Our privacy policy

This Privacy Policy explains how and why Exsitec Holding AB, Enterprise Registration No. 559116-6532, and its subsidiary, Exsitec AB, Enterprise Registration No. 556592-7455, and Exsitec AS, Enterprise Registration No. 984489234MVA  (hereinafter "Exsitec", "we", "our" or "us") processes your personal data and what rights you have. The information is aimed at those who visit our websites (www.exsitec.se and www.exsitec.com, i.e. the "website") or our social media platforms, those who work with us or represent one of our customers, suppliers or other business partners, and those who hope to work for us. Different sections of this Policy will therefore be applicable and relevant to you, depending on your relationship with us.

Mail: kundesenter@exsitec.no
Telefon: +47 66855150

Exsitec acts as the Personal Data Controller when processing your personal data in accordance with this Policy. If you have any questions about how we process your personal data or your rights, you are always welcome to contact us. You will find our contact details at the end of this Privacy Policy.

We process your personal data for different reasons, depending on the relationship you have with us.

In most cases, we process personal data that you choose to share with us, either in your professional role as a contact person for one of our customers, suppliers or other partners – or when you contact us regarding job vacancies. In some cases, we also collect personal data from sources other than you directly; e.g. in cases where you or the company you represent intend to enter into or have entered into an agreement with us. We also automatically collect certain kinds of data regarding your use of our website and our other digital channels. However, we do not sell or share personal information to or with third parties, unless such sharing or transfer is stated in this Policy.
You will find more detailed information in the following sections about the kinds of personal data we process about you and why.

Purpose: To maintain, test and improve our website

Processing:

  • Data analyses on the data we collect for the purposes stated above. We analyse the data we process at an aggregate level (without identifying you as an individual) as support for maintaining, testing and improving our websites

Personal data that we process:

  • Information about your visits to our website through cookies (e.g. information about which pages you visited, which links you clicked on, technical data about your device such as IP address, geographical location, browser settings)

Legal basis:

Processing is necessary to satisfy our legitimate interest in maintaining, testing and improving our websites (balancing of interests).

Retention period: Maximum 16 months.

Purpose: To communicate with you when you contact us via e-mail, phone or digital channels

Processing:

  • Processing of your inquires and answering questions
  • Improving services and information that we provide via our websites or other digital channels

Personal data that we process:

  • Names and contact information (such as e-mail addresses, phone numbers and street address)
  • Other data and information that you choose to provide us

Legal basis:

Processing is necessary to satisfy our legitimate interest in communicating with you after you contact us (balancing of interests).

Retention period: During the time your case is ongoing and for a maximum of 28 months thereafter.

Purpose: To prevent and detect misuse of our services, such as security breaches or attacks

Processing:

  • Processing that is necessary to protect our IT environments from attacks and intrusion

Personal data that we process:

  • Information about your visits to our website through cookies (e.g. information about which pages you visited, which links you clicked on, technical data about your device such as IP address, geographical location, browser settings)

Legal basis:

Processing is necessary to satisfy our legitimate interest in protecting our IT environments from attacks and intrusion (balancing of interests).

Retention period: Maximum 28 months.

Purpose: To fulfil our statutory obligations

Processing: 

  • Processing that is necessary in order for us to meet our obligations under the Swedish Accounting Act and other laws and regulations

Personal data that we process:

  • Name of contact persons for suppliers, customers or partners
  • Contact information (e-mail, telephone number etc.) of contact persons
  • If the supplier, customer or partner is an individual company; their enterprise registration number/personal identity number

Legal basis:

Processing is necessary to fulfil our statutory obligations. This often includes keeping data on contact persons for customers, suppliers and partners.

Retention period: For as long as we are obligated to store the data pursuant to the law, and for a maximum of one year thereafter. 

