GDPR and privacy policy - protection of your personal data

Who is responsible for the personal data we collect?

C2 Vertical Safety AB, corporate identity number 556594-2595 with address Börjegatan 78, 752 29 Uppsala, is the data controller for the company's processing of personal data.

What is personal data and what is processing of personal data?

Personal data is any information that can be directly or indirectly attributed to a natural person. For example, images and audio recordings processed on a computer can be personal data even if no names are mentioned. Encrypted data and different types of electronic identities (e.g. IP numbers) are personal data if they can be linked to natural persons.

Processing of personal data is anything that happens to the personal data. Any action taken with personal data constitutes processing, whether or not it is carried out by automated means. Common processing operations include collection, recording, organisation, structuring, storage, processing, transmission and erasure.

What personal data do we collect about you as a customer and for what purpose (why)?

Purpose	Treatments carried out	Category of personal data
To manage your order/purchase	Delivery Identification and age verification Management of payment	Name Personal/organisation number Contact details (address, e-mail and telephone number) Purchase information (which item(s) have been ordered or if the item is to be delivered to another address). User data for my pages.

Legal basis: Fulfilment of the purchase agreement. This collection of your personal data is necessary to enable us to fulfil our obligations under the contract of sale. If the information is not provided, our obligations cannot be fulfilled and we are therefore obliged to deny you the purchase.

Storage period: We save you as a customer for 36 months, if a new order is placed, the date of deletion is updated by 36 months. Information about your order is saved for 36 months, when the time limit has passed, all customer data on the order will be anonymised.

Purpose	Treatments carried out	Category of personal data
In order to fulfil the company's legal obligations	Necessary processing for the fulfilment of the company's legal obligations under legal requirements, judgments or authority decisions (e.g. the Accounting Act, the Money Laundering Act or the rules on product liability and product safety, which may require the development of communication and information to the public and customers about product alarms and product recalls in the event of, for example, a defective or hazardous product).	Name Personal/organisation number Contact details (address, e-mail and telephone number) Your correspondence Purchase information, timing, any errors/complaints. User data for my pages.

Purpose	Treatments carried out	Category of personal data
To be able to handle customer service enquiries.	Communicating and responding to any customer service queries (by phone or on digital channels, including social media). identification Investigation of possible complaints and support cases.	Name Personal/organisation number Contact details (address, e-mail and telephone number) Your correspondence Purchase information, timing, any errors/complaints. User data for my pages.

Legal basis: Legitimate interest. The processing is necessary to fulfil our and your legitimate interest in handling customer service issues.

Storage period: Until the customer service case is closed.

Purpose	Treatments carried out	Category of personal data
To be able to develop and improve our website and systems for you as a customer.	Adapt the website to be more user-friendly. For example, to simplify the flow of information or to highlight features often used by customers in our digital channels. Preparation of data to develop and improve our product range. Analyses of the data we collect for this purpose. Based on the data we collect (e.g. purchase history, age and gender), you are sorted into a customer group (so called customer segment) for which analyses are then made on an aggregated level using de-identified data, without any link to you as an individual.	Age queue Place of residence Correspondence and feedback regarding and products. purchase and user-generated data (e.g. click and visit history) Technical data concerning the devices used and their settings (e.g. language setting, IP address, browser settings, time zone, operating system, screen resolution and platform). information on how you have interacted with us, i.e. how you have used the website, logging method, where and how long different pages were visited, response times, download errors, how you reach and leave the service, etc.

Legal basis: Legitimate interest. The processing is necessary to fulfil our and our customers' legitimate interest in evaluating, developing and improving our services, products and systems.

Storage period: From collection and for a period of 36 months thereafter.

Who might we share your personal data with?

Data processors.In cases where it is necessary for us to offer our services, we share your personal data with companies that are so-called data processors for us. A data processor is a company that processes information on our behalf and according to our instructions. We have data processors who help us with:

Website provider
Transport (logistics companies and freight forwarders)
IT services (companies that handle the necessary operation, technical support and maintenance of our IT solutions).

When your personal data is shared with data processors, it is only for purposes that are compatible with the purposes for which we have collected the information (e.g. to fulfil our obligations under the purchase agreement). We check all data processors to ensure that they can provide sufficient guarantees regarding the security and confidentiality of personal data. We have written agreements with all data processors whereby they guarantee the security of the personal data being processed and undertake to comply with our security requirements and restrictions and requirements regarding the international transfer of personal data.

Companies that are independent data controllers. We also share your personal data with certain companies that are independent data controllers. The fact that the company is an independent data controller means that we do not control how the information provided to the company is processed. Independent data controllers that we share your personal data with are:

Government authorities (police, tax authorities or other authorities) if we are required to do so by law or in case of a suspected criminal offence.
Companies involved in the general transport of goods (logistics companies and freight forwarders).
Companies offering payment solutions (card acquirers, banks and other payment service providers).

When your personal data is shared with a company that is an independent data controller, that company's privacy policy and personal data management applies.

How long do we keep your personal data?

We never keep your personal data longer than is necessary for the respective purpose. See more about the specific storage periods under each purpose.

Right to erasure

You can request the deletion of personal data we process about you if:

The data are no longer necessary for the purposes for which they were collected or processed.
You object to a balance of interests we have made based on legitimate interest and your reason for objecting outweighs our legitimate interest.
You object to processing for direct marketing purposes.
Personal data is processed unlawfully.
The personal data must be deleted to fulfil a legal obligation to which we are subject.
Personal data has been collected about a child (under 13 years of age) for whom you have parental responsibility and the collection has taken place in the context of offering information society services (e.g. social media).

What is the easiest way to contact us on data protection issues?
Contact us at info@c2safety.com. We may make changes to our policy. The latest version of our privacy policy is always available here on the website.

What are cookies and how do we use them?

A cookie is a small text file that is stored on your computer, tablet or mobile phone when you visit different websites. These text files can then be read by the sites and help to identify you, which is often used for basic functions and other things that improve your user experience.

At C2 Vertical Safety we use the following cookies:
1) Session cookies (a temporary cookie that expires when you close your browser or device).
2) Persistent cookies (cookies that remain on your computer until you delete them or they expire).

3)First-party cookies (cookies set by the website you visit).
4) Third party cookies (cookies set by a third party website. We use these primarily for analyses, such as Google Analytics).
5) Similar techniques (technologies that store information in your browser or device in a manner similar to cookies).
The cookies we use normally improve the services we offer. Some of our services need cookies to function properly, while others improve the services for you. We use cookies for overall analytical information regarding your use of our services and to save functional settings. We also use cookies to target relevant marketing to you.

Can you control the use of cookies?

Yes, your browser or device allows you to change the settings for the use and scope of cookies. Go to the settings of your browser or device to learn more about how to adjust your cookie settings. Examples of things you can adjust include blocking all cookies, accepting only first-party cookies or deleting cookies when you close your browser. Keep in mind that some of our services may not work if you block or delete cookies. You can read more about cookies in general on the Swedish Post and Telecom Authority's website, pts.se.