Privacy Policy

Systecon Group AB, 556710-8492 and WPI Services, LLC, D/B/A Systecon North America ("Systecon" in any form or "we", “us”, or “our”) respect your privacy. This Privacy Notice (“Privacy Notice”) will provide you with information regarding how Systecon collects, uses, and discloses personal data about you, including the choices we offer with respect to that data. The purpose of this Privacy Notice is to inform you about the types of personal data that we may collect and process when you visit any of our websites (the “Website(s)”) or transact with us.

European and California Privacy Policies: Residents of California, the EU/EEA, UK, and Switzerland have certain privacy rights detailed in our California Privacy Notice and our European Privacy Notice. To the extent there is a conflict between this Privacy Notice and the California Privacy Notice or European Privacy Notice, the California Privacy Notice or European Privacy Notice will control, to the extent applicable.

For residents in the EU/EEA, UK, and Switzerland, your rights and entitlements under the GDPR and similar laws take precedence in case of conflict. Additional information and rights for residents of the EU/EEA, UK, and Switzerland are detailed in Section 10.

Applicability

This Privacy Notice applies to personal data collected through our Websites, emails, and when you interact with Systecon to enable us to provide services to your company or employer (collectively, the “Service” or our “Services”). It also applies to personal data we may otherwise collect: (i) when you access or browse our Websites or submit a request via our Contact Us form; and (ii) when you interact with us by means other than the Website, for example, by email or telephone. We encourage you to read this Privacy Notice in full before using the Websites and any other Service that posts a link to this Privacy Notice, opening our emails, or otherwise submitting your personal data to us. By visiting or otherwise using our Services, you acknowledge having read this Privacy Notice.

Data We May Collect

Systecon and its Vendors (defined below) may collect certain personal data from you when you visit our Website or otherwise interact with us. For example, we collect personal data from you when you purchase products from us, create an account on SysteconGroup.com, reach out to us via our Contact Us form, organize events, or sign up for promotional emails. Information that we collect via our Services includes:

Identifiers and Contact Information, including your name, email address, phone number, and Internet Protocol (“IP”) address.
Contact Information, including your email address, phone number, mailing address, and email address.
Commercial Information, such as products or services considered and communications preferences.
Service Usage Data, including information collected by Tracking Technologies (defined below), such as:
- your device functionality (browser, operating system, hardware, or mobile network information);
- the URL that referred you to our Service;
- how you interact with the Service, including the areas within our Service that you visit and your activities there (including emails we send, such as whether you open or click on links within them), and the products you search for; and
- your device characteristics.
Professional and Employment Information, such as if you are a representative one of our business customers (our “Customers”), if you contact us via the Service in your capacity as an employee of one of our Customers, attend an event that we host, or if you submit an application via our Career Opportunities page or job board.
Event Participation Details, including attendance preferences (e.g., which day(s) you will attend), meeting requests with Systecon, and any topics you would like us to cover during the meeting.
Dietary, Food Allergy, or Accessibility Accommodation Information, to enable us to make appropriate arrangements for event catering.
For residents in the EEA, UK and Switzerland: Information relating to dietary, food allergy, or accessibility accommodations may constitute "special category personal data" under applicable law (e.g. article 9 of the GDPR), and as such, will only be processed with your explicit consent and only for the purposes communicated to you before collected.
Photos and Video Recordings Taken of You at an Event, to promote our business, including for marketing purposes (e.g., in our social media channels).
Inferences, including information derived from other information that we have collected. For example, we may make inferences about you based on your Website browsing history or other information about you in order to tailor and enhance our Services.

Personal Data Collection

Below are some examples of how we may collect your personal data and the sources of your personal data.

Data That You Provide

We collect personal data from you when you browse or submit information through the Service, such as when you submit a request through our Contact Us form, sign up for an account, attend an event organized or otherwise supported by us, or transact with us. In some instances, our agents, service providers, and vendors (“Vendors”) may collect your personal data on our behalf.

If you attend an event organized or otherwise supported by us, we may process your personal data, including personal data relating to specific dietary requirements and access assistance, in connection with the event.

We may deidentify (i.e., remove personally identifiable elements or extract non-personally identifiable elements) and/or aggregate data from the personal data you provide. Data that is deidentified or aggregated data may not be personal data under applicable laws, and we may collect, use, and disclose such data without limitation except as restricted by applicable laws. Systecon will make no attempt to reidentify deidentified information once identifying information has been removed.

Data Collected Automatically

We use technologies on our website that are intended to facilitate the use of the website and make it more user-friendly and to provide various functionalities. Such technologies include, for example, cookies, pixels and embedded scripts (“Tracking Technologies”). Please see our Cookie Notice for further details on what cookies and similar technologies we use on our websites.

These Tracking Technologies may result in the processing of online identifiers and usage information, such as IP address, cookie identifiers, device and browser information, and interactions with our pages. We process this information to operate the site, measure audience and performance, and, where permitted, to support marketing and advertising.

