Home / About us / Data protection / Privacy Policy

Privacy Policy

June 2021

AddSecure Privacy Policy

AddSecure Group AB, Corporate Identity No. 559210-7402, or the AddSecure Group AB’s subsidiary with which you have a customer relationship, is the personal data controller for your personal data.

We respect and safeguard your privacy, and we want you to feel safe when we process your personal data. All our personal data processing is in accordance with applicable legislation, including the General Data Protection Regulation (2016/679) (“GDPR”) and other applicable national data protection laws.

In this privacy policy (“Privacy Policy”) we inform you on how your personal data and thereto related processing is being handled by AddSecure.

1.   General

In order to provide our products and services to you as a customer and user, we need to process certain personal data about you. In this Privacy Policy, we describe the processing of personal data of our resellers, partners, customers and/or users of our services as well as newsletter subscribers and our websites’ visitors.

This Privacy Policy applies to AddSecure Group AB and its subsidiary companies, as applicable, that are listed at addsecure.com/about-us/data-protection/ (hereinafter jointly referred to as “AddSecure”).

2.   Responsibility for personal data

To the extent AddSecure is the controller for your personal data, AddSecure is responsible for ensuring that personal data is processed in accordance with applicable legislation. You will find our contact information at the bottom of this Privacy Policy (see section12 “Contact information”)

3.   Processing of your personal data

AddSecure processes your personal data in order to provide you with products and services in the best possible manner. Therefore, we use your personal data for the following purposes:

  • Administrative tasks and the execution of contracts, and in order to preserve our legal interests,
  • Marketing, newsletter subscriptions (including customized direct emails),
  • Product development, service development and general business development,
  • Administration in connection with company acquisitions and restructuring, and
  • Providing care phone services by AddSecure Smart Care Oy.

Data submitted by you relating to job applications under our Career site is recorded separately in our recruitment system. More detailed information on how recruitment data is processed and stored by AddSecure as well as type of information processed can be found in this separate Privacy policy.

We never knowingly collect and process any special categories of personal data (i.e. data that would e.g. reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or natural person’s sex life or sexual orientation).

As an exception to this, AddSecure Smart Care Oy processes personal data and information related to health, in connection with its care phone services. Such processing is only conducted in accordance with applicable law and to the extent necessary to secure the organization, planning, implementation and monitoring of the services.

In addition to the above, we never knowingly collect and process personal data from children under the age of 16. If you are a parent of a child under the age of 16 and you are made aware that your child has provided his or her personal data to us, please contact us so that we can remove the data.

The following tables give more information on our processing of your personal data, such as why we use your personal data, what personal data we store and for how long we retain your personal data.

Contract fulfilment

Purpose:
Administrative tasks and the execution of contracts, and in order to preserve our legal interests.
Personal data:
Customer data such as customer number, name, address, telephone number and e-mail address.
Order and payment information such as order history and other payment information.
Login details such as email address and password.
Electronic log files such as mobile data traffic or other data traffic sent to our alarm platforms and other systems.
Sound recordings linked to Support and Customer service errands.
What we do:
We use your personal data to provide, manage and personalize our products and services, and to enable you to login to our web services and provide customer service to you as a user. In a safety-, quality- and educational purpose we might record calls to our Support and Customer service departments.

In the event of a dispute, such as regarding payment, we are entitled to use your information for the purpose of determining, defending or making a legal claim.
Legal basis:
Fulfilment of contracts
To be able to fulfil our contract with you.

Legitimate interest
In the event AddSecure considers that our legitimate interest to determining, defending or making a legal claim outweighs your interest in the protection of your personal data.
Retention period:
Your information will be saved for as long as we have a customer relationship with you and thereafter for up to twenty-four (24) months. Our customer relationship with you applies during the term of the agreement and when you are listed as a contact person or similar and for as long as you interact with us, for example by contacting us. Sound recordings will be retained for a maximum of thirty (30) days.

