I.A.R. Systems AB
Privacy policy
1. Introduction
This Privacy Policy (the “Policy”) describes how IAR Systems AB, reg. no. 556230-7107 (“IAR”, “we”, “us” or “our”), at the address Strandbodgatan 1, SE-753 23 Uppsala, processes your personal data when you visit and use our website or come into contact with us because of our business, or use of our products and/or services – usually because you represent a corporate customer, supplier or a partner of ours.
We are responsible for the processing of your personal data as described in the Policy in the capacity of data controller. If you would like to know more about our processing of your personal data, you are welcome to contact us, e.g. via the address above or via our email address: privacy@iar.com.
It is important to us that you feel comfortable with how we process your personal data, and we therefore ask you to read through this Policy, which we may update from time to time. If we make changes to the Policy, the new version will apply from the time it is published on our website. At the top of the page, you can see when the Policy was last changed.
2. How we collect your personal data
The personal data we process relating to you is mainly collected from you when you visit and use our website, when you apply for a job opening or when we come into contact with you – e.g., via email, telephone or personal meetings, conferences, conventions or similar occasions. Furthermore, we may collect personal data in connection with your purchase and use of our products and thereto related services (including when downloading software and registering licenses and user accounts), when you send a request for quotation, when you sign up for newsletters and other marketing communications, and when the company that you represent enters into a business relationship with us. We may also collect your personal data from a third party, usually from the company or organization you represent.
3. How we process your personal data
3.1 Introduction
We only process your personal data to the extent permitted in accordance with applicable data protection legislation. This means inter alia that we need to have a legal basis for the purposes for our processing of your personal data, which in our context generally means one of the following legal bases.
Performance of legal obligations – the processing is necessary in order to fulfil our legal obligations according to law or other statutes that we are subject to, or if we are subject to orders or decisions by courts or authorities, which require us to process your personal data.
Legitimate interests – the processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, provided that they are not overridden by your interests or fundamental rights or freedoms (in which case the processing would not be allowed).
When you are acting on behalf of someone else, e.g. in the capacity of representative of a company (which usually is the case), our processing is carried out with reference to our legitimate interest balanced against your interests or fundamental rights or freedoms, where our legitimate interest is to conclude and perform the contract with the company you represent.
Consent – the processing is carried out with your prior consent, where we inter alia are responsible for clearly informing you of what processing you consent to and your right to withdraw your consent in relation to our continued processing.
Below, we explain more about the categories of personal data we process, for what purposes we process them and what legal bases we rely on when processing your personal data, including for how long we store your personal data and who we share your personal data with.
3.2 Customers (including evaluation licenses) and partners.
To manage the conclusion and performance of contracts, providing our products and services, and to further maintain and develop existing business relationships.
|
Purpose |
Processing performed |
Categories of personal data |
|
Administration and communication to conclude or perform a contract between us and the company or organization you represent. To contact and communicate with you in your capacity as a representative for one of our existing customers, or partners, in order to maintain and develop our business relationship with the company or organization you represent. For us to provide our software products, licenses and services to you as a representative of the company or organization that is our customer or partner. Also, for us to control and/or verify, such as by a remote license control solution, that the licenses purchased are used in accordance with our agreement with the company or organization you represent. |
|
|
|
Legal basis: When you are acting in the capacity of representative of a customer or partner to us, our processing is carried out based on our legitimate interests, where our legitimate interest is to conclude, perform and benefit the agreement with the company or organization you represent as well as to maintain and develop our business relationship with the company or organization you represent. |
||
|
Retention time: We process and store your personal data for as long as we have a business relationship with the company or organization you represent, such business relationship can be in the form of a valid license for our software or a partner relationship. We may however need to store your personal data for a longer time for other purposes, e.g. if we need to take measures in order to establish, exercise or defend legal claims. We may also need to store your personal data for a longer time in order to fulfil our legal obligations, e.g. relating to book keeping according to the Swedish Accounting Act (Sw. bokföringslagen (1999:1078)). Evaluation licenses: For you who have registered for an evaluation license, we process and store your personal data according to this Section 3.2 for the duration of such evaluation license but no longer than thirteen (13) months after your registration for an evaluation license on the website. Your personal data will also be processed as a lead, in accordance with Section 3.4 below. |
||
|
Sharing of personal data: We will share your personal data with our suppliers, group companies, official distributors, advisors, and with the organization that you represent. |
