Our processing of your personal data takes place in accordance with the GDPR (and SCC where applicable) and the data protection principles. Below you can read about how we process your personal data that we get access to when you enter into an agreement with us, contact us or when we otherwise come into contact with you.
Customer: refers to a natural or legal person who hires ShipPlace.
Third-party: refers to other than Customer or ShipPlace.
GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
SCC: Commission implementing decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council, or later updated version.
ShipPlace is the personal data controller regarding all processing of personal data performed by us or on our behalf, and we are responsible for ensuring that the processing takes place in accordance with the GDPR (according to the principle of accountability).
In accordance with the principle of data minimization, we only process personal data that is adequate, necessary and relevant to fulfill the purposes for which they were collected.
We mainly process the categories of personal data listed below, which we can access when you contact us, enter into an agreement with us or otherwise in connection with the performance of our services:
In accordance with the principle of purpose limitation, we only process personal data for special, explicitly stated and justified purposes. In addition, any processing is legally justified and legal in accordance with the provisions of the GDPR. Below you can read more about the legal basis and purpose of the processing of personal data.
When you visit our Website:
When we get in touch through e-mail, telephone, social media or contact form:
We can contact you, and you can contact us, through e-mail, telephone or social media and in such case we will have access to your personal data that appears in connection with such contact. For example, we may have access to the following personal information belonging to you: first name, last name, telephone number, e-mail address, user ID from social media (if applicable) and other information that you provide to us. This information is processed by us so that we can know who we are talking to and to keep in touch in the matter. Legal basis for the processing of personal data: Legitimate interest.
When you enter into an agreement with us regarding our services:
We process personal data belonging to the Customer's contact person and/or signatory in order to fulfill the agreement regarding our services. Personal data that we process belonging to the Customer's contact person and/or signatory refers to, among other things, but not exclusively: first name, surname, telephone number, e-mail address. Legal basis for the processing of personal data: Agreement.
We process and store invoices and other items that constitute accounting documents that we are obliged to process and store in accordance with current legislation, such as the Accounting Act (1999: 1078). Accounting documents and vouchers may in some cases contain personal information, such as contact information for the Customer's contact person and/or signatory. Such accounting documents is stored for at least seven (7) years or as long as required by law. Legal basis for the processing of personal data: Legal obligation.
When you register to receive newsletters from us:
You can choose to receive newsletters from us by giving your voluntary and active consent for us to process your e-mail address for that purpose. You can cancel your subscription at any time by clicking on the link in the newsletter to unsubscribe from the newsletters or email us. Legal basis for the processing of personal data: Consent.
Other purposes for our processing of personal data:
If we are obliged by law, court or authority decision to process certain personal data, the processing takes place on the basis of a “legal obligation” as a legal basis. In such cases, the processing takes place only to the extent necessary for us to fulfill our legal obligations and in such cases we process only necessary personal data, for as long as the law requires it (in accordance with the principle of storage limitation).
When a processing of personal data takes place on the basis of a ”legitimate interest” as a legal basis, our assessment is that the processing does not constitute an infringement of your right to privacy. We have come to this conclusion, after making a balancing between, on the one hand, what the processing in question means for your interests and the right to privacy, and on the other hand our legitimate interest in the processing in question. However, we never process sensitive personal data on legitimate interest as the legal basis.
Based on our legitimate interest, we may process personal data in order to:
We strive to store all personal data that we process within the EU/EEA, in accordance with the principle of integrity and confidentiality. If personal data is stored in a country outside the EU/EEA, we shall ensure that such a storage site ensures an adequate level of protection in accordance with the provisions of the GDPR and SCC.
Personal data is stored for as long as it is necessary to fulfill the purposes for which it was collected. When personal data no longer need to be stored for the purposes, they are either deleted (erased) or anonymized, in accordance with the principle of storage limitation.
We follow internal guidelines and written routines regarding erasure and logging of erased personal data, to ensure that the processing of personal data takes place in accordance with the GDPR.
Personal data that is registered in your user account for the Website is stored for as long as your user account is active. You can choose to delete your user account at any time through the user panel or by contacting us and requesting that we delete your user account. Personal data may be stored in our backup storage for up to three (3) months after it has been deleted manually, before all backup-stored copies are permanently deleted.
Personal data that we process is not shared with unauthorized persons. We may share personal data to, for example, authorities or personal data processors that we hire to fulfill our obligations under agreements and current legislation. Below is a short summary of different situations where we can share personal data that we process.
Authorities: We may share personal data that we process if necessary, to prevent, detect, prevent or investigate criminal activity and to protect our interests and our property.
Other service providers: We employ various service providers in their capacity as personal data processors, in order to, among other things:
Examples of service providers that we hire are suppliers of accounting consultant, web developer, document management system, etc.
Before we share any personal data with such service providers, we enter into a data processing agreement with them in accordance with the provisions of the GDPR (alternatively SCC if the personal data processor is located in a country outside the EU / EEA). This is done to ensure a secure and correct processing of personal data.
If you want to know more about which service providers we share your personal data with, you can contact our contact person for personal data matters to request a current overview.
We implement various technical and organizational security measures with a focus on the integrity of the data subjects. The measures are intended to protect against intrusion, abuse, loss, destruction and other changes that may pose a risk to privacy (according to the principle of privacy and confidentiality).
Below are examples of some security measures we implement:
If we process your personal data, you have different rights according to GDPR regarding our processing of your personal data.
Below are the rights you have under the GDPR, right to:
We hereby inform you that some of the rights only apply in certain situations and only if it is legal and possible for us to implement your request. You are welcome to contact us through the contact information provided below, if you would like to invoke any of the above rights regarding your personal data that we process.
We follow the provisions of the GDPR regarding the handling, reporting and documentation of personal data breaches. When required by the GDPR, we will report personal data breaches to the Swedish Authority for Privacy Protection within 72 hours and notify the data subjects affected by the personal data breaches.
If you have any questions or concerns or are dissatisfied with our processing of your personal data, you are always welcomed to contact us. Below are our company details:
Company: Scandinavian Cargo AB.
Company reg. no: 559332–5888.
Postal address: Gyllbyvägen 10, 748 42 Örbyhus.
You can also submit complaints through the form available under the tab "Complaints" on our Website.
We have appointed a contact person for personal data matters who you can contact if you have questions
regarding our processing of personal data.
Name: Grzegorz Kornas.
You also have the right to contact the Swedish Authority for Privacy Protection to submit a complaint.
Name: Integritetsskyddsmyndigheten (IMY).
Phone: 08-657 61 00.
Postal address: Integritetskyddsmyndigheten, Box 8114, 104 20 Stockholm.