Some information about your use of the Service and certain other online services may be collected using Tracking Technologies across time and services and used by Systecon and third parties (“Third-Party Digital Businesses”) for purposes such as to associate different devices you use with you and deliver relevant ads and/or other content to you on the Service and certain other online services.

Your browser settings may allow you to automatically transmit a “Do Not Track” signal to online services you visit. Note, however, there is no consensus among industry participants as to what “Do Not Track” means in this context. We currently do not alter our practices when we receive a “Do Not Track” signal from a visitor’s browser. To learn more about “Do Not Track,” you can visit http://www.allaboutdnt.com, but Systecon is not responsible for the completeness or accuracy of this third-party information.

We may also use Google Analytics and Ad Services. To learn more about the data Google collects and how your data is used by it and to opt out of certain Google browser interest-based advertising, please visit here. You may exercise choices regarding the use of cookies from Google Analytics here or by downloading the Google Analytics Opt-out Browser Add-on.

In addition, we may serve ads on other online services that are targeted to reach people on other services that are also identified on one of more of our data bases. This is done by using Tracking Technologies or by matching common factors between our databases and the databases of the other online services. We are not responsible for the privacy practices of these Third-Party Services and encourage you to review their privacy policies.

For residents in the EEA, UK and Switzerland, we will not set non-essential cookies and similar technologies (including those used for analytics and advertising) unless and until you provide consent through our cookie banner on the applicable Website. For further information on how your consent choices work and how to modify them, see our Cookie Notice.

From Our Affiliates and Related Entities

We may receive personal data from our affiliates and related entities that are part of the Systecon family of companies.

From Others

We may receive information about you from Third-Party Digital Businesses (including social media platforms). We may also, from time to time, supplement the information we collect with information from third parties.

If you are a visitor to or interact with our pages or accounts on social media platforms (e.g. Facebook, Instagram, LinkedIn), we may receive certain information regarding those interactions. If you interact with a Systecon social media page or account, and potentially other Third-Party Services, information you post or provide access to may be publicly displayed on the Service or by the Third-Party Service that you use. Similarly, if you post information on a Third-Party Service that references Systecon (e.g., by using a hashtag associated with Systecon in a status update), we may use your post on or in connection with the Service or otherwise. Also, both Systecon and the Third-Party Service may have access to certain information about you and your use of the Service and that Third-Party Service.

Please note that social media platforms are owned by social media providers or other companies unrelated to Systecon. We are not responsible for the social media platforms and any information that you may choose to share on our social media pages may also be used by the platform for their own independent purposes, which are not covered by this Privacy Notice. Please read the platform providers’ privacy statements for further information on how they may use your personal data.

How We Process Your Personal Data

For residents in the EEA, UK, and Switzerland, the legal basis for each category of processing is detailed in Section 10.2 of this Privacy Notice.

Generally, we process your personal data to provide you our Services you request, personalize our offerings and Services, provide marketing, and to otherwise support our business. The purposes for which we process your personal data include:

To provide our Services, including to provide you with information, or to process transactions that you have requested, to process your account registration for the Service, and to facilitate a purchase, including facilitating payment for your purchase.
To operate our business including, but not limited to, maintaining business records and complying with legal obligations, including as part of our general business operations, for other business administration purposes, or as otherwise required or compelled by law.
To provide customer service and communications, including responding to any questions, comments, or requests that you have for us, sending you communications and notifications about your use of the Service or your other interactions with us, and notifying you of changes to the Service and/or the Service’s policies or other aspects of our business operations.
To administer your account.
To organize and host events, such as conferences and meetings.
For research, development, and analytics, including to better understand how users access and use the Service, both on an aggregated and individualized basis, in order to improve our Service and respond to user desires and preferences, and for other research, development, and analytical purposes relating to the Service and the operation of our business.
For promotions and marketing that you sign up for (which may include co-promotions with third parties), and to provide you with special offers or promotional materials on behalf of us or third parties, such as through promotions.
To customize your experience, offers, and content.
For security and safety purposes, including to detect and respond to threats to the Service.
To prevent, detect, investigate, and mitigate illegal activities, fraud, injury, or violation of our policies, such as where we believe we need to do so, to investigate, prevent or take action if we think someone might be using our Services for illegal activities, fraud, or in ways that may threaten someone’s safety or violate this Privacy Notice.
For purposes disclosed at the time you provide your personal data.
For our legitimate business purposes that are compatible with the purpose for which we collected your personal data that are not prohibited by applicable law.

