Data process: Enter into contracts
Categories of data:
Name, email-address, phone number
Purpose:
We process data when we enter into contracts with our clients in order to be able to fulfill our contractual obligations.
Lawful basis: Contract
The processing of data is necessary in order to be able to fulfill our contractual obligations towards our clients.
Storage period:
The data is stored for as long as is required by the statutory requirements in the Swedish Bookkeeping Act.
Data process: E-mail
Categories of data:
Name, email-address, phone number
Purpose:
Lawful basis: Legitimate interests
There is a legitimate interest in being able to receive and send e-mail in order to be able to conduct business. This interest outweighs the interest of the registered person.
Storage period:
Personal data in e-mails is processed only for as long as it is needed to fulfill the purpose of the processing. E-mails are only archived if there is a legal basis, e.g. if the e-mail related to an ongoing case. Once the purpose of the storage is fulfilled, the e-mail must be deleted.
Ethos manages incoming e-mails, e.g. to fulfill our contractual obligations towards our clients and to answer questions about our courses and seminars.
Data process: Training
Categories of data:
Name, email-address, title
Purpose:
In connection to courses or seminars, Ethos processes personal data when people register as participants.
Lawful basis: Legitimate interest
There is a legitimate interest in being able to administer our courses and seminars as part of our business that outweighs the interests of the registered person.
Storage period:
Data collected in connection with our courses and seminars is saved in order to allow us to customize future offers to our clients. It is always possible to deregister by using the opt-out function in our e-mails.
Data process: Website
Categories of data:
Permanent cookies, session cookies
Purpose:
On our website, we use cookies to improve our visitor’s browsing experience and the functionality of our website. Cookies are a small text file that is sent from our web server and is stored on the visitor’s web browser or device and which stores the visitor’s user preferences. You can read more about cookies in our
cookie policy.Lawful basis: Legitimate interest
Cookies are necessary to use our website. Users can adjust their cookie settings to limit the storage of cookies. This can affect the functionality of the website.
Storage period:
Permanent cookies are stored for a longer period of time, but no more than 24 months. Session cookies are stored temporarily on the computer and are deleted as soon as you close the page.
Data process: Marketing
Categories of data:
Name, email-address, title
Purpose:
Ethos offers both free and fee-based courses and seminars within sustainable business. To market our business, Ethos collects personal data for people who may be interested in receiving information about the services we offer. These are sometimes collected from a third party.
Lawful basis: Legitimate interest
Ethos has a legitimate interest in processing data in order to market our business as long as the processing of data does not restrict the recipient’s personal integrity. The personal data collected, names and e-mail addresses, belong to people in key positions at companies that can be expected to carry out, or be interested in developing, work within sustainability. These recipients can be considered to have an interest in the services Ethos offers, based on their work title and workplace, they are therefore people who can expect e-mails of this kind. All recipients can easily and immediately deregister from our e-mails at any time by clicking a link in the e-mail, i.e. opt-out.
Storage period:
Personal data is only processed for as long as it is needed to fulfill the purpose of the processing. If the opt-out function is used, the data is immediately deleted.
Data process: Social media
Categories of data:
Photo, name
Purpose:
We post photos from courses and events on our social media platforms, e.g. LinkedIn, to update stakeholders about our business.
Lawful basis: Legitimate interest
Ethos has a legitimate interest in informing stakeholders about our business that outweighs the interests of the people in the photos. Course participants or other individuals who appear in a photograph are always informed that we may publish photos. Any person may always use their rights in accordance with the Data Protection Regulation if they oppose the processing of their data.
Storage period:
The data is stored for as long as it is needed to fulfill the purpose of the processing.
How we share the data we collect: International transfers
Only persons who need to process the data for the above-stated purposes have access to your personal data. Ethos International’s operations and our own IT systems are located within the EU/EEA. Ethos assures that all transfers or other processing of personal data take place within the EU/ESA or to and from countries that guarantee an adequate level of protection in accordance with the Data Protection Act and the EU Commission, eg. Privacy Shield for treatment in the United States.
