contact you for marketing purposes during one year from the date we collected your data or the date when we last used your data to contact you. You may at any time unsubscribe from our mailings. If you unsubscribe, you will no longer receive mailings.

To manage our relationship with you and our clients, and maintaining our contact lists

Why we process your data: We process your personal data to provide you with our services, and to maintain our contact list.

Categories of personal data:

  • Contact information such as name, address, email address, phone number.
  • Work related data such as employer and title.
  • Project related data, such as data provided to us to handle client projects.

Legal basis:

If we have a contract with you, the processing is necessary for the performance of that contract.

If we have a contract with a legal person that you represent, the processing is necessary for the purposes of our legitimate interests of managing the relationship with you or the legal person that you represent.

Retention time: We retain your personal data only for as long as is necessary for the purposes for which we originally collected the data in accordance with this Privacy Policy.

To comply with legal obligations

Why we process your data: PSA may process your personal data to comply with our legal obligations under applicable law, e.g., legislation regarding accounting, audit and tax.

Categories of personal data:

  • Contact information such as name, address, email address, phone number.
  • Payment information.
  • Work related data such as employer and title.
  • collected as a part of our client intake process.
  • Project related data, such as data provided to us to handle client projects.

Legal basis:

We need to process personal data to comply with our legal obligations under applicable legislation.

Retention time: Your personal data is kept for as long as necessary to comply with applicable legal obligation, for example seven years with regards to our obligations in the Accounting Act in the countries where we operate.

  1. COLLECTION OF PERSONAL DATA

4.1 The personal data that we process about you are data that you have provided us with or that we have otherwise acquired during our business relationship. We collect data e.g;

  • When we initiate a business relationship or throughout the course of handling a project on behalf of our client
  • Through our web site
  • Through email sent to and from PSA; and
  • When you share information with us through other means, such as meetings, conversations, social media, events or online forms.

4.2 We may also collect or receive information about you from other sources, such as:

  • Public registers
  • Bisnode/Dun & Bradstreet
  • Bolagsverket (Swedish Companies Registration Office); and
  • Other third-party service providers.
  1. RETENTION OF PERSONAL DATA

5.1 We only keep your personal data for as long as it is necessary to achieve the purposes for which they were collected in accordance with this Privacy Policy. When we no longer need your personal data, we remove the data from our systems, databases and backups.

  1. WITH WHOM DO WE SHARE YOUR PERSONAL DATA?

6.1 We may share personal data with third parties that are trusted recipients and with whom we have an agreement ensuring that your personal data is processed in accordance with this Privacy Policy. We may therefore share data with:

  • Business Partners,
  • Accountants, Contractors and Subcontractors,
  • Third party service providers, such as translation, document review and other support functions,
  • Third parties as necessary to handle our client projects,
  • Third parties involved in organising events, such as hotels, restaurants, lecturers and other organisers, and
  • Social media providers, such as Instagram, Facebook, LinkedIn and YouTube. We kindly refer to the policy of each service provider for information on their processing of personal data.

6.2 In certain circumstances, we may also need to disclose data upon the request from authorities or to third parties in connection with court proceedings or business acquisition or combination processes or other similar processes.

6.3 We will not sell your personal data.

  1. WHERE DO WE USE YOUR PERSONAL DATA?

7.1 PSA processes your personal data primarily within the EU/EEA. In some cases, we may transfer your personal data to a country outside of the EU/EEA. If personal data is transferred to any such country, we will ensure that your personal data is protected and that the transfer is carried out in accordance with applicable law.

7.2 When carrying out any transfer which is not subject to an applicable adequacy decision by the European Commission, we will use the standard contractual clauses for transfers to third countries (SCC) issued by the European Commission as legal basis for the transfer.

  1. YOUR RIGHTS IF STANDARD CONTRACTUAL CLAUSES ARE APPLIED

8.1 To ensure transparency of the processing of personal data, data subjects should be provided with a copy of the standard contractual clauses and be informed, in particular, of the categories of personal data processed, the right to obtain a copy of the standard contractual clauses, and any onward transfer.

8.2 Further, as a data subject you have the right to invoke, and where necessary enforce, the SCCs as a third-party beneficiary.

8.3 According to the SCCs, the data importer shall further notify the data subject if it receives a legally binding request from a public (including judicial) authority under the law of the country of destination for disclosure of personal data transferred pursuant to the SCCs. Similarly, it should notify the data subject if it becomes aware of any direct access by public authorities to such personal data, in accordance with the law of the third country destination.

