Privacy Notice

Effective date: 04/05/2020

Previous version 1.0:

Download PN

V 1.1

1 General

Eurostep AB, reg. no. 556482-3457 (“Eurostep”) is committed to protecting and respecting your privacy. We want you to feel safe when we process your personal data. By way of this privacy notice (“Privacy Notice”), we want to inform you about how we ensure that your personal data is processed in the right way.

To be able to provide you as a user with our services, we must process personal data about you. This Privacy Notice applies to Eurostep’s processing of your personal data within our business in relation to you as a user of our ShareAspace service when you create a user account through our website and then use our services.

2 Data controller

Eurostep is the data controller for the processing of your personal data and is responsible for ensuring that the processing is made in compliance with applicable law. You find our contact details at the end of this Privacy Notice.

3 Collected personal data

The personal data we process about you is the information you have provided us with when you create a user account and thereafter use our services. You provide us with information such as your name, address, email address and company in connection with the registration of your user account. When you use our service, you provide us with:

  • The IP address of your computer;
  • Information about your computer, your connection mode, such as your internet browser type and version, your operating system, the OS of your mobile or tablet, as well as the unique device identifier (“UDID”) and other technical identifiers;
  • The URL address of your connections, including the date and time, as well as the content you access on ShareAspace cloud;
  • Your location.

To be able to register a user account at Eurostep, and to enable us to provide you with our services, you must provide us with this personal data. If you do not provide us with this information that we need, we unfortunately cannot provide you with a user account or our services.

In order for us to provide you with our services and improve our web and application services, we use cookies and similar technologies that may contain personal data. You can read more about how we use cookies in our cookie policy.

4 Our processing of your personal data

At Eurostep, we use your personal data to provide you with the services we offer in the best way possible, operate our business and meet our obligations and responsibilities to you, applicable laws and directives, and good industry practice. We use your personal data to:

  • Administer and carry out our obligations towards you as user, and safeguard our legal interests,
  • Analyse your use of our services to develop and improve our services,
  • Uphold a high security for our services and prevent misuse and unauthorised usage of our services, and
  • Comply with our legal obligations.
  • For sending you marketing communications.

In the tables below, you are provided with more information about e.g. why we process your personal data, which personal data we keep to achieve the purposes of the processing and for how long we keep your personal data.

We do not use your personal data for any other incompatible purpose and we only keep your personal data for as long as necessary to achieve the purposes of the processing.

Purpose: Administer and carry out our obligations towards you as user and provide you with support and customer services, as well as to safeguard our legal interests in case of a dispute.

Personal data: Contact information such as name, address, email address and company.
Login information such as email address and password, IP address, browser information, device information, date and time.

What we do Legal basis Retention period
We process your personal data to be able to administer and provide you with our services, support and customer services. In case of a dispute, we are entitled to process your personal data to establish, exercise or defend the legal claim. Performance of a contract.

In case of a dispute, we are entitled to process your personal data with legitimate interest as legal basis.

Your personal data is kept during the entire contract period and up to 12 months thereafter.

We may keep your personal data for a longer time period if necessary to establish, exercise or defend a legal claim in case of a dispute.

Purpose: Develop and improve our services.

Personal data: Usage patterns such as information about how you use our services, like what modules you use and how you operate the user interface.

What we do Legal basis Retention period
We record user interaction and usage patterns with our website and our product interface but we do not save the actual information that you store in our service. Legitimate interest, as we assess that our interest of analysing your use of our services with the aim of improving, replacing or developing our services overrides your interest of protection of your privacy. Your personal data is kept during the entire contract period and up to 12 months thereafter.

Purpose: Uphold a high security for our services and prevent misuse and unauthorised usage of our services.

Personal data: Identification information such as username, password and IP address.

What we do Legal basis Retention period
We keep a log over when the user login and from what IP address.

Your  login credentials are stored in Microsoft Azure.

Legitimate interest, as we assess that our interest of discovering and preventing frauds and other security or technical related issues overrides your interest of protection of your privacy. Your personal data is kept during the entire contract period and up to 12 months thereafter.

Purpose: Comply with our legal obligations.

Personal data: Contact information such as name, address and email address.

What we do Legal basis Retention period
We process your personal data to comply with our legal obligations under applicable law, e.g. legislation regarding accounting, audit and tax. Compliance with a legal obligation. Your personal data is kept for as long as necessary to comply with applicable legal obligation such as, e.g., 7 years according to the accounting act.

Purpose: For sending you marketing communications.

Personal data: Contact information such as name, address, phone number and email address.

We may use the personal data you provide to us, as well as the personal data we collect about you from your interactions with our websites, products and services, and from third party sources, for marketing purposes, i.e, to keep you informed about events, new product releases and service developments, alerts, updates, terms, special offers and associated campaigns and promotions or prices. For example, when we collect your business contact details through our participation at trade shows or other events, we may use the information to follow-up with you regarding an event, send you information that you have requested on our products and services and, with your permission, include you on our marketing information campaigns. Before we do so, however, we will, in accordance with the applicable privacy laws in your country, offer you the opportunity to choose whether or not to have your personal data used in this way. We may also contact you regarding products or services similar to those you have already used/purchased or are in the process of using/purchasing.