Personal Data Disclosures

We disclose or otherwise make available personal data as described in this Privacy Notice as follows:

Affiliated and Related Entities. We may disclose personal data to certain of our affiliated and related entities who may use personal data as described in this Privacy Notice.
Vendors. We may provide or otherwise make available personal data to Vendors who assist us with carrying out the purposes described above in the How We Process Your Personal Data section and otherwise in this Privacy Notice. Such vendors include cloud storage vendors, IT service providers, and customer relationship management companies, among others.
Professional Advisors. We may disclose your personal data to professional advisors to obtain guidance on legal and business obligations and related matters.
Marketing Agencies. We may disclose your personal data to marketing agencies to promote our business, as permitted by applicable law, and with your consent, to the extent required by law.
Third-Party Services. Third-Party Services may collect your personal data independently via the Service, or we may directly provide them with personal data that we have collected on the Service, including in relation to Website analytics. The data practices of these third parties are subject to their own privacy policies and terms.
Third-Party Promotional Partners. Where we have the legal right, we may disclose or otherwise make your personal data available to promotional partners or other third parties for a business purpose that we have approved. When we disclose personal data in these contexts, we comply with applicable legal requirements, which may include acting at your direction or providing opt-out or other rights with respect to the shared data. The data practices of these third parties are subject to their own privacy policies and terms.
With Notice and Your Consent. We may disclose your personal data to third parties with notice to you, as directed by you, or, where legally required, upon your consent or authorization.
For Safety, Security, Legal, and Similar or Related Reasons. We may disclose your personal data to other persons, organizations, or governmental authorities if we believe in good faith that doing so is necessary or appropriate: (i) to protect or defend the rights, safety, or property of Systecon, its affiliated or related entities, or third parties; (ii) to investigate, prevent, or take action regarding illegal activities, or suspected fraud; (iii) to enforce, investigate, or take action regarding violations of this Privacy Notice and other applicable agreements and policies; (iv) in litigation or other proceedings in which we, our affiliated or related entities may be involved; and (v) to comply with legal and regulatory obligations and, to the extent not prohibited by applicable law, requests from law enforcement and other public authorities.
Corporate Transactions. We may disclose and transfer your personal data: (i) to a subsequent owner, co-owner, or operator of the Service or applicable database; or (ii) in connection with a merger, consolidation, restructuring, the sale of substantially all of our interests and/or assets or other corporate change, or a financing, and during the course of any due diligence process.

For residents in the EU/EEA, UK, and Switzerland: Where we transfer your personal data outside the EU/EEA, UK, or Switzerland (for example, to our affiliated group companies, vendors, or third parties in the United States), we will ensure that appropriate safeguards are in place to protect your data in accordance with applicable law. Further, we will only share your data for marketing with your explicit consent.

Communication Choices

You may opt out of receiving certain promotional communications (emails) from Systecon at any time by following the instructions provided in emails to click on the “unsubscribe” link in the marketing email you receive. Please note that your opt-out is limited to the email address used and will not affect subsequent subscriptions. If you opt-out of only certain communications, other communications may continue. Even if you opt out of receiving promotional communications, Systecon may, subject to applicable law, continue to send you non-promotional communications, such as communications about your account, transactions, or our ongoing business relationship with you.

For residents in the EU/EEA, UK, and Switzerland; we will only send you promotional communications via email with your prior consent. You may withdraw your consent at any time by following the “unsubscribe” or similar instructions in any marketing communication you receive, or by contacting us at dataskydd@systecon.se.

Security

The security of your personal data is of the utmost importance to Systecon. We take commercially reasonable measures to protect your personal data from loss, theft, misuse, unauthorized access, disclosure, alteration and destruction. Unfortunately, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure. Therefore, despite our efforts, we cannot guarantee the absolute security of those systems. We do not warrant or represent that personal data about you will be protected against, loss, misuse, or alteration by third parties.

For residents in the EU/EEA; we apply appropriate technical and organizational measures to secure personal data. In the event of a data breach affecting EU/EEA residents' personal data, we will notify the relevant supervisory authority and affected individuals, where required, in accordance with legal requirements.

Data Retention

To the extent permitted by applicable law, we may retain information for as long as is reasonably necessary to provide the Services or as needed for other lawful purposes. We may retain cached or archived copies of personal data deleted from active systems until such data is overwritten. We may retain anonymized, pseudonymized or aggregated data indefinitely, to the extent permitted under applicable law. We may be required to retain some data for a longer period of time because of various laws and regulations or because of contractual obligations. We also will retain information as long as reasonably necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

European Privacy Notice

If you are a resident of the European Economic Area (“EEA”), Switzerland, or the United Kingdom (“UK”), you are entitled to certain disclosures and afforded certain rights regarding your personal data. This section provides such disclosures, describes the rights provided under applicable law, and prevails over preceding sections for EU/EEA residents if there is a conflict.

For purposes of this Section, "Applicable Data Protection Laws" means all legislation and regulations, including regulations issued by competent legislative bodies and relevant supervisory authorities, protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data that from time to time applies to this Privacy Notice, including the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the "GDPR") as well as laws and regulations supplementing the GDPR.

Unless otherwise stated, terms defined in the GDPR, such as "personal data" and "processing", shall have the same meaning in this Privacy Notice.

Accordingly, "personal data" means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

The term "processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Collection, Processing, and Disclosure of Your Personal Data

Systecon Group AB is the controller of your personal data for purposes of EEA, UK, and Swiss law. We may collect, process, and disclose your personal data as described in Sections 1-9 above.

