top of page
Privacy Policy

If you represent a supplier

If you represent a supplier to 55 Degrees AB (”55 Degrees”, “we”,” our” and ”us”) we at 55 Degrees will process your personal data if you are stated as the contact person for your company or if you in other ways are in contact with us as representative of one of our suppliers. In this privacy policy, you find information about when that is the case, how we process your personal data, and what rights you have when it comes to this data processing.

Our goal is to be as transparent as possible regarding our processing of your personal data – do not hesitate to contact us with any questions you have!

In short

We process your personal data as necessary to:

-      enter into an agreement with your company and administrate our relationship, and

-      when relevant, comply with accounting legislation.

Here you can find all our privacy policies which describe how we process personal data in other situations, e.g., if you visit our website or otherwise are in contact with us.

Your rights

Below you find a detailed description of your rights and how to exercise them.

In summary, you have the following rights:

Below you can read more about:

You will be moved to the relevant paragraph by pressing the selected heading.

When we refer to “your company” in this privacy policy, we refer to your employer or the organisation or public body that you represent.

Who is responsible, and how to contact us?

We at 55 Degrees are generally processing personal data on the instructions of our customers, i.e. as processors. In some situations, we are, however ourselves responsible for the processing of your personal data and acting as controllers. These situations are explained in the charts below.

If you have any questions or if you wish to exercise any of your rights, we are available at:

  • Full name of legal entity: 55 Degrees AB (organization number 559201-6843)

  • E-mail address: privacy@55degrees.se

  • Mailing address: Lilla Nygatan 7, 211 38 Malmö, Sweden

A detailed description of how we process your personal data

 

We collect your personal data directly from you. We may also collect your personal data from your company, if they state you as their representative.

To enter into an agreement with your company and administer our relationship

 

What processing do we perform?

  • Enter into an agreement with your company, including any negotiation between the companies

  • Administrate our relationship with your company (e.g. communicate with our supplier)

What personal data do we process?

Information you or your company provide to us, e.g. name, information about which organisation you represent, position in your company, telephone number, and e-mail address

Our legal basis for the processing

Legitimate interest

Your personal data will be processed based on our legitimate interest to negotiate and enter into an agreement with your company and to administrate the agreement.

 

By carrying out a balancing of interests assessment concerning our processing of your personal data, we have concluded that our legitimate interest in the processing outweighs your interests or rights, which require the protection of your personal data.

If you want more information in relation to our balancing of interests assessments, please do not hesitate to contact us. Our contact details can be found at the beginning of this privacy policy.

Storage period

Your personal data will be deleted if we conclude that we will not enter into an agreement with your company.

 

If your company becomes our supplier, we will store your personal data for this purpose as long as the company you represent is our supplier and until we have evaluated our previous partnership and potential future partnership and up to six months afterward. If we receive information that you no longer represent the company, we will delete your personal data unless your data is included in email communication, agreements, and similar documentation, which we cannot delete – in case of a dispute.

To comply with accounting legislation
 

What processing do we perform?

Store information in accounting material when relevant

What personal data do we process?

Name, history regarding payments made, and other information that constitutes accounting records

Our legal basis for the processing

Legal obligation

The processing is necessary to comply with legal obligations to which we are subject, i.e., accounting legislation.

You need to provide us with this information. Otherwise, we will not be able to administrate our relationship with your company.

Storage period

We will store any document constituting accounting material and the personal data included therein according to the storage period stated in the accounting legislation.

In Sweden, this means that we will store your personal data for seven to eight years, i.e., until and including the seventh year after the end of the calendar year for the fiscal year to which the personal data relates.

 

Who can gain access to your personal data and why?

 

We do not sell your personal data or share it with other parties unless it is necessary. This means that your personal data will be handled by our employees but only by the personnel needing such access to conduct their work.

 

  • We will store your personal data, anonymised when possible, within our IT systems to ensure good and secure IT operations. This means that we share your personal data with our IT suppliers.

  • We will store your personal data within our accounting systems to ensure good and secure financial operations relating to our suppliers. This means that we share your personal data with our accounting suppliers.

The above parties will process these on our behalf and following our instructions. We need to work with third parties to conduct our business. We are responsible for any sharing of your personal data to such suppliers and to ensure that your personal data is safe when shared with third parties. For more detailed information on our suppliers and the information we store with them, please visit our supplier page located at https://support.55degrees.se/space/SECURE/2014216193.

 

Where is your personal data processed?

 

We use EU/EEA vendors that store data in the EU/EEA when possible. However, when we must use suppliers outside of the EU/EEA, your personal data will, in most cases, be processed outside the EU/EEA. These are the cases in which we transfer your data outside of the EU/EEA:

  • When you book a meeting with us, we gather your personal data as a meeting attendee, e.g., your e-mail address. This information about you is entered by you or the company you represent into Calendly, a service that stores data in the USA.

  • When you attend a virtual meeting with us, we store your personal data as a meeting attendee, e.g., your name and e-mail address. This information is stored in Zoom or Microsoft Teams, which store data in the USA.

In the above situations, our suppliers and we rely on Standard Contractual Clauses for the transfer of personal data outside of the EU/EEA. The use of Standard Contractual Clauses is an effort to provide a safe transfer of your personal data. You find a more detailed description of the transfer of personal data at https://support.55degrees.se/space/SECURE/2014216193.

