What are cookies?
Cookies are small, passive text files with information that are sent from a web server and stored on your computer (or mobile phone, tablet or other device connected to the internet) when you visit a website.
Cookies used on Extenda Retail’s website
A cookie will also be set for visitors that use a very old version of their webbrowser and who decided to procced to the website after being notified that their version of webbrowser isn’t supported.
We use Pardot as Marketing Automation tool. Pardot tracks visitor and prospect activities on our website and on Pardot landing pages by setting cookies on your browsers. These cookies are set in order to remember preferences (like form field values) when a visitor returns to our site.
Pardot sets three cookies: visitor, opt in, and Pardot app session.
|visitor_id||Visitor Cookie: The visitor cookie includes the name “visitor_id” plus the unique identifier for your account, which is derived from the tracking code placed on the site. The value stored is the unique ID for the visitor. For example, cookie name “visitor_id12345″ stores the visitor value “123456789,” where 12345 is the account identifier and 123456789 represents the visitor ID. This cookie is set by our tracking code on visitors and prospects.||2 years|
Opt In Cookie: The persistent cookie named “pi_opt_in” is what we use to stay in compliance with the “Do Not Track” initiative. Pardot’s tracking code can optionally respect these headers and does not use cookie-based tracking for any visitors with that setting enabled.
What is not tracked? Page views, form and landing page views, file downloads and custom redirect clicks.
What is still tracked? Form and landing page submissions and email sends, opens, and clicks.
|pardot||Pardot App Session Cookie: The session cookie named “pardot” is only set if you’re logged into our app as a user (i.e. prospects will not have this cookie set).||2 years|
Pardot sets first-party cookie
Facebook pixel is used to understand how a user uses the website to be able to build a target audience for marketing purposes. The Facebook pixel receives these types of data:
- Http Headers – Anything present in HTTP headers. HTTP Headers are a standard web protocol sent between any browser request and any server on the internet. HTTP Headers include IP addresses, information about the web browser, page location, document, referrer and person using the website.
- Pixel-specific Data – Includes Pixel ID and the Facebook Cookie.
- Button Click Data – Includes any buttons clicked by site visitors, the labels of those buttons and any pages visited as a result of the button clicks.
- Form Field Names – Includes website field names like ‘email’, ‘address’, ‘quantity’ for when you purchase a product or service. We don’t capture field values.
The Insight Tag creates a unique LinkedIn browser cookie (and associated ID) on a visitor’s browser to allow for targeted advertising from LinkedIn, which will be displayed when visiting our websites. The Tag also gives us anonymous feedback on how visitors use our sites. No personal data is collected via the Insight Tag.
Introduction and Purpose
Processing of Personal Data
It is necessary for Extenda Retail to Process Personal Data in order to be able to provide services to customers and in order to conduct its business. Extenda Retail mainly Processes Personal Data related to applicants for employment, contact persons of customers and individuals that represent potential customers. When you use and interact with Extenda Retail’s websites or services, communicate with or otherwise contact Extenda retail or visit our offices or attend our events, Extenda retail may therefore collect, use, share and Process information relating to you.
When processing personal data, Extenda Retail ensures the presence of a legitimate legal ground for the Processing as well as legitimate purpose. Further, Extenda Retail assures that all processing of personal data is necessary. Additionally, Extenda Retail will not process personal data for a longer period than what is necessary. The following sections provide information regarding the Processing of Personal Data conducted by Extenda Retail.
Categories of Personal Data Collected
Extenda Retail collects and processes the following categories of Personal Data:
- Basic contact information such as name, phone number, address and e-mail address;
- Information about age, personal identity number och gender;
- Data concerning employment, title and position;
- Questions and comments that relate to our products;
- Pictures taken of you in our offices;
- Different types of user-information, for example, username and passwords; and
- E-mails and other information regarding e-mail that have been sent to and from Extenda Retail.
To manage customer relations and fulfil commitments according to customer agreements, it is necessary for Extenda Retail to Process Personal Data related to customers’ contact persons or users of our services. Extenda Retail Processes these categories of Personal Data in order to;
- Manage the sale process and contract process with customers;
- Quote products and services at the request of customers;
- Fulfil contractual obligations;
- Provide support services to users of Extenda Retail’s services;
- Improve functionality and to make Extenda Retail’s products and services more usable;
- To maintain Extenda Retail’s products;
- To ensure that Extenda Retail’s products are used in accordance with instructions; and
- To manage customer contracts such as invoicing, orders and administration.
Applicants for Employment
Extenda Retail Processes Personal Data relating to Applicants’ for employment in order to decide whether or not employment is given. The Personal Data is Processed based on consent (if consent is necessary) or because Extenda Retail has a legitimate interest in Processing the applicant’s Personal Data and this interest does not violate the applicant’s right to privacy.
Personal Data about visitors is Processed by Extenda Retail In order to identify visitors. The Processing of Personal Data is based on the legitimate interest in protecting confidential trade secrets and security measures in regards to employees, the premises and all visitors.
