Privacy & Cookies

Understand how we collect and use personal data.


 

Group Employee Data Privacy

 

ConiferSoft AB (Vela Software Sweden AB), also referred to as ConiferSoft, with registered offices at Bengtsfors, Sweden, is committed to maintaining the principles of integrity and trust with respect to the privacy of Personal Data of their Employees and to comply with all related applicable laws and regulations in particular but not limited to:

The European Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing the EU Data Protection Directive” (the “GDPR”) and any implementing legislation enacted by the member states of the European Union (“European Laws”).

As a main principle, employees of ConiferSoft AB employed by a ConiferSoft AB entity in the European Economic Area (“EEA”) are subject to the GDPR and to local data protection laws. Employees who are employed by a ConiferSoft AB entity outside the EEA are subject to the data protection laws of the relevant country where they are employed.

ConiferSoft AB complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal information transferred from the European Union and Switzerland to the United States. ConiferSoft AB has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. 

As part of this commitment, ConiferSoft AB shall protect the privacy of Personal Data disclosed to its Employees (whether about themselves or their household), as well as Personal Data received by ConiferSoft AB from other sources, at all times before, during and after employment.

Subject to all applicable laws and regulations, this Employee Data Privacy General Instruction describes:

  •  The nature of Personal Data that Employees generally disclose to ConiferSoft AB or that ConiferSoft AB may receive from other sources before, during or after employment
  • How ConiferSoft AB collects and uses the Personal Data received
  • The rights of Employees regarding their Personal Data

Definitions

 

“Personal Data” and “Personal Information” are used interchangeably herein and refer to any information that can be used to identify an individual either on its own or in combination with other readily available data (e.g., the individual’s name, title, work location, home address, date of birth, compensation, benefits, or family members).

“Sensitive Data” means Personal Data which reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data, biometric data, or data which concern health, sex life or sexual orientation.

Please note that Personal Data and Sensitive Data may have different definitions depending on your country.

 

Personal Data Collected

 

ConiferSoft AB does not collect, use, or disclose Personal Data without the knowledge of the individual from whom the information is collected unless a lawful basis to do so exists.

Personal Data collected by ConiferSoft AB is required as a consequence of the contractual relationship with its Employees, to enable ConiferSoft AB to carry out its contractual obligations to its Employees. Failure to provide this information may prevent or delay the fulfillment of these obligations.

Subject to applicable laws and regulations, Personal Data collected by ConiferSoft AB on Employee(s) may include the following:

  • Name, date of birth, gender, marital status, dependents, nationality, and identification numbers including social security, driver’s license, tax identification and passport numbers, etc.
  • Home and office addresses, phone numbers (home, office and mobile), home and office e-mail addresses, etc.
  • Background information, including education (schools and dates attended, degrees or diplomas obtained), training, work history (names of former employers, dates of employment, and compensation information), military and veteran status, etc.
  • Medical information, including personal contact, health information, etc.
  • ConiferSoft AB work history, experience, competences, training, compensation information (including salary, bonus, options, and benefits), employment performance, etc.

Use of Personal Data

 

3.1. Purpose and Lawful Basis of the Processing

ConiferSoft AB collects and uses the Personal Data disclosed by the Employees, or received from other sources, in the context of their employment within ConiferSoft AB.

ConiferSoft AB collects and uses the Personal Data of its Employees for the execution of their employment contract, to comply with its legal obligations, and for the purposes of the legitimate interests of ConiferSoft AB.

Failure to provide Personal Data may prevent or delay the fulfillment of these obligations.

ConiferSoft AB collects and uses Personal Data about Employees prior to and throughout employment for the following purposes: to carry out and manage business operations, for staffing assessment and career development purposes (e.g., talent management), to provide remuneration, benefits, and other services such as international mobility, traveling arrangements, and more generally to comply with its legal obligations in its quality of employer.

Sensitive Data shall be processed only where required by local law and only where there is a legitimate purpose for ConiferSoft AB in doing so.

 

3.2. Recipients of Personal Data

To fulfill the purposes mentioned in Article 3.1. of the Employee Data Privacy General Instruction, ConiferSoft AB may disclose Personal Data collected on an Employee to other Employees who reasonably need to receive such Personal Data to perform their duties. In addition, ConiferSoft AB may disclose Personal Data to third parties on a limited and as-needed basis, including without limitation and for example, third parties who advise ConiferSoft AB on compensation and benefit programs and/or administer such programs for ConiferSoft AB, or as otherwise required by law or detailed in this Employee Data Privacy General Instruction.