||
3.3 Suppliers and vendors
to manage the conclusion and performance of contracts with supplier and vendors, and to further maintain and develop such existing business relationships
|
Purpose |
Processing performed |
Categories of personal data |
|
Administration and communication to conclude or perform a contract between us and the company or organization you represent. To contact and communicate with you in your capacity as a representative for one of our existing suppliers or other business contacts, in order to maintain and develop our business relationship with the company or organization you represent. |
|
|
|
Legal basis: When you are acting in the capacity of representative of a supplier to us, our processing is carried out based on our legitimate interests, where our legitimate interest is to conclude, perform and benefit the agreement with the company or organization you represent as well as to maintain and develop our business relationship with the company or organization you represent. |
||
|
Retention time: We process and store your personal data for as long as we have a business relationship with the company or organization you represent. We may however need to store your personal data for a longer time for other purposes, e.g. if we need to take measures in order to establish, exercise or defend legal claims. We may also need to store your personal data for a longer time in order to fulfil our legal obligations, e.g. relating to book keeping according to the Swedish Accounting Act (Sw. bokföringslagen (1999:1078)). |
||
|
Sharing of personal data: We may share your personal data with our suppliers, group companies, advisors, and with the organization that you represent. |
||
3.4 Leads and opportunities
to create potential business relationships
|
Purpose |
Processing performed |
Categories of personal data |
|
For us to create a business relationship with the company or organization you represent. |
Storage and use for contact and communication with you e.g. via email regarding our business, services and current activities
|
|
|
Legal basis: Legitimate interests, where our legitimate interest is to create a business relationship with the company or organization you represent. |
||
|
Retention time: We store your personal data for a period of twenty-four (24) months after the data was collected. If a business relationship is established between us and the company or organization you represent during this time, we will however continue to process your personal data in accordance with Section 3.2 above. |
||
|
Sharing of personal data: We may share your personal data with our suppliers of IT systems, and group companies. |
||
3.5 Digital marketing, and newsletters
|
Purpose |
Processing performed |
Categories of personal data |
|
To administer and send customized emails, newsletters, and other marketing messages to provide information about our business, services, and current activities with your consent.
|
|
|
|
Legal basis: We only send marketing messages via email to you if the content is relevant in relation to you and the company or organization you represent. Our marketing is then based on our legitimate interests, where our legitimate interest is to be able to market ourselves and our services. |
||
|
Retention time: We process and store your personal data to send marketing messages via email to you as long as you have not opted out from receiving further messages. You are entitled to object to the processing of your personal data for marketing communication. Such opt-out can be done at any time by using the link for opt-out provided in our messages. If you choose to opt out from further communications, we will make a note of this in our business systems. |
||
|
Sharing of personal data: We share your personal data with our suppliers of IT systems and may also share your personal data with our suppliers of marketing services, and group companies. |
||
3.6 Job candidates
To administer recruitment process
|
Purpose |
Processing performed |
Categories of personal data |
|
Selection and recruitment of candidates based on submitted application documents (such as CVs and cover letters), interviews, taking of references, and, where applicable, personality and intelligence tests. To determine whether the conditions for employment and work in the relevant country are met. |
|
|
|
Legal basis: Legitimate interests where our legitimate interest is to be able to evaluate your merits and skills in connection with selections for and decisions on recruitment. Compliance with a legal obligation to document information on education, work experience and other merits relating to those who become employed, according to relevant local legislation (e.g. in Sweden Chapter 2 Section 4 of the Swedish Discrimination Act (Sw. diskrimineringslagen (2008:567)). Compliance with a legal obligation to control and document the right to stay and work in the relevant country and to inform the Tax Agency and the Migration Agency of the employment in accordance with mandatory regulation (in Sweden, see Chapter 9 Section 17 and Chapter 20 Section 12 of the Swedish Aliens Act (2005:716)) and Chapter 6 Section 13 a and Chapter 7 Section 1 b of the Swedish Aliens Regulation (Sw. utlänningsförordningen (2006:97)) |
||
|
Retention time: Data collected about you in connection with your application for a job with us is deleted as a starting point after the recruitment process has ended and no later than two (2) years thereafter. |
||
|
Sharing of personal data: We will share your personal data with our affiliates (to the extent relevant), our supplier of recruiting system and services. |
||
|
In the event you as a candidate becomes an employee of IAR, the processing of your personal data will be governed by the IAR Employee Privacy Policy. |
||
3.7 To fulfil legal obligations or to establish, exercise or defend legal claims
We may process your personal data to fulfil our legal obligations according to law or other statutes that we are subject to, or if we are subject to orders or decisions by courts or authorities, which require us to process your personal data.