  1. YOUR RIGHTS

9.1 Our responsibility for your rights

9.1.1 In our capacity of a data controller, we are responsible for ensuring that your personal data is processed in compliance with the law and that you can exercise your rights. You may contact us at any time if you wish to exercise your rights. You will find the contact details at the end of this Privacy Policy.

9.1.2 We have an obligation to respond to your requests to exercise your rights within one month from receiving your request. If your request is complex or if we have received many requests, we have the right to extend this deadline by two more months. If we are unable to take the action you request within one month, we will inform you of the reason for the delay and of your right to lodge a complaint with a supervisory authority and to seek a judicial remedy.

9.1.3 You will not be charged for any information, communication or measures that we implement. However, if your request is manifestly unfounded or excessive, we may charge an administrative fee for providing the information or taking the action requested or refuse to act on your request altogether.

9.2 Your rights to access, rectification, erasure and restriction

9.2.1 You have the right to request

a) Access to your personal data. This means that you have the right to request access to personal data that we hold about you. You also have the right to be provided, at no cost, with information about which personal data we are processing about you. We have the right to charge a reasonable administration fee if you request further copies. If you make a request by electronic means, e.g. via email, we will provide you with the information in commonly used electronic format.

b) Rectification of your personal data. At your request or on our own initiative, we will correct, anonymise, delete or complete data that we know to be inaccurate, incomplete or misleading. Also, you have the right to complete any incomplete personal data if something relevant is missing.

c) Erasure of your personal data. You have the right to request that we delete your personal data if there is no compelling reason for us to continue processing the data. Personal data should therefore be erased if:

(i) they are no longer needed for the purpose for which we collected them, 

(ii) we process your data based on consent provided by you and you withdraw your consent,

(iii) you object to us processing your data after a legitimate interest assessment and we have no compelling interest that overrides your interests and rights,

(iv) we have processed the personal data unlawfully, or

(v) we have a legal obligation to erase the personal data.

However, there may be legal requirements or other compelling reasons that prevent us from immediately erasing your personal data. We will then stop processing your personal data for purposes other than compliance with the law or where there are no compelling legitimate grounds for doing so.

d) Right to restrict processing. This means that we temporarily restrict the processing of your data. You have the right to request restriction when: 

(i) you consider your data to be inaccurate and you have requested rectification as defined in paragraph 9.2.1 b), while we establish the accuracy of the data,

(ii) the processing is unlawful and you do not want the data to be erased,

(iii) as the personal data controller, we no longer need the personal data for our processing purposes, but you need them to be able to establish, exercise or defend a legal claim, or

(iv) you have objected to processing as defined in paragraph 9.3.1, while waiting for us to consider whether our legitimate interests override yours.

9.2.2 We will take all reasonable measures possible to notify everyone who has received personal data as stated in Section 6 above if we have rectified, erased or restricted access to your personal data after you have requested us to do so. If you request information on recipients of your personal data, we will inform you about the recipients.

9.3 Your right to object to processing

9.3.1 You have the right to object to the processing of your personal data if our processing is based upon legitimate interests or public task (see Section 3 above). If you object to such processing, we will only continue to process your data if we have compelling reasons for doing so that override your interests.

9.3.2 If you do not wish that we use your personal data for direct marketing you have the right to object to such processing by contacting us. We will cease to use your data for that purpose when we have received your objection.

9.4 Your right to data portability

You have the right to data portability. This means the right to receive your personal data in a structured, commonly used and machine-readable format, and to request that these data are transferred to another personal data controller. The right to data portability only applies when the processing is being carried out by automated means and our lawful basis for processing your data is your consent or for the performance of a contract between you and us.

9.5 Your right to complain to a supervisory authority

You have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetskyddsmyndigheten) if you are not satisfied with our processing of your personal data.

  1. PROTECTION OF YOUR PERSONAL DATA

We want you to feel confident about providing us with your personal data at all times. We have therefore taken appropriate security measures to protect your personal data against unauthorised access, alteration and erasure. Should a security breach occur that may materially impact you or your personal data, e.g. risk of fraud or identity theft, we will contact you to explain what action you can take to mitigate potential adverse effects of the breach.

  1. COOKIES

We use cookies that may include personal data to improve our website and your experience of our website.

  1. CHANGES TO THE PRIVACY POLICY

We have the right to make changes to this Privacy Policy at any time. When we make changes that are not purely editorial, such as formatting, typographical error corrections or other changes that do not materially affect you, we will inform you of these changes and what they mean for you before they become effective.