Purpose: To prepare, manage and fulfil agreements with suppliers, customers or other partners

Processing:

  • Processing that is necessary to fulfil our rights and obligations under an agreement with a supplier, customer or other type of partner
  • Ongoing contact with a supplier, customer or partner

Personal data that we process:

  • Name of contact persons for suppliers, customers or partners
  • Contact information (e-mail, telephone number etc.) of contact persons
  • If the supplier, customer or partner is an individual company; their enterprise registration number/personal identity number

Legal basis:

When processing is necessary to fulfil our legitimate interests in fulfilling agreements with our suppliers, customers or partners or, if you provide information to us as a sole proprietor, because it is necessary in order for us to fulfil an agreement or take action that you request before an agreement is entered into.

Processing is also necessary to satisfy our legitimate interest in improving our administrative and managerial tasks and to satisfy agreements with suppliers, customers or other partners

Retention period: For as long as we are entitled or obligated to retain the data under the agreement, and for a period of no more than two (2) years thereafter. You are not required to provide us with your personal data. If we are not allowed to process your personal data, we will not be able to enter and fulfil an agreement (or we will only be able to do so with some delay) and administer the contractual relationship with you or the company for which you represent/for which you are the contact person.

Purpose: To manage complaints, warranties, claims and other similar demands

Processing:

  • Processing that is necessary to manage our rights and obligations under agreements with suppliers, customers and partners

Personal data that we process:

  • Name of contact persons at suppliers, customers or partners
  • Contact information (e-mail, telephone number etc.) of contact persons
  • If the supplier, customer or partner is an individual company; their enterprise registration number/personal identity number

Legal basis:

Being able to administer contracts is necessary in order for us to fulfil our legal obligations and rights. The processing of your personal data in this context is necessary in order to fulfil our legitimate interest in satisfying our legal obligations and to defend our interests against potential claims.

Retention period: A maximum of five (5) years after the guarantee period, liability period and the like – according to the respective agreement until it has expired.

You are not required to provide us with your personal data. If we are not allowed to process your personal data, we will not be able to enter into an agreement and then fulfil that agreement or administer our contractual relationship with you or the company which you represent/for which you are the contact person.

Purpose: For marketing and the like

Processing:

  • Sending information about news, offers, events and similar marketing materials via e-mail and/or other digital channels
  • Personal data that we process:
  • Name and contact details (e-mail, telephone number etc.) of the contact person for the customer, potential customer, supplier, partner or other stakeholders

Legal basis:

Processing is necessary to fulfil our legitimate interest in marketing our products and services and maintain our business relationship with you, and communicate with you in your professional role (balancing of interests or, if you have chosen to subscribe to our newsletter, your consent.)

Retention period: If you are a contact person for any of our existing or previous customers; throughout the contract period and for a maximum period of five (5) years thereafter. If you are a contact person for any of our potential customers; during the time our marketing campaign is in progress. If you have given your consent; until you revoke your consent, which you can easily do in all our mailings by clicking on the unsubscribe link. You always have the opportunity to unsubscribe from future mailings from us at any time. If you unsubscribe, we will immediately cease processing of your personal data for this purpose.

Purpose: To manage and organize our recruitment efforts and to secure evidence regarding potential disputes pertaining to recruitment

Processing:

  • Considerations regarding candidates based on different work experience, qualifications and study results
  • Managing of invitations and booking appointments for interviews, tests, etc.
  • Administration of CVs, cover letters, grades, tests
  • Administration of correspondence with us by e-mail or telephone
  • Transfer of data to our recruitment partners
  • Other processing that is necessary to manage and organize our continuous and/or specific recruitment initiatives

Personal data that we process:

  • Name
  • Personal identity number
  • Address
  • Telephone number
  • E-mail address
  • Images
  • Information about education
  • Information about professional experience
  • Any other information that you may provide to us in your CV or in another way

Legal basis:

Processing is necessary to satisfy our legitimate interest in recruiting personnel and our legitimate interests, and your interests, in communicating these tasks (balancing of interests). Your personal identity number is processed when it is clearly justified with regard to the purpose of the processing and to be able to identify you.