Certain data, such as payment information, might be retained for a longer period of time if it is needed to comply with AddSecure’s legal requirements (such as mandatory accounting acts, other laws or regulations) or to determine, defend or make a legal claim.
Your rights:
You have the right to object to such processing of your personal data that we do on the basis of a legitimate interest. See section 9 Your rights, for more information.
Information in this table applies to AddSecure.

Marketing

Purpose:
Marketing, newsletter subscriptions (including customized direct email).
Personal data:
Customer data such as customer number, name, address, telephone number and e-mail address.
Surfing habits and visiting history such as IP-addresses, the pages you visited on our website (and others) and how long the visit lasted.
Login details such as email address and password.
What we do:
We use your personal data in the context of our marketing and market segmentation.

Market segmentation, normally means that we categorize our customer base based on the products you have purchased, the services you use, the interest you have shown in our published content and the role you have in the company.

If you are not a customer but wish to take advantage of offers and information about new products and competitions, we need your consent to be able to process your personal data for marketing purposes.

In order for consent to be valid, you are required to give such consent actively. Examples of active consent may be the confirmation of a subscription to a newsletter by ticking a box on the web, filling in information in a web form, requesting information via email, answering yes to a direct question about sending you information, sharing a business card, or similar.
Legal basis:
Legitimate interest
Our marketing is based on legitimate interest when a) the marketing concerns the same product groups or services that the customer has previously used, or b) the recipient in his/her profession will most probably have an interest in the product (only applies in countries where this approach is permitted). In these cases, we consider that our legitimate interest outweighs your interest in the protection of your personal data.

Consent
We will obtain your consent before we include you in newsletter campaigns, when we use cookies or other online tracking methods or when there is no other legal basis for using your personal data.
Retention period:
For our customers: Your information will be saved for as long as we have a customer relationship with you and thereafter for up to twenty-four (24) months. Our customer relationship with you applies during the term of the agreement, when you are listed as a contact person or similar, and for as long as you interact with us, for example by contacting us, visiting our website or clicking on links we have sent via e-mail.

Consent will be retained until you choose to withdraw it.
Your rights:
You have the right to object to such processing of your personal data that we do on the basis of a legitimate interest.

You are always entitled to demand us to stop using your personal data for direct marketing purposes. After that you will no longer be able to receive information and offers that are specifically tailored to you. In any marketing communications you receive from us, you have the option to decline marketing if you no longer wish to receive it. See section 9 Your rights, for more information.
Information in this table applies to AddSecure

Business development

Purpose:
Product development, service development and general business development.
Personal data:
Customer data such as customer number, name, address, telephone number and e-mail address.
Order and payment information such as order history and payment information.
Surfing habits and visiting history such as the pages you visited on our website (and others) and how long the visit lasted.
Purchasing patterns such as information on how you use our services
Electronic log files such as mobile data traffic or other data traffic sent to our alarm platforms and other systems.
What we do:
We use your personal data in the context of our market and customer analysis, which consist mainly of statistics, data from completed market segmentations and customer satisfaction evaluations (however, to the extent possible, we anonymize data before using it for statistical purposes). We then use the results of our analysis as a basis to improve, replace or develop new services, processes or working methods to meet the expectations and wishes of you and other customers. For example, we may wish to use personal data to improve our customer service, offer new packages or customize our website to suit your needs and those of other customers.
Legal basis:
Legitimate interest
We consider that our interest in analyzing the use of our products and services in order to improve, replace or develop the same outweighs your interest in the protection of your personal data.
Retention period:
Your information will be saved for as long as we have a customer relationship with you and thereafter up to twenty-four (24) months. Our customer relationship with you applies during the term of the agreement, when you are listed as a contact person or similar, and for as long as you interact with us, for example by contacting us, visiting our website or clicking on links we have sent via e-mail.
Your rights:
You have the right to object to such processing of your personal data that we do on the basis of a legitimate interest. See section 9 Your rights, for more information.
Information in this table applies to AddSecure

