GENERAL PRIVACY POLICY

The Sensys Gatso Group AB and its subsidiaries are committed to provide high quality services to stakeholders for which the required information is collected, needed and processed. This policy outlines our ongoing efforts and obligations how we manage, process, protect and secure specific Personal Data or Privacy Sensitive information of all people involved in our day to day business operations.

We understand, have experience and promote the globally spread and accepted privacy principles , and will protect the confidentiality, integrity and availability of Personal Data, sensitive data and other information regardless from which internal or external stakeholder it originates.

We adhere the European and other privacy and information security regulations in the way we processing Personal Data. Where processing means but is not limited to; collect, use, disclose, store, secure, analyze, distribute and dispose any Personal Data by any automatic or manual method or system. To comply with the above we have adequate information security policies and controls in place with the purpose to protect the confidentiality, integrity, and availability of all (personal) data processed within our systems or by our people.

Collection Personal Data

Personal Data is data and information related to a natural person where a person can be identified directly or indirectly. Examples of Personal Data SGG processes includes but is not limited to: names, addresses, email addresses, phone numbers, licence plates, login credentials, and more.

The Sensys Gatso Group (hereafter SGG) collects Personal Data from various kinds of stakeholders in different ways with the goal to maintain and establish a legitimate business and to achieve our mission. The data collection includes but is not limited to; correspondence, interviews, by telephone, by email, via our external website (e.g. www.sensysgatso.com), software application, from media, publications, cookies and other available sources. Beside that, we collect Personal Data to; deliver, from testing, from commissioning and from maintaining, traffic enforcement systems for our customers as part of our day to day legitimate business operations or as part of a processing such data under contract.

Personal data from (potential) customers, supplier, contractor or other interested parties, is processed as needed or required for communications, to conclude and perform an agreement/contract or to comply to regulations or requirements. Personal data is also necessary in order to be able to efficiently communicate; about what specifications or wishes certain goods or services require, to be able to send or request an offer or to place an order, to be able to transport goods, to be able to pay or send invoices and concerning other aspects and interests of the legitimate business relations, agreement or contract.

Processing Personal Data

Personal Data is processed at and by SGG with the following goals:

1) to achieve our mission in “Making Traffic safer”.

2) to sell, provide and deliver traffic enforcement solutions or services to our customers.

3) to run the company and its subsidiaries in an effective way compliant with; legal, business and accountancy regulations, the general business rules and methods applicable or mandatory for a stock listed company.

Personal Data may also be processed with the following purposes supporting the legitimate business;

1) for legitimate marketing and sales purposes and to provide information to our customers with the goal to make the primary goals possible.

2) for corporate governance, internal and external communication, security, registration, monitoring and Human Resources purposes, when people also can reasonably expect such Personal Data use or disclosure within our company as part to the agreement people have with SGG, for example employees, customers or suppliers. 

In all other cases where we collect Personal Data, we will when appropriate and possible, explain to the people why we are collecting data, for what purpose, and how we plan to use it, and obtain consent. This applies for example to our public websites, newsletters, external surveys, etc.

Direct marketing

We use personal data for marketing purposes, as we have a legitimate interest in using provided personal data to inform known and potential customers and stakeholders, this with the goal to promote and sell our products and services. If signed in on our newsletter via our website, a consent and authorization is granted to us to store and use the provided personal data in order to be able to inform an interested party by  mail of our products, services and company news.

Disclosure of Personal Data

Personal Data collected and processed by SGG shall not be disclosed to other stakeholders or people, however Personal Data is disclosed to others when;

●        Mandatory required or authorised by law.

●        Mandatory to comply with business, financial and accountancy regulations.

●        Requested by authorised government departments, including the justice department.

In all other cases Personal Data shall only be disclosed after consent and approval of the person(s) involved and authorized by the responsible manager.

Security of Personal Data

Personal Data we collect is stored in secured and controlled manners and means, that reasonably and adequately protects the data from misuse, loss, unauthorized access, modification, disclosure or any other compromise.