We may also process your personal data so that you, we, or the company or organization you represent, or any relevant third party can establish, exercise or defend its legal claims, e.g. in connection with an ongoing dispute.
4. Security measures
We have taken measures to ensure that your personal data is handled in a safe way. For example, access to systems where personal data is stored is limited to our employees and service providers who require it in the course of their duties. Such parties are informed of the importance of maintaining security and confidentiality in relation to the personal data we process. We maintain appropriate safeguards and security standards to protect your personal data against unauthorized access, disclosure or misuse. We also monitor our systems to discover vulnerabilities. In addition, data processing agreements have been entered into with our suppliers of systems and services.
5. How we share your personal data
Access to your personal data is limited to recipients who require such access for the purposes described above or as otherwise stated below. Your personal data will therefore be shared with the following categories of third-party recipients:
- Companies within our group: We will share your personal data with other companies within our group, for example in connection with us sharing our IT system and for administration purposes. If we share your personal data with other companies within our group, we will ensure that the personal data continues to be processed in line with this Policy.
- Service providers: We use third party service providers to manage parts of our business operations, such as CRM and ERP suppliers some of which are cloud based solutions. We will share personal data with such third parties in order for them to supply us with services, e.g. IT infrastructure, operating and hosting services, marketing and communications, financial and payment services, customer services and IT services such as IT support, maintenance and development or services as sub-contractors in connection with our own services. When we use such service providers, we enter into data processing agreements and take other suitable measures to ensure that your personal data is processed in line with this Policy.
- Our partners and sales distributors: We will from time to time cooperate with external parties in order to improve our services and business, e.g. if the company or organization you represent is situated in a country where we do not have an office. Such parties either process your personal data as data controllers according to their own terms and policies for handling personal data, or as our data processors according to our instructions. In the latter case, we enter into data processing agreements and take other suitable measures to ensure that your personal data is processed in line with this Policy.
- Sale or transfer of business or assets: We will share your personal data with a buyer/investor or prospective buyer/investor in the event of a sale, assignment or other transfer of all or parts of our shares, assets or operations. When such transfer occurs, we will take actions to ensure that the receiving party processes your personal data in accordance with this Policy. The purpose of such sharing or processing of your personal data is to allow a (potential) buyer/investor to carry out an assessment of us as a company and, where necessary, take actions and make preparations in the event a sale, assignment or other transfer should occur, where such sharing or processing of your personal data is carried out with reference to the legitimate interests of allowing such assessment, actions and preparations by the (potential) buyer/investor.
- Public authorities: We will share your personal data with public authorities such as the Swedish Police or the Swedish Tax Agency when we are required to do so by e.g., applicable law or other legal statutes or orders or decisions by courts or authorities to fulfil the legal obligation specified therein.
- Accountants and legal advisors: We will share your personal data with accountants and legal advisors to the extent necessary to fulfill our obligations under applicable law, and for us to take necessary measures and actions in relation available to us under our agreements.
