Privacy Notice

Privacy Notice

Optilon AB (“Optilon”) cares about individual privacy and protecting the personal data processed by the company. All processing of personal data takes place in accordance with current Swedish data protection legislation and the EU general data protection regulation 2016/679 (GDPR).

GDPR went into effect in 2018 and imposes strict requirements related to the way organizations store and process the personal data of EU citizens. As a globally operating company, Optilon understands the important link between privacy and customer trust. Optilon adheres to GDPR.

The principles relating to processing of personal data as stated in GDPR are focus for our compliance work.

Lawfulness – We process personal data strictly for our own business, and in accordance with our privacy policy. We inform customers and individuals about our processing activities in our privacy statement. Our Data Processing Agreement (DPA) is available for any and all to review.
Purpose limitation – We process personal data strictly for the purpose of 1) fulfilling the contractual requirements agreed upon between our customers and us, and/or 2) marketing our products to customers and prospects.

Data Minimization – We require only identifiable contact information of customers and users of our products, as well as for our marketing activities. Customer records are regularly reviewed and evaluated for accuracy.

Storage limitation (retention) – We do not save personal data longer than is necessary given the purpose of the processing, unless the data may or must be saved for a longer period under applicable law.

Integrity and confidentiality – We have implemented technical and organizational measures to ensure all data is protected and secured. We have internal access controls and authorization requirements to all data. All employees are subject to our privacy policy and specific instructions.

We describe below how we collect, process and share personal data in these cases. Further down, we also provide information about the rights that data subjects have in relation to us as controller and our contact details.

Who we are

Optilon is an IT service provider offering software solution services and additional professional services for companies. Optilon operates in the business-to-business industry and does not focus on consumer individual users or the collection of consumer data.

Our role in your privacy

When various people, e.g. customer’s representatives, business partners and consultants have contact with us in connection with our business, this means that personal data will be provided to us or obtained by us. We also collect and process personal data on contact persons of suppliers and other external parties. Moreover, anyone who applies to work for Optilon, visits our offices, communicates with us, signs up for newsletters or enrols for events will provide us with personal data. If you are a representative at an Optilon customer, or just visiting the Optilon website, this Privacy Statement therefore applies to you as a data subject under GDPR.

This Privacy Statement informs you of Optilon’s privacy practices with regards to our software services and comprises all aspects of our business.

It applies with respect to both our digital and non-digital methods of data collection.

Optilon maintains these same privacy practices with respect to personal data that is collected off-line. This Privacy Statement does not apply to the practices of third parties that Optilon does not own or control, nor to consumer individuals.
If you don’t receive enough information regarding our privacy practices in this statement, please let us know at privacy@optilon.se.

When and how we collect data

These are examples of when and how personal data is collected:

  • A data subject browses any page on our website
  • A data subject completes a form on our website
  • A data subject uses one of our services
  • A data subject calls you
  • A data subject receives emails from us
  • A data subject view and sign contracts
  • A data subject calls us for customer support
  • A data subject chat with us for customer support

For Service Delivery

Users of Optilon services sign up for access to the software systems that Optilon is hosting. A few fields of user information are mandatory and must be stated for the service to work. Full name and email is required. Name is needed for the ability to identify users, email is needed for authentication.

Over and above that, a user may add any other information and personal data belonging to themselves (or others) as they find relevant. Optilon will not have any implication with whatever information a user provides to the service and system.

Personal data is stored during the time period the user is utilizing the service. A user is always able to adjust or delete his personal data.

Optilon will have access to information about user information that a user provides to the service himself, and also IP-address. Such information is necessary for the administration of the services, in case there’s a need for support or troubleshooting.

Optilon may also collect information during your work in our services, or when you visit our website, through the use of automatic data collection tools such as cookies and other commonly used information-gathering tools. These tools collect certain standard information that your browser sends to our website such as your browser type, the Internet Protocol (IP) address by which you are accessing the Internet, the address of the website from which you arrived at the Optilon website, and the date and time of visits.

For marketing purpose

In order to serve you with relevant information regarding our services, and to respond to any requests you may have, we ask for information about yourself when you sign up for a webinar or seminar, or when you download content from our website. This information may comprise all or some of these personal data; your name, contact information (phone numbers, street address, and email address), company name, work title and payment data.

We retain this information as you wish to receive information from us. You may – at any time – require us to delete, rectify, restrict or object to any personal data we hold about you.

What personal data do we process?

Processing of personal data in connection with customer engagements and by our support organisation

We collect the personal data that are provided to us in connection with customer engagements or otherwise processed when the engagement is prepared or administered. In some cases, we may also supplement the personal data by obtaining information from other sources, e.g. search results using generally available search engines and records.

Our support organisation collects and processes personal data in contact with Customers or their representatives and other external parties.

