GDPR
Last updated 2021-09-15

Privacy policy

APSIS International AB (herein referred to as “APSIS”, “we”, “our” or “us”) respect your right to privacy and we take our related legal obligations seriously. We aim to be transparent at all times about our treatment of your information.

The General Data Protection Regulation 2016/679 (hereinafter the “GDPR”) put into effect on May 25, 2018, aims at protecting your personal data (i.e. all kinds of information that directly or indirectly may be referable to you as a natural person who is alive) and sets a series of rights for you to prevent any misuse of such personal data. 

This policy will explain why we process your personal data, covers how we collect, use, store, disclose and transfer your information and what rights you have in relation to your personal data. 

If you provide any personal data about other individuals than yourself, you must ensure that you (i) have their permission to provide their information to us; and, (ii) have made them aware of the terms of this policy.

1. Apsis as a processor

Apsis provides a Software as a Service online solution allowing our customers to improve their marketing strategy towards their own customers. In that situation, the purposes and means of the processing activities are determined by our customers, we will therefore act as a processor and may only act according to our customer’s instructions. 

PLEASE NOTE that our customers are responsible for (i) their own marketing emails and other communications sent via the services provided by us; and (ii) the personal data that we may process on behalf of them in connection with the provision of such services. We can neither unsubscribe you from our customers’ communications (please note that you can use the “unsubscribe” link in the customer’s email to stop receiving marketing communications) nor adhere to any of your requests in relation to the personal data that we process on behalf of our customers. Please contact the customer directly; and, if you have received unsolicited marketing communication (spam) from the customer, report such abuse of our services to abuse.apsis@efficy.com.

If you have any questions regarding our customer’s processing of personal data, please contact them directly. 

 

2. Apsis as a controller and contact information

When Apsis collects your personal data and determines the purposes and means of the processing, Apsis is acting as a controller. According to the GDPR, Apsis may process your personal data only under specific circumstances and following strict rules. 

If you have any question or concern regarding the processing of your personal data by Apsis acting as a controller. All such communications are examined and replies are issued where appropriate and as soon as possible. You can contact us by using the following contact information below.

Apsis
Apsis International AB
Kungsgatan 6
211 49 Malmö
Sweden

Marketing department
marketing@apsis.com

Data protection officer at Apsis
Apsis International AB
Att: DPO
Kungsgatan 6
211 49 Malmö
Sweden

privacy@efficy.com
 

 

3. Collection and processing of personal data

3.1 Data collection by Apsis

Apsis may collect your data;

  • When you contact us to subscribe to our services or to become a partner;
  • When you visit our website;
  • When you contact our support service;
  • When you apply for a job opening;
  • When using our chatbot;
  • When you subscribe to our newsletter;
  • When you interact with our social media.

 

3.2 Potential customers, and partners

If you are or want to be a customer or partner to Apsis, we may collect, store and otherwise process personal data relating to you in accordance with this section. 

How is personal data collected?
Your personal data is shared with Apsis through the sending of an email, the completion of your profile, the booking of a demo or the filling out of a contact form.

What personal data is collected?
By contacting us by email, completing your profile, booking a demo or filling out a contact form, Apsis will receive your full name, email address, physical address, phone number, name of your employer and any other information you may choose to share with us within the “Message” box or the email you sent. 

For which purposes and on which legal basis may personal data be processed?

We collect your personal data because we need it to perform a contract we have signed with you or because you have taken steps to enter into a contract with us (for instance, when you fill in a contact form to request information about our services or when you contact us via email or phone).

Personal data may be processed for the purposes of, through you, maintaining and developing the relationship with you as a client, supplier or partner, and, if you have not objected against that, marketing our services (e.g., through newsletters and other mailings, and invitations to seminars and events), respectively. Such processing is carried out on the basis of our legitimate interest to maintain and develop relationships with our clients, suppliers and collaboration partners, and to market our services, respectively.