Access to Personal Data and related or linked information we process, is strictly limited to those persons who are required to process, use or view such sensitive information on a “need to know” and/or legitimate basis to be able to perform their task or job.

Retention of Personal Data

When Personal Data is no longer needed for the purpose it was obtained or collected for, we will take reasonable steps to delete, destroy, or permanently de-identify (pseudonymisation) that Personal Data. However, most of the Personal Data is or may be stored for longer periods of time to comply with regulatory and legal obligations. Which in that cases gives us legitimate reason to retain such data according (legally) specified retention periods applicable for that data.

We will retain personal data of stakeholders for a term of seven years after the end of the financial year in which the legitimate business agreement, contract or service is performed. This seven year period corresponds with the mandatory minimum period for which we are obliged to keep our records available for the tax, accountancy, customs authorities and other legal regulations. We will remove personal data when no longer needed, when irrelevant to the business or when legal retention periods are due. However, personal data may not be deleted and retained for a longer period when required by law, government or official authority.

Access to Personal Data

Access to Personal Data is within SGG strictly limited. But the data subject, which personal data is processed by SGG, has the right to get insight, inspect, correct, limit, object, delete or transfer that data. On requested, we cooperate when a person invokes a right regarding personal data or requests to get insight in how we process, collect or store Personal Data at SGG. However, if Personal Data is processed by SGG under contract, as part of a services we provide to a customer, access to Personal Data is strictly prohibited for the requester unless specifically authorized, in writing, by the responsible controller (customer) of the Personal Data.

Besides the above we use the personal data for legitimate business purposes, as described, therefore SGG will cooperate with a person invoking a right to the extent possible in relation to those business purposes and goals.

Access to processed Personal Data can be requested by submitting a Data Subject Access Request (DSAR) and/or by contacting the SGG Data Protection Officer (see below). In order to protect the Personal Data, we may require identification from the requester before releasing the information. SGG will not charge any fee for access requests, but may charge an administrative fee for providing a copy of or a report about the requested Personal Data.

Quality of Personal Data

It is important to SGG that processed Personal Data is up to date. We will take the reasonable actions to ensure that Personal Data we process is accurate, complete and up-to-date. If a person finds that information we have or process is not up to date or is inaccurate, please notify SGG as soon as possible, so we can update or rectify our records and ensure the integrity of the Personal Data.

Third parties

SGG only collects Personal Data when needed for the organization's purpose or for the legitimate business goals or as required for regulations and legislation or as service under contract where most Personal Data is processed on SGG controlled systems. However, in some occasions we may have to provide information to, or let the Personal Data be processed by third parties. With regards the performance of a possible agreement with a person, customers, supplier or other interested parties it may be necessary to provide personal data to parties that provide a service, supply parts, materials or products to SGG or who performs selected activities and process data under our control. Furthermore SGG uses external server space, cloud services and applications for processing of (parts of) our sales, development, and supply records and our records of business relations. Personal data is included in these records and therefore provided to the service provider under our control. We do not sell Personal Data to a third party when collected by SGG as a controller.

Special information

SGG shall never process or store special personal data or information on any media or system owned by SGG. Special information provides an indication of an individual's ethnic origin, political opinions, membership of a political association, sexual preference, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record, genetic,  biometric  or health information.

In case where SGG may store or process special information it is only done when:

●        Needed to comply with legal and/or business regulations.

●        Required or authorised by law.

●        With consent of the involved.

Special information is strictly controlled and can only be accessed by a few authorized employees (e.g. Human Resources).

Cookies

Our company website www.sensysgatso.com uses cookies, which is a small text file that is saved on the website visitor’s device. A cookie can be either a session cookie or a cookie that is stored for a longer period. A session cookie is deleted when the web browser is closed while a permanent cookie is kept. It is kept so that the website visitor can use in the manner we intend. This can encompass, for example, language choice or other preferences being saved to simplify the website visitor’s next visit.

