What is GDPR?

GDPR - or the General Data Protection Regulation - imposes more stringent requirements on how we as a company process your personal data and provides you with more opportunities to have a say in the processing.

What does it mean for me?

In brief, GDPR means that you:

  • Have a right to receive more detailed information on how we process your personal data. We provide you with that information in the Privacy Policy below.
  • You have the opportunity, subject to certain conditions, to ask for your personal data be moved or to ask us to restrict the processing.
  • You have greater ability to access your personal data and, under certain conditions, have it corrected or erased.

Privacy Policy

It is extremely important to Adrecord that you should always feel secure with how we process your personal data. You must be able to feel secure that we process your data correctly and securely and that we never process your personal data in an unlawful manner.

According to applicable rules on privacy, personal data may only be processed for specified purposes and if a legal basis for the processing exists.

This Privacy Policy therefore explains why we process your personal data, what personal data we process, what legal basis we use for the processing and for how long the data is saved. We also describe how you can influence the processing by exercising your rights. We also provide you with information on who to talk to at our company if you have any questions about processing of personal data and what options you have if you are not satisfied with our processing.

Adrecord is the personal data controller for the processing determined by us.

It is important that you should read and understand the Privacy Policy. Using the table of contents above, you can easily navigate to the section that is of particular interest to you. You are always welcome to contact us with any questions.

Is Adrecord a personal data processor or a personal data controller?

We are the personal data controller for the personal data we collect about you as a user. For the personal data you yourself store in our control panel or system in one way or another, you are the personal data controller and there you need to ensure that you comply with the legal requirements for processing the personal data. In these cases it is necessary (e.g. if you are an advertiser/e-trader) to draw up a personal data processing agreement contact us for more information.

What do I need to consider as an affiliate?

Legal basis to process personal data if you are an affiliate

In accordance with the GDPR, you need a legal basis in order to process personal data. There are different types of legal bases, e.g. consent, an agreement, exercise of public authority and balancing of interests.

At Adrecord, if you are an affiliate we cannot give you any kind of legal advice on exactly how you must process and manage personal data correctly in accordance with the GDPR. Nevertheless, our view is that the most common bases for processing are either consent and/or balancing of interests.

We recommend that you read more about the legal bases that can be accepted in accordance with the GDPR in this regard. It may also be wise to engage an expert who can take your circumstances into consideration and provide you with further assistance in your work. We recommend that you read more at https://ec.europa.eu/info/law/law-topic/data-protection_en

What is personal data?

Personal data is data that enables us to identify you, directly or indirectly, e.g. your name, e-mail address or telephone number.

What is processing of personal data?

Everything we do with your personal data is considered as processing in accordance with applicable laws. That applies regardless of whether or not we use automated systems. Examples of common forms of processing are collection, recording, organisation, structuring, storage, adaptation, transfer and erasure. Merely reading personal data is also processing. We do it, for example, if you call in and ask for help.

What personal data do we process?

Website visits

For temporary visitors on our website, we do not process personal data. Not even your IP address is stored anywhere in our systems.

Affiliates

For affiliates, we collect your name, your contact information, bank account information and information about your activities in our IT systems.

Contact details consist of data such as your name, address, e-mail address, telephone number and personal identity number. User data is other information such as your URLs and logging of log-in to the control panel and IP addresses. Bank details are the details (e.g. a bank account number) we need to enable us to pay out commission, bookkeeping and taxation.

What is the data used for?

In order to be able to process your personal data, we are required to have specified an express, legitimate purpose for the processing. The personal data may not subsequently be processed in a way that is incompatible with the original purpose. In addition to this, we must have support in law, referred to as a legal basis, to be allowed to process personal data.

Our processing of personal data is founded on the following legal bases:

To provide our services

We process your personal data to the extent required to enable us to identify you as our customer or user, and to invoice/self-invoice, and to send payment under the agreement.

Personal data: name, address, e-mail address, phone number, social security number, (if applicable) bank account/clearing, (if applicable) company-tax information, (if applicable) relationship with Cool Company, logging your use of Adrecord IT System, advertisements and remuneration.

Data controller: Adrecord.
Legal basis: Performance of an agreement.

Other communication on services

We process personal data in conjunction with other communication with you, e.g. to provide you with information on maintenance, service and updates of our service. When you contact our support, we process personal data on you to enable us to help you use the service and to manage your comments.

Personal data: name, e-mail address, phone number, as well as the information you provide for support cases or other matters.

Data controller: Adrecord.
Legal basis: Performance of an agreement.

Development of service

We process personal data to improve and develop our offer to you and other users and to develop our internal processes and systems. For this purpose, we may also compile statistics to meet a need for analysis.

Personal data: name, user-ID, IP address, information about your use of Adrecords IT system, information about your channels, and advertisements.

Data controller: Adrecord.
Legal basis: Legitimate interest.
The processing is necessary to satisfy our and our customers' legitimate interest in evaluating, developing and improving our services and systems.

Compliance with laws

Adrecord process your personal data to enable us to fulfil statutory obligations incumbent on us, e.g. the requirements of the Bookkeeping Act relating to storage of accounting material. We also process personal data to enable us to fulfil requirements relating to storage of data contained in rules on measures to combat money laundering and terrorist financing and to enable us to provide information to law enforcement authorities.

Legal basis: Legal obligation.

How do we collect the data?