For how long is personal data stored?

We do not store personal data for longer than necessary for the purposes of the processing.

3.3 When using our services

When you use our products and services as an authorized user (for example, as an employee of one of our customers who provided you with access to our services) where we act as a controller of your Personal Data

How is personal data collected?

According to the applicable agreement, your employer subscribed to our Services. To process their subscription and allow you to access our Services, we may need to have access to your personal data.

What personal data is collected?

In order to process your access to the Services under the applicable agreement, we may collect your name, job title, company, office address, telephone number, email address, physical address, logs data during your use of our Services and any personal data you might chose to share with us during our communications.

In order to send notifications and surveys to you as a user we also collect your User ID, name, email address, browser information and share this personal information with our Supplier Intercom.

For which purposes and on which legal basis may personal data be processed?

We need to process your personal data in order to fulfil our contractual obligations with your employer as a customer.

We also process your personal data for our legitimate interest to enhance the services we provide through notifications in the services and surveys. Efficy may also process information for marketing purposes.

For how long is personal data stored?

We do not store Personal data for longer than necessary for the processing. The personal data processed based on the agreement signed is deleted maximum three months after the termination of the agreement.

The personal data we process based on our legitimate interest to promote our services is deleted two years after the last contact.

3.4 Website visitors

Apsis may use tracking technologies such as tags on our website and cookies. These technologies enable us to recognise your device and to track your interaction with our services, website, emails and adverts. 

Apsis is allowed to collect data without your consent only when strictly necessary to provide you a service expressly asked by you, for example cookies keeping the choice expressed regarding the collection of cookies. The other types of cookies are collected on the legal basis given by your consent, which can be withdrawn at any time. To know more about how we collect and use tracking technologies, please read our Cookie Policy.

3.5 Support services

When contacting our support services, we may collect personal data. 

How is personal data collected?

Your personal data is collected when you reach out to our support via email, chat or phone. When contacting us via email of chat, your personal data is shared with our supplier Intercom, that provides a support ticket handling solution. Intercom will only have access to your name and email address. 

We may also record your call through our supplier Leexi. 

What is the personal data collected?
By contacting the support, Apsis will receive your full name, email address, phone number, company name, the content of your call and any other information you may need to share with us in order to process your request. 

For which purposes and on which legal basis may personal data be processed?
When you contact Apsis for a support request through the phone number, chat or the email address available on Apsis’ website, we process any data you provide to us to assist you with your request or to refer you to the relevant department at Apsis. The legal basis for such processing is either the contract between Apsis and you or your consent.

We may also record your call for the purpose of training and coaching our employees. For this collection of data, we rely on our legitimate interest in providing better services for our customers. You can object to the recording of your call at any moment. 

We may also process some of your interactions with us due to our legitimate interest in being able to understand how you use the Apsis service in order to improve the service for the benefit of all our customers.

For how long is personal data stored?
We do not store personal data for longer than necessary for the purposes of the processing.

Your call recording might be saved for up to six months.

3.6 Chatbot

How is personal data collected?
We may collect your personal data when you choose to interact with our chatbot. 

What is the personal data collected?
During your interaction with our chatbot, we may collect your name, your telephone number, your email and any other information you may share during the conversation. We suggest that you do not provide any sensitive information.

For which purposes and on which legal basis may personal data be processed?
We will process your data in order to be able to grant you access to and allow your use of the chatbot. When you contact Apsis through our chatbot available on Apsis’ website, we process any data you provide to us to assist you with your request or to refer you to the relevant department at Apsis. The legal basis for such processing is your consent.

For how long is personal data stored?
We do not store personal data for longer than necessary for the purposes of the processing.

3.7 Job applicants

When applying for a job at Apsis or otherwise communicating your interest for such a job, we may collect, store and process personal data relating to your application. 

This collection, processing and use of your data is described in the Privacy policy for recruitment using Teamtailor. 