We use cookies to make the use of our website easier, as well as to adapt its use to the user. The information that is collected via cookies does not, however, include any personal information; it is only used to establish the visitor’s patterns in the use of our web services. When it comes to behaviour no IP addresses are saved to our databases either. Accordingly, as a website visitor, information about you can never be linked to your identity.

Also cookies are used to count and report visitor numbers and traffic. We use so-called third-party cookies from other companies to conduct market surveys and measure traffic.

Via your web browser you can both delete cookies and block our ability to save cookies on your device. However, if you choose to do so a number of functions on will no longer work properly.

Opt-In, Opt-Out or object

For our services SGG uses Opt-In and Opt-Out options. For SGG services a person may need to provide Personal Data and give authorization to SGG to be able to use provided personal data for the described goal(s) and provide access to the user to use the service. (Opt-In). A person can always Opt-Out using the “unsubscribe“ options of the service or by requesting this by contacting SGG in writing.

Besides the above described options, people have the right to object against processing (right to forget) of their Personal Data. If so, please notify SGG who will assess to what extent it is possible to grant the request (see contact section below). Granting may depend on what the purpose is for collecting and processing Personal Data.

Personal Data Breach

In the occasion of a data breach and Personal Data or related data is intentionally or unintentionally; lost, stolen, illegally processed, altered, unauthorized access or distribution cannot reasonably be excluded, or is compromised by any other reason, SGG shall investigate and report the incident, if needed, to the supervising authority when Personal Data is involved.

All SGG employees have the obligation to report any Personal Data breach or incident to the Data Protection Officer (DPO) according our Reporting data leak incidents policy. This also applies when a breach or incident is observed by people outside SGG and reported to an employee. The DPO starts an incident investigation and reports incidents to management and if needed the authorities. The investigation will always be done with utmost care, independence and confidentiality. If a person or a group of persons is involved in the incident, SGG will provide feedback about the incident when needed or reasonably possible.  When a Personal Data incident does not involve SGG but a third party, we as SGG take up our social responsibility and will inform that party about the observed breach or incident within reasonable time and possibility.

Privacy contact at SGG

Personal Data control and protection is of utmost importance to SGG. Therefore, to promote protection, advice and quick access to a contact, SGG has dedicated employees assigned with Data Protection Officer (DPO) tasks at each European office. The DPO’s will independently monitor and control; the processing of Personal Data, the compliance with this Privacy and it’s related policies. The DPO is in the lead and will act as main SGG contact for people, data subjects, authorities, management and other stakeholders involved when a Data Subject Access Request (DSAR) is received or a data breach is investigated.

Any stakeholder or person who want to invoke a privacy right, report a breach, has a request or complaint related to Personal Data we process can contact SGG via:

●        privacy@sensysgatso.com

When a person disagrees with or wants to appeal a DPO answer, investigation or decision, the CEO may be consulted or contacted with the request to mediate in the matter.

Policy publication

This Privacy Policy is made available with the purpose to inform and be transparent to all our interested parties and stakeholders about why we need and how we process and manage collected personal data like; (possible) customers, partners, suppliers, contractors, other relations and employees of the Sensys Gatso Group (SGG).

Policy Update

This Privacy Policy is part of our Management System and may be changed or improved when needed, on request of management or when needed as results of internal audit and control programs. If the policy is updated it is made available and published at the earliest convenience.

Website content

Intellectual property rights

All material on the website, including texts, images and brands, as well as the design and graphic profiles, are the property of Sensys Gatso Group AB or our partners. All use, other than that required to use the website, or copying by you as a user requires Sensys Gatso Group AB’s written approval.

All use in breach of these terms and conditions may result in legal proceedings.

Liability

Sensys Gatso Group AB accepts no liability and provides no guarantees for the quality, functionality or availability of the website or its content. Additionally, where we provide reference to a third party we accept no liability for the material or content of the third party’s website.

Governing law

In the event of disputes arising from the terms and conditions, Swedish law shall apply with the exception of its conflict-of-law rules, with Jönköping District Court as the first court instance.