Data privacy policy

The General Data Protection Regulation (GDPR) applies throughout the European Union and its purpose is to create a uniform and harmonized level for the protection of personal data. The GDPR exists to protect individuals’ fundamental rights and freedoms, in particular their right to protection of their personal data.

As part of the business of DigitalRoute, DigitalRoute will from time to time collect and process information, by which individuals can be identified (“Personal Data”). DigitalRoute will fully comply with GDPR and is committed to privacy and will only process information in accordance with this policy.

The purpose of this Privacy Policy is therefore to inform individuals how DigitalRoute uses, processes, collects and shares Personal Data within the company. This Privacy Policy sets out how DigitalRoute, including all its subsidiaries and branches, complies with the GDPR requirements. DigitalRoute and its subsidiaries and branches conduct business in different countries within and outside the EU/EEA. More information about DigitalRoute’s branches and subsidiaries, please read here.

This Privacy Policy applies to all of DigitalRoute’s websites and interactions.

Security

DigitalRoute is committed to ensure that Personal Data is secure. DigitalRoute has therefore implemented appropriate technical and organizational measures to be able to demonstrate that the processing is performed in accordance with the GDPR. To prevent unauthorized access or disclosure, DigitalRoute has put in place appropriate physical, electronic and managerial procedures to safeguard and secure the Personal Data that is processed.

What Personal Data DigitalRoute May Collect and Process

DigitalRoute may collect and process the following, including but not limited to, Personal Data of current and prospective customers and their representatives, employees and job candidates, partners, individuals who agree to participate in market research and website users (collectively referred to in this policy as “Individuals”):

• DigitalRoute collects information such as the name, company, title and email addresses of Individuals who request DigitalRoute’s information materials or reports, or engagement with DigitalRoute within EU/EEA, and individuals engaged in services offered by DigitalRoute. From individuals seeking employment with DigitalRoute within EU/EEA, DigitalRoute collects information such as name, telephone, email address and CV including employment history and information.

• In dealing with different Individuals for events, trainings and conferences etc., DigitalRoute also obtains information about the business contacts, including name, title, full address, telephone, fax number, date of arrival, food preferences and allergies, copy of passport and/or passport number, citizenship (when a welcome letter for the visa application is needed) clothing size (clothing size only very rarely when branded clothes are being handed out) and email address.

• In certain situation, e.g. to provide services to employees or business contacts , both in foreign and home offices, or to our recruiting candidates, DigitalRoute will collect other data, including birth date and birth place, gender, education, occupation, employment history and information, information about activities, citizenship, visa information, identification numbers, financial situation, account numbers, family information, banking details, compensation and payroll information, leave of absence information, dependents or beneficiaries (including name, address, email and phone), emergency contacts, background check information, food preferences and allergies and health information.

DigitalRoute will not sell or lease Individuals’ Personal Data to third parties

For the purposes listed above, DigitalRoute may share Personal Data with authorized vendors, agents and representatives, including direct marketing agents. Some of these data processors may be based outside of the EU/EEA.

The European Commission Standard Contractual Clauses (“Model Clauses”), governing the transfer of personal data to countries whose national laws do not provide an adequate level of data protection, have been ruled by the European Commission to offer sufficient safeguards for the protection of individuals’ privacy and fundamental rights and freedoms, including the ability to exercise those rights. Data processors who is contracted to process Data on behalf of DigitalRoute will be contractually committed to process such information in accordance with the provisions of the GDPR, and the transfer will be made in accordance with written agreements in the form of the Model Clauses.

Individuals’ Rights to Update, Correct or Erase Personal Data

In accordance with GDPR, and other applicable data protection laws, Individuals are entitled to exercise their privacy rights as an Individual. Individuals have, for instance, the right to request details regarding the Personal Data that DigitalRoute holds and/or processes about them as well as to request access to the Personal Data. Individuals also have the right to request that incorrect or incomplete information is rectified and/or completed and that information is erased (“the right to be forgotten”).

Should you have a request as described above, please inform DigitalRoute in writing to the Data Protection Officer by using the email below.

Changes to this Privacy Policy

From time to time, DigitalRoute may use Personal Data for new, unanticipated uses not previously disclosed in this policy. However, such new processing will always be compatible with the purpose for which the Personal Data was collected. If DigitalRoute’s practices regarding Personal Data change at some time in the future, DigitalRoute will post the policy changes at www.digitalroute.com/privacy-policy to notify Individuals of these changes and provide the ability to “opt out” or unsubscribe from these new uses. If Individuals are concerned about how Personal Data is used, please check the webpage regularly.

Stockholm 25-January-2022

Contact information:

dpo@digitalroute.com