3.8 Newsletter

How is personal data collected?
Your personal data is shared with Apsis when you subscribe to our newsletter available on our website. 

What is the personal data collected?
By subscribing to our newsletter, you will share your email address and full name with Apsis. 

For which purposes and on which legal basis may personal data be processed?
We process your personal data to communicate with you and to send marketing to you. This communication comprises newsletters, information about Apsis and invitations to events and seminars.

Personal data may be processed for the purpose of administering the submission to you of invitations to seminars and events, newsletters and other mailings. Such processing is carried out on the basis of our legitimate interest to submit such mailings to you in accordance with your specific preferences.

For how long is personal data stored?
Your data will be kept as long as you are interacting with our services. We will delete your data after 365 days of inactivity. 

3.9 Apsis’ presence on social media 

Apsis is present on different social media to inform and interact with our customers. Currently, we are present on Twitter, Facebook, Instagram and LinkedIn. We will not collect any data on you unless you contact us directly. 

To the extent the social media is hosted by the platforms themselves, and you click through to these from our websites, the platform may receive information showing that you have visited our websites. If you are logged in to your social media account, it is possible that the respective social media network can link your visit to our websites with your social media profile.

Your use of these social media’ is subject to the terms and conditions of each social media available on their websites. 
 

4. Information security and storage

4.1 Information security

We ensure the appropriate electronic, physical and managerial procedures are in place in order to safeguard and preserve all the data handled. Our infrastructure is located in top-tier data centers. Each of these locations must adhere to strict physical and procedural controls. We will maintain appropriate organisational and technological safeguards to help protect against loss, misuse or unauthorised access, disclosure, alteration or destruction of the personal data we store and process about you. We also seek to ensure that our service providers do the same. 

Unfortunately, no system can be guaranteed as completely secure and there is an inherent risk in transmitting information over the Internet. It may be possible for an unrelated party to intercept or access such transmissions unlawfully. If you believe that your personal data under our control has been compromised, including access to any accounts you hold with our services, please contact us immediately using the details below.

4.2 Storage

We host the website and all the data related to the website in data centers located in  Germany and Switzerland. 

We operate our platform using third parties. If you subscribe to our services from a European country, your platform will be hosted from data centers located in Europe. 

5. Share and disclosure of your personal data

As a general principle, we do not share your personal data with third parties. When we need to provide your personal data to third parties, we will only share it to the extent necessary to provide you with our services, and we ensure that we have in place data protection requirements with these third parties (including standard contractual clauses with appropriate supplementary measures as well as technical and organisational measures).

We may use third-party services either embedded into our website to communicate with you or to enhance the function of the website and the services. You can find out more about these third-party services on our Cookie Policy.

We may disclose your personal data to law enforcement agencies, government/regulatory bodies, internet service providers and content protection organisations as required or allowed by law.

6. Your rights

You have the right to exercise your rights under data protection law at any time. Right of access: You have the right to access the information we process about you. Right of rectification: You have the right to correct information about yourself and to have incomplete information about yourself supplemented. Right to deletion: In some cases, you have the right to have information about yourself deleted. For example, when the information is no longer necessary to fulfill the purposes for which it was collected or processed, or if the processing of the data is unlawful. Right to restriction: In some cases, you have the right to have the processing of your personal data restricted. Right to object: You have the right at any time to object to our otherwise lawful processing of your personal data. Right to data portability: In some cases, you have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format, as well as to have this personal data transferred from us to another data controller. Right to withdraw consent: You have the right to withdraw consent at any time for the processing of your personal data. Right to submit a complaint: To the Swedish Authority for Privacy Protection (Sw. Integritetsskyddsmyndigheten), which is the supervisory authority in Sweden, or to the supervisory authority in the country where you live or work.

7. Updates

This policy may be updated from time to time and you should frequently check this policy for updates. When we change the policy in a material way, a notice will be posted on our website. The date of the most recent update will appear at the top of this page.