IDENTITY OF BOX DRAGON – PERSONAL DATA CONTROLLER
Box Dragon AB
412 92 Göteborg
Company registration number: 559219-7668
Please submit inquiries regarding to personal data protection, privacy and security matters to one of the contacts on the last page of this document.
Box Dragon is the personal data controller, that means that we decide which personal data is to be collected and how it should be processed. As a stakeholder to us, visiting this website we may process your data. Your security is important to us. Therefore, we have taken appropriate technical, organizational and administrative security measures to protect your personal data from unauthorized access and other unauthorized processing. We regularly analyze and evaluate the measures to ensure that the protection of your data is as safe as possible.
Personal data is any information that can be directly or indirectly linked to a physical person. Examples of personal data that we can come to process about you are name, email, address, phone number, location information, IP address. We only collect your data when we have a legal purpose and lawful grounds for personal data processing.
If you create a subscription account on our website or in our application, you will be asked to provide personal information about yourself such as name and email address. Box Dragon processes this information to maintain account functions, provide you with information to the extent permitted by law and for the purpose to analyze your interests for marketing purposes. You can cancel your subscription by unsubscribing in the email sent from us.
CONTACT BY EMAIL
You can contact us by e-mail at any time. In this case, the personal data transmitted by e-mail or with your inquiry will be processed. The data is used exclusively for communication.
You can object to the storage of your data at any time or revoke your consent.
We may use external service providers to act as a personal data assistant (“Data Processor”) for Box Dragon, which provides services related to, for example, the website, marketing, and IT support. External service providers may have access to and/or process your personal data. We will require that these external service providers fulfil sufficient data protection standards.
In accordance with applicable personal data legislation we may transfer personal data to regulators, other public authorities, legal advisors, external consults and partners. In the case of a merger or acquisition of companies, personal data may be transferred to third parties involved.
Your data is stored and processed mainly in the EU / EEA area. Your data may be stored outside of this area through those who provide systems to us. CS Publishing will by the applicable law take all necessaries to ensure an adequate level of protection for personal data transmitted outside the EU, Art. 44 ff. GDPR.
When you visit our websites, access data is recorded in the log file on our servers. We record: Internet protocol, address / IP address, page from which the file was requested, date, time, browser type and operating system, page visited, data transfer, access status (file transfer, file not found, etc.).
We use the log files to ensure the functionality of the website, to monitor traffic on our websites, to resolve technical issues, and to generate statistics that help us tailor our services to your needs. This is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.
We do not store this data together with other Personal Data of the user. If it comes to an abuse of our websites, we can block IP addresses if necessary. The data is stored only for a limited period of time and only for as long as necessary to ensure the safety and functionality of our websites.
On our websites, we use active Java Script content from external providers. By visiting our websites these external providers may receive Personal Data about your visit. In this case, processing of data outside the European Economic Area (EEA) is possible. You can prevent this by using a java script blocker such as install the browser plugin ‘NoScript’ (www.noscript.net) or disable java script in your browser. This can lead to functional restrictions on websites.
LINK TO LINKEDIN/TWITTER
LEGAL BASIS FOR PROCESSING PERSONAL DATA
We may process your personal data based on the following legal grounds:
Consent - You have given us your consent to the processing of personal data for one specific purpose (Art. 6 par. 1 (a) GDPR). You can revoke a given consent at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.
Contract - You have a contract or is to enter a contract with us and processing of personal data is necessary for the performance of the contract (Art. 6 par. 1 (b) GDPR).
Weighing of interests - We may process personal data about you without your consent if our legitimate interests outweigh those of yours and if the processing is necessary for the purpose in question (Art. 6 par. 1 (f) GDPR).
Legal obligation – There are laws and rules that oblige us to process personal in its activities (Art. 6 par. 1 (c) GDPR).
Exercise of official authority or tasks in the public interest – If we must process personal data to carry out its duties as an authority or to carry out a task in the public interest (Art. 6 par. 1 (e) GDPR).
Fundamental interest – We must process your data to protect you or another natural person (Art. 6 par. 1 (d) GDPR).
HOW LONG DO WE PROCESS YOUR PERSONAL DATA?
We process data about you as a customer, prospect, supplier or other stakeholders for the duration of the agreement with you and for a reasonable time thereafter. We save your information as long as it is necessary to carry out our commitments to you and as long as required by statutory storage times. If we process data on the base of your consent, we will delete your data immediately upon withdrawal of your consent.
When we process personal data about you, you as registered have several rights. You have the right to contact us at any time concerning these, and if you wish to exercise any of the rights described below. We reserve the right to take appropriate protective and security measures to ensure that you are the person you claim to be when you contact us. If you cannot satisfactorily demonstrate your identity, we may not be able to respond to your request.
Access to personal data Art. 15 GDPR
You have the right to know what personal data we process about you. If you wish to know, you can get a compiled register extract from us that contains all the personal data we process about you.
Correction and deletion Art. 16, 17 GDPR
If we process your personal data incorrectly or if we no longer need the data, you are entitled to have it deleted. If the data is incomplete, you have the right to have it supplemented. Please keep in mind that we may not be able to provide you with our services if you request to have your personal data deleted.
Restrictions to processing Art. 18 GDPR
Under certain conditions, you have the right to request that we restrict our processing of your data. This means that we mark the data so that in the future we only process it for certain specific purposes. We may not be able to provide you with our services if we restrict the processing of your personal data.
Right to data portability Art. 20 GDPR
You have the right to receive your personal data in a structured, commonly used and machine-readable formant and have the right to transmit those data to another controller.
Right to make objections Art. 21 GDPR
You have the right to object to the processing of personal data that is carried out to perform a task in the public interest, as part of an exercise by a public authority or after a balance of interests. We do not process your personal information for any of these purposes or on any of these grounds. Therefore, you cannot direct any objections to our processing on this basis.
Right to lodge a complaint Art. 77 GDPR
You have the right to lodge a complaint with the Swedish Data Protection Authority if you believe that we are inappropriately processing your personal data. You can read more about this on the Swedish Data Protection Authority's website www.datainspektionen.se.
CHANGES IN THIS POLICY
We may update this policy, the valid version will always be available at www.boxdragon.se to see when it was last updated check the end of this document. Should we make changes to this policy, that we are obliged to notify you about or ask for your consent, to apply to data protection laws, we will do so.
Last updated 200924