1.1 In this policy document the following terms are used:
a) Personal data: Personal data is information relating to an identified or identifiable natural person, hereinafter referred to as the “data subject”. An identifiable natural person is one who can be identified directly or indirectly, in particular by reference to an identifier such as a name or identification number.
b) Data subject: Data subject is any identified or identifiable natural person whose personal data are processed by the controller responsible for the processing.
c) Processing: Processing is any operation that is performed on personal data such as, but not limited to, collection, recording, storage, adaptation or alteration.
d) Restriction of processing: Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.
e) Profiling: Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person.
f) Controller: Controller or controller responsible for the processing is the natural or legal person that determines the purposes and means of the processing of personal data.
g) Processor: Processor is a natural or legal person that processes personal data on behalf of the controller.
h) Recipient: Recipient is a natural or legal person to whom the personal data are disclosed.
i) Third party: Third party is a natural or legal person who under the direct authority of the controller or processor are authorised to process personal data.
j) Consent: Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
2. Name and Address of the Controller
2.1 Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:
593 21 Västervik, Sweden
Phone: + 46 490-199 99
3. Name and Address of the Data Protection Officer
3.1 The data protection officer (DPO) of the controller is:
593 21 Västervik, Sweden.
Phone: + 46 490-199 99
3.2 Each data subject may at any time contact our data protection officer directly with all questions and suggestions regarding data protection.
4.1 Carvia AB has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through its website. However, Internet-based data transmissions may in principle have security gaps, so absolute protection may not be guaranteed.
4.2 The use of the Internet pages of Carvia AB is possible without any indication of personal data. If a data subject wants to use special enterprise services via our website, processing of personal data may however become necessary. If the processing of personal data is necessary and there is no statutory basis for such processing, we generally obtain consent from the data subject.
4.3 The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation (GDPR).
5.2 A cookie ID is a unique identifier of the cookie. It consists of a character string through which Internet pages and servers can be assigned to the specific Internet browser in which the cookie was stored. This allows visited Internet sites and servers to differentiate the individual browser of the data subject from other Internet browsers that contain other cookies. A specific Internet browser can be recognized and identified using the unique cookie ID.
5.3 The data subject may, at any time, prevent the setting of cookies through our website by means of a corresponding setting of the Internet browser used, and may thus permanently deny the setting of cookies. Furthermore, already set cookies may be deleted at any time via an Internet browser or other software programs. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be entirely usable.
6. Collection of General Data and Information
6.1 The website collects a series of general data and information when a data subject or an automated system visit the website. This general data and information are stored in the log files of the server. Collected may be:
(1) the browser types and versions used,
(2) the operating system used by the accessing system,
(3) the date and time of access to the Internet site,
(4) an Internet protocol address (IP address),
(5) the Internet service provider of the accessing system and
(6) any other similar data and information.
6.2 The anonymous data of the server log files are stored separately from all personal data provided by a data subject.
7.1 The data subject has the possibility to register on the website of the controller with the provisions of personal data. The personal data entered by the data subject are collected and stored exclusively for internal use by the controller and for his own purposes. The registration of the data subject with the voluntary provision of personal data is intended to enable the controller to offer the person concerned contents or services that may only be offered to registered users due to the nature of the matter in question. Registered persons are free to change the personal data specified during the registration at any time, or to have them completely deleted from the data stock of the controller.
7.2 The controller may request the transfer to one or more processors, for example, a parcel service, who also uses the personal data for an internal use, which is attributable to the controller.
7.3 The controller shall at any time provide information on the request to each data subject as to what personal data are stored about the data subject. In addition, the data controller shall rectify or erase personal data on the request or at indication of the data subject, insofar as there are no statutory storage obligations.
8. Data Protection for Applications and Enquiries
8.1 The controller shall collect and process the personal data of applicants for the purpose of the processing of the application procedure. The processing may also be carried out electronically. This is the case, in particular, if an applicant submits corresponding application documents by e-mail or by means of a web form on the website to the controller. The controller may also accordingly collect and process personal data due to enquiries.
9. Subscription to our newsletters
9.1 On the website of the CARVIA AB users are given the opportunity to subscribe to our enterprise’s newsletter. The input mask used for this purpose determines what personal data are transmitted as well as when the newsletter is ordered from the controller. During the registration for the newsletter we store the IP address of the computer system assigned by the Internet service provider (ISP) and used by the data subject at the time of the registration as well as the date and time of the registration.
9.2 The personal data collected as part of a registration for the newsletter will only be used to send our newsletter. In addition subscribers to the newsletter may be informed by e-mail as long as this is necessary for the operation of the newsletter service or a registration. There will be no transfer of personal data collected by the newsletter service to third parties.
9.3 The data subject may terminate the subscription to our newsletter at any time.
10.1 The newsletter of the CARVIA AB contains so-called tracking pixels. A tracking pixel is a miniature graphic embedded in such e-mails, which are sent in HTML format to enable log file recording and analysis. This allows a statistical analysis of the success or failure of online marketing campaigns. Based on the embedded tracking pixel, the CARVIA AB may see if and when an e-mail was opened by a data subject, and which links in the e-mail were called up by data subjects.