Our sales representatives may also use your phone number or email address to contact you directly by phone, in connection with our products and services, upcoming events or other promotions, in accordance with the laws applicable in your country.
In all cases, and irrespective of your country, you may at any time choose not to receive marketing communications from us by clicking on the unsubscribe link included in each e-mail you may receive, by indicating so when we call you, by unsubscribing or by contacting us directly at info@eurostep.com

We do our best to tailor your website visit, marketing experience and our communications to your expressed interests and we conduct our marketing as permitted by applicable law. Please note that if you opt-out from marketing communications, we may still contact you regarding your use of our products and services and to respond to your questions or requests.
Personal data used for direct marketing and sales activities will be retained for as long as we have an active relationship with you. We treat you as an inactive contact if (i) you have made a deletion request; and (ii) you have not interacted with us or updated your preferences and contact information in the past 24 months.

5 For how long do we retain your personal data?

We keep your personal data only for as long time as is necessary for the purposes for which they were collected in accordance with this Privacy Notice. When we do no longer need to retain your data, we will remove it from our systems, databases and backups. In the tables above under section 4, you may read more about for how long we keep your personal data for different purposes.

We may be required to keep your personal data for other reasons, such as to comply with legal obligations or to safeguard our legal interest, or for any other important public interest.

6 With whom do we share your personal data?

In some cases, we may share your personal with third parties, such as our IT services providers and companies with which we have a business relationship, for the purpose of providing our services. These IT services providers may only process your personal data in accordance with our instructions. We will therefore share your data with:

  • Microsoft corp.

We use Microsoft Azure services for storage of data as well as for secure login to our services.

  • HubSpot, Inc.

We use Hubspot as our CRM system. In there we store personal data like email, name, company and may relate that to your activity on our public website.

  • Freshworks, Inc.

We use Freshworks as our community system. If you become a part of our user community, your account details like email and name will be visible to us also in Freshworks.

  • Stripe Payments Europe, Ltd.

We use Stripe for handling online payments. Stripe manages all credit card details with no insight from Eurostep, but your purchasing patterns and invoices are visible to us.

  • Octobat

We use Octobat, a plugin to Stripe for managing online payments including taxes.

  • Zapier, Inc.

We use Zapier for transferring contact information between Hubspot, Stripe and Freshdesk.

In certain circumstances, we may be required to disclose your personal data with public authorities or other third parties in connection with court proceedings, corporate acquisitions or similar reasons.  Personal data may also be disclosed in order to comply with legal requirements or other requirements from official authorities or to detect, prevent, or draw attention to frauds or other safety or technical problems.

We will not sell your personal data to anyone else.

7 Where do we process your personal data?

Eurostep will only process your personal data within the EU/EEA. However, we use Microsoft’s products and system services for our IT infrastructure. This means that your personal data will be transferred to Azure servers and processed by Microsoft, which is our data processor. In the case of Eurostep using data processors located outside of EU/EEA, which is the case of Hubspot, Freshworks, Stripe and Zapier; they are all certified under the EU-US Privacy Shield Framework for all personal data received from within the EU and also implements the EU Model Clauses. Privacy Shield is available here and the EU Model Clauses are available here.

8 Automated decision-making

We do not use any automated decision-making which has significant effects on you.

9 Your rights

Eurostep is in the capacity of data controller responsible for ensuring that your personal data is processed in accordance with applicable law and that your rights have an impact on the processing. You may at any time contact us to exercise your rights. You find our contact details at the end of this Privacy Notice.

Eurostep is responsible for answering your request to exercise your rights within one month from our receipt of your request. If your request is complicated, or if we have received a large extent of requests, we are entitled to prolong our response period with two additional months. If we assess that we cannot perform the actions you have requested, we will within one month explain why and inform you about your right to lodge a complaint with the data protection authority.

All information and communication, and all actions we carry out, is at no cost for you. If the action you request is manifestly unfounded or excessive, we are entitled to charge you an administrative fee to provide you with the requested information or carry out the requested action, or refuse to meet your request.

Right of access

You have the right to obtain information about which personal data we hold about you and how we process these data. You also have the right to be provided with a copy of this information.

Right to rectification and erasure

You have the right to have any inaccurate data corrected and completed. In certain circumstances, you also have the right to have your personal data erased, for example if the data are no longer necessary for the purpose for which they were originally collected.

Right to object and right to restrict processing

You have the right to object to your data being used for direct marketing purposes and where we are relying on the lawful basis of legitimate interest for the processing of the data. You also have the right to request the restriction of your personal data, e.g. if you consider that the data are inaccurate.

Right to data portability

You have the right to obtain the personal data that you have provided us with when our lawful basis for processing is consent or for the performance of a contract. The data are provided in a structured, commonly used and machine readable format, and you also have the right to request that the data are transmitted to another data controller where this is technically feasible.

10 Complaints

If you believe that your personal data are being processed in breach of applicable data protection legislation, you have the right to lodge a complaint with the Data Protection Authority (in Sweden Datainspektionen).

11 We protect your personal data

You shall always feel safe when providing us with your personal data. Therefore, Eurostep has implemented appropriate security measures to protect your personal data against unauthorised access, alteration and erasure. In the case of a security breach that may significantly affect you or your personal data, e.g. when there is a risk of fraud or identity theft, we will contact you and inform you of what you can do to reduce this risk.

12 Changes to this privacy notice

Eurostep has the right to make changes to this Privacy Notice at any time. When we make changes that are not only linguistic or editorial, you will be provided with information of the changes and what they mean for you before they become effective.

13 Contact information

Do not hesitate to contact us if you have any questions about this Privacy Notice, our processing of your personal data or if you wish to exercise your rights

Eurostep AB, reg. no. 556482-3457
Postal address: Gustavslundsvägen 137, 167 51 Bromma
Email: info@eurostep.com
Telephone: +46 8 200 440

______________________________