1. Personal data responsibility and basis for processing

This privacy policy applies when Enduce AB ("Enduce", "we", "our", "us"), corporate number 559336-5983, Tvistevägen 47, 907 29 Umeå, carries out processing of personal data relating to people who use Enduce services ("you ”, “you”, “yours”). Enduce's processing of personal data complies with the General Data Protection Regulation (EU) 2016/679, ("GDPR").

Processing of personal data when using Enduce services takes place on the basis of an agreement with you, the registered person, when you buy something in our webshop, when you contact us as a company or visit our website. We may also process your personal data if we believe that you may be a potential interested party for one of our products. Processing also takes place to comply with legal obligations according to law and authority decisions.
 
2. Personal data processed
 
Personal data is any information that can be directly or indirectly linked to a living person. Enduce collects and processes various types of personal data within the scope of its operations.
 
The following personal data may be collected by Enduce from you:
- Details of your identity - first and last name.
– Your contact details – address, email address and phone number.
– Payment information – information to make payments to or from Enduce, or issue an invoice.
 
In addition to the above, we also collect information about the organization you belong to and how we can contact it if you contact us as a business customer. 
 
3. The purposes of the treatment
 
Enduce processes your personal data:
- When this is necessary to perform according to the agreement with you. 
- For information about and performance of services and contact with you. 
- To be able to investigate any complaints.
- As a basis for payment and invoicing.
- As required to comply with obligations incumbent on Enduce according to authority decisions and law.
- To make mailings to you about our business.
 
For complete information on the purposes and legal basis for the processing of your personal data, see the table below. 
 
4. Preservation of personal data
 
Personal data is kept for as long as is necessary to fulfill the purposes described above. This means that most personal data about you will be deleted automatically after a statutory retention period has expired or your membership with Enduce has ended. 
 
For example, Enduce is obliged according to the Accounting Act to preserve certain personal data, e.g. those appearing in invoices and similar accounting documents, for seven years. Personal data kept for accounting purposes will only be used for that purpose.
 
Information about you that is linked to you as a customer will be preserved as long as you are a customer with us. When you can no longer be considered a customer of ours, most of your data will be deleted when it no longer needs to be kept for other purposes. An example of this is that we will retain certain information, such as information about your identity and contact details, for 36 months for marketing purposes after the customer relationship has ended. 
 
For full information on how long we keep your personal data, see the table below. 
 
5. Thinning of personal data
 
Personal data is deleted or depersonalized when the data no longer needs to be preserved and this will take place in accordance with what we described above. 
 
When Enduce performs a thinning of personal data, it cannot be revoked/recreated and when the thinning is performed, no person can be associated with the information that remains.
 

6. Recipients of personal data

Enduce collaborates with and interacts with other companies and we take help from suppliers. We will therefore transfer your personal data and enlist the help of other actors to process your personal data when necessary. The following types of recipients may be relevant:
 
– Supplier Services – Enduce uses services to deliver goods to you. These companies only get access to your contact details and have undertaken not to share your personal data beyond what is necessary to carry out the service.
– Notification services – Enduce uses services to communicate automatically to you, e.g. with confirmations or reminders. These companies only get access to your contact details and have undertaken not to share your personal data beyond what is necessary to carry out the service.
- Online services - In order for you to fill in order confirmations or if we want to carry out a customer survey, Enduce uses online services. These companies then only get access to the information you fill in and have undertaken not to share your personal data beyond what is necessary to carry out the service.
- Payment services - Endunce uses services so that you can make your payments in our webshop. When making your payment, these companies get access to your contact details and payment information. 
- Authorities - Enduce may need to disclose information to authorities if we are required to do so by law or if you have requested us to do so. In some cases, Enduce may be prevented by law from telling you that your personal data has been requested by an authority. 
 
Enduce processes as much of its data as possible within the EU/EEA. If data is transferred to be processed by a supplier or subcontractor outside the EU/EEA, the recipient has always entered into contractual terms with Enduce which ensures that the recipient maintains a level of protection comparable to the EU/EEA.
 
Please note that when you use one of our payment services, these companies will also process your personal data under their own responsibility as they are to be considered as personal data controllers for that part of the service. You will receive more information about those companies when you make a payment. If you want to know how these companies process your personal data, you can find out via their privacy policy or by contacting them.
 
7. Information security
 
As the data controller, Enduce takes appropriate technical and organizational measures to protect the personal data processed in accordance with section 2 of the GDPR. We have specific internal policies and processes to manage information security issues and to prevent and detect leaks.
 
If your personal data is covered by a security incident (so-called "personal data incident"), we may contact you in accordance with Article 34 GDPR.
 
8. Your rights
 
- Withdraw consent: You have the right to withdraw consent to a certain treatment free of charge without this affecting the legality of the treatment before the withdrawal. You do this by sending an e-mail to privacy@enduce.se, or if you are a subscriber to our newsletter, you do it most easily via the link found in the newsletter. 
- Right to limitation of processing: You have the right to request that the processing be limited to storage and to object to the processing. For example, you can choose to unregister from newsletters and other mailings by following a link in these mailings or by sending an e-mail to privacy@enduce.se. 
- Right to object: You can object at any time to the processing of personal data that Enduce bases on its legitimate interest. You can also object at any time to your personal data being processed for direct marketing. If you want to object to a treatment, you do this by contacting us via e-mail to privacy@enduce.se.
- Right of access: You also have the right to request a register extract, in electronic format or on paper. Enduce will compile information about how your personal data is processed and send this to you, normally within a month. You do this by sending an e-mail to privacy@enduce.se.
- Right to rectification: You have the right to request that Enduce correct personal data that you consider to be incorrect and to submit additional personal data (in special cases) if you believe that the personal data that Enduce has processed has given an incorrect image of you. You do this by sending an e-mail to privacy@enduce.se.
- Right to data portability: You can ask us to move your personal data from our IT environment to someone else, either another company or to you by contacting us via e-mail to privacy@enduce.se. This does not apply to data that Enduce is obliged to keep by law.
- Right to deletion: You have the right to request that Enduce delete your personal data. We will then delete personal data that we do not have to keep to fulfill legal obligations. Enduce will also continue to process personal data in certain other cases, including when personal data must be processed to fulfill a contract with you. You do this by sending an e-mail to privacy@enduce.se.
 
If you believe that we have done something wrong or do not live up to this privacy policy, we would like you to contact us in the first instance at privacy@enduce.se, but you always have the right to file a complaint with the Swedish Data Protection Authority, for more information see www.imy .see. 
 
This privacy policy was last updated on July 17, 2023.