AddSecure restructure

Purpose:
Administration in connection with company acquisitions and restructuring.
Personal data:
Customer data such as customer number, name, address, telephone number and e-mail address.
Order and payment information such as order history and payment information.
Login details such as email address and password.
Surfing habits and visiting history such as the pages you visited on our website (and others) and how long the visit lasted.
Purchasing patterns such as information about how you use our services.
Electronic log files such as mobile data traffic or other data traffic sent to our alarm platforms and other systems.
What we do:
If AddSecure (in whole or in part) is restructured, e.g. by being merged or divided into different entities, or if a third party wishes to acquire AddSecure (in whole or in part) or our customer relationships, AddSecure will disclose relevant personal data to the acquiring company. In such cases, the acquiring company will continue to use your personal data for the same purposes as those set out in this Privacy Policy, if you do not receive any other information in connection with the transfer. An acquiring company shall inform you about its processing separately.
Legal basis:
Legitimate interest
We consider our interest in enabling an acquisition or restructuring process outweighs your interest in the protection of your personal data. However, this assumes that the acquiring company performs similar activities as AddSecure.
Retention period:
If AddSecure ceases to exist, e.g. through merger, liquidation or bankruptcy, or if AddSecure’s customer database is transferred to a company taking it over, we will delete your personal data provided we do not have to retain it to comply with legal requirements.

If AddSecure is acquired by a company or broken up in connection with restructuring, we will continue to retain and use your personal data in accordance with the terms of this Privacy Policy if you do not receive any other information in connection with the transfer.
Your rights:
You have the right to object to such processing of your personal data that we do on the basis of a legitimate interest. See section 9 Your rights, for more information.
Information in this table applies to AddSecure.

Care phone services by AddSecure Smart Care Oy

Purpose:
Providing care phone services by AddSecure Smart Care Oy.
Personal data:
Information on the customer’s state of health, such as relevant diagnoses, preliminary data from the examination or treatment, and information resulting from the examination or treatment, such as the measurement result.
Other information necessary for the provision of the service, such as Safety watch customer’s location, heart rate and activity information, or name and contact information of the customer’s close relative / ICE contact.
Information about the use of the service, such as alerts received by the alarm center and customer visits.
What we do:
We use your information to the extent necessary to ensure the relevant organization, planning, implementation, and monitoring of the care phone service.

Information on customers’ health status is processed at the time of service to assess the situation at hand and the need for care and to determine the right helper.
Legal basis:
Fulfilment of contracts
Your personal data is processed on the basis of a contractual relationship between you as a customer and AddSecure Smart Care Oy.

Explicit Consent
Information on the customer’s health belongs to special categories of personal data. In connection with private customer relationship, health related personal data is processed on the basis of your explicit consent indicated by entering into a customer agreement with us. When we are providing social care services, AddSecure Smart Care Oy’s right to process health data is based on the Finnish Data Protection Act (1050/2018) and its section 6 paragraph 5: processing of information necessary for the service in social care, as well as Article 9 of the GDPR, subsections 2(c): processing is necessary to protect the vital interests of the data subject, and 2(h): processing is necessary for the purposes of the provision of health or social care or treatment or the management of health or social care systems and services.
Retention period:
Information collected on the provision of social welfare services is retained in accordance with the statutory obligations of the industry, generally for thirty (30) years from the end of the service or twelve (12) years from the death of the client. Audio recordings of alarms arriving at the alarm center shall be kept for up to twenty-four (24) months after the alarm was recorded.
Your rights:
See section 9 Your rights, for more information.
Information in this table only applies to AddSecure Smart Care Oy

4.   Where does your personal data come from?

You have provided the personal data we process about you. You provide information such as your name, e-mail address and telephone number when creating a user account, ordering products and services and otherwise using our services.