Extenda Retail Processes Personal Data regarding potential clients for marketing purposes. This can be made either through the collection of Personal Data at events or at customer meetings. Based on the activity, Extenda Retail might send out marketing offers.
Sensitive Personal Data includes any information that reveals your race or ethnicity, political views, religious or philosophical beliefs, membership in a trade union, as well as personal data regarding your health or private life. Extenda Retail generally does not Process any Sensitive Data about you. In case you provide us with Sensitive Personal Data we will only process such data if we receive your consent for this or if such Processing is legally required. Extenda Retail limits the use of personal identification numbers and only Processes personal identification numbers when needed to ensure your identification.
Collection of Personal Data
Normally Extenda Retail collects Personal Data directly from the Data Subject or from other persons connected to its customers, for example from a manager or a colleague. Sometimes Extenda Retail collects Personal Data from other sources, for example, partners to Extenda Retail dealing with marketing questions, recruitments, public records or from other types of social networks.
Sharing of Personal Data
Extenda Retail may share Personal Data with third parties in the following situations:
- Authorities: The Swedish Tax Agency and other authorities may require that personal data is disclosed by Extenda Retail. In such cases, Extenda Retail will only disclose personal information if there is an authority resolution; and
- Mergers & Acquisitions – In connection with mergers, acquisitions or divisions, the acquiring business and consultants assigned in the acquiring business may need to access the Personal Data that Extenda Retail Processes. Extenda Retail ensures that confidentiality agreements regarding the Processed Personal Data are entered into and that consent is collected when necessary in these situations.
Storage and Protection of Personal Data
Taking into account the type of Personal Data collected and the risk that may arise in the event of an infringement, reasonable and appropriate organisational, technical, and physical measures are in place to protect the Personal Data collected and processed. In regards to the Data Subject’s Personal Data, Extenda Retail ensures the following:
In regards to protecting Personal Data, Extenda Retail ensures:
- prevention of unauthorised access;
- prevention in regards to spreading of the Personal Data;
- that Personal Data is treated with confidentiality; and
- availability of Personal Data in accordance with applicable data protection legislation.
In regards to organisational measures, Extenda Retail ensures that it has:
- appointed an internal working group to continuously develop and assess the company’s work regarding processing of personal data;
- appointed a Data Protection Officer;
- appointed people within each part of the organisation who are responsible for personal data-related questions and issues;
- established incident management procedures for the organisation to act quickly and effectively in the event of a Personal Data incident or Breach;
- implemented training regarding Personal Data management for employees; and
- entered into personal data processing agreements with all customers and suppliers if necessary.
In regards to technical measures, Extenda Retail ensures that it has implemented the following measures:
- classification of Personal Data in order to introduce security measures that correspond to risk assessment;
- assessment of the use of encryption and pseudonymisation to mitigate the risk of Processing Personal Data;
- restriction of access to Personal Data to only those who need access in order to fulfil statutory obligations or obligations arising from contracts;
- the effective use of systems that detect, recreate, prevent and report privacy incidents; and
- the effective use of tools to assess whether the technical and organisational measures taken are sufficient to protect Personal Data.
In order to gain access to Extenda Retail’s premises, access cards are required and parts of the premises are video-monitored.
Duration of Processing
Extenda Retail will only Process Personal Data for as long as it is needed for the purpose for which the data was collected.
The Use of Sub-processors and Transfers to Third Countries
Extenda Retail endeavours to keep Personal Data within the European Economic Area (EEA) but may engage suppliers located outside of the EEA such as other companies within the Extenda Retail Group or companies that assist with our technical support and maintenance of our IT services. Any such Personal Data will always be kept to a minimum relevant for the purpose. No matter where your personal data is transferred, Extenda Retail always takes necessary measures to ensure that the security level and processing is in line with GDPR, for example by using the EU Commission’s Standard Contractual Clauses.
Data Subject’s Rights
In regards to Data Subjects’ own Personal Data, all Data Subjects have the right to:
- request information regarding our Processing of Data Subject’s Personal Data, if any. Please note that Extenda Retail may request certain details about a Data Subject in order to ensure that the information is provided to the correct person and handled in a secure way.
- rectification of Personal Data that Extenda Retail Processes if these are in any way incorrect;
- request us to delete Personal Data we hold about a Data Subject. For example, if the information is no longer necessary to fulfil the purpose it was collected for. Please note that, when legally required, Extenda Retail could decline a request from a Data Subject, for example if the data is needed for tax or bookkeeping purposes, or are necessary to defend legal claims;
- request limitations of the Processing of your Personal Data. Please note that in such cases, Extenda Retail may need to investigate the situation further prior to reaching a decision; and
- have Data Subjects’ data transferred to another Controller. This however requires that the transfer is technically possible and may be carried out automatically and that the processing is based on the fulfilment of an agreement with you.
Extenda Retail is committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, and you are located in the EEA, you have the right to lodge a complaint with the competent supervisory authority