In this notice we describe how we collect, process, and share personal data. We also provide information about the rights of data subjects in relation to us as controller as well as our contact details.
We collect the personal data provided directly by you to us on our website, by your acceptance of cookies or by e-mail. We may also supplement the personal data provided by obtaining information from private and public records and sources.
The personal data we process may consist of contact details (e.g. name, title, work address, telephone number, and e-mail address), tracking cookie data (user activity details). In relation to our events, we may collect and process personal data in the form of photos or video recordings. Prior to and during an event, we may also process sensitive personal data (special categories of personal data) regarding food allergies or special food requests if such information has been provided by you.
Where free text fields are available, including e-mails, additional personal data may be processed, if you have provided personal data in them.
We process the personal data provided so we can fulfil our obligations and commitments for administration, documentation, and communication purposes. We may also use personal data as a basis for our market and customer analyses, as well as for statistical purposes. In some cases, we may also want to use the personal data for marketing purposes, providing information about Centiro’s products and services, or to inform you about prior and future Centiro news and events.
Accepted cookies are used to collect information about how you interact with us and allow us to remember you. We use this information to improve and customize your browsing experience and for analytics and metrics about our visitors both on our website and other media. Via the cookies, the data will be processed without linking to you as a person, until you have submitted your contact details. As a registered contact your cookie data may be mapped, combined and associated with your other personal data for the purposes defined in this privacy notice.
Special categories of personal data (special food or allergies) will only be processed, subject to your consent, for administration of the event for which the information has been collected.
Our processing of personal data is normally based on a balancing of interests. This entails that we consider it necessary to process the personal data for the purposes of administrating an event, request, communication, or application and that these outweigh any opposing interests or fundamental rights and freedoms.
When we process personal data to analyze and develop our business, processing is based on our legitimate interest in improving our business and for communication.
When personal data is processed for marketing purposes, it will be based on balancing of interests or, where applicable, on your prior consent. In either case, you will always have the right to opt out either by withdrawing your consent or by using the opt-out link provided in the marketing e-mail, as applicable.
Processing of non-essential cookie data is based on your consent.
Special categories of personal data (special food or allergies) will be processed based on your consent, given by you when providing the information to us in relation to a particular event, if applicable. You are never required to provide us with information on special categories of data and you are most welcome to attend any event without providing such information. In such case, we may however not be able to ensure that we can fulfil your requests or avoid any allergies in foods or drinks which may be served in relation to the event.
We employ appropriate technical and organizational security measures to help protect the personal data we process from loss and to guard against access from unauthorized persons, for example.
Transfers of data outside the EU/EEA are made in line with applicable data protection laws and for the purposes specified above. When personal data is processed by Centiro’s international affiliates, the data may be accessed from countries outside the EU/EEA. Transfers of this type are based on the EU Commission’s standard contractual clauses, EU-US Data Privacy Framework and European Commission’s Adequacy Decision, as applicable.
Centiro will not disclose personal data to anyone outside Centiro and its affiliates, except where
(i) it has been agreed between us and the person whose personal data we process;
(ii) if we engage an external service provider or business partner who performs services on our behalf. Such service providers and business partners may only process personal data in accordance with our instructions and may not use personal data for their own purposes; or
(iii) we may be required to disclose your personal information in response to valid requests by public authorities, including to meet national security or law enforcement requirements.
We do not save the personal data longer than necessary given the purpose of the processing, unless otherwise required or permitted by law.
Personal data provided by you on our website will be processed before and during performance of the service, event, commitment, or request and is subsequently keep for a period necessary for the purpose of processing, as otherwise separately agreed or informed, or for a longer period as required by the nature of the assignment or commitment. Photo and video recordings will be kept for as long as relevant for the purposes set out above or as agreed or informed in relation to the specific event, unless otherwise separately agreed or informed in relation to the applicable event.
Functional, necessary cookies will be kept for a maximum lifetime of two years. Non-essential cookies, processed subject to your consent, will be kept for a maximum lifetime of thirteen months.
Special categories of personal data (information on special food or allergies) will be deleted immediately after the event.
Centiro Solutions AB, Reg. No. 556396-8063, at the registered address Vevgatan 6, 504 64 Borås, Sweden, is the controller of the personal data processing as described above. This means that we are responsible for ensuring that the personal data is processed correctly and in accordance with applicable data protection laws.
Data subjects have the right to know what personal data we process about them. A data subject also has the right to request that we rectify or erase inaccurate or incomplete personal data about them (e.g. if the personal data is no longer needed for the purpose or if the consent is withdrawn). Data subjects are also entitled to object to specific processing of personal data and request that processing of personal data be restricted. Finally, data subjects have the right to receive personal data provided by themselves in machine-readable format and have the data transferred to another party responsible for data processing. Please be informed that restriction or erasure of personal data may mean that we are unable to meet our commitments.
Where the processing is based on your consent you always have the right to withdraw your consent at any time by sending a request to Centiro’s Data Protection Officer (see contact details below). Anyone who is dissatisfied with how we process their personal data is entitled to report this to the Swedish Authority for Privacy Protection (Sw. Integritetsskyddsmyndigheten), which is the supervisory authority for our processing of personal data. The individual has the possibility under certain conditions to invoke binding arbitration.
If you have any questions or complaints about how we process your personal data or wish to exercise any of your rights set out above, you are welcome to contact us by e-mail at firstname.lastname@example.org or by regular mail to the address below.
Centiro has appointed a Data Protection Officer (DPO) who you can contact in relation to any questions or requests you may have.
Transfers of data outside the EU/EEA, for example to Centiro affiliates, are made in accordance with applicable data protection laws and for the purposes specified above. Transfers of this type are based on the EU Commission’s standard contractual clauses, EU-US Data Privacy Framework and European Commission’s Adequacy Decision, as applicable.