Privacy Policy
Privacy Policy for customers, potential customers and website visitors
General
The CTO LARSSON company processes personal data about customers, potential customers and visitors of our website. Our processing of personal data always complies with (EU) Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data (the ”GDPR”). It is important for us that you feel comfortable with how we handle your personal data. In this privacy policy (this "Policy") we therefore describe how we process your personal data, what personal data we process and why.
"Personal Data", within the meaning of article 4.1 of the GDPR, means any information that can be linked to you as an individual, such as your name, address and contact details, including your telephone number and email address. "Processing", within the meaning of article 4.2 of the GDPR, means any operation we perform in relation to your Personal Data, such as the collection, organisation, storage, modification and disclosure of your Personal Data.
Data controller
The CTO LARSSON company is the data controller, within the meaning of article 4.7 of the GDPR, (“Controller”) with regard to Processing of your Personal Data under this Policy. If you have any questions about our Processing of your Personal Data, please feel free to contact us via [email protected].
Our Processing of your Personal Data
Below we describe how we Process your Personal Data. This includes information on what Personal Data we Process, for what purposes, on what legal basis and for how long.
|
Categories of Personal Data |
Legal basis |
Retention period |
|
|
To conduct marketing via e-mail. |
· Name · E-mail address |
Our legitimate interest in marketing our services (article 6.1(f) GDPR). |
The Personal Data is Processed until you object to the Processing. |
|
To invoice for our services. |
· Name · Contact details · Billing address · Reference to payment · Any additional Personal Data we may require, or you may provide us with, for the invoice
|
Fulfilment of contract (article 6.1(b) GDPR). |
The Personal Data is Processed until the invoice is sent. |
|
To provide user accounts on the website ctolarsson.com. |
· Name · E-mail address · Payment information |
Fulfilment of contract (article 6.1(b) GDPR). |
The Personal Data is Processed until our contract with you expires and we no longer provide you with a user account. |
|
To provide user accounts on LarssonLinePro, which is a subdomain of the website ctolarsson.com. |
· Name · E-mail address · Username · Any additional Personal Data we may require, or you may provide us with, such as - Information regarding your assets included in your “Watchlist”
|
Fulfilment of contract (article 6.1(b) GDPR). |
The Personal Data is Processed until our contract with you expires and we no longer provide you with a user account. |
|
To send out our weekly newsletter to customers. |
· Name · E-mail address
|
Our legitimate interest in communicating with our customers (article 6.1(f) GDPR). |
The Personal Data is Processed until you object to the Processing. |
|
To provide customers access to our discord group with the purpose of enabling communication between us and our customers. |
· Name · E-mail address · Username · Any additional Personal Data derived from the communication such as - Chat logs/messages
|
Fulfilment of contract (article 6.1(b) GDPR). |
The Personal Data is Processed until our contract with you expires and we no longer need to provide you with access to our discord group. |
|
To provide new customers the opportunity to order and receive free merchandise from one of our third-party suppliers. In case of delivery problems in connection with your order, we may provide the third-party supplier with your contact details (including your address). We may also Process Personal Data which you have provided to the third-party supplier for our own accounting purposes. Our Processing of Personal Data for accounting purposes is further described below. |
· Name · Contact details · Address · Reference to payment |
Our legitimate interest in providing new customers with the opportunity to receive free merchandise (article 6.1(f) GDPR). |
The Personal Data is Processed until you object to the Processing. |
|
To provide customers access to our proprietary script for third party service Tradingview in connection with their usage of the third party service Tradingview. |
· Username on Tradingview |
Fulfilment of contract (article 6.1(b) GDPR). |
The Personal Data is Processed until you have been given access to our script on Tradingview. |
|
To provide you with customer support in case of you experiencing problems with our services or when you have questions about our services. |
· Name · Contact details · Address · Reference to payment Any additional Personal Data we may require, or you may provide us with, in relation to the customer service enquiry |
Our legitimate interest in providing customer support (article 6.1(f) GDPR). |
The Personal Data is Processed until our services terminate, either because of expiration of our contract or upon your request. |
|
To analyse and improve the efficiency of our website through the use of cookies. |
· Personal Data concerning your use of the website, such as your IP address and user preferences. · Information you may provide us with depending on your cookie settings, such as which part of the website you visit, for how long etc. |
Our legitimate interest in analysing and improving the efficiency of our website (article 6.1(f) GDPR). |
The Personal Data is Processed in accordance with the cookie policy. |
|
To fulfil our legal obligations under the Swedish Accounting Act (Sw: bokföringslag (1999:1079)). |
· Personal Data derived from bookkeeping documentation such as - Name - Contact details - Payment information |
Legal obligation (article 6.1(c) GDPR). |
The Personal Data is Processed for 7 years after the calendar year following the year when the bookkeeping documentation was created. |
|
To exercise and defend legal claims potential legal claims under the Statute of Limitations (1981:130). |
· Name · Contact details · Payment- and order information |
Our legitimate interest in exercising and defending potential legal claims (article 6.1(f) GDPR). |
The Personal Data is Processed for up to 10 years in accordance with the Statute of Limitations (Sw: preskriptionslag (1981:130) |
With whom do we share your personal data?
