- Is Adrecord a personal data processor or a personal data controller?
- What do I need to consider as an affiliate?
- What is personal data?
- What is processing of personal data?
- What personal data do we process?
- What is the data used for?
- How do we collect the data?
- For how long is the data saved?
- To whom is the data disclosed?
- How is the data protected?
- Your rights
- Personal Data Controller
What is GDPR?
GDPR - or the General Data Protection Regulation - imposes more stringent requirements on how we as a company process your personal data and provides you with more opportunities to have a say in the processing.
What does it mean for me?
In brief, GDPR means that you:
- You have the opportunity, subject to certain conditions, to ask for your personal data be moved or to ask us to restrict the processing.
- You have greater ability to access your personal data and, under certain conditions, have it corrected or erased.
It is extremely important to Adrecord that you should always feel secure with how we process your personal data. You must be able to feel secure that we process your data correctly and securely and that we never process your personal data in an unlawful manner.
According to applicable rules on privacy, personal data may only be processed for specified purposes and if a legal basis for the processing exists.
Adrecord is the personal data controller for the processing determined by us.
Is Adrecord a personal data processor or a personal data controller?
We are the personal data controller for the personal data we collect about you as a user. For the personal data you yourself store in our control panel or system in one way or another, you are the personal data controller and there you need to ensure that you comply with the legal requirements for processing the personal data. In these cases it is necessary (e.g. if you are an advertiser/e-trader) to draw up a personal data processing agreement contact us for more information.
What do I need to consider as an affiliate?
Legal basis to process personal data if you are an affiliate
In accordance with the GDPR, you need a legal basis in order to process personal data. There are different types of legal bases, e.g. consent, an agreement, exercise of public authority and balancing of interests.
At Adrecord, if you are an affiliate we cannot give you any kind of legal advice on exactly how you must process and manage personal data correctly in accordance with the GDPR. Nevertheless, our view is that the most common bases for processing are either consent and/or balancing of interests.
We recommend that you read more about the legal bases that can be accepted in accordance with the GDPR in this regard. It may also be wise to engage an expert who can take your circumstances into consideration and provide you with further assistance in your work. We recommend that you read more at https://ec.europa.eu/info/law/law-topic/data-protection_en
What is personal data?
Personal data is data that enables us to identify you, directly or indirectly, e.g. your name, e-mail address or telephone number.
What is processing of personal data?
Everything we do with your personal data is considered as processing in accordance with applicable laws. That applies regardless of whether or not we use automated systems. Examples of common forms of processing are collection, recording, organisation, structuring, storage, adaptation, transfer and erasure. Merely reading personal data is also processing. We do it, for example, if you call in and ask for help.
What personal data do we process?
For temporary visitors on our website, we do not process personal data. Not even your IP address is stored anywhere in our systems.
For affiliates, we collect your name, your contact information, bank account information and information about your activities in our IT systems.
Contact details consist of data such as your name, address, e-mail address, telephone number and personal identity number. User data is other information such as your URLs and logging of log-in to the control panel and IP addresses. Bank details are the details (e.g. a bank account number) we need to enable us to pay out commission, bookkeeping and taxation.
What is the data used for?
In order to be able to process your personal data, we are required to have specified an express, legitimate purpose for the processing. The personal data may not subsequently be processed in a way that is incompatible with the original purpose. In addition to this, we must have support in law, referred to as a legal basis, to be allowed to process personal data.
Our processing of personal data is founded on the following legal bases:
To provide our services
We process your personal data to the extent required to enable us to identify you as our customer or user, and to invoice/self-invoice, and to send payment under the agreement.
Personal data: name, address, e-mail address, phone number, social security number, (if applicable) bank account/clearing, (if applicable) company-tax information, (if applicable) relationship with Cool Company, logging your use of Adrecord IT System, advertisements and remuneration.
Data controller: Adrecord.
Legal basis: Performance of an agreement.
Other communication on services
We process personal data in conjunction with other communication with you, e.g. to provide you with information on maintenance, service and updates of our service. When you contact our support, we process personal data on you to enable us to help you use the service and to manage your comments.
Personal data: name, e-mail address, phone number, as well as the information you provide for support cases or other matters.
Data controller: Adrecord.
Legal basis: Performance of an agreement.
Development of service
We process personal data to improve and develop our offer to you and other users and to develop our internal processes and systems. For this purpose, we may also compile statistics to meet a need for analysis.
Personal data: name, user-ID, IP address, information about your use of Adrecords IT system, information about your channels, and advertisements.
Data controller: Adrecord.
Legal basis: Legitimate interest. The processing is necessary to satisfy our and our customers' legitimate interest in evaluating, developing and improving our services and systems.