In order to enter into an agreement with us at AddSecure and to provide you with our products and services, you are required to provide us with certain personal data. If you do not provide the information we need to run our business, we cannot enter into agreement(s) with you or provide you with our products and/or services.

Personal data belonging to AddSecure Smart Care Oy’s customer might also be collected via the customer’s close relative or a legal representative of the customer, or via nursing personnel and other health care professionals, when authorized by the customer.

5.   Automated decision making

We do not use automated processes to make decisions that significantly affect you.

6.   For how long do we retain your personal data?

We will retain your personal data for as long as it is necessary for the purposes for which we collected the personal data covered by this Privacy Policy. In the above tables under section 3 “Processing of your personal data” you can see for how long we retain personal data about you for different purposes.

7.   To whom do we disclose your personal data?

AddSecure may disclose your personal data within the AddSecure Group and to third parties, such as service providers (IT providers, marketing agencies and companies we cooperate with to provide our services and conduct our business) in accordance with the applicable laws and to the extent necessary to fulfil our obligations, to provide our products and services to you or enable our documented legitimate interests.

In some cases, we may also have to disclose information at the request of the authorities or other parties in the context of court or business acquisition processes or similar. In addition, in case of a restructuring of AddSecure, we may disclose your personal data to an acquiring or investing company.

Health related information processed by AddSecure Smart Care Oy will never be disclosed to third parties without your express consent.

8.   Where is your personal data processed?

We are committed to aim at processing your data primarily within the EU/EEA. In special cases, we may transfer your personal data to a country outside the EU/EEA. If personal data is transferred to such a country, we will ensure that your personal data remains protected and that the transfer is executed in accordance with the applicable laws.

In the event you use a service offered by AddSecure outside EU/EEA e.g., a web/mobile application service is used, a data communication service or similar service is used, we refer to the derogations for specific situations (Article 49 GDPR) such as:

a) the data subject (you) has explicitly consented to the proposed transfer,

b) the transfer is necessary for the performance of a contract between the data subject and the controller, or

c) the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the data subject.

Some services offered by AddSecure, or tools used by AddSecure, includes data processing outside EU/EEA. For this kind of data processing, we ensure appropriate protection measures have been taken, such as:

a) there is a decision from the European Commission that the country ensures an adequate level of protection,

b) the service provider used has Binding Corporate Rules (Article 47 GDPR), or

c) the agreement with the service provider includes the EU Commission’s Standard Contractual Clauses for the transfer of personal data to countries outside the EU/EEA.

9.   Your rights

9.1.            Our responsibility for your rights

As the controller, AddSecure is responsible for ensuring that the use of your personal data is in accordance with law and that your rights are taken into account. You can contact us at any time if you want to exercise your rights. You will find our contact details at the bottom of this Privacy Policy (see section 12 “Contact information”).

AddSecure is required to reply to your request to exercise your rights within one (1) month of your enquiry. If your request is complicated or if a large number of requests have been submitted, we are entitled to extend this period by two (2) months. If we believe that we cannot do what you want us to do, we are obliged to notify you, within one (1) month at the latest from the receipt of your request, why we cannot do what you want us to do and inform you that you have the right to complain to the supervisory authority.

All information, communications and all actions we carry out are free of charge to you. However, if what you request in respect of your rights is clearly unfounded or unreasonable, or if you make them repeatedly, we are entitled to refuse to meet your request or to charge an administrative fee for providing it.

9.2.            Your rights of access, rectification, erasure and restriction

You have the right to request the following from AddSecure:

a) Access to your personal data. You have the right to request a summary of our processing of your personal data. You also have the right to receive a copy of the personal data we process.

b) Rectification of your personal data. At your request or on our own initiative, we will correct, anonymize, delete or supplement any information that we discover is inaccurate, incomplete or misleading.

c) Erasure of your personal data. You have the right to request the erasure of your personal data. Deletion should therefore take place if:

  • the personal data is no longer needed according to the purpose of its collection,
  • we process your data on the basis of your consent, and you withdraw it,
  • you object to our processing of your data after a legitimate interest assessment and we cannot demonstrate compelling legitimate grounds for the processing which outweigh your interests and rights,
  • we have used the personal data in an unlawful manner, or
  • we have a legal obligation to delete the personal data.

