PRIVACY NOTICE

Last updated on May 16th, 2018.
 

Make sure to read this privacy notice carefully and feel free to reach out if you have any questions or concerns.
We will explain the following things:

·       OUR GDPR COMPLIANCE

·       THE CONTROLLER - WHO IS COLLECTING YOUR DATA?

·       WHAT DATA IS BEING COLLECTED?

·       WHAT ARE COOKIES?

·       WILL YOUR DATA BE SHARED WITH ANY THIRD PARTIES?

·       HOW ABOUT THIRD PARTIES OUTSIDE OF THE EU?

·       WHAT IS OUR LEGAL BASIS FOR PROCESSING YOUR DATA?

·       HOW LONG WILL YOUR DATA BE STORED FOR?

·       WHAT RIGHTS DO YOU AS A DATA SUBJECT HAVE?

·       HOW CAN YOU ACCESS YOUR DATA OR RAISE A COMPLAINT?

·       DISCLOSURE


OUR GDPR COMPLIANCE

On 25 May 2018, the most significant piece of European data protection legislation to be introduced in 20 years will come into force. The main focus of the General Data Protection Regulation (GDPR) is the protection of personal data and digital privacy. The GDPR applies to any website or mobile application collecting data from EU residents.

To comply with the GDPR and to safeguard your personal data and digital privacy as good as possible, we specify the following things:


THE CONTROLLER - WHO IS COLLECTING YOUR DATA?

The legal entity collecting your data here is SB Insight based in Sweden. At SB Insight, we are the ‘controller’ of your personal data that you consent to share with us. With that, SB Insight defines the purposes and means of the processing of your data.

The following online domains are part of SB Insight and fall under this privacy notice:

www.sb-insight.com

www.sb-index.com   

www.sb-index.nl


WHAT IS OUR LEGAL BASIS FOR PROCESSING YOUR DATA?

Our legal basis for processing your personal data is:

  • You have given us your consent to have your data processed for a specific purpose/s. When you consent, you can change your mind at any time. 
  • We have a legitimate interest in using your personal information. In particular, we have a legitimate interest in the following cases:

Direct Marketing: The GDPR states, ‘the processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest’. Our purpose is to keep you up to date on our products and services and gather feedback to improve them along the way. In order to reach out to you with relevant information, we need personal data, like your name, email address, interest and country. These personal details are only used when they are given to us with consent (e.g. newsletter sign-up, even registration). For other marketing purposes (e.g. advertising), we make use website analytics to improve our services and third parties to reach new audiences. For this we never use of personal data or profiling. You can read more about this in the next paragraph.

Relevant and appropriate relationship: We process personal data when there is a direct appropriate relationship, such as when you are our client and/or we enter into contract. In order to provide you as a client with relevant information and requested services, we need to have access to some personal data. In other words, so we can perform our contract with you or take steps at your request before entering into one. For example, we need your name, email address and company details.

The protection of your personal data is important to us and we will use any information we gather with care and only for these stated purposes. These legitimate interests are always overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.


WHAT DATA IS BEING COLLECTED?

Most of our services do not require any form of registration, allowing you to visit our website without telling us who you are. However, some services may require you to provide us with personal information. Some main examples are: subscribing to the newsletter, signing up for an event or making a purchase in the report store. In all situations in which you are required to provide personal information, we will clearly ask for your consent and share this privacy notice with you.

Website Analytics

You can visit our website without giving away your personal information. In order to improve our services, users’ experiences and to analyze how the website is used, SB Insight makes use of cookies and website analytics. SB Insight websites are built with the web-builder Squarespace, which provides an analytics tool to analyze and improve website traffic (see Squarespace’s privacy statement here.)

Additionally, SB Insight used Google Analytics. Aside from the approximate location (IP address), the information collected by Google Analytics is mostly anonymous traffic data, including browser information, device information, language. We do not collect additional data that can be related to a specific individual. The collected information is used to provide an overview of how people are accessing and using SB Insight’s website. It is not used for any additional purpose, such as to profile those who access our website.

Direct Marketing

When signing up for our newsletter or requesting other information on our website (like a press-kit or a report preview), we ask you for your name, email address and sometimes your company name. The purpose of gathering this information is solely to keep you up to date and to improve our services. We will only process your personal information for the exact purpose you gave your consent.

Online Purchases

SB Insight sells products online (mainly reports). In order to complete a purchase in the Report Store, we ask for basic personal information, like your name, e-mail address, address and company. This information is solely used for the purpose of invoicing and is securely stored. Payment details are always securely encrypted and never stored by SB Insight itself.

The Report Store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you. Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.

If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. Your credit card data is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards. All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover.

Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.

For more information you may also want to read Shopify's Terms of ServicePrivacy Statement and GDPR White Paper

Events

When signing up to one of SB Insight’s event, you are asked to share some personal data, like: name, email address, address, company. The purpose of gathering this information is solely to keep track of event registration, to keep you up to date about the event details and to improve our services.


WHAT ARE COOKIES?