11. Contact possibility via the website
11.1 The website of the CARVIA AB contains information that enables a quick electronic contact to our enterprise, as well as direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address). If a data subject contacts the controller by e-mail or via a contact form, the personal data transmitted by the data subject are automatically stored. Such personal data transmitted on a voluntary basis by a data subject to the data controller are stored for the purpose of processing or contacting the data subject. There is no transfer of this personal data to third parties.
12. Erasure or Restriction of Processing of Personal Data
12.1 The controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of the storage or as far as this is granted by the legislator or by other legislators in laws or regulations, to which the controller is subject to. If the storage purpose is not applicable, or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data are routinely blocked or erased in accordance with legal requirements.
13. Rights of the Data Subject
13.1 Right of confirmation: Each data subject shall have the right granted by the European legislator to obtain from the controller the confirmation as to whether or not personal data concerning him or her are being processed.
13.2 Right of access: Each data subject shall have the right granted by the European legislator to obtain from the controller free information about his or her personal data stored at any time and a copy of this information. Furthermore, the data subject shall have a right to obtain information as to whether personal data are transferred to a third country or to an international organisation. Where this is the case, the data subject shall have the right to be informed of the appropriate safeguards relating to the transfer.
13.3 Right to rectification: Each data subject shall have the right granted by the European legislator to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her.
13.4 Right to erasure: Each data subject shall have the right granted by the European legislator to obtain from the controller the erasure of personal data concerning him or her without undue delay.
13.5 Right of restriction of processing: Each data subject shall have the right granted by the European legislator to obtain from the controller restriction of processing when the accuracy of the personal data is contested by the data subject, the processing is unlawful and the data subject opposes the erasure of the personal data, the controller no longer needs the personal data for the purposes of the processing but they are required by the data subject for the establishment, exercise or defence of legal claims or the data subject has objected to processing pursuant to Article 21 (1) of the GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.
13.6 Right to data portability: Each data subject shall have the right granted by the European legislator, to receive the personal data concerning him or her, which was provided to a controller, in a structured, commonly used and machine-readable format. In order to assert the right to data portability, the data subject may at any time contact the data protection officer designated by the German Association for Data Protection or another employee.
13.7 Right to object: Each data subject shall have the right granted by the European legislator to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6 (1) of the GDPR. This also applies to profiling based on these provisions. If Carvia AB processes personal data for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing.
13.8 Automated individual decision-making: Each data subject shall have the right granted by the European legislator not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
13.9 Right to withdraw data protection consent: Each data subject shall have the right granted by the European legislator to withdraw his or her consent to processing of his or her personal data at any time.
13.10 If the data subject wishes to exercise any of the rights mentioned above he or she may at any time directly contact our data protection officer or another employee of the controller.
14. Data protection provisions about the application and use of Facebook, Google+, Instagram, YouTube and LinkedIn
14.1 On this website the controller has integrated components of the enterprises Facebook, Google+, Instagram, YouTube and LinkedIn, below the “Networks”.
14.2 If the data subject is logged in at the same time on any of the Networks they may detect with every call-up to our website by the data subject—and for the entire duration of their stay on our Internet site—which specific sub-site of our Internet page was visited by the data subject. This information is collected through the Networks component and associated with the respective account of the data subject. If the data subject clicks on one of the Networks buttons integrated into our website, e.g. the Facebook “Like” button, or if the data subject submits a comment, then the Networks matches this information with the personal user account of the data subject and store the personal data.
14.3 The Networks receive, through the Networks component, information about a visit to our website by the data subject, whenever the data subject is logged in at the same time on any of the Networks during the time of the call-up to our website. This occurs regardless of whether the data subject clicks on the Networks component or not. If such a transmission of information to the Networks is not desirable for the data subject, then he or she may prevent this by logging off from the Network account before a call-up to our website is made.
15. Use of Google Analytics
15.1 On the website the controller has integrated the component of Google Analytics. Google Analytics is a web analytics service. Web Analytics is the collection, gathering and analysis of data about the behaviour of visitors to websites. A Web analysis service collects, inter alia, data about from which website a person has come to another website, which sub-pages were visited or how often and for what duration a sub-page was viewed. Web Analytics are mainly used for the optimization of a website and in order to carry out a cost-benefit analysis of Internet advertising.
15.2 The purpose of the Google Analytics component is to analyze the traffic on our website. Google uses the collected data and information, inter alia, to evaluate the use of our website and to provide online reports, which show the activities on our websites, and to provide other services concerning the use of our Internet site for us.
16. Use of Google-AdWords
16.1 On the website the Controller has integrated Google AdWords. Google AdWords is a service for Internet advertising that allows the advertiser to place ads in Google search engine results and the Google advertising network. Google AdWords allows an advertiser to pre-define specific keywords with the help of which an ad on Google’s search results only then displayed, when the user utilizes the search engine to retrieve a keyword-relevant search result. In the Google Advertising Network, the ads are distributed on relevant web pages using an automatic algorithm, taking into account the previously defined keywords.