When do we transfer your personal data outside the EU/EEA, and how do we protect it?
We always strive to process your personal data within the EU/EEA area.
However, some of our suppliers and their subcontractors process your personal data outside the EU/EEA. This data transfer is based on the EU’s standard contractual clauses, and we continuously implement additional security measures to protect your personal data.
When your personal data is transferred outside the EU/EEA, we also implement appropriate technical and organizational safeguards to protect the personal data during the transfer. The specific safeguards we implement depend on what is technically feasible and sufficiently effective for the particular transfer.
If you would like more information about cases where your personal data is transferred outside the EU/EEA, where it is transferred to, the safeguards recognized by the Data Protection Regulation that we use for transferring your personal data, or the measures in place, you can always contact us.
What are your rights as a user of Grade’s services?
As a user, you have several rights under applicable laws. Below, we list these rights.
Right to be informed
You have the right to be informed about how we process your personal data. You also have the right to be informed if we plan to process your personal data for purposes other than the original purposes for which it was collected.
We provide this information through this privacy policy, updates on our website, and by responding to any questions you may have.
Right to access your personal data
You have the right to know whether we are processing personal data about you and to receive a copy of the data we process about you. When you receive a copy of your data, we will also provide information about how we process your personal data.
Right to rectification
If you discover that something is incorrect, you have the right to request the correction of your personal data. You can also request to complete any incomplete personal data.
Right to erasure
In certain cases, you have the right to have your personal data erased. The right to erasure applies to personal data we process about you when:
- The data is no longer necessary for the purposes for which it was processed.
- You object to a legitimate interest-based processing, and your reason for objection outweighs our legitimate interest.
- The personal data is being processed unlawfully.
However, we may have the right to deny your request if there are legal obligations preventing us from immediately deleting certain personal data. Additionally, processing may be necessary to establish, assert, or defend legal claims.
Right to restriction
You have the right to request a restriction on the processing of your personal data. For example, if you request rectification because you believe the personal data we process is inaccurate, you can request restricted processing while we verify the accuracy of the data.
If and when we no longer need your personal data for the stated purposes, our routine is typically to delete the data. However, if you need the personal data to establish, assert, or defend legal claims, you can request restricted processing of the data. This means you can ask us not to delete or remove your data.
If you have objected to personal data processing based on a legitimate interest, you may request restricted processing while we assess whether our legitimate interests outweigh your interest in having the data erased.
If processing is restricted for any of the above reasons, we may only process the data, in addition to storage, for establishing, asserting, or defending legal claims or to protect another person’s rights.
Right to object to certain types of processing
You always have the right to object to any processing of personal data based on a legitimate interest.
Right to data portability
As a data subject, you have the right to data portability (transferring personal data to another organization) if our processing of your personal data is based either on your consent or the performance of a contract with you. Data portability is conditional on the transfer being technically feasible and the processing being automated.
Where to turn for comments or questions?
If you would like to contact Grade to exercise your rights, or if you have any questions or concerns about how we handle your personal data, you can reach out to us via dataprivacy@grade.com.
Contact our Data Protection Officer
GDPR Hero AB
Contact Person: Julianne Ahlesten
Email: dpo.grade@gdprhero.se
Updates to this Privacy Policy
We may update this privacy policy as needed, for example, if we begin processing your personal data in a new way, if we want to make the information clearer for you, or if required to comply with applicable data protection laws.