Compliance with laws
Adrecord process your personal data to enable us to fulfil statutory obligations incumbent on us, e.g. the requirements of the Bookkeeping Act relating to storage of accounting material. We also process personal data to enable us to fulfil requirements relating to storage of data contained in rules on measures to combat money laundering and terrorist financing and to enable us to provide information to law enforcement authorities.
Legal basis: Legal obligation.
How do we collect the data?
- We collect personal data at the moment when you become one of our users due to the fact that you yourself provide us with the data through one of our digital interfaces, our control panel.
- We collect personal data on you when you contact us through our support with regard to various matters relating to our service. The data is collected either when you yourself write an e-mail or when our employees note information you supply us with verbally.
- We collect personal information by logging on how and when you use our IT systems.
For how long is the data saved?
In accordance with privacy legislation, we may not save personal data on you for longer than we need to according to the objective for which we process it. We therefore never save personal data just because it is "useful to have it".
Because the data we collect and that is created when you use our service is processed for different purposes, it is also saved for different periods of time. It may therefore be the case that personal data on you is saved in one system but erased in another. Below we describe some of the main rules for how long we save personal data.
- We save contact details, unless we specify otherwise, for as long as you are one of our users and for 6 months after the agreement has ceased. When the agreement ceases, we erase or anonymise the personal data in the systems used to support the contractual relationship. Nevertheless, personal data may remain in other systems, such as the accounting system, because we need to save it for longer to be able to comply with the requirements of the Bookkeeping Act.
- Case histories from your contacts with our support are erased a maximum of 12 months after we have closed the case or for as long as you are one of our users.
To whom is the data disclosed?
In certain situations, we share your personal data with others. Below we describe when and why we do it. We wish to emphasise that we never disclose your personal data unless it is required to enable us to carry out one of the types of processing specified above, for which we have a purpose and for which a legal basis exists. Nor do we sell your personal data to others.
Suppliers and other personal data processors that process personal data on our behalf
We employ different suppliers whenever necessary to enable us to provide and develop our services and provide you with customised and relevant information.
A personal data processor is a company that processes the information on our behalf and according to our instructions. When your personal data is shared with the personal data processor, this takes place solely for purposes consistent with the purposes for which we have collected the information (for example in order to be able to fulfil our commitments under the agreement or user conditions). We check all personal data processors to ensure that they can provide sufficient guarantees regarding the security and secrecy of personal data. We have written agreements with all the processors under which they guarantee the security of the personal data processed and undertake to comply with our security requirements and restrictions and requirements regarding international transfer of personal data.
We disclose your personal data to law enforcement authorities in accordance with law and decisions by authorities and to the police.
Service providers/third party
If you do not have your own registered company, we disclose your e-mail address to our partner Cool Company to enable them to provide you with the service. In such cases, Cool Company is the personal data controller for the disclosure and for the personal data processing that the services require.
How is the data protected?
We use IT systems to protect secrecy, privacy and access to personal data. We have taken special security measures to protect your personal data against unlawful or unauthorised processing (such as unlawful access, loss, destruction or damage). Only the persons who actually need to process your personal data to be able to satisfy our stated purposes have access to it.
In addition to a right to information, you also have other rights in relation to your personal data. You, can, for example, influence our processing by requesting extracts, correction, erasure and restriction. You also have a right to object to certain processing that we carry out and ask for the personal data we hold on you or ask for it to be moved. Adrecord meets all of the requirements in accordance with the General Data Protection Regulation.
Remember that, as a user at Adrecord, you can change your data directly when you are logged in to your account.
Cookies are small text files consisting of alphanumeric characters sent from our web server and saved on your web browser or device. At Adrecord, we use the following cookies:
- Session cookies (a temporary cookie that stops when you close your web browser or device).
- Persistent cookies (cookies that stay on your computer until you erase them or they expire).
- First-party cookies (cookies set by the website you visit).
- Third-party cookies (cookies set by a third-party website). These are primarily used by us for analyses, e.g. Google Analytics.).
- Similar technologies (technologies that store information in your web browser or on your device in a way that resembles cookies).
Yes! Your browser or device allows you to change the settings for the use and scope of cookies. Go to the settings for your browser or device to read more about how to adjust the settings for cookies. Example of settings you can adjust include blocking all cookies, only accepting first-party cookies or deleting cookies when you close your browser. Bear in mind that some of our services may perhaps not work if you block or delete cookies.
Personal Data Controller
Adrecord AB is the personal data controller and is responsible for the personal data processed under the trademarks Adrecord and Invoicer. We determine the purposes for which the data is processed and how it is done. We also determine how personal data is processed when we use subcontractors.
Contact details and Data Protection Officer
You will find suitable channels for contact on our contact page.
The Data Protection Authority
You will find current contact details on the Data Protection Authority's website.
You also have a right at all times to submit questions and complaints to the supervisory authority.