Cookies are small files that are automatically dropped on your computer as you browse the web. In and of themselves they are harmless bits of text that are locally stored and can easily be viewed and deleted. Cookies are used to provide insights into your activity and preferences on the web. You can always manage and delete your cookies in the settings of your browser.

As cookies can be used to uniquely identify you as a person, we treat cookies as personal data. When you browse our website, we will inform you about the use of cookies and ask your explicit consent.

We make use of permanent and third-party cookies for analytics purposes to learn about our traffic and improve our services. These cookies do not contain names, email addresses or other personal information that is directly linked to an individual. Additionally, we make use of session cookies, which are temporary and expire once you leave our site. Session cookies are mainly used to improve your experience, like holding your items in the shopping basket while you are shopping online.

Read more about your personal data and third parties in the following section.


WILL YOUR DATA BE SHARED WITH ANY THIRD PARTIES?

 

Service Providers

We share personal information with our service providers that perform services on our behalf. For example, we may use third parties to help us provide customer support, manage our advertisements on other sites, send marketing and other communications on our behalf or assist with data storage.

In general, the third-party providers used by us (e.g. Google Analytics, Squarespace, Shopify) will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us. When it comes to advertising, we never share your personal data directly with third parties. As said the data we use for adverting on platforms of third parties is related to general information around SB Insight’s web-visitors, e.g. geography or language. This data is anonymous and not directly linked to a specific individual. We only use web visitors’ data to learn about the average target group of our products and services.

All third-party data processers we work with are compliant with GDPR regulations. However, it is important to state that each third-party company is responsible for ensuring their own compliance with the GDPR, just as they are responsible for compliance with the laws that apply to them today

We never sell any personal data to third parties.

Process Payments

In order to process your purchase and payment, we transmit your personal information via an encrypted connection to our payment processor. Remember that certain providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.

Legal Reasons

We may disclose your personal information if we are required by law to do so or if you violate our Terms & Conditions.


HOW ABOUT THIRD PARTIES OUTSIDE OF THE EU?

Certain third-party service providers may be located in or have facilities that are located in a different jurisdiction than either you or us. So, if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located. For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.

As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation.


HOW LONG WILL YOUR DATA BE STORED FOR?

Personal data processed for any of the stated purposes shall not be kept for longer than is necessary for those purposes.

·       We securely delete information that is no longer needed for the previously stated purposes

·       We update, archive or securely delete information if it goes out of date.


WHAT RIGHTS DO YOU AS A DATA SUBJECT HAVE?

Under the GDPR, you as an individual have 8 fundamental rights. We respect and adhere to all these rights when it comes to collecting, storing and using any personal data.

  1. The right to be informed – all organizations must be completely transparent in how they are using personal data
  2. The right of access - individuals will have the right to know exactly what information is held about them and how it is processed.
  3. The right of rectification - individuals will be entitled to have personal data rectified if it is inaccurate or incomplete.
  4. The right to erasure - also known as 'the right to be forgotten', this refers to an individual's right to having their personal data deleted or removed without the need for a specific reason as to why they wish to discontinue.
  5. The right to restrict processing - an individual's right to block or suppress processing of their personal data.
  6. The right to data portability - this allows individuals to retain and reuse their personal data for their own purpose.
  7. The right to object - in certain circumstances, individuals are entitled to object to their personal data being used. This includes, if a company uses personal data for the purpose of direct marketing, scientific and historical research, or for the performance of a task in the public interest.
  8. Rights of automated decision making and profiling - the GDPR has put in place safeguards to protect individuals against the risk that a potentially damaging decision is made without human intervention. For example, individuals can choose not to be the subject of a decision where the consequence has a legal bearing on them, or is based on automated processing. 

HOW CAN YOU ACCESS YOUR DATA OR RAISE A COMPLAINT?

You can contact us anytime to:

  • Request access to information that SB Insight has about you
  • Correct any information that SB Insight has about you
  • Delete information that SB Insight has about you

If you have any questions or concerns about SB Insight’s collection and storage of data, we encourage you to contact us. You also have the right to lodge a complaint with supervisory authority when you feel. 

SB Insight has a ‘Data Protection Officer’ who is responsible for matters relating to privacy and data protection. The Data Protection Officer can be reached at the following address.

dataprotectionofficer@sb-insight.com
SB Insight
Attn:  Data Protection Officer
Hamngatan 15, 8th floor
SE-111 47 Stockholm
Sweden


DISCLOSURE

Links

When you click on links on our website, they may direct you away from our website. Once you leave our website or are redirected to a third-party website or application, you are no longer governed by this Privacy Notice or our website’s Terms & Conditions. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.

Updates

The most recent version of the Privacy Notice is reflected by the version date located at the top of this Privacy Policy. If we make any material changes to this Privacy Notice, we will notify you via notifications on our website, and as otherwise required by applicable law.

We encourage you to review this Privacy Policy often to stay informed of changes that may affect you, as your continued use of the Website signifies your continuing consent to be bound by this Privacy Policy.