Centigo (Centigo AB, Sveavägen 17, 111 57 Stockholm) (“The Company,” “we,” or “us”) values the privacy of personal information and our users' personal data. It is of utmost importance that you feel secure about how we at Centigo handle your personal information.
Purpose, legal basis, and duration of the processing
We may process your personal data in different ways depending on the type of business relationship we have.
We collect and process personal data to offer, implement, and improve our services. This may include organising events, sending out newsletters, providing downloadable guides and manuals, marketing our services, and communicating with our customers.
We collect personal data through forms on our website, when you use our services, or when you otherwise are in contact with us. Personal data is such information that can be directly or indirectly linked to a specific individual. Below is a list of examples of such personal data that we collect and process: name, email address, company, job title, street address, phone number, correspondence and information from calls or meetings between you and us, purchase and invoice information, activity on our website, information about food allergies, information about educational institutions and education, work experience, photographs, CVs, and LinkedIn profiles.
We use the following tools for the collection and processing of personal data:
- HubSpot (CRM tool)
- Contenful/Nuxt Code (web tool for cookies)
- Hotjar (a script tracking visitors)
- Google Analytics (a script tracking visitors)
- HubSpot Tracker (a script that makes the topmost cookie banner pop up)
- YouTube (all videos on the site are hosted here, tracking which visitor plays videos on the site)
- Heroku (basic tracking, e.g. logging IP addresses of visitors, only used to detected technical problems)
- Workable (recruitment tool)
- Cinode (CRM used recruitment tool)
We collect and process personal data based on your consent, legitimate interest, or when we find it necessary to fulfill a part of a contract or another obligation in relation to you. You can withdraw your consent for the processing of personal data based on your consent at any time.
The tools Workable and Cinode mentioned above involve automated decision-making and profiling. However, such activities are not carried out without your consent.
1. You are our customer
We collect and store your personal data, including customer name and contact information, to provide our Services in accordance with the agreement we have entered into with you. Depending on the agreement or other arrangements, we collect the personal data needed. On our website, you are given the opportunity to choose if and how you wish to be contacted for marketing purposes.
We will store your personal data and other information related to our agreement for as long as we find it necessary to be able to fulfill our contractual obligation. This includes the possibility to, after the completion of the assignment, review our performance in the event of complaints or similar.
We track customer activity to be able to delete personal data belonging to customers who no longer interact with our Services and/or our website. Therefore, we review our marketing lists every 12–24 months, to then delete data that is no longer necessary.
We may process your personal data for analysis when it follows from our legitimate interest (interest balancing) to improve or develop our Services.
Where applicable, we may send information to you that we believe may be of interest to you. This communication can occur via telephone, email, or SMS. We will contact you in this way provided that it follows from our legitimate interest to market our Services to you, or when you have consented to such type of communication. If you have consented to be included in a marketing campaign, you can withdraw your consent at any time.
2. You are a supplier
We collect and store your personal data as a supplier, including contact details, in order to receive your goods or services in accordance with our agreement. We will store and archive information related to the agreement between us for as long as we consider necessary in order to review your performance in the event that problems arise after the completion of the assignment.
We may also contact you regarding new potential assignments that could form the basis for continued cooperation, and to keep you updated on our projects and business activities. Such contact is made via telephone, email, or SMS. We contact you on such occasions on the basis of our legitimate interest in developing our business and only when we have reason to believe that you expect us to contact you and that such processing of personal data in no way negatively affects you.
We do not send out general marketing information as part of mass mailings via email unless you have previously consented to be contacted in such a way.
3. You are a third party with whom we are in contact during the delivery of our Services to a customer or the potential delivery of our Services to a prospective customer
We collect and store personal data of third parties, including contact details, with whom we are in contact during the delivery of our Services to our customers or when discussions about our Services are held with a potential customer. Such processing of personal data is then carried out with the support of our legitimate interest in fulfilling our contractual commitments or in order to create new business opportunities with a potential customer. We believe that you can reasonably expect us to process your personal data in this way and that such processing of personal data in no way negatively affects you.
If your personal data is included as part of a file related to the fulfillment of a contract with a customer, we will also save such information and other contract-related information for as long as we store the customer file in question.
If your personal data is stored in our cloud-based storage service or in our internal systems, we intend to review it every 12 to 24 months to determine whether we still have a legitimate interest in retaining your personal data. If not, we will delete your personal data.