The personal data we process in the above contexts may consist of contact details (e.g. name, title, employer, postal address, telephone number and email address), identification details (e.g. date of birth/ID number).

Processing of personal data in connection with marketing and events

We collect the personal data provided to us when people sign up for newsletters and similar material and when they enrol for events. The data collected may include contact details, language preference, job title and workplace.

When we arrange events, we may process personal data in the form of photographs and sound and image recordings. When people enrol for events, we also process details of food preferences provided in connection with enrolment.

Processing of personal data in connection with recruitment

We collect the personal data provided to us when people apply to work for the company. The data collected includes contact details, identification information, CV and personal letter, as well as information on education and work experience, including degree and employment certificates. Where applications are made using login from a LinkedIn account, we will also collect photographs and information on education and professional experience from the applicant’s LinkedIn profile. We may also supplement personal data by obtaining information from other sources, e.g. search results using generally available search engines and records, industry newsletters and/or social media, as well as the applicant’s current or previous employer’s website. In some cases we also collect and process results of tests performed during the recruitment process.

General

Much of our communication takes place via telephone or video calls and email, which essentially always entail processing of personal data. As a rule, those who call, take part in video calls or send emails to us provide personal data that can be attributed to individuals.

What is the purpose of our processing of personal data?

Processing of personal data in connection with customer engagements and by Optilon support organisation

We process personal data in connection with customer engagements so we can meet our obligations towards our customers, and also perform administration in connection with agreements entered into, and meet the requirements to which we are subject by law.

Our support organisation processes personal data so we can manage and administer our relationships with suppliers or their representatives and other external parties. Personal data may also be processed for marketing and customer analyses, business and methodology development, and statistical purposes.

Processing of personal data in connection with marketing and events

Processing of personal data in connection with enrolment for newsletters and similar marketing material and enrolment for events, takes place for marketing and communication purposes, e.g. so we can
(i) send invitations to events, and arrange and administer those events;
(i) send newsletters, annual reports and similar marketing material; and/or
(iii) maintain our customer register.

Processing of personal data in connection with recruitment

Processing of personal data in connection with recruitment takes place for the following purposes:
(i) to administer our recruitment process and evaluate applicants; and
(iii) to be able to inform applicants of future career opportunities and events, provided the applicant has consented to such processing.

Processing of personal data in connection with visits

We process personal data when people visit our offices so we can manage and administer visits, and for security reasons.

What is our legal basis for our processing?

Processing of personal data in connection with customer engagements and by our support organization

In relation to customers’ representatives, business partners and consultants, etc., our processing of personal data is normally based on our legitimate interest in conducting our business and performing our obligations.

In connection with the various agreements entered into we have accepted we may have additional lawful grounds for the processing.

Processing of personal data relating to suppliers or their representatives and other external parties is based on our legitimate interest in administering the relationship and performing our contractual obligations. When we process personal data in order to analyse and develop our business, processing is based on our legitimate interest in improving our business.

In the above instances where processing of personal data is based on a balance of interests, we consider that the processing of the personal data is necessary for the purposes that concern our customers or, where applicable, our legitimate interests, and that these outweigh any opposing interests and/or fundamental rights and freedoms.

Processing of personal data in connection with marketing and events

The processing of personal data that takes place for marketing and communication purposes is based on our legitimate interest in maintaining our business contacts, communicating with business contacts about our business and our events, and to arrange and administer those events. We consider that our interest in processing personal data for these purposes outweighs the individual’s interest in having their privacy protected.

Processing of personal data in connection with recruitment

The processing of job applicants’ personal data that takes place to administer our recruitment process and evaluate whether an applicant is suitable as an employee at Optilon is based on our legitimate interest in managing the recruitment process. We consider that our interest in processing personal data for this purpose outweighs the individual’s interest in having their privacy protected.
The processing of a job applicant’s personal data that takes to allow contact about future career opportunities and events is based on the applicant’s consent.

Processing of personal data in connection with visits

In relation to information registered in connection with visits to our offices, the legal ground for the processing – in addition to the fact that the processing may also be covered by the preceding paragraphs – is our legitimate interest in managing the visit and maintaining security at our facilities, or our duty to meet our legal obligations. We consider that our interest in processing personal data for these purposes outweighs the individual’s interest in having their privacy protected.

Who has access to the personal data we process?

We have taken appropriate technical and organisational security measures to protect the personal data we process from loss and unauthorised access, among other things. Only those who need to process personal data for the purposes for which they are processed have access to the personal data.

When data are transferred to customers, personal data may be transferred to countries outside the EU/EEA. Transfers of this type are normally based on the EU Commission’s standard contract clauses. Transfers to countries outside the EU/EEA may otherwise take place within the scope of an agreement. If so, we will take appropriate measures to ensure the personal data remain protected in accordance with applicable personal data laws, usually on the strength of standard contract clauses.