We may authorise our service providers to carry out Processing of Personal Data on our behalf. In this context, such service providers act as our data processors. For example, this is the case with some of our IT service providers who may store and organise data on our behalf. Furthermore, we may disclose your Personal Data to public authorities and other parties if we are obliged to do so under law or a legally binding decision of a public authority. We may also disclose your Personal Data to other third parties who themselves act as independent data Controllers. For example, this is the case with our accounting firms and payment service providers. Please note that this Policy does not apply when we disclose your Personal Data to third parties who acts as independent Personal Data Controllers. Such third parties may apply their own terms to the Processing of your Personal Data.
Processing of your Personal Data outside the EU/EES
Some of our service providers may conduct some or all of their business activities in countries located outside the EU/EEA (so-called “third countries”). Your Personal Data is only transferred to countries for which the European Commission has issued a decision recognising an adequate level of protection in accordance with Article 49 of the GDPR. A list of such countries is provided on the European Commission's website: www.commission.europa.eu.
The third countries to which we currently transfer Personal Data include: USA.
In some cases, we may have to use service providers who Process your Personal Data in the USA but who are not certified under the EU-US Data Privacy Framework. In these situations, we will ensure that the transfer is governed by an appropriate transfer tool, such as the European Commission's Standard Contractual Clauses for Transfers to Third Countries (2021). The European Commission's Standard Contractual Clauses and further information on the EU-US Data Privacy Framework are available on the European Commission's website at: www.commission.europa.eu.
Your rights when we Process your Personal Data
Listed below are the rights which you are entitled to in relation to our Processing of your Personal Data. If you wish to exercise any of your rights, you are welcome to contact us at [[email protected]].
Right to access
You have the right to request information about whether we Process your Personal Data, what Personal Data we Process and how the Personal Data is Processed. You also have the right to request a copy of the Personal Data we Process about you (a so-called register extract).
Right to rectification
You have the right to request the rectification of inaccurate Personal Data, for example if you have reason to believe that your Personal Data is incomplete or incorrect.
Right to object
You have the right to object to the Processing of your Personal Data as long as the Processing is based on the legal basis of legitimate interest, GDPR Article 6.1(f). Please note that if we can demonstrate that our legitimate interest for the Processing of your Personal Data outweighs your rights and freedoms, we may continue the Processing despite your objection.
Right to erasure
You have the right to request that we erase your Personal Data if:
- The Personal Data is no longer necessary for the purposes for which it is being Processed,
- You withdraw your consent (if the Processing is based on consent, GDPR article 6.1(a)),
- You object to the Processing and there are no legitimate grounds for us to continue Processing of the Personal Data,
- The Processing is unlawful; or
- The Personal Data must be erased to fulfil a legal obligation to which we are subject.
Right to restriction
You have the right to request that we restrict the Processing of your Personal Data (meaning that we will cease Personal Data Processing, in whole or in part) if:
- You contest the accuracy of the Personal Data (however, the restriction only applies during the time we verify the accuracy of the Personal Data),
- The Processing is unlawful and you request that the Processing should be restricted instead of erased,
- The Personal Data is no longer necessary for the initial purposes of the Processing but is required to assert a legal claim,
- You have objected to the Processing but we have not yet had time to assess whether our legitimate interests outweigh your rights and freedoms.
Right to data portability
You have the right to have your Personal Data transferred to another data Controller and to be provided with the data in a structured and machine-readable format.
Right to withdraw consent
If the Processing is based on consent, you have the right to withdraw your consent at any time. However, please note that the withdrawal of your consent does not affect the lawfulness of the Processing carried out before your withdrawal of consent.
Right to lodge a complaint
If you wish to lodge a complaint about our Processing of your Personal Data, you may contact the Swedish Authority for Data Protection (IMY). You can read more about your rights and how to lodge a complaint on IMY’s website: www.imy.se.
If you wish to exercise any of your rights outlined above, you are welcome to contact us via [[email protected]].
Amendments to the Policy
We may make amendments to this Policy from time to time. The most recent version of the Policy is always available on our website.
Contact details
If you have any questions about our Processing of your Personal Data, please contact us via [email protected]
