Personal data responsibility

When you start using CookieTractor, we may process certain personal data about you. Obvi Use AB (Swedish reg. no. 556878-0166) is responsible for these processes. You can always reach us at info@cookietractor.com.

As a customer of the service, you are always responsible for the cookies you place on your website and must inform your website visitors about the purposes and legal basis with these.

Why do we process data about you

Customer

We process data about you as a user of the service for:

• Providing and maintaining the CookieTractor service
• Enter into and administer the agreement with you
• Send receipts
• Stay in touch with you

Legal support for the processing is that we need to process the data in order to fulfill a contract with you, or balance of interests, where our legitimate interest is to be able to provide a cost-effective and competitive service.

Website visitor

We process data about you as a website visitor for:

• Providing and maintaining the CookieTractor service
• Collecting and analyzing statistics

Legal support for the processing is a balancing of interests, where our legitimate interest is to be able to provide a cost-effective and competitive service.

Treatment required by law

We require some processing as a company by law. When we do such processing, it's on the basis that there is a legal obligation.

How long do we save the data

You are never obliged to provide information to us unless required by our agreement. We only store the data for as long as it is needed for the purposes, and we delete all data about you when you stop being our user unless it is required by law (such as the Accounting Act) that we keep it for a longer period than that.

If you have given your consent to the processing, such as when you start a trial period, you always have the right to withdraw your consent to the processing. When you do this, we will immediately delete all information about you.

Who we share the data with

We share your data with our auditors and with the Swedish Tax Agency. These are the data controllers themselves for their operations, and we ensure that the transfer to these is secure.

Furthermore, we have a few subcontractors of our systems to administer our business. It involves storing logs, managing mailings and network solutions (CDNs). We also provide card payments and invoices that another party handles.

With the suppliers, we have ensured that the processing is regulated in a data processing agreement in order to comply with data protection regulations. Subcontractors only process the data within the EU/EEA, or are subject, in the case of third-country transfers, to the EU Standard Data Protection Regulations (SCC) in accordance with Article 46(2)(c) of the General Data Protection Regulation (GDPR). If our suppliers, in turn, engage subcontractors, these are also subject to the standard data protection regulations, or in some cases to EU adequacy decisions under Article 45 GDPR, to binding corporate regulations under Article 47 GDPR, or to other appropriate safeguards under Article 46 GDPR.

You can read more about how our assistants handle personal data here:

• Mailjet (e-mail)
• Hubspot (communication)
• Telia Cygate (server)
• Cloudflare (CDN)
• Bunny.net (CDN)
• Stripe (card payment)

Your rights

You have the right to:

• Get confirmation of whether we process personal data about you and a copy of the data
• Have your data corrected or supplemented if it is incorrect or incomplete
• Have your data deleted once you have given your consent to the processing
• Object to the processing
• Request restriction of processing if you consider it illegal or that we no longer need the data, if you have previously requested an objection or believe that the data is incorrect
• Get your personal data out in a structured and machine-readable format, if the processing is automated

You also have the right to file a complaint with the Swedish Privacy Protection Authority, the supervisory authority. Read more at www.imy.se.