Optilon will not divulge personal data to anyone outside the company, except where
(i) it has been agreed between us and the person whose personal data we process;
(ii) it is necessary within the scope of an agreement entered into with customers so we can safeguard our customers’ rights and interests;
(iii) it is necessary so we can perform a statutory obligation, comply with a decision of a public authority or a court of law;
(iv) we engage an external service provider or business partner who performs services on our behalf, e.g. for the provision of IT services or administrative services, or to arrange events. Such service providers and business partners may only process personal data in accordance with our instructions, and may not use personal data for their own purposes; or
(v) it is otherwise permitted under applicable law.

In addition, we may, in the context of events, share personal data on the participants with co-arrangers, and in some cases share the list of participants with other participants at the event.

How long we store your data? 

In relation to our customers, we are Data Processors. Accordingly, we keep your information and personal data as long as the service agreement with the customer is valid. We keep backup logs stored for a limited time after termination for the sake of our customers convenience.

For Marketing activities, we are Data Controllers. We store personal data of our customer representatives for marketing purposes as well as to keep them updated on our features and products. We also store personal data if such has been provided this to us by a data subject interacting with Optilon through different marketing channels. We keep our marketing records updated and correct by regular monitoring and by executing annual controls for accuracy. A data subject may at any time unsubscribe from any communication from us without cost.

Processing of personal data in connection with customer engagements and by our support organisation

The personal data that may be processed before and during performance of an agreement with a customer are saved during performance of the agreement and kept afterwards in accordance with Optilon’s archiving obligations in order to secure its obligations towards customers. This means that the personal data are saved for at least five years from the date on which the engagement is completed, or for a longer period as required by the nature of the engagement.

Personal data that we process in our relationships with suppliers and other external parties are saved for the period that is necessary so we can administer the contractual or business relationship, exercise our rights and perform our obligations in relation to the supplier or other external parties, or for as long as is required or permitted under applicable law.

Processing of personal data in connection with marketing and events

Personal data on business contacts are saved for as long as the person whose data are processed is our business contact, or as long as is required or permitted under applicable law.

In the case of recruitment events, personal data are saved until the event has taken place, unless the participant has consented to the information being saved for a longer period so the company can contact the person in question, e.g. in relation to future career opportunities and events. In these cases, personal data are saved for as long as we have the person’s consent.

In all the above categories, details of food preferences are always deleted after the relevant event.

If we record an event, the recorded material will be saved for up to one year after the event.

Anyone whose personal data are processed can unregister at any time by contacting us at privacy@optilon.se. If a person chooses to unregister, we will no longer send the information or invitations mentioned above.

Processing of personal data in connection with recruitment

Personal data of job applicants are stored during the recruitment process and are then saved for a further six months after completion of the process, or for as long as is required or permitted under applicable law, unless the applicant has consented to the personal data being saved for longer so the company can contact the person in question, e.g. in relation to future career opportunities and events. In these cases, the personal data are saved for as long as we have the person’s consent.

The applicant can unregister at any time by contacting us at privacy@optilon.se. If a person chooses to unregister, we will no longer send the information or invitations mentioned above.

What are the rights of the data subject?

Optilon AB, Reg. No. 556679-7337, having the address Hantverkargatan 5f, 112 21 Stockholm, is a data processor for the provided software services and a data controller for marketing purposes of the processing of personal data as described above. This means we are responsible for ensuring that the personal data are processed correctly and in accordance with current data protection legislation.

Data subjects have the right
(i) to know what personal data we process about them;
(ii) to request that we rectify inaccurate or incomplete personal data about them;
(iii) to request that we erase their personal data (e.g. if the data are no longer needed for the purpose or if consent is withdrawn) or request that processing of the personal data be restricted;
(iv) to object to specific processing of personal data; and
(v) in some circumstances, to receive the personal data they have provided in machine-readable form, and to transmit them to another controller.

In some cases, restriction or erasure of personal data may also prevent us from meeting our commitments, e.g. to provide certain invitations or certain information. In the context of recruitment, restriction or erasure of personal data may prevent us from proceeding with a person’s application.

Anyone with objections about, or comments on, the way we process personal data has the right to contact or file a complaint with the Swedish Authority for Privacy Protection (IMY) at imy.se, which is the supervisory authority for our processing of personal data.

If you have any questions or complaints about the way we process personal data, or wish to request exercise of rights as described above, you are welcome to contact us by email at privacy@optilon.se or by post to the address above, at Data Protection Responsible.

Last updated on October 8, 2021

Contact us to book a meeting

Join us at the Optilon Supply Chain Conference 2023!

Learn from experts and supply chain leaders, and discover innovative solutions to help you stay ahead of the game. This event is free but there are limited tickets available.