We may contact you regarding new potential assignments and to keep you updated about our business activities. In such cases, this is done with the support of our legitimate interest to develop our business and only when we have reason to believe that you as a supplier expect us to contact you and that such processing of personal data in no way negatively impacts you.
We will not engage in general marketing communications, whether through mass mailings, email, or telephone campaigns, unless you have consented to such communication.
4. You are a potential customer or a potential supplier
We collect and store personal data, including contact information, of potential suppliers or customers. Such collection may occur when you contact us (including via our website and through Hubspot).
We may contact you regarding new potential business opportunities and to keep you updated about our business activities. If so, it is done with the support of our legitimate interest in being able to directly market our Services to you and to develop our business. However, such communication will only occur if we believe that you can reasonably expect your personal data to be processed in this manner and that such processing of personal data in no way negatively impacts you.
When your personal data is stored in our cloud-based storage service or in our internal systems, we intend to review it every 12 to 24 months to determine whether we still have a legitimate interest in retaining your personal data. If not, we will delete your personal data.
We will not send out general marketing communications, whether via mass mailings, email, or through telephone campaigns unless you have consented to such communication.
5. You are employed by The Company or are related to an employee
6. You are a potential employee
If we have received your personal data in connection with your job application, we will store the personal data provided that it is you who have supplied them, or through your LinkedIn profile, or via a third party. We process the personal data as part of our legitimate interest in making a well-founded decision on whether to interview you, and ultimately, to employ you. We believe that you can reasonably expect us to process your personal data for this reason and that such processing of personal data in no way negatively impacts you.
When your personal data is included as part of a file related to potential employees at the Company, we will retain this information and other related information. This is to be able to look back at the history in the event of complaints or issues that arise after the recruitment process. Otherwise, we usually delete your personal data no later than six months after the recruitment process has ended.
We use a recruitment tool called Workable which involves automated decision-making and profiling. However, such activities are not conducted without your consent.
7. We have received your personal data from a third party
When we have received your personal data from a client, we will retain them as it follows from our legitimate interest with the client, in order to fulfill our commitment to them.
We use the tools listed below, which may process your personal data and/or provide us with information:
|A script that tracks people who visit our website.
|A script that tracks people who visit our website.
We use this tool to track which videos are played through our site.
|A basic tool for tracking our customers, for instance, to log our visitors' IP addresses. However, this is used only to detect technical issues.
|Please see our separate cookie notice.
Please see our separate cookie notice.
Our financial system and our tool where we primarily save data about our customers.
A system where customer names and the assignments we have had or currently have for that customer are saved.
Our recruitment tool.
When you provide personal information about another person.
If you provide personal information about another person, you must ensure that:
When we share personal data
The company shares or discloses personal data when it is necessary to perform our Services or to conduct our business as described above. Sharing of information is carried out in accordance with applicable data privacy and security requirements. Below is a list of the parties that we may share personal data with and why:
Within Centigo Group: Centigo consists of various legal entities ("Centigo Group"). More detailed information can be found in the footer here: www.centigo.se. Our operations are supported by a variety of individuals who are part of the Centigo Group's team and functions. When needed, they are given access to such personal data that are necessary to perform our contracted Services, for account administration, sales and marketing, customer and technical support, and business development (however, this is not an exhaustive list). All of our employees are obliged to follow our data privacy and security policies when processing our stored personal data.
Our third-party providers: We collaborate with and are supported by our service providers around the United Kingdom and the European Economic Area ("EEA"). We provide personal data to these parties only if it is necessary to perform the services they provide to us, including (but not limited to) software, system and platform support; direct marketing services; recruitment services, cloud hosting services; advertising; data analytics; accounting; insurance, and the execution of orders and deliveries. Our third-party providers are not allowed to share or use the personal data provided to them for any other purpose than to perform the agreed services. HubSpot is one of our third-party providers and is used for customer relations and Workable is used for recruitment.
Where we store and process personal data
We store the information on cloud-based servers in the United Kingdom and the EEA. We collaborate with third parties, such as cloud-based services, to be able to meet the needs present in our business. We take necessary measures to ensure that our collected personal data are processed, protected, and transferred in accordance with applicable law. In certain cases, we may disclose or transfer your personal data within the Company or to a third party in areas outside your home country. However, we do not disclose or transfer personal data outside the United Kingdom or the EEA without your written consent or without taking appropriate security measures in accordance with applicable data protection legislation.