However, this right does not exist if the processing is necessary for the performance of a legal obligation, the performance of a task carried out in the public interest, or the establishment, exercise, or defense of a legal claim.

If there are legal requirements or other compelling reasons that permit us not to delete your personal data immediately, we will nonetheless stop processing your personal data for purposes other than complying with these compelling reasons.

d) Restriction of processing. This means that we will temporarily restrict use of your data. You have the right to request a restriction when:

  • you believe that your information is incorrect, and you have requested a correction of your personal data, while we are investigating the accuracy of the data,
  • the use of the data is unlawful, and you do not want the data to be deleted,
  • we as a controller no longer need the personal data for our purposes, but you need them to be able to determine, enforce or defend a legal claim, or
  • you have objected to use of the data in accordance with paragraph 3 below, while waiting for assessment of whether our interests outweigh yours.

We at AddSecure will take all reasonable steps we can to notify anyone who has received personal data under section 7 “To whom do we disclose your personal data?”, if we have corrected, deleted or restricted access to your personal data after you have requested us to do so. Upon your request, we will inform you of the parties we have disclosed the concerned personal data to.

9.3.            Your right to object to data use

You have the right to object to certain processing of your personal data on grounds relating to your particular situation, if your data is processed on the basis of legitimate interests or of general interest (see section 3 “Processing of your personal data”). In such cases, we must stop the processing, unless:

a) We can demonstrate compelling legitimate grounds for the processing which overrides your interests, rights and freedoms, or

b) The processing is necessary for the establishment, exercise or defense of legal claims.

If you do not want AddSecure to use your personal data for direct marketing purposes, you always have the right to object to such use at any time by contacting us. Once we have received your objection, we will cease using your personal data for such marketing purposes.

9.4.            Your right to withdraw consent

In cases of data processing where we use your consent as a legal basis (see section 3 “Processing of your personal data”), you can withdraw your consent at any time by contacting us. You will find our contact details at the bottom of this Privacy Policy (see section 12 “Contact information”). If you withdraw your consent, it is possible that you will not be able to use our services as intended.

9.5.            Your right to data portability

You have the right to data portability. This entails the right to obtain certain parts of your personal data in a structured, widely-used and machine-readable format and to transfer this data to another controller. You are only entitled to data portability when the use of your personal data is automated and we base our use on your consent or on an agreement between you and us. This means that, for example, you have the right to obtain and transfer any personal data you have entered to create your user account with us.

9.6.            Your right to complain to the supervisory authority

You have the right to submit any complaints regarding our processing of your personal data to the supervisory authority. In case you wish to lodge such a complaint with your national supervisory authority, you may do so by contacting your local data protection authority (reference to “local” means where you live or work, or where an alleged data breach has occurred).

The relevant authority for you, can be found via the European Data Protection Board.

10.   We protect your personal data

You should always be able to feel safe when you provide us with your personal data. Therefore, AddSecure has taken appropriate and necessary security measures to protect your personal data against, for example improper access, loss, alteration and deletion of data.

11.   Changes to this Privacy Policy

AddSecure reserves the right to make changes to this Privacy Policy from time to time. If we make major changes, you will be given clear information about the changes and what they mean to you before such changes come into effect.

12.   Contact information

Please do not hesitate to contact us at AddSecure if you have any questions about this Privacy Policy, our use and the processing of your personal data or if you wish to exercise your rights.

AddSecure Group AB
Telefonvägen 26
SE-126 26 Hägersten
Sweden
www.addsecure.com
[email protected]