Customer data policy
To be able to complete the sales process between the customer and PROSE, PROSE must process personal data about the customer. The customer is not obligated to share requested personal data with PROSE, but PROSE may then not be able to process the assignment and fulfil the contract.
1.1 Personal data
Personal data means any information relating to an identified or identifiable natural person ("data subject"). An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, economic, cultural or social identity of that person. An example of personal data is:
• identification/social security number
• email address
• IP address
1.2 Sensitive personal data
Sensitive Personal Data are personal data, revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership; data concerning health or sex life and sexual orientation; genetic data or biometric data. Example of sensitive personal data is:
• personal letter
The term "processing" is very broad. It essentially means anything that is done to, or with, personal data (including simply collecting, storing or deleting those data). Example of processing personal data:
1.4 Data subjects
A data subject is an identified or identifiable natural person. In this case the customer is the data subjects because he or she can be identified through personal data that has been given to PROSE. For example, emails may include the customer's names, physical addresses or phone numbers.
1.5 Data controllers
Data controllers means the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data. PROSE and companies who serve as PROSES main representatives to customers determine the purpose of collecting customers personal data. This makes PROSE the data controllers who is fully responsible for protecting customer data and using it lawfully.
1.6 Data Processers
Data processer means a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller. This could be companies supporting PROSE in some assignment processes and processes the customers personal data to fulfil the assignment processes.
1.7 Data Protection Officer (DPO)
The DPO should inform and advise the controller or the processor and the employees who carry out processing of their obligations pursuant to GDPR and to other Union or Member State data protection provisions. The DPO should monitor compliance with GDPR, with other Union or Member State data protection provisions and with the policies of the controller or processor in relation to the protection of personal data, including the assignment of responsibilities, awareness-raising and training of staff involved in processing operations, and the related audits.
2.1 Why does PROSE need your personal data?
For PROSE to processes and fulfil the customer contract (legal basic), PROSE needs to process the customer's personal data. In addition, PROSE might store and process the customer's data when PROSE has a legitimate interest for it and/or for contact limited to the context of the sale of a product or service and/or for nurturing the business relationship. Personal data in this context means such information that is connected to the fulfillment of the contract and assignment or when a legitimate interest exists, for example name; email address, phone number, performance related data (CV), meetings and decision administration (oral and written), and information required to fulfill obligations in the context of the contract or for email subscription management, events and/or newsletter and other related sales- and marketing information.
2.2 How does PROSE keep your personal data secure?
PROSE uses CRM and IT-systems as well as sales- and IT-processes to keep the customer's personal data and integrity safe and secure against illegal and/or unauthorized processing as well as against physical and/or virtual attacks. PROSE´s employees that have access to customer's personal data, are the ones that need to process the personal data in order to fulfill the requirements mentioned in this policy.
2.3 How PROSE processes the personal data
PROSE will use the customer's contact information and similar information/data in the sales process to establish and nurture good business relations with the customer and/or to fulfil the obligations to the context of the contract, for example, to be able to invite the customer to events, book meetings, send newsletter and other related sales- and marketing information. PROSE will only use the customer's personal data for this purpose.
2.4 How long will PROSE store personal data?
The customer's contact information will be stored for as long as there is a business relationship between PROSE and its customer or in some cases/countries longer to fulfil obligations followed by the local countries laws and regulations. If PROSE would like to keep the customer's contact information/data longer, PROSE will contact the customer and ask for consent.
2.5 How will PROSE store your personal data?
PROSE always strives for your personal data to be processed within the EU/EEA and have all PROSE`s own IT systems available within the EU/EEA.
2.6 Who will PROSE share the information with?
PROSE will only share information about a customer to data controllers and data processers that are working with PROSE and that are compliant with GDPR. An example of data controller/processer is a subcontracting company.
2.7 The customer`s right
The customer can at any time send an email to PROSE´s Data Protection Officer (DPO) and ask to see what information PROSE has processed and stored about them.
The customer does also have the right to ask PROSE to correct data, to withdraw consent, to be forgotten, to restrict processing or be informed about processing. PROSE can only decline this demand if the reason is supported by law, regulations or because the personal data is required to be stored due to a legal matter.
2.7.1 The right for customer data to be deleted on request
The customer can at any time send an email to PROSE´s Data Protection Officer (DPO) and ask that their data should be deleted. PROSE has the right to say no and keep the personal data if there is a specific reason for that, for example if PROSE needs to fulfil obligations against local laws and regulations or because the personal data is required to be stored due to a legal matter.
2.8 The reasons why PROSE is storing your personal data
PROSE needs to store the customer's personal data to fulfil the sales process and assignment services to customer satisfaction.
2.9 Where the processing is based and where PROSE stores personal data
PROSE always strives for your personal data to be processed within the EU/EEA and have all our own IT systems available within the EU/EEA. However, the PROSE Group has offices in Switzerland and will transfer personal data to be processed there. Switzerland is a so called third country, i.e. a country outside of EU/EEA. The EU commission has decided that Switzerland meets the requirement for providing adequate protection.
In those cases, the customer's personal data may be transferred to a country outside the EU/EEA, but within PROSE´s units and companies and in some cases to data controllers and/or data processors who is working for PROSE. Regardless of the country, all employees within the PROSE Group are obligated to work according to PROSE´s sales- and IT -processes in order to protect the customer's personal data and integrity. If PROSE shares your personal data to a data controller/data processor, the data controller/data processor has to be compliant with GDPR. In those cases when PROSE shares personal data within the PROSE Group, but outside EU/EEA, or to a data controller/data processor PROSE would then only share information relevant for the purpose.
In terms of system support and maintenance, PROSE may have to transfer the information to a country outside the EU/EEA, but we would then only share information relevant for the purpose.
Data Protection Officer