Cellbunq Privacy Policy

Your personal data is very important, and we are committed to ensuring that we process and look after your data complying with EU and international data protection law and industry standards.

This policy aims to inform you about how we treat your personal data and your rights. We believe in transparency and access at all times.

We are a company based in Sweden, where the EU General Data Protection Regulation (GDPR) applies; however, under Swedish law, there may be some derogations and additions; for example, the Swedish Data Protection Act includes complementary provisions to the GDPR. We believe the above legislation offers the highest data protection standards; therefore, we are keen to maintain and uphold these levels in every non-EEA country as well. In addition, this policy also attempts to adhere to other international high standards such as the California Consumer Privacy Act (CCPA).

Please bear in mind that our general business is to check companies’ status and provide this information to you. However, the GDPR does not cover information about companies; this is not classed as personal data. On the other hand, information about the people who work for companies, including shareholders, is personal data and is, therefore, regulated by the GDPR.

The UK Information Commissioner’s Office (ICO) defines personal data as only concerning

” information about natural persons who;

1. can be identified or who are identifiable directly from the information or
2. who can be indirectly identified from that information in combination with other information.”

Our contact details;

Company:  Cellbunq Systems AB t/a Cellbunq

Company Registration number:  559416-5796

Address:  Storgatan 4, 15330 Jarna, Sweden

Email: hello@cellbunq.com

Website: www.cellbunq.com

The types of personal data we collect;

We collect and process the following information.

• Contact details, such as your name and email address
• Business details; information about your company and the people running the company.
• Financial information; concerning payments for our services
• Electronic identifiable data: Cookies, IP address, telephone number, cookies, beacons.
• Electronic location data: tracking technology.
• Information protected against security breaches, e.g. name, password,
• Commercial information, e.g. records of services purchased
• Website activity, e.g. browsing history, search history on our website
• Information from third parties in the course of providing our services to you, for example, government or official company registration websites, land registries, and court registers.
• Information from third-party financial organisations, for example, insurance companies or brokerage firms.

We get the categories of information listed above from the following sources.

1. Directly from you, for example, contact forms you fill in.
2. Indirectly from you, for example, observing your actions on our website, or we may, in some cases, obtain data about you or third parties from a publicly accessible source, for example, Companies House in the UK.

We have also collected the following information for business purposes.

• Auditing
• Detecting security incidents
• Debugging to identify and repair errors
• Short-term uses
• Performing services
• Internal research for technological development and demonstration
• Testing or improving the quality or safety of a service

Why we collect and process information and what we do with it

The information we collect and process is to provide our services to you, including contacting you, sending you information about our services and fulfilling our contractual obligations. We may also need certain information to comply with the law and financial institutions such as the tax office.

Our lawful basis and our legitimate interests

The following are our legal basis or legitimate interest for collecting, processing and storing your data under the GDPR. A legitimate interest can be our own interests or a third-parties interests.

• Data processing is necessary to perform our agreement with you, including responding to your enquiries and forwarding requested orders and correspondence to resolve any issues. Our legal basis is to perform our contract (Article 6(1)(b) GDPR).
• In some cases, for processing your personal data for one or more specific purposes, for example, we may ask you to take part in a questionnaire or feedback, or we may offer you newsletters or send you marketing information; we will ask for your consent as our legal basis. (Article 6(1)(a) GDPR).
• Archiving and retaining data and records to comply with the law or provide proof of transactions or facts secure information in the event of a legal requirement to prove facts. For example, sales invoices required by the tax office. Legal obligation is our legal basis (Article 6(1)(c) GDPR);
• Optimising service processes for sales and after-sales service processes, including complaints. Web traffic analysis, ensuring security within our website and adapting content to your needs. Any allegations, investigations or defences against legal claims. Our legal basis is legitimate interest (Article 6(1)(f) GDPR);

Withdrawing consent

If you have given your consent, you may opt-out or withdraw it at any time by contacting us at. hello@cellbunq.com

Information concerning children

Only children over the age of 13 (this may vary in your jurisdiction) are allowed to give consent for the use of their data. Therefore, we cannot ask for or process data from children under 13 without consent from someone who holds parental responsibility for the child given in writing. However, only people over 18 are allowed to use our website or services, so we do not collect or process data from anyone under 18.

