Cadcraft GDPR Policy
At Cadcraft, we collect and use some of your personal data. In this policy we explain how and why we collect, store, process and share your personal data. In this policy we also inform you of your rights in relation to the personal data which is collected or given to us from you.
Our use of personal data is regulated by the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, also known as the General Data Protection Regulation (hereinafter referred to as “GDPR”).
2. Our Use of Your Personal Data
The Services are provided by Cadcraft AB, 556703-7113, [address], Sweden (hereinafter the “Provider”). The Provider is the “data controller” of any personal data Cadcraft may collect, process and hold about you, unless we inform you otherwise.
In order to provide the Cadcraft-services, we collect, use and share your personal data. Some of our use can be regulated by you in your chosen privacy settings in your browser.
2.1. What Personal Data Do We Process?
We will process personal data about you and, if applicable, your physical representatives such as:
- personal name, personal ID-number, user name, passwords, email address, telephone number, technical data and metadata relating to any other personal data that You or the physical representative provide us with;
- voice recordings, or chat conversations;
- data related to your orders and other information connected therewith; and
- data sent by your device, device data such as date/time, authentication state and error.
2.2. Why and for How Long Do We Process Data?
We process personal data for the following purposes:
- to provide and administer Your account and the Services and to otherwise fulfil the Agreement with You;
- to personalize and improve Your experience with the Services and to send You alerts or messages by e-mail or otherwise, including promotional alerts and messages;
- to enable your participation in interactive features of our Services;
- to inform You via e-mail or otherwise about updates of the Services, including updates of the Agreement;
- to provide customer care and support;
- development, analysis and research to improve the Services;
- to monitor and prevent use of the Services in breach of the Agreement;
- to detect, prevent and address technical issues;
- to fulfil requirements by law, and
- to provide You with marketing of products and Services.
We will keep your personal data for as long as required by law or, if applicable, for the period of time we need it for the purpose it is being processed for. After that time has passed, your personal data will be deleted or anonymized.
2.3. Legal Grounds for Processing Personal Data
Our processing is lawful due to the following legal grounds, which are each applicable either on its own, or together with other grounds:
- When processing is necessary for ours and your performance of the agreement;
- For compliance with our legal obligations;
- When found necessary in order to protect the vital interests of you or another natural person;
- When found necessary for the purpose of our or a third-party legitimate interest; or
- Your given consent to our processing for the above-mentioned purposes (section 2.2), where the Provider does not rely on another legal ground.
2.4. With Who and Where Do We Share Your Personal Data?
We share your personal data internally and with selected third-parties, for example service providers, sub-contractors and other third-parties as well as in case of business transfers or legal disclosure.
We may need to transfer your personal data to countries outside the European Economic Area (EEA). The EEA consists of countries in the European Union, Switzerland, Iceland, Liechtenstein and Norway: they are considered to have equivalent laws when it comes to data protection and privacy. This kind of data transfer may happen if our servers (i.e. where we store data) or our suppliers and service providers are based outside the EEA, or if you use our services and products while visiting countries outside this area.
Currently, we share data with:
- Service providers (such as providers of technical infrastructure, analyzing tools, customer services, surveys or financial assistance); and
- Law enforcement or due to legal requests
3. Security of Your Personal Data
We continuously review and improve our measures of protection for your personal data from unauthorized access, accidental loss, disclosure or destruction.
At Cadcraft, only authorized personnel who requires access to you personal data may use your personal data. We use encryption and are keeping track of recommended security measures with regard to our specific environment and are regularly reviewing our environment to make sure it is up to date with the latest version and patches.
If we transfer personal data to a country outside of the EEA, we will make sure that your information is properly protected. We will always ensure that there is a proper legal agreement that covers the data transfer. In addition, if the country is not considered to have laws that are equivalent to EU data protection standards then we will ask the third party to enter into a legal agreement that reflects those standards. If applicable, we utilize the standard contractual clauses approved by the European Commission and further rely on the European Commission’s recommendations on required measurements for transfer of personal data to certain countries outside the EEA.
We would like to inform you that, communications over the internet (such as e-mails) aren’t secure unless they’ve been encrypted. Your communications may go through a number of countries before being delivered, as this is the nature of the internet.
We would also like to inform you that no method of transmission of data over the Internet, or method of electronic storage is 100 % secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee absolute security.
4. Changing Your Preferences
We want you to be in charge of your personal data and strive to make that possible.
Through the Profile Settings in your account at Cadcraft, you have the ability to […].
If you delete your account, we remove your personal data unless, it is required by any legal grounds mentioned above in section 2.3, and you won’t be able to recover that information at a later time.
5. Children’s Privacy
Our Services does not address anyone under the age of 13 and we do not knowingly collect and/or use Personal Data which relates to children under the age of 13. If it comes to our knowledge, we will take action and remove this data.
6. Your Rights Under GDPR
Under GDPR, you are entitled to:
- have your data processed in a fair, lawful and transparent way;
- access personal data we hold about you;
- require us to correct any mistakes in your personal data;
- require us to delete personal data concerning you in certain situations where we have no lawful ground for us to continue to process it;
- request that we transfer your personal data to you or another service provider in a simple, structured format;
- object at any time to processing of your personal data for direct marketing purposes;
- object to automated decision making which produces legal effects concerning you or similarly significantly affects you;
- object in certain other situations to our continued processing of your personal data; and
- otherwise restrict or temporarily stop our processing of your personal data in certain circumstances.
You are entitled to, once a year, upon a written and signed request receive a copy of your personal data we process.
504 62 Borås
If you are unhappy with our services, and we were unable to help you, you can lodge a complaint at the Swedish Data Protection Authority, which is the Swedish data protection regulator. Their details can be found at https://www.datainspektionen.se, or contact them via e-mail at email@example.com or via mail at Datainspektionen, Box 8114, SE-104 20 Stockholm, Sweden.