6. Where we process your personal data
We process your personal data inside and outside the EU/EEA where our IT-systems are located. Your personal data may also be shared with service providers who, either themselves or by their sub-contractors, are located or have business activities in a country outside the EU or EEA. In such cases, we are responsible for ensuring that the transfer is made in accordance with applicable data protection legislation before it occurs, e.g. by ensuring that the country in which the recipient is located ensures an adequate level of data protection according to the European Commission, or by ensuring appropriate safeguards based on the use of standard contractual clauses that the European Commission has adopted and other appropriate measures to safeguard your rights and freedoms.
You may access a list of the countries that the European Commission has decided provide an adequate level of data protection at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_sv.
You may access the European Commission’s standard contractual clauses at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_sv.
7. Your rights
You have rights in relation to us and our processing of your personal data. Below, you will find information about your rights and how you can exercise them.
Please note that your rights apply to the extent that follows from applicable data protection legislation and that there may be exceptions to the rights where applicable. We also ask you to note that we may need more information from you in order to e.g. confirm your identity before proceeding with your request to exercise your rights.
To exercise your rights or request information about them we ask that you contact us, which is most easily done via email: privacy@iar.com.
7.1 Right to access
You have the right to receive confirmation of whether we process personal data concerning you. If this is the case, you also have the right to access this personal data through a so-called register extract as well as additional information about the processing in question, such as for which purpose or purposes the processing takes place, the categories of personal data concerned and the recipients to whom the personal data have been disclosed.
7.2 Right to rectification
You have the right to, without undue delay, have incorrect personal data about you rectified. You may also have the right to have incomplete personal data completed.
7.3 Right to erasure
You have the right to have your personal data erased without undue delay in the following circumstances:
- The personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- Our processing is based on your consent and you withdraw your consent to the relevant processing;
- You object to the processing that we carry out based on a legitimate interest, and your objection overrides our or another party’s legitimate interest of the processing;
- The processed personal data is unlawfully processed;
- The processed personal data has to be erased for our compliance with one or more legal obligations.
7.4 Right to restriction
You have the right to request that we restrict the processing of your personal data in the following circumstances:
- You contest the accuracy of the personal data during a period enabling us to verify the accuracy of such data;
- The processing is unlawful and you oppose erasure of the personal data and request restriction instead;
- The personal data is no longer needed for the purposes of the processing, but is necessary for you for the establishment, exercise or defense of legal claims;
- You have objected to the processing of the personal data which we carry out based on a legitimate interest, pending the verification whether your objection overrides our or another party’s legitimate interest to continue with the processing.
7.5 Right to object
You have a right to object to our processing of your personal data when it is based on our or another party’s legitimate interest. If you object, we must demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms in order to be allowed to continue with our processing.
7.6 Right to data portability
If our processing of your personal data is based on the performance of a contract with you or your consent, you have the right to receive the personal data you have provided us relating to you in an electronic format. You also have the right to have the personal data transferred from us directly to another data controller, where technically feasible.
We ask you to observe that this right to so called data portability does not cover personal data which we process manually.
7.7 Right to withdraw consent
If our processing of your personal data is based on your consent, you always have the right to withdraw your consent at any time. A withdrawal of your consent does not affect the lawfulness of the processing that took place based on the consent before your withdrawal.
8. Complaints with the supervisory authority
In Sweden, the Swedish Authority for Privacy Protection (Sw. Integritetsskyddsmyndigheten) is the authority responsible for supervising the application of current data protection legislation. If you believe that we process your personal data in a wrongful manner, we encourage you to contact us so that we can review your concerns. However, you may file a complaint with the Swedish Authority for Privacy Protection at any time.
9. Use of cookies
We use cookies on our website to enhance your website experience and to improve the company’s website and services. A cookie is a text file sent from our web server and that is stored in your web browser or on your device. We also use cookies for overall analytical information regarding your use of the company’s services. Collection of information by use of cookies is carried out based on your consent, unless they are strictly necessary in order for you to be able to use our website in an appropriate manner. For more information on how we use cookies, please see our cookie policy.
You have the option to change the settings in your browser for the use of cookies. You have, for instance, the ability to adjust your settings to block all cookies or delete them when you close your web browser.