Legal Basis for Processing

The lawful basis for Systecon’s processing of your personal data depends on the purposes of the processing. Below we describe Systecon’s legal bases for our processing activities.

Category of Processing Activity	Processing Activity	Legal Basis / Retention period / Recipients
Developing and managing our relationships with our customers.	(1) We process personal data to fulfill our contractual obligations to our customers, so that we can deliver the Services and/or carry out the transactions requested by the customer.	To fulfill our contract with our Customer. Our legitimate interest in fulfilling our business relationship and obligations, and maintaining our relationships with our Customers. Retention Period: As long as is required under the relevant legal obligation. For Sweden: 10 years after the product/service was delivered Recipients of personal data: IT and hosting suppliers
	(2) We process personal data to perform activities with your consent. Subject to your consent, we process personal data so that we may provide you information about our products, services, transactions, and advertisements that may be of interest to you.	Consent. Our legitimate interest in promoting our Services and increasing our sales. Retention Period: As long as is required under the relevant legal obligation. For Sweden: 10 years after the product/service was delivered Recipients of personal data: IT and hosting suppliers
	(3) We process personal data to provide a consistent and tailored experience in your interactions with us based upon how you use and interact with the Service, our products, and other services.	Our legitimate interest in designing our Services in a manner aligned with your preferences to maximize our efficiency and profitability. Retention Period: As long as is required under the relevant legal obligation. For Sweden: 10 years after the product/service was delivered Recipients of personal data: IT and hosting suppliers
Communicate with you.	(4) We process personal data to communicate with customers about Systecon products, services, and promotional activities that may be of interest to our Customers, subject to their consent.	Data subject consent. Our legitimate interest in promoting our brand and increasing our profitability. Retention Period: As long as is required under the relevant legal obligation. For Sweden: 3 years after the product/service was delivered Recipients of personal data: IT suppliers and marketing agencies
	(5) We process personal data to communicate with you about relevant Systecon products, services, and transactions, including, for example, pricing information, technical data, invoicing, or information about product or service improvements.	To fulfill our contract with our Customer. Our legitimate interest in fulfilling our business relationship and obligations, and maintaining our relationships with our Customers. Retention Period: As long as is required under the relevant legal obligation. For Sweden: 3 years after the product/service was delivered Recipients of personal data: IT suppliers
	(6) We process personal data when we respond to questions or inquiries submitted by you or our Customer’s representative, including customer service requests.	To fulfill our contract with our Customer. Our legitimate interest in fulfilling our business relationship and obligations and maintaining our relationships with our Customers. Retention Period: As long as is required under the relevant legal obligation. For Sweden: 3 years after the product/service was delivered Recipients of personal data: IT suppliers
Providing and improving our Website, products, and services.	(7) We process personal data to customize the Service to your preferences or interests, and to make the Service more accessible to you.	Our legitimate interest in designing our products and services to align with your preferences, enhance your experience, and increase our profitability. Retention Period: As long as is required under the relevant legal obligation. For Sweden: As per cookie notice Recipients of personal data: IT suppliers
	(8) We process personal data to maintain the security of our Service.	Our legitimate interest in protecting our Customers, our business, and others against fraud and any other illicit activities. Retention Period: As long as is required under the relevant legal obligation. For Sweden: As required for security; up to 10 years when linked to legal claims Recipients of personal data: IT suppliers
	(9) We process personal data to help us develop new Systecon websites, products, and services.	Our legitimate interest in designing new products and services aligned with your preferences to increase our sales. Retention Period: As long as is required under the relevant legal obligation. For Sweden: As required for research/development purposes Recipients of personal data: IT suppliers
Address legal issues.	(10) We process personal data to comply with our legal obligations to retain certain business records for minimum retention periods.	To comply with our legal obligations. Retention Period: As long as is required under the relevant legal obligation. For Sweden: 7 years under Swedish bookkeeping laws Recipients of personal data: Authorities, advisors
	(11) We process personal data to establish and exercise our legal claims and to defend against legal claims.	Our legitimate interest in protecting the commercial and economic interests of our business. Retention Period: As long as is required under the relevant legal obligation. For Sweden: Up to 10 years (Swedish statute of limitations) Recipients of personal data: Advisors, authorities, courts
	(12) We process personal data to comply with our legal and regulatory obligations, court orders, and other legal process.	To comply with our legal obligations. Retention Period: As long as is required under the relevant legal obligation. For Sweden: Up to 10 years (linked to legal defense) Recipients of personal data: Authorities, advisors, fraud-prevention partners
	(13) We process personal data to detect, prevent, and respond to fraud, intellectual property infringement, violation(s) of our contracts or agreements, violation(s) of law, or other misuse of the Service and products.	Our legitimate interest in protecting our Customers, business, and other stakeholders from fraud and other illicit activities. Retention Period: As long as is required under the relevant legal obligation. For Sweden: Up to 10 years Recipients of personal data: Authorities, advisors
	(14) We process personal data to protect Systecon’s rights and property, and the health, safety, welfare, rights, or property of our Customers and others.	Our legitimate interest in protecting our Customers, business, and stakeholders against fraud and other illicit activities. Retention Period: As long as is required under the relevant legal obligation. For Sweden: 10 years Recipients of personal data: internal security, compliance, IT, and legal teams; external service providers supporting fraud prevention, security monitoring, or incident investigation; law enforcement, regulators
Other	(15) We process personal data to anonymize and aggregate information we have collected to use it for any purpose, including for research and product development purposes.	Our legitimate interest in designing new products and services that are aligned with your preferences to increase our profitability. Retention Period: As long as is required under the relevant legal obligation. For Sweden: Not applicable (data anonymized) Recipients of personal data: None (anonymous data only)
	(16) We process personal data when we disclose personal data to other Systecon entities and Vendors, subject to your consent to the extent required by law.	Our legitimate interest in designing new products and services that are aligned with our Customers’ preferences to increase our profitability. Retention Period: As long as is required under the relevant legal obligation. For Sweden: Up to 10 years Recipients of personal data: Third-party service providers (processors & partners)
	(17) We process personal data when we disclose personal data to third parties who partner with us to provide products and services to our Customers.	To fulfill our contract with our Customer. Our legitimate interest in fulfilling our business relationship and obligations and maintaining our relationships with Customers. Retention Period: As long as is required under the relevant legal obligation. For Sweden: Up to 10 years Recipients of personal data: Third-party service providers (processors & partners)
	(18) We process your personal data to organize and register you for events we host, and to communicate with you regarding such events.	Retention Period: As long as is required under the relevant legal obligation. For Sweden: 6 months after the event Recipients of personal data: Event management agencies, IT suppliers, catering suppliers
	(19) To prepare for events that we organize, we may process dietary preference information to provide appropriate options for your meals at conferences.	Our legitimate interest in hosting and participating in industry events. To the extent such information regarding dietary preferences reveals EU special categories information, we will process dietary preference information with your consent. Retention Period: As long as is required under the relevant legal obligation. For Sweden: Until the event is completed. Recipients of personal data: Event organizers and internal staff responsible for planning and hosting the event; catering providers, conference venues, and other vendors
	(20) We process personal data when we disclose personal data to third parties in connection with the sale, purchase, merger, reorganization, liquidation, or dissolution of the Company, or under similar circumstances.	Our legitimate interest in organizing our business according to our commercial and economic interests. Retention Period: As long as is required under the relevant legal obligation. For Sweden: Until the transaction/change is completed Recipients of personal data: Buyers, external advisors, involved parties, group companies