Personal Data Processors
A data processor is a company that processes data on our behalf and according to our instructions. We have data processors who help us with:
IT services
Authorities to the extent required by legal requirements, e.g. the Swedish Tax Agency
Financial accounting
Data processors only process personal data for purposes consistent with the purposes for which we have collected them. This is always regulated in a Personal Data Processing Agreement.
For how long do we store personal data?
Personal data is not stored for a longer period than is necessary with regard to the purposes for which the data is processed. As soon as the purpose of the processing is fulfilled, the data will be deleted, unless Ethos is obliged to save the personal data in accordance with requirements laid down by law.
Ethos only collects personal data for specific and legitimate purposes, which are described in this policy. If personal data is processed for other purposes, they are compatible with the original purposes.
How is your personal data protected?
Ethos has taken appropriate technical and organisational security measures to protect your personal data. Examples of technical security measures we have taken include customised IT-systems, firewalls, encrypted hard drives, regular backups, and developed protection through, for example, antivirus, anti-malware and spam filters.
Appropriate organisational security measures we have taken include password-protected folders when needed, regular updates of passwords for computers and systems, establishing an IT-policy and training of all staff in the IT-policy.
Be aware that Ethos international may change these technical and organisational security measures as needed.
We regularly overview our security policies and processes to ensure that the systems we use are safe and secure.
Your choices and rights
The rights of the data subject when Ethos processes their data are briefly described below:
The right to be informed:
Data subjects have the right to be informed about the collection and use of their personal data. Data controllers must give data subjects specific privacy information about:
the business, including contact information
the data processing activities carried out
the length of time data is stored
the rights available to them in respect of processing
the right to lodge a complaint
The right of access
Data subjects have the right of access to personal data. If demanded, the data controller must provide a copy of the personal data that is being processed and for which purposes.
The right to rectification
Data subjects can ask data controllers to erase or rectify inaccurate or incomplete data.
The right to erasure, “the right to be forgotten”
Individuals have the right to ask controllers to delete their data if:
the data is no longer needed for the original purpose,
the processing is based on consent and the data subject withdraws it,
the data subject exercises their right to object to processing, and the controller can’t override their objection,
the data subject objects to the processing for the purpose of direct marketing.
The right to restrict processing
The data subject can ask the controller to restrict processing their personal data if, for example, they believe their data is not accurate. The data controller should stop processing until they have verified the accuracy of the data.The right to object to processingIf the data controller relies on lawful bases of legitimate interests for processing, individuals can object to such processing. The data controller may have to cease processing unless they can demonstrate that the controller has compelling legitimate grounds for processing which override the interests, rights, and freedoms of the individual.
Direct marketing
As a data subject, you always have the right to resign from direct marketing. Direct marketing refers to all types of outreach marketing measures (e.g. through e-mail or post). Marketing measures where an individual has actively chosen to contact us to learn more about our services does not constitute direct marketing.
Training
Ethos will provide appropriate training for its employees. The training should provide the necessary knowledge of the GDPR and this Policy. The training should be provided to all new employees and then be repeated annually.
Contact
If you have questions about how we process personal data, please contact us at
gdpr@ethos.se.
You have the right to know if Ethos processes your personal data, the types of personal data that are processed as well as receive a copy on request. You also have the right, in some cases, to get incorrect personal data about you corrected and deleted. You also have the right to object to personal data about you being processed and requesting that the processing be limited. Please note that limiting or deleting your personal information may mean that we cannot keep in touch with you. In certain circumstances, you also have the right to obtain personal information about you that you have provided us, in a machine-readable format and to have information transferred to another data controller.
The Swedish Data Protection Authority is the authority that is responsible for the implementation and compliance of the data protection regulation in Sweden. Anyone who feels that their personal data is being processed in an incorrect manner can always submit a complaint to the Data Protection Authority.
Ethos may adjust this privacy policy to update how we process personal data as needed. The latest version is always available on our website
www.ethos.se.
Ethos offers both free and fee-based courses and seminars within sustainable business. To market our business, Ethos International collects personal data for people who may be interested in receiving information about the services we offer. These are sometimes collected from a third party.