  • We collect personal data at the moment when you become one of our users due to the fact that you yourself provide us with the data through one of our digital interfaces, our control panel.
  • We collect personal data on you when you contact us through our support with regard to various matters relating to our service. The data is collected either when you yourself write an e-mail or when our employees note information you supply us with verbally.
  • We collect personal information by logging on how and when you use our IT systems.
  • We collect data through the fact that our websites use cookies that collect data on and from your browser.

For how long is the data saved?

In accordance with privacy legislation, we may not save personal data on you for longer than we need to according to the objective for which we process it. We therefore never save personal data just because it is "useful to have it".

Because the data we collect and that is created when you use our service is processed for different purposes, it is also saved for different periods of time. It may therefore be the case that personal data on you is saved in one system but erased in another. Below we describe some of the main rules for how long we save personal data.

  • We save contact details, unless we specify otherwise, for as long as you are one of our users and for 6 months after the agreement has ceased. When the agreement ceases, we erase or anonymise the personal data in the systems used to support the contractual relationship. Nevertheless, personal data may remain in other systems, such as the accounting system, because we need to save it for longer to be able to comply with the requirements of the Bookkeeping Act.
  • Case histories from your contacts with our support are erased a maximum of 12 months after we have closed the case or for as long as you are one of our users.

To whom is the data disclosed?

In certain situations, we share your personal data with others. Below we describe when and why we do it. We wish to emphasise that we never disclose your personal data unless it is required to enable us to carry out one of the types of processing specified above, for which we have a purpose and for which a legal basis exists. Nor do we sell your personal data to others.

Suppliers and other personal data processors that process personal data on our behalf

We employ different suppliers whenever necessary to enable us to provide and develop our services and provide you with customised and relevant information.

A personal data processor is a company that processes the information on our behalf and according to our instructions. When your personal data is shared with the personal data processor, this takes place solely for purposes consistent with the purposes for which we have collected the information (for example in order to be able to fulfil our commitments under the agreement or user conditions). We check all personal data processors to ensure that they can provide sufficient guarantees regarding the security and secrecy of personal data. We have written agreements with all the processors under which they guarantee the security of the personal data processed and undertake to comply with our security requirements and restrictions and requirements regarding international transfer of personal data.

Authorities

We disclose your personal data to law enforcement authorities in accordance with law and decisions by authorities and to the police.

Service providers/third party

If you do not have your own registered company, we disclose your e-mail address to our partner Cool Company to enable them to provide you with the service. In such cases, Cool Company is the personal data controller for the disclosure and for the personal data processing that the services require.

How is the data protected?

We use IT systems to protect secrecy, privacy and access to personal data. We have taken special security measures to protect your personal data against unlawful or unauthorised processing (such as unlawful access, loss, destruction or damage). Only the persons who actually need to process your personal data to be able to satisfy our stated purposes have access to it.

Your rights

You have a right to obtain information on how we process your personal data. Such information is available in this Privacy Policy. If you have any further questions about our processing of personal data, you are welcome to contact our support or our Data Protection Officer. You will find the contact details at the bottom of the policy.

In addition to a right to information, you also have other rights in relation to your personal data. You, can, for example, influence our processing by requesting extracts, correction, erasure and restriction. You also have a right to object to certain processing that we carry out and ask for the personal data we hold on you or ask for it to be moved. Adrecord meets all of the requirements in accordance with the General Data Protection Regulation.

Remember that, as a user at Adrecord, you can change your data directly when you are logged in to your account.

Cookies

Cookies are small text files consisting of alphanumeric characters sent from our web server and saved on your web browser or device. At Adrecord, we use the following cookies:

  1. Session cookies (a temporary cookie that stops when you close your web browser or device).
  2. Persistent cookies (cookies that stay on your computer until you erase them or they expire).
  3. First-party cookies (cookies set by the website you visit).
  4. Third-party cookies (cookies set by a third-party website). These are primarily used by us for analyses, e.g. Google Analytics.).
  5. Similar technologies (technologies that store information in your web browser or on your device in a way that resembles cookies).

The cookies we use normally improve the services we offer. Some of our services need cookies to work correctly, whereas others improve the services for you. We use cookies for overall analytical information concerning your use of our services and to save functional settings such as language and other details. We also use cookies to enable us to target relevant marketing at you. You can read more about cookies specifically for Adrecord here.

Can you control the use of cookies yourself?

Yes! Your browser or device allows you to change the settings for the use and scope of cookies. Go to the settings for your browser or device to read more about how to adjust the settings for cookies. Example of settings you can adjust include blocking all cookies, only accepting first-party cookies or deleting cookies when you close your browser. Bear in mind that some of our services may perhaps not work if you block or delete cookies.

Personal Data Controller

Adrecord AB is the personal data controller and is responsible for the personal data processed under the trademarks Adrecord and Invoicer. We determine the purposes for which the data is processed and how it is done. We also determine how personal data is processed when we use subcontractors.

Contact details and Data Protection Officer

We may make changes to our Privacy Policy. The latest version of the Privacy Policy is always available here on the website. In the case of updates of substantial importance for our processing of personal data (for example changes of specified purpose or categories of personal data) or updates that are not of substantial importance for the processing but which may be of decisive importance to you, you will receive information at Adrecord.com and by e-mail in good time before the updates begin to apply. When we make information on updates available, we will also explain the contents of the updates and how they may affect you.

Contact Adrecord

You will find suitable channels for contact on our contact page.

Supervisory authority

The Data Protection Authority
You will find current contact details on the Data Protection Authority's website.

You also have a right at all times to submit questions and complaints to the supervisory authority.