If you want to know more about whom we share your personal data with and how your personal data is transferred, please contact us. Our contact information can be found at the beginning of this privacy policy.

 

What are your rights when we process your personal data? Detailed description

 

You have certain rights that you can exercise to affect how we process your personal data. You can read a more detailed description of what those rights are below.

If you want to know more about your rights or if you want to exercise any of your rights, please contact us, and we will help you.

Right to lodge a complaint with a supervisory authority (Article 77 GDPR)

You have the right to lodge a complaint with a supervisory authority. The supervisory authority in Sweden is the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, the IMY).

In detail: Your right to complain exists without prejudice to any other administrative or judicial remedy. You have the right to lodge a complaint with a supervisory authority in the EU/EEA member state of your habitual residence, place of work, or place where the alleged infringement of applicable data protection laws has allegedly occurred.

The supervisory authority has an obligation of informing you of the progress and the outcome of the complaint, including the possibility of a judicial remedy.

Right to access (Article 15 GDPR)

You have the right to obtain confirmation as to whether we are processing personal data concerning you or not. You can make a request by contacting us. If we process your personal data, you also have a right to obtain a copy of the personal data processed by us and information about our processing of your personal data.

In detail. The information we provide includes the following:

  • the purposes of the processing,

  • the categories of personal data concerned,

  • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations,

  • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period,

  • the existence of the right to request rectification or erasure of personal data or restriction of processing of personal data concerning you or to object to such processing,

  • the right to lodge a complaint with a supervisory authority,

  • if the personal data are not collected from you, we provide you with available information about the source of the personal data;

  • the existence of automated decision-making, including profiling, referred to in Articles 22.1 and 22.4 GDPR and, in those cases, meaningful information about the logic involved, as well as the significance and the predicted consequences of such processing; and

  • where your personal data are transferred to a third country or to an international organization, you have the right to information regarding the appropriate safeguards, pursuant to Article 46 GDPR, put in place for the transfer.

For any further copies of the personal data undergoing processing requested by you, we may charge a reasonable fee based on administrative costs. If you have made the request by electronic means, the information will be provided in a commonly used electronic form unless otherwise requested by you.

Your right to obtain a copy referred to above shall not adversely affect the rights and freedoms of others.

Right to object (Article 21 GDPR)

You have the right to object to our processing of your personal data at any time.

In detail: Your right to object applies as follows:

  • You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data, which is based on our legitimate interest, i.e., Article 6.1 f GDPR. We shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms or for the establishment, exercise, or defense of legal claims.

  • In the context of the use of information society services, you may exercise your right to object by automated means using technical specifications.

 

Right to erasure (“the right to be forgotten”) (Article 17 GDPR)

You have the right to ask us to erase your personal data.

 

In detail. We are obligated to erase your personal data without undue delay if:

  • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed,

  • you object to the processing pursuant to Article 21.1 GDPR, and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21.2 GDPR,

  • the personal data have been unlawfully processed, or

  • the personal data must be erased to comply with a legal obligation in Union or Member State law that applies to us.

 

Where we have made the personal data public and are obliged in accordance with the rights stated above to erase the personal data, we shall, taking account of available technology and the cost of implementation, take reasonable steps, including technical measures, to inform other controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

We will notify any erasure of personal data carried out in accordance with your rights stated above to each recipient to whom the personal data have been provided to unless this proves impossible or involves disproportionate effort. If you want information about those recipients, you are more than welcome to contact us.

 

Please note that our obligation to erase and inform according to the above shall not apply to the extent processing is necessary:

  • for exercising the right of freedom of expression and information,

  • for compliance with a legal obligation that requires processing by Union or Member State law that applies to us, or

  • for the establishment, exercise, or defense of legal claims.

 

Right to rectification of processing (Article 16 GDPR)

You have the right to obtain, without undue delay, the rectification of inaccurate personal data concerning you. 

In detail: Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

We will communicate any rectification of personal data to each recipient to whom the personal data have been provided unless this proves impossible or involves disproportionate effort. If you want information about those recipients, you are more than welcome to contact us.

 

Right to restriction of processing (Article 18 GDPR)

You have the right to obtain from us restrictions on the processing of your personal data.

In detail: Your right applies if:

  • the accuracy of the personal data is contested by you, during a period enabling us to verify the accuracy of the personal data,

  • you have objected to processing pursuant to Article 21.1 GDPR pending the verification of whether our legitimate grounds override yours,

  • the processing is unlawful, and you oppose the erasure of the personal data and instead request the restriction of their use, or

  • you need the personal data for the establishment, exercise, or defense of legal claims even though we no longer need the personal data for the purposes of the processing.

Where the processing has been restricted according to the above, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

We will notify you before the restriction of the processing is lifted. We will also communicate any restriction of processing of personal data carried out in accordance with your rights stated above to each recipient to whom the personal data have been provided to, unless this proves impossible or involves disproportionate effort. If you want information about those recipients, you are more than welcome to contact us

responsible
description
access
where
rights
rights-complaint
rights-access
rights-object
rights-erasure
rights-rectify
rights-restrict
enter-agreement
comply

This privacy policy was adopted on January 16, 2023.

bottom of page