Transfers of personal data outside of the EU/EEA

In case we transfer your personal data to a recipient in a country outside of the EU/EEA, such as to the United States (“third country”), such transfer will only take place where an adequate level of protection is ensured in accordance with a decision by the EU Commission. Alternatively, we will ensure that appropriate safeguards have been implemented (such as those provided for in the EU Commission's standard contract clauses). Where deemed necessary, such appropriate safeguards will be complemented by supplementary measures for ensuring an essentially equivalent level of data protection to that found under the GDPR.

You have the right, upon request, to receive a copy of the documentation demonstrating that the necessary safeguards have been put in place to protect your personal data when transferred to a third country. Such request may be made by contacting us on the contact details set out below.

Personal Data Rights
In connection with our processing of your personal data, you may, under the conditions set out below, exercise the following rights:

Access
You can request confirmation of whether or not your personal data is being processed and, if it is being processed, request access to your personal data and additional information such as the purpose of the processing. You also have the right to receive a copy of the personal data that is processed. If the request is submitted electronically, the information will also be obtained in a commonly used electronic form unless you request otherwise.

Rectification
If you notice that personal data about you is inaccurate or incomplete, you have the right to have your personal data rectified or completed.

Object to Processing
You have the right to object to the processing of your personal data based on our legitimate interests or where you consider that we do not have a legal basis for the processing. Systecon will honor your objection and stop processing the relevant personal data unless: (i) we have compelling legitimate grounds for the processing that overrides your interests, rights, and freedoms; or (ii) we need to continue processing your personal data to establish, exercise, or defend a legal claim.

If we process your personal data for direct marketing purposes, you have the right to object to this processing or where the legal basis for the processing is consent, to withdraw your consent. If you exercise this right, we will stop processing your personal data for direct marketing purposes.

Erasure
You can have your personal data erased under the following circumstances:

If the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise is processed;
If our processing of the personal data can only be carried out based on your consent and you withdraw your consent;
If our processing is based on legitimate interest, you object to the processing and there are no overriding legitimate grounds for the processing;
If you object to processing for direct marketing purposes;
If your personal data has been unlawfully processed; and
If your personal data has to be erased for compliance with a legal obligation in Union or Member State law to which we are subject.

