Privacy Policy

Privacy Policy
Information about the processing of contact persons’ personal data

1. Introduction
This privacy policy for contact persons (“Privacy Policy”) is applicable when Card Group International AB (”Card Group”, ”we”, ”us”, or ”our”) or Card Groups’ affiliates collects or processes personal data about our customers’, franchisees’, master franchisees’ and other companies’ (jointly ”Company”) contact persons and representatives. We want you, in your role as contact person at the Companies that we work with, to feel confident that we handle your personal data in accordance with applicable data protection legislation (“Data Protection Legislation”). The purpose of this Privacy Policy is to explain how we collect and use your personal data as well as how you can exercise your rights.
Card Group is usually the data controller for the processing of personal data. However, there may be situations where an affiliate, a franchisee or a master franchisee is the data controller. This could happen, e.g., when Card Group is providing a service to a franchisee. In these cases, Card Group is the data processor.

If you have any questions or requests relating to this Privacy Policy or our processing of your personal data, please contact us using the contact details set forth in section 9.

2. What information do we collect and for what purposes?
We may usually process the following categories of data about you:

Purpose

Administer our relationship with you and/or the Company you represent, e.g. to be able to:

  • communicate with you;
  • send deliveries of products or other material e.g. product statements or product samples to you;
  • invoice and, if necessary, send reminders;
  • keep statistics of sold products;
  • address any questions regarding products; and/or
  • maintain contact lists.

Categories of personal data

  • Name
  • Phone number
  • E-mail
  • Employer and title
  • Content of correspondence

In some cases we may also process social security numbers.

Legal basis

Legitimate interest

  • The processing is necessary for the purposes of our legitimate interest to administrate the relation between us and the Company that you represent.

Fulfil our legal obligations, e.g. in order to comply with accounting and/or tax legislation.

T.ex.

  • Name
  • Account number or other information about transactions

Legal obligation

  • The processing is necessary to fulfil a legal obligation that is required

Subscription of newsletters, product information and other offers.

  • E-mail
  • Name

Legitimate interest

  • We have a legitimate interest in informing our franchisees, master franchisees, customers or other partners about products and news in Card Group, e.g. new stores and chains, new designs/products, as well as developments in different countries where we have master franchisees and/or franchisees.

Create articles to newsletters.

The types of personal data being processed for this purpose may vary in the individual case, but it may, e.g. concern a name and a picture.

Legitimate interest

  • We have a legitimate interest in creating articles for newsletters (see above for information regarding the subscription of newsletters).

Receive and process your notice of interest in becoming a franchisee or a master franchisee.

Information you provide in your CV and cover letter, e.g.:

  • Name
  • Address
  • Phone number
  • E-mail
  • Title
  • Experience

Legitimate interest

  • The processing is necessary in order for us to process your notice of interest.

Consent

  • If we want to keep your data for possible future collaborations, we will ask you to consent to this.

In addition to the personal data that you provide to us, we may collect information from third parties, e.g. your employer, a franchisee, an information services company, an authority or other public registers.

If you do not provide certain information when requested, we may not be able to perform a contract we have entered into with you and/or we may be prevented from complying with our legal obligations.

We will not use automated decision-making or profiling. We will process your personal data only for the purposes stated in this Privacy Policy. Should we process data for any other purpose than what we collected the personal data for, we will inform you accordingly.

3. Safety measures
We take necessary technical and organisational safety measures to ensure that your personal data is processed in a safe and secure manner. These measures may include the use of firewalls, anti-virus programs, authorization checks and other appropriate safety measures.

4. Transfer of personal data
We may disclose information about you:

  • to our franchisees, master franchisees, customers and/or affiliates;
  • to third parties such as other companies (than the Company you represent), to the extent necessary to fulfil the agreement between us and the Company you represent;
  • to subcontractors providing services to us, e.g. IT systems, cloud services and/or administrative services such as auditing;
  • to the extent that we are required to do so by law;
  • in connection with any legal proceedings or potential legal proceedings; and
  • to establish, exercise or defend our legal rights.

We will not sell personal data about you to third parties.

We may transfer your personal data to a country outside the EEA, e.g., when a master franchisee or IT services supplier operates in such a country. Upon such transfers, we will take all necessary technical and organisational safety measures to ensure the integrity of the transferred personal data and that the security of the processing of the data meets an adequate level of protection in accordance with the Data Protection Legislation.

5. Retention period
We will only keep your personal data as long as necessary in order for us to achieve the purpose it was collected for or as required in order to comply with any mandatory retention periods under applicable law. Thereafter, the data is deleted or anonymised. To determine the retention periods, we consider the requirements of the Data Protection Legislation, government regulations and recommendations from authorities as well as any professional practices.

6. Your rights
In accordance with the Data Protection Legislation, you are at any time entitled to:

  • request information regarding the processing of your personal data and/or receive a free copy of the personal data we hold about you;
  • request that your incorrect personal data is corrected;
  • request that we stop processing and delete your personal data or limit the processing (subject to certain legal obligations preventing us from immediately deleting certain information);
  • oppose the processing of personal data (you are always entitled to object to your personal data being used for direct marketing);
  • recall your voluntary consent, to the extent we process your personal data based on your consent;
  • exercise your right to data portability, in certain circumstances, by transferring the personal data that you have provided to another controller; and
  • lodge a complaint with a competent supervisory authority if you are of the opinion that we process your personal data in breach of the Data Protection Legislation.

The request to exercise any of the above rights shall be made in writing to Card Group and shall be sent to gdpr@cardgroup.com or to the postal address set forth in section 9.

7. Policy amendments
We reserve the right to update this Privacy Policy.
The current Privacy Policy is always available on our website ( www.cardgroup.com/policy-gdpr/). You should check this page occasionally to ensure you are happy with any changes. However, we will notify you of any significant changes to this Privacy Policy, provided that we have your e-mail address.
This Privacy Policy is last updated 28 May 2018.

8. Third party websites
Our website (www.cardgroup.com) contains links to third party websites. We have no control over these websites, and this Privacy Policy does not intend to include how and in which way these websites handle and process personal data.

9. Contact details
Card Group International AB (company reg. no. 556606-6691)
Lötängsgatan 14
SE-803 01 Gävle
Sweden
Telephone: +46 (0)26 611 900
E-mail: gdpr@cardgroup.com