Retention period: Until the application procedure is completed and, with regards to personal data in the form of your name, contact information and the position you applied for, a maximum of three (3) years thereafter.

The collection of data is necessary in order for us to be able to administer your employment application and offer you employment with us. If personal data is not provided, we will not be able to administer your employment application and will thus not be able to offer you employment.

Purpose: To administer future recruitment processes

Processing:

  • Considerations regarding candidates based on different work experience, qualifications and study results that are stored in our potential employee database for future recruitment
  • Managing of invitations and booking appointments for interviews, tests etc
  • Administration of CVs, cover letters, grades, tests
  • Administration of correspondence with us by e-mail or telephone
  • Transfer of data to our recruitment partners
  • Other processing that is necessary to administer and organize our continuous and/or specific recruitment initiatives

Personal data that we process:

  • Name
  • Personal identity number
  • Address
  • Telephone number
  • E-mail address
  • Images
  • Information about education
  • Information about professional experience
  • Any other information that you may provide to us in your CV or in another way

Legal basis:

Your consent. If, after completing the application procedure, you are not offered a position with us, you can request that we delete your data, but in such a case we will not be able to contact you in connection with future recruitment initiatives or job vacancies. 

Retention period: A maximum of three (3) years from the time the application is submitted or at an earlier point in time when you withdraw your consent.

Purpose: To fulfil our obligations and comply with our rights and obligations under applicable labor legislation

Processing:

  • Processing that is necessary to safeguard our rights in the event under applicable legislation

Personal data that we process:

  • The personal data you provided in connection with the application procedure

Legal basis:

Processing is necessary to fulfil our obligations and comply with our rights and obligations under applicable labor legislation (legal obligations)

Retention period: For so long as the application process is ongoing and for a maximum of three (3) years thereafter.

The collection of this type of personal data is required by law. If the information is not provided, we will be unable to fulfil our legal obligations and thus cannot process your application for employment.

The Central Securities Depository, Euroclear Sweden AB, is responsible for processing personal data in the CSD Register, in its function as Personal Data Controller. However, information from the register can be provided to us directly or via the company you represent.

Purpose: To fulfil Exsitec's obligations to you as a shareholder in accordance with the Articles of Association and the Swedish Companies Act.  

Processing: 

  • Processing that is necessary to be able to keep minutes and set the electoral roll at the general meeting.
  • Processing that is necessary to convene a general meeting, lead a general meeting or in connection with other company events.
  • Processing that is necessary to inform shareholders about information concerning Exsitec and its operations.

Personal data that we process: 

  • Contact information consisting of name, address, telephone number and e-mail address
  • Personal identity number
  • Enterprise registration number (if it is possible to connect this to you as a person)
  • Holdings of shares or other financial instruments
  • Any information about legal custodians, pledge and mortgagee as well as any other notes in the CSD Register

Legal basis: 

To fulfil contractual obligations to you in accordance with the Articles of Association and the Swedish Companies Act (legal obligations).

Processing is necessary for Exsitec's legitimate interest in fulfilling its contractual obligations to its shareholders (balancing of interests).

Retention period: For as long as is required by law or the time required to satisfy the purpose of processing.

Purpose: To fulfil Exsitec's obligation under the EU Market Abuse Regulation etc, in particular to keep a list of related parties to persons in senior positions in the company, report insider trading and keep an insider list.

Processing:

  • Establishment of a list of senior executives and their relatives
  • Providing information to close relatives of people in a senior position and necessary administrative tasks
  • When reporting related parties' insider trading to the Swedish Financial Supervisory Authority and other relevant authorities
  • Preparation, updating and managing insider lists and, if necessary, in the transfer of information to the relevant authority

Personal data that we process:

  • Name
  • Contact information such as address, telephone number and e-mail address
  • Personal identity number, if applicable
  • When reporting transactions, other personal data that you provided in your reporting of transactions (insider trading) to us is also processed.
  • In the case of insider lists, other personal data which appears in the list are also processed (such as your position and company data = or written confirmation from you).
  • Other information that you may provide to us.