The right to erasure does not apply when our processing of your personal data is necessary for compliance with a legal obligation which requires the processing or for the establishment, exercise, or defense of legal claims.

Restrict Processing
Under the following circumstances, you can request that we restrict the processing of your personal data to only involve the storage of your personal data:

If you contest the accuracy of the personal data, we will restrict processing for the time required to verify its accuracy;
If the processing is unlawful, you may oppose the erasure of the personal data and request that its use is instead restricted;
If we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise, or defense of legal claims, you have the right for the processing to be restricted; and
If you have objected to processing, you have a right to restriction pending the verification of whether our legitimate grounds override your interests.

We may, however, still use your personal data for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. We may also process your personal data that is subject to restriction with your consent.

Withdraw consent
To the extent that the processing of personal data is based on your consent, you have the right to withdraw your consent. If there is no other legal ground for the processing, you have the right to have the relevant personal data erased in accordance with the above (see above Erasure).

Data Portability
Unless it adversely would affect the rights and freedoms of others, you have the right to request a machine-readable copy of the personal data processed based on your consent or when the processing is necessary to fulfil an agreement with you as well as when personal data has been obtained from you (data portability), and to request that the information be transferred to another data controller (if possible).

Complaints to the supervisory authority
We will use our best efforts to address and settle any request or complaint brought to our attention. However, you have the right to lodge a complaint regarding the processing of your personal data to the supervisory authority in your jurisdiction. Please find a full list with addresses to your local supervisory authority available at https://edpb.europa.eu/about-edpb/board/members_en. UK residents can contact the UK Information Commissioner’s Office here and Swiss residents can contact the Federal Data Protection and Information Commissioner here.

Exercising Your Rights
To exercise any of your rights, please contact us at dataskydd@systecon.se or at the address provided in Section 13.

California Privacy Notice

This California Privacy Notice applies to our processing of “personal information” of “consumers” as defined under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (together, the “CCPA”), and all laws and regulations, supplementing or amending the foregoing.

This Notice is designed to provide you with notice of our recent, historical personal information processing practices over the 12 months prior to the Notice Effective Date. However, this California Privacy Notice also applies to our current data processing practices such that it is also meant to comply with other requirements to provide current practices which under the CCPA, referred to as “notice at collection.”

Personal information Collection, Uses, and Disclosures

Generally, we collect, retain and disclose your personal information as described in Sections 1-9 above. These processing purposes include the following categories of “business purposes”, as defined by the CCPA:

Providing Products and Services. Processing or fulfilling orders and transactions, administering accounts, providing customer service, verifying customer information, and processing payments.

Managing Interactions and Transactions. Performing services, including maintaining or servicing accounts, administering accounts, providing customer service, verifying customer information, processing payments, or providing similar services, and customizing your experience, offers, and content.

Security and Debugging. Helping to ensure security and integrity to the extent the use of your personal information is reasonably necessary and proportionate for these purposes. Debugging to identify and repair errors that impair existing intended functionality.

Advertising and Marketing. Providing advertising and marketing services, except for cross-context behavioral advertising. Customizing your experience, offers, and content.

Quality Assurance. Undertaking activities to verify or maintain the quality or safety of our service, to improve, upgrade, or enhance our service.

Research and Development. Undertaking internal research for technological development and demonstration.

Operation of Our Business. For our legitimate business purposes that are compatible with the purpose of collecting your personal information and that are not prohibited by law.

We may process your personal information as follows:

