Buyer: Consumer that has made a purchase or placed an order through the Website regarding the products sold on the Website.
Personal Data: Any information relating to an identified or identifiable natural person. It is considered as Personal Data if the information, individually or in combination with other information, can be associated with a natural person. Typical Personal Data is social security number, name and address.
Data Subject: The natural person, who can be identified directly or indirectly through the Personal Data.
Processing: A measure or combination of measures concerning Personal Data. E.g. collection, booking, registration, storage, organization, structuring etc.
3. PERSONAL DATA PROCESSING
What Personal Data that may be Processed
3.1. Rocket Discs Europe AB try to work primarily through the principle of data minimization regarding the storage of Personal Data, by only Processing Personal Data that is necessary, adequate and relevant for each individual purpose (according to the principle of purpose limitation and data minimization).
3.2. The most common Personal Data that Rocket Discs Europe AB Processes is: name, social security number, telephone number, address details, e-mail and Personal Data that is submitted to Rocket Discs Europe AB by other Personal Data Controllers.
How Rocket Discs Europe AB collects Personal Data
3.3. Rocket Discs Europe AB most usually receive Personal Data when entering into agreements with Buyers or when natural persons contact Rocket Discs Europe AB through email, telephone or through published contact forms on the Website.
3.4. Rocket Discs Europe AB may also access and receive Personal Data through information that:
- other Personal Data Controllers provide,
- can be retrieved from public registers,
- are received in connection with registration to Rocket Discs Europe AB's newsletter.
Lawful basis for the Processing of Personal Data
3.5. Personal Data Controllers may only collect Personal Data for specific, explicitly stated and legitimate purposes according to GDPR and the principle of purpose limitation. Each individual Processing of Personal Data requires a so-called Lawful basis (according the principle of lawfulness, fairness and transparency).
3.6. CONTRACT: The Lawful basis Rocket Discs Europe AB mainly bases the Processing of Personal Data on is “Contract”. This Lawful basis gives Rocket Discs Europe AB the right to Process Personal Data in order to fulfill its obligations under a contract with the Data Subject. For example, to handle shipment of a purchased product to a Buyer, Rocket Discs Europe AB has to Process the name and shipping address of the Buyer. Personal Data is processed primarily in order for Rocket Discs Europe AB to fulfill its Contract obligations and to enable contact with Buyers of the products sold by Rocket Discs Europe AB, suppliers, partners and other relevant subcontractors to Rocket Discs Europe AB. Personal Data is also processed in order to deliver ordered products.
3.7. CONSENT: A Lawful basis for Processing Personal Data also exists if the Data Subject has consented to the Personal Data Processing, through voluntary active approval to the Processing. This can be made for example by the Data Subject actively checking a box for approval of the Processing of Personal Data in connection with contacting Rocket Discs Europe AB through a contact form on the Website. The Data Subjects have the right to revoke a given consent at any time, and in such cases the Processing of the Personal Data shall cease. This applies only if that the Personal Data is no longer necessary for Rocket Discs Europe AB to Process in order to fulfill its obligations under a contract or other legal obligation as stated in the applicable legislation.
3.8. LEGAL OBLIGATION: Another Lawful basis for Processing Personal Data is “Legal obligation”. This Legal basis may be used by Rocket Discs Europe AB to fulfill its legal obligations, for example according to the Swedish Bookkeeping Act (1999:1078). In such cases only necessary Personal Data is Processed (according to the principle of data minimization). Personal Data that is part of the necessary accounting documentation is stored for as long as the law requires. Rocket Discs Europe AB also Processes Personal Data in order to manage the necessary administrative matters and fulfil legal obligations, for example legal obligations.
3.9. LEGITIMATE INTERESTS: Lawful basis for Processing Personal Data may in some cases be based on “Legitimate interests”. Rocket Discs Europe AB may for example Process Personal Data that appears in order confirmations, to market its services. However, sensitive Personal Data is never Processed on the Legal basis of Legitimate interests. Rocket Discs Europe AB also needs to Process Personal Data in order to offer a good service, for example in terms of marketing and monitoring of the Website. Rocket Discs Europe AB can also Process Personal Data to perform internal customer and market analyzes. The Data Subjects always have the right to object in writing if the Data Subject do not want Rocket Discs Europe AB to use their Personal Data for direct marketing.
3.10. Rocket Discs Europe AB always have the right to Process any necessary Personal Data in order to comply with applicable law, demand payment for a past due claim, report a debt or protect its rights and property and to prevent fraud and other crimes (Through the Legal basis of Legitimate interests).
Where Personal Data is stored
3.11. Rocket Discs Europe AB stores Personal Data within the EU (according to the principle of integrity and confidentiality). In cases where Personal Data is stored in a country outside of the EU, the storage location must comply with the provisions of the GDPR.