Legal basis: The obligation that Exsitec has under the EU Market Abuse Regulation ("MAR") and other related statutes and regulations (legal obligation).

Retention period: If you are related to a person in a senior position, we store your personal information during the time when you are close to a person in a senior position, and for five (5) years thereafter. If you are considered to possess insider information and appear on an insider list of ours, the personal data will be retained for 5 years after the date on which the list was established or, if it was updated, for 5 years since the list was updated. 

Exsitec offers the opportunity to receive so-called IR information or other press releases. 

Purpose: To fulfil Exsitec's obligation to send information to interested parties who have applied for information.

Processing: 

  • Processing that is necessary to send the requested information. 

Personal data that we process: 

  • Contact information consisting of name and e-mail address

Legal basis:

The processing of personal data is undertaken on the basis of consent from the data subject (consent).

Retention period: Personal data must be deleted when the interested party has notified that he or she no longer wishes to receive information from Exsitec.

As we have described above, in some cases we process your personal data on the basis of our legitimate interests. If you have any questions or would like to know more about how we come to conclusions in these balancing of interests, you are welcome to contact us.

We share your personal data with companies which process personal data on our behalf, so-called Personal Data Processors. For example, our partners and other suppliers (such as IT and system suppliers who provide operational and development support for our systems and cloud services) are given access to your personal data. We have signed so-called Personal Data Processing Agreements with these parties, which means, among other things, that they are obliged to process the information securely, correctly and in a confidential manner.

Some of our IT suppliers operate outside the EU/EEA. This may therefore result in your personal data being transferred outside the EU/EEA. When such a transfer takes place, we take special protection measures to ensure an adequate level of protection of your personal data, which may, for example, mean that we sign agreements that include the standardized model clauses for data transfer adopted by the European Commission.

Yes, we use cookies to make it easier for you to use our website. You will find more information about our use of cookies on our website.

According to the GDPR, you have a number of rights regarding the processing of your personal data.

  • Right to information. You have the right to receive information about what personal data we process about you and to request an extract of what data is processed.
  • Right to withdraw consent. If you have given your consent to the processing of your personal data, you have the right, at any time, to withdraw your consent for processing going forward.
  • Right to rectification. You have the right to have incorrect information corrected.
  • Right to erasure, the limitation of processing and to object. Under certain conditions, you have the right to have your personal data deleted, to insist that the processing of personal data be restricted or to object to our processing of your personal data.
  • Right to data portability. You have the right to insist that personal data be transferred from us to another company, authority or organization. However, this right is limited to information that you have provided to us.
  • Right to file a complaint. If you have any complaints regarding our processing of your personal data, you have the right to submit a complaint to the Swedish Data Inspection Board.

Exsitec AS uses the following data processor agreement ("databehandleravtale").


Agreement

Underdatabehandlere

  • Amesto Solutions AS, Norge, Danmark
  • Business Analyze AS, Norge
  • InfoBridge Software b.v., Nederland
  • Keyforce Norge AS, Norge
  • Systemhuset Episteme AS, Norge
  • Compello Software AS, Norge
  • SuperOffice Norge AS, Norge
  • Visma Norge AS, Norge
  • Microsoft Norge AS, Norge, Nederland Irland eMarketeer AB, Sverige
  • ZData AS
  • EET Nordic AS (Barex)
  • Exsitec AB
  • Medius AB

Do you want to contact us?

If you want to exercise your rights regarding anything stated above or otherwise want to get in touch with us regarding our processing of your personal data, you can contact us by e-mail at kundesenter@exsitec.no.

______________________

This Privacy Policy was established by Exsitec Holding AB on August 18, 2020. Data processor agreement concerning Exsitec AS was added on March 23, 2022 by Exsitec AS. This agreement is the previous agreement used by Vitari AS (now Exsitec AS).