Category of Personal Information	Examples of Personal Information Collected and Retained	Categories of Recipients
Identifiers	First and last name, postal address, unique online identifier, IP address, or email address.	Disclosures for Business Purposes: Vendors (e.g., cloud storage vendors, IT vendors, customer relationship management companies, analytics companies, marketing service providers); Social media companies (e.g., in posts regarding events you attend on our social media page); Event management and catering companies; Our affiliates; Governmental entities (pursuant to legal or regulatory process); and/or Other parties (e.g., litigants). Sale/Share: Third-Party Digital Businesses and co-promotional partners
Personal Records	Name, signature, address, telephone number. Some Personal Data included in this category may overlap with other categories.	Disclosures for Business Purposes: Vendors (e.g., cloud storage vendors, IT vendors, customer relationship management companies); Our affiliates; Governmental entities (pursuant to legal or regulatory process); and/or Other parties (e.g., litigants). Sale/Share: Co-promotional partners
Customer Account Details / Commercial Information	Records of products or services considered or purchased.	Disclosures for Business Purposes: Vendors (e.g., cloud storage vendors, IT vendors, customer relationship management companies, analytics companies, marketing service providers); Our affiliates; Governmental entities (pursuant to legal or regulatory process); and/or Other parties (e.g., litigants). Sale/Share: Third-Party Digital Businesses
Internet or Other Electronic Network Activity Information	Browsing or search history, information regarding your interaction with our Services or advertisements.	Disclosures for Business Purposes: Vendors (e.g., cloud storage vendors, IT vendors, analytics companies, marketing service providers); Our affiliates; Governmental entities (pursuant to legal or regulatory process); and/or Other parties (e.g., litigants). Sale/Share: Third-Party Digital Businesses
Imprecise Geolocation Data	If you interact with us online, we may gain access to the approximate location of the device you are using.	Disclosures for Business Purposes: Vendors (e.g., cloud storage vendors, IT vendors, analytics companies, marketing service providers); Our affiliates; Governmental entities (pursuant to legal or regulatory process); and/or Other parties (e.g., litigants). Sale/Share: Third-Party Digital Businesses
Sensory Data	Audio, electronic, visual, or similar information.	Disclosures for Business Purposes: Vendors (e.g., cloud storage vendors, IT vendors, security services or vendors, call center providers); Event management companies; Social media companies (e.g., sharing pictures from events you attend on our social media page); Our affiliates; Governmental entities (pursuant to legal or regulatory process); and/or Other parties (e.g., litigants). Sale/Share: N/A
Professional or Employment Information	Information relating to your current position and employer.	Disclosures for Business Purposes: Vendors (e.g., cloud storage vendors, IT vendors, customer relationship management companies, security services or vendors, job boards); Our affiliates; Governmental entities (pursuant to legal or regulatory process); and/or Other parties (e.g., litigants). Sale/Share: Third-Party Digital Businesses and co-promotional partners
Inferences from Personal Data Collected	Inferences drawn from Personal Data to create a profile reflecting your preferences.	Disclosures for Business Purposes: Vendors (e.g., cloud storage vendors, IT vendors, analytics companies, marketing service providers); Our affiliates; Governmental entities (pursuant to legal or regulatory process); and/or Other parties (e.g., litigants). Sale/Share: Third-Party Digital Businesses
Sensitive Personal Information	Health information, such as dietary information, which may include information regarding allergies or required disability accommodations.	Disclosures for Business Purposes: Vendors (e.g., cloud storage vendors, IT vendors); Event management or catering companies; Governmental entities (pursuant to legal or regulatory process); and/or Other parties (e.g., litigants). Sale/Share: N/A

Because there are numerous types of personal information in each category, and various uses for each personal information type, actual retention periods vary. We retain specific personal information based on how long we have a legitimate purpose for the retention.

Your Rights and Choices

Systecon provides consumers the privacy rights described in this section. For non-California residents, we will consider requests but will apply our discretion with respect to if and how we process such requests.

To submit a request to exercise your consumer privacy rights, or to submit a request as an authorized agent, you may contact us via the information in our Contact Us section, or by submitting a request via our Privacy Rights Portal. Please respond to any follow-up inquiries we make to help us complete your request. We do not accept or process requests through other means (e.g., via fax, chats, or social media, etc.). The consumer rights we accommodate are as follows:

Right to Limit Sensitive Personal Data Processing

We only Process the sensitive personal information of California consumers for purposes that are exempt from consumer choice under the CCPA. For example, we process your personal information to perform the services that you requested.

Right to Know/Access

Consumers are entitled to access Personal Data up to twice in a 12-month period.

Specific Pieces

You may request to confirm if we are processing your personal information, and if so, to obtain a transportable copy in a readily usable format that allows transmission to another business without hindrance, subject to applicable request limits.

Do Not Sell/Share

We permit consumers to opt-out of personal information “sales” or “sharing” for cross-context behavioral advertising.

Third-Party Digital Businesses may associate cookies and other tracking technologies that collect personal information about you on our Services, or otherwise collect and process personal information that we make available about you, including digital activity information. We understand that giving access to personal information on our services or otherwise, to Third-Party Digital Businesses could be deemed a Sale/Sharing under the CCPA.

Opt-out for Non-Cookie Personal Information: If you would like to opt-out of the sale/sharing of your non-cookie personal information (e.g., your email address), you must submit an opt-out request through our Privacy Rights Portal.

Opt-out for Cookie Personal Information: If you would like to opt-out of the sale/sharing of cookie personal information, you must exercise a separate opt-out request via our cookie management tool. This is because we must use different technologies to apply your opt-out of cookie personal information and opt-out of non-cookie personal information. Our cookie management tool enables you to exercise such an opt-out request and enable certain cookie preferences on your device. You must exercise your preferences on each of our websites you visit, from each browser you use, and on each device you use. Since your browser opt-out is designated by a cookie, if you clear or block cookies, your preferences will no longer be effective, and you will need to enable them again via our cookie management tool. Note that if you use ad blocking software, our cookie banner may not appear when you visit our services, and you may have to use the link above to access the tool.