3.12. Rocket Discs Europe AB does not disclose Personal Data to third parties without the consent of the Data Subject or if it is not necessary for Rocket Discs Europe AB to fulfill its legal or contractual obligations.
3.13. Rocket Discs Europe AB employs sub-contractors as part of the delivery of its services and/or the products sold through the Website. Through such sub-contractors, certain Personal Data may be Processed on behalf of Rocket Discs Europe AB. This means that Rocket Discs Europe AB may disclose Personal Data to such sub-contractor, to fulfill its obligations under contracts, applicable legislation, legal obligations, to safeguard Rocket Discs Europe AB's legal interests or to detect and prevent technical or security issues with the Website. Examples of Rocket Discs Europe AB's sub-contractors are shipping company, bank, suppliers, distributors etc.
3.14. The Data Subjects are entitled to request a complete overview and more detailed information on which sub-contractors that are involved in the Processing of the Data Subjects Personal Data in order to enable the delivery of Rocket Discs Europe AB's services and/or products.
3.15. By entering into an agreement with the Rocket Discs Europe AB, the Data Subject accepts that the Rocket Discs Europe AB uses sub-contractors in the manner described above. The Rocket Discs Europe AB thus has the right to engage sub-contractors in fulfilling its obligations under law, contracts, these terms and in order for the services and/or products to be provided and improved.
How long the Personal Data is stored by
3.16. According to GDPR, Personal Data shall not be stored for longer than what is necessary to fulfill the purposes for which they were collected. Personal Data that can no longer be stored will be erased (deleted) (according to the principle of storage limitation). Data erasure occurs at least once per year from all places that Rocket Discs Europe AB's stores such data.
3.17. Rocket Discs Europe AB stores Personal Data as long as they are needed and necessary to fulfill the purposes for which the Personal Data was collected. The Personal Data may be stored for a longer period if it is necessary for Rocket Discs Europe AB to comply with applicable legislation.
4. THE DATA SUBJECTS RIGHTS
4.1. The Data Subjects have certain rights according to GDPR regarding the Processing of their Personal Data. The Data Subjects have the right to:
- access their personal data (register extract) and the right to receive confirmation of and information about the processing of the data subject's personal data.
- have incorrect personal data corrected.
- have personal data removed.
- demand that the processing of personal data be restricted.
- request that personal data be transferred from us to another company (data portability).
- object to the processing of personal data.
- submit complaints to the Swedish Data Protection Authority (DPA) which is the supervisory authority of Rocket Discs Europe AB, or other equivalent regulatory authority in the Data Subjects state.
- get information about any data breach and personal data incident concerning the data subject of the data subject.
4.2. The Data Subjects must contact the Rocket Discs Europe AB's contact person for personal data matters if they request any of the above. However, some of the rights apply only in certain situations and provided that the personal data are not necessary for the Agency to process.
5. SECURITY MEASURES
5.1. Rocket Discs Europe AB has established internal procedures to ensure a secure Personal Data Processing. Rocket Discs Europe AB applies various security measures focusing on the Privacy of the Data Subjects and the security measures protect against intrusion, destruction and other changes that may pose a risk to the integrity (according to the principle of privacy and confidentiality).
5.2. Rocket Discs Europe AB works according to the data protection principles (Article 5 GDPR) and ensures that all staff-members are aware of the principles, by having them documented in internal routines.
5.3. Rocket Discs Europe AB implement appropriate technical and organizational measures to protect Personal Data and to ensure that the Processing is made in accordance with GDPR. Rocket Discs Europe AB has taken several security measures to protect against abuse, loss and alteration of Processed Personal Data (according to the principle of integrity and confidentiality). Internal registers and systems are password protected, which also undergoes regular password changes, at least annually and when needed. There are also instructions for staff with access to Rocket Discs Europe AB's databases containing Personal Data, to protect the information.
6. PERSONAL DATA INCIDENTS AND COMPLAINTS
6.1. If a Data Subject has any complaints about Rocket Discs Europe AB's processing of Personal Data, the complaint can be made to Rocket Discs Europe AB's contact person for Personal Data matters or to the Swedish Data Protection Authority (DPA), which is the supervisory authority.
6.2. A data breach or other incident, which means that the control over Processed Personal Data is lost, is regarded as a Personal Data incident according to GDPR. All Personal Data incidents shall be reported, without delay, to Rocket Discs Europe AB's contact person for Personal Data matters. All such events will be documented internally and reported to the Swedish Data Protection Authority (DPA) within 72 hours.
Rocket Discs Europe AB's contact person for Personal Data matters:
Name: Robin Ekström.