Personal data stored in Excel files may be exported and sent via email for internal use within the organisation in connection with the implementation of events.
How we protect personal data
We have taken necessary security measures to prevent your personal data from being lost, improperly used, or accessed, altered, or disclosed. In addition, we limit access to your personal data to only those employees, agents, contractors, and other third parties who have a business need for this information. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have developed processes to handle suspected personal data breaches and will notify you and the appropriate regulatory authorities when we are legally required to do so.
How long we keep personal data
We will retain your personal data only for as long as necessary to fulfill the purposes for which we collected the data, including to meet any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
We respect your right to access and control your personal data. We will respond to your requests for information and, where applicable, correct, amend, or delete your personal data upon your request. Below is an explanation of your rights:
Access to Personal Data: You have the right to request access to your personal data (also known as a data subject access request). You will then receive a copy of the personal data we process about you and verify that we are processing them in a legally correct manner. If you wish to access your personal data, it will be done in accordance with all applicable legal requirements and exceptions.
Objecting to Data Processing: When it is in our - or a third party's - legitimate interest to process your personal data, you have the option to object to this processing if you believe it impacts your fundamental rights and freedoms. You also have the right to object to data processing that occurs in connection with direct marketing. In certain cases, we may oppose an objection because we are compelled by mandatory regulations to process your personal data, which therefore overrides your rights and freedoms.
Request to Have Personal Data Deleted: You have the right to request that we delete or transfer your personal data when there is no longer a reason for us to continue processing them. You also have the right to request that we delete or transfer your personal data when you have successfully exercised your right to object as above, or when we have processed your personal data unlawfully, or if we are obligated to delete your personal data in accordance with applicable legislation. Please note that we cannot always comply with your request for deletion for specific legal reasons, which we will inform you about in such cases, and if possible, at the time of your request.
Right to Restriction of Data Processing: You have the right, in certain cases (see below), to demand that we limit our processing of your personal data:
(b) if our processing of personal data is against applicable law, but you do not want us to delete your personal data;
(c) if you request that we retain your personal data, despite us no longer needing them, because you need to establish, exercise, or defend legal claims; or
(d) if you have objected to our processing of your personal data, but we must first verify whether we have legitimate grounds for the processing or not.
Right to Data Portability: You have the right to request that we transfer your personal data to you or to a third party. We will provide, either to you or to the third party, your personal data in a structured, commonly used, machine-readable format. Note, however, that this only covers the processing of personal data that you initially consented to or when we have processed your personal data to fulfill a contract we have with you.
Right to Rectification: You have the right to request that we correct your personal data if it is incorrect, needs updating, or must be completed if it lacks relevant information.
Right to Withdraw Consent: In some cases, we may process your personal data with your consent. However, you can always withdraw your consent, either by contacting us through our website (see the “Contact Us” section) or by notifying us in writing, by email, or phone.
Receiving Marketing: You can unsubscribe from our marketing emails at any time. Contact us through our website under the “Contact Us” section.
Submit a Complaint: If you are not satisfied with how the Company handles your personal data, you have the opportunity to submit a complaint to the Swedish Authority for Privacy Protection (IMY): https://www.imy.se/privatperson/utfora-arenden/lamna-ett-klagomal/.
If you do not provide your personal data
In some cases, we collect personal data as required by applicable legislation, or in accordance with the terms of our agreement. If you do not provide these personal data, it may affect our ability to fulfill our part of the agreement, or to enter into an agreement (for example, to provide our Services), which is why we may need to terminate our agreement. However, we will inform you if this is the case.
We will process your personal data only for the purposes for which we have collected them, unless we consider that we need to process them for another purpose and that purpose is compatible with the original purpose. Please contact us if you would like information on how the new purpose is related to the original purpose. You can find our contact details on our website (see the "Contact Us" section).
However, if we need to process your personal data for an unrelated purpose, we will inform you of this and the legal grounds that allow us to make this change.
Please note that we may process your personal data without your knowledge or consent, in accordance with the above rules, when this is required or permitted by law.
This website links to third-party websites, plugins, and applications. By clicking on those links or enabling those connections, third parties may be allowed to collect or share your personal data. We do not control these third-party websites and are not responsible for their privacy statements. Therefore, we encourage you to review the privacy policies found on any other websites you visit as soon as you leave our website.
You can also write to us and send it to the following address:
Centigo, Sveavägen 17, 111 57 Stockholm.