Where we may transfer your information

Under the GDPR, It is not permitted to transfer personal data to a third country unless the transfer data uses the following mechanisms: adequacy decisions, standard contractual clauses, binding corporate rules, certification mechanisms, codes of conduct, so-called “derogations”, etc.

Most of the information we share with you will be from third-party sources. However, all EEA countries, including the EU and the UK, have an adequacy decision. Still, where we need to transfer your data to a third country, we will make sure that we have taken the appropriate steps to ensure that the receiving country will look after your data. In most situations, this will mean an adequacy decision has been made, or we have an agreement in place using the new standard contract clauses (SCC)

who we share information with

We process your information to provide, improve, and administer our Services, communicate with you for security and fraud prevention, and to comply with the law. We may also process your information for other purposes with your consent. However, we process your data only when we have a valid legal reason to do so and will only share your information if we have a legal basis to do so.

Additionally, we may share your data with postal operators (if we need to send you anything through the post), hosting providers, email servers, law firms and accountancy firms, government offices and institutions, tax offices, law enforcement agencies (if we are required to do so by law)

How long do we keep your information before securely getting rid of it?

If you have given consent for us to process your personal data, it will be stored until you withdraw your consent or we no longer need it.

We will keep your personal information only as long as you use our website or until our contract has finished or you have stopped using our Services. However, we do not delete all your data immediately after you have used our services in case you return to use our services again. We will carefully consider how long we store your data and will only keep it if we can justify its retention.

We will delete it when we no longer need your data by removing it from our servers and systems.

Additionally, we may be required to store certain data and information by law, which we must comply with. For example, invoices must be kept for a specific time as tax records (for example, in the UK, it is six years).

Data related to web traffic analysis collected through cookies and similar technologies may be stored until the cookie expires. However, some cookies never expire, so the duration of data storage will be equivalent to the time necessary for us to fulfil the reason for processing your data, such as ensuring security and analysing historical data related to website traffic.

Your Data Protection Rights

You have the following rights under the European General Data Protection Regulation  (GDPR)

The right of access – You have the right to ask us to give you copies of your data. (Article 15 GDPR)

The right to correct data – You have the right to ask us to correct any information you believe is inaccurate. You also have the right to ask us to complete the information you think is incomplete. (Article 16 GDPR)

The right to delete data – You have the right to ask us to delete your data. (Article 17 GDPR)

The right to limit processing – You have the right to ask us to restrict the processing of your data. (18 GDPR) For example, you can ask us to stop processing your data until you have corrected an inaccuracy.

The right to object to processing – You have the right to object to us processing your data.

The right to transfer data – You have the right to ask us to transfer your data to another organisation or directly to you.

The right to make a complaint – You have the right to make a complaint to the Information Commissioner’s Office (ICO) or the equivalent authority in your region.

Consumer residents in California have the following rights under the California Consumer Privacy Act (CCPA). These may be in addition to or complement the GDPR rights set out above.

The right to know about the personal information a business collects about you and how it is used and shared.

The right to delete personal information collected from them (with some exceptions)

The right to opt out of the sale of their personal information.

The right to non-discrimination for exercising your CCPA rights.

 

Do not sell my personal information.

The California Consumer Privacy Act (CCPA) gives you rights concerning how your data or personal information is treated. For example, California residents can opt out of the “sale” of their personal information to third parties. Based on the CCPA definition, “sale” refers to data collection to create advertising and other communications.

However, we are obliged under Californian State law to declare if we have sold any categories of information belonging to a Californian resident in the preceding 12 months. Accordingly, we have not sold any categories of this type of personal data.

Furthermore, we do not sell the personal data of children under 16.

How to opt-out in California

By clicking on the link below, we will no longer collect or sell your personal information. You must be browsing from California to be able to opt out in this way.

Contact us about this policy.

If you have any questions about our privacy policy, the data we hold on you, or if you would like to use one of your data protection rights, please contact us using the information at the beginning of this Privacy Policy.

We have one month to respond to your request.

How to contact an appropriate authority

If you wish to make a complaint or you feel that we have not addressed your concerns satisfactorily, you may visit the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten) website at https://www.imy.se/en/

Or contact them at:

Phone number: +46 (0)8 657 61 00

Email: imy@imy.se

Postal address: Integritetsskyddsmyndigheten, Box 8114, 104 20 Stockholm, Sweden

Or if you are not a Swedish resident, please contact your local Information Commissioner’s Office in your region.