Global privacy control or “GPC”: The CCPA requires businesses to process GPC signals, referred to as opt-out preference signals in California, which are signals sent by a platform, technology, or mechanism, enabled by individuals on their devices or browsers, that communicate the individual’s choice to opt-out of the sale or sharing of personal information. To use a GPC, you can download an internet browser or a plugin to use on your current internet browser and follow the settings to enable the GPC. We have configured the settings of our cookie management tool to receive and process GPC signals on our website, which is explained by our cookie management tool. We process GPC with respect to sales and sharing that may occur in the context of collection of cookie personal information, discussed above, and apply it to the specific browser on which you enable GPC. We do not: (1) charge a fee for use of our service if you have enabled GPC; (2) change your experience with any product or service if you use GPC; or (3) display a notification, pop-up, text, graphic, animation, sound, video, or any interstitial in response to the GPC.

We do not knowingly sell or share the personal information of consumers under 16 years of age. If you think we may have unknowingly collected the personal information of a consumer under 16 years old, please let us know by using the contact information at the Contact Us section below and we will delete such information.

Right to Delete

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

We may deny your request to delete your Personal Data if retaining the data is necessary for us or our Vendor(s):

to complete transactions and services you have requested;
for security purposes;
for legitimate internal business purposes (e.g., maintaining business records);
to comply with law and to cooperate with law enforcement; and
to exercise or defend legal claims.

Note that under California law we may not be required to delete your Personal Data that we did not collect directly from you.

Right to Correct Your Personal Data

You may bring inaccuracies in your personal information that we maintain to our attention, and we will act upon such a request as required by applicable law. You can also make changes to your online account in the account settings section of the Services. That will not, however, change your information that exists in other records that we maintain.

Automated Decision Making / Profiling

We do not engage in automated decision making or profiling as defined by the CCPA.

How to Exercise Your Rights and Choices

To exercise the consumer privacy rights described above, or to submit a request as an authorized agent, please use our Privacy Rights Portal or call us at (877) 864-3613.

Your Request Must be a Verifiable Consumer Request

Only you, or someone legally authorized to act on your behalf (your authorized agent), may make a consumer request related to your Personal Data. You may also make a Consumer request on behalf of your minor child.

As permitted or required by California law, any request you submit to us must be a verifiable consumer request, meaning when you make a request, we may ask you to provide verifying information, such as your name, email, phone number, or account and/or transaction information. We will review the information provided and may request additional information (e.g., other transaction history) via email or other means to ensure we are interacting with the correct individual. We will not fulfill your right to know (categories), right to know (specific pieces), right to delete, or right to correct request(s) unless you have provided sufficient information for us to reasonably verify you are the consumer about whom we collected personal information. We do not verify opt-outs of sale/sharing unless we suspect fraud.

To protect the privacy of your personal information, if we are unable to verify you sufficiently, we will be unable to honor your request. We will use personal information provided in a consumer request only to verify your identity and authority to make the request and to track and document request responses unless you also gave it to us for another purpose.

Authorized Agent Requests

You may use an authorized agent to make a request for you, subject to our verification of the agent, the agent’s authority to submit requests on your behalf, and of you. You can learn how to do this by visiting the agent section of our Privacy Rights Portal. Once your agent’s authority is confirmed, they may exercise rights on your behalf subject to the agency requirements of applicable laws.

Non-Discrimination

We will not discriminate against you for exercising any of your rights under the CCPA.

Notice of Financial Incentive Programs

We do not offer any financial incentives in exchange for the provision of your personal information.

Additional Notice for California Residents

California’s “Shine the Light” law (Civil Code section 1798.83) permits users of our Services who are California residents to request certain information regarding our disclosure of personal information to third parties for those third parties’ own direct marketing purposes. To make such a request, please send an email to optimize@systecon.us or write us at 1911 Fort Myer Dr STE 300, Arlington, VA 22209. You must put the statement “Shine the Light Request” in the body of your correspondence. In your request, please attest to the fact that you are a California resident and provide a current California address for your response. This right is different than, and in addition to, CCPA rights, and must be requested separately. However, a Do Not Sell/Share opt-out is broader than a Shine the Light request and will limit our disclosure to third parties for their own direct marketing purposes without the need to make a separate Shine the Light request. We will not accept Shine the Light requests by telephone or by fax and are not responsible for requests not labeled or submitted properly, or that are incomplete.

Changes to this Privacy Notice

We reserve the right to change, update, or modify this Privacy Notice prospectively effective upon the posting of the revised Privacy Notice. Any modifications will apply only to the personal data we collect after posting the updated Privacy Notice. To the extent any provision of this Privacy Notice is found unenforceable by a court of competent jurisdiction, such provision shall be severed to the extent necessary for the remainder to be valid and enforceable.

Contact Us

If you have any questions regarding the processing of your personal data or if you wish to exercise any of your rights pursuant to applicable data protection legislation, please contact by using the contact details below.

For residents in the EU/EEA, UK, and Switzerland:

Systecon Group AB
556710-8492
Box 19171, 104 32 Stockholm
+46 8 459 07 50
dataskydd@systecon.se

For residents of the United States and Canada:

Systecon North America
1911 Fort Myer Dr STE 300
Arlington, VA 22209
(877) 864-3613
optimize@systecon.us