ConiferSoft AB has implemented a Third-Party Data Privacy Policy that requires such third parties to sign a written agreement that requires them to maintain the confidentiality of Personal Data and prohibits them from disclosing Personal Data to any other person or entity or using such data for any purpose other than that which ConiferSoft AB has engaged them to provide as described in the said agreement, except with certain licensed professionals, such as doctors and lawyers, or in the circumstances below mentioned or in case specific laws and/or regulations do not require so.

In certain circumstances, ConiferSoft AB may be requested or required to disclose Personal Data in response to valid legal process or under applicable laws and/or regulations. Such circumstances may include a search warrant, subpoena, court order or other request from a government or regulatory authority or agency, including to meet national security or law enforcement requirements. ConiferSoft AB reserves the right to disclose such information in response to any such legitimate government or regulatory request or requirement.

ConiferSoft AB may also disclose Personal Data during emergency situations, including without limitation if the physical safety of an Employee or others is believed to be at risk, or to notify family members or government agencies of the location or condition of the Employee.

ConiferSoft AB does not disclose Personal Data to any person or entity for marketing purposes, and absolutely does not sell, rent, or license Personal Information to others.

 

3.3. International Transfer of Personal Data

Subject to applicable laws and/or regulations, Personal Data may be transferred to any country in the world where ConiferSoft AB does business, including countries where privacy laws may be more or less protective than the privacy laws where an Employee lives or works.

In particular, ConiferSoft AB may transfer Personal Data of Employees located in the EEA to countries located outside the EEA. Where appropriate, ConiferSoft AB will ensure that Employees are informed of such transfer and that appropriate transfer mechanisms are in place.

 

3.4. Onward Transfer and Choice

ConiferSoft AB does not intend to disclose or use Personal Data in a manner not described herein. However, should at any time ConiferSoft AB have a need to disclose or use Personal Data in a way that is incompatible with the purpose for which it was collected, ConiferSoft AB will provide Employees with information relating to this purpose and will offer each Employee a choice whether or not to allow such disclosure or use of that Employee’s Personal Data.

In this situation, Employee’s consent must be received in writing (or a legally equivalent electronic form) before ConiferSoft AB disclosure or use of Personal Data in this manner. If an Employee does not consent to such disclosure or use, ConiferSoft AB shall take reasonable measures to remove that individual’s Personal Data before the data is disclosed or used in such a manner.

When the processing of Personal Data is outsourced to a third party, ConiferSoft AB will select reliable third parties and processing will be subject to written agreements between ConiferSoft AB and said relevant third parties. In addition to the provisions provided in Article 3.1. of the Employee Data Privacy General Instruction, the written agreements shall specify that the third party has at least the same adequate level of security measures in place as those implemented by ConiferSoft AB and will only process personal data as per the specific written instructions of ConiferSoft AB and only for the purpose(s) described in the said agreement. ConiferSoft AB shall be held liable in case the third party does not process the Personal Data in an appropriate manner.

 

3.5. Personal Data Security

ConiferSoft AB maintains appropriate technical and organizational measures to process Personal Data on Employees in a secure-access environment and in a manner that complies in all material respects with applicable laws and/or regulations and industry standards to guard Personal Data against loss, destruction, misuse, improper disclosure, and unauthorized access or modification (e.g., encryption, server backups, System Architecture Validation process in place).

 

3.6. Personal Data Retention Period

Personal Data is not kept for longer than necessary to fulfill the purpose for which it was collected. Personal Data will generally not be retained longer than the term of your employment relationship with ConiferSoft AB unless there is any legal or regulatory provision requiring otherwise.

 

3.7. Personal Data Accuracy

ConiferSoft AB relies on the accuracy and integrity of its Employees Personal Data in order to comply with its business obligations. ConiferSoft AB expects its Employees to inform it of any changes to their Personal Data such as changes to contact information, address, marital status, or any information affecting benefits or services provided by ConiferSoft AB.

 

3.8. Rights Over Personal Data

Employees have a right to request access to their Personal Data and to request the rectification of any incorrect or incomplete data. Employees also have the right to data portability, to request the erasure of their Personal Data, to restrict the processing of their Personal Data, as well as to object to their processing by ConiferSoft AB, unless ConiferSoft AB demonstrates compelling legitimate grounds. Employees who are not satisfied with the way ConiferSoft AB processes their Personal Data have the right to lodge a complaint with the competent data protection authority.

Should the Employees have any request for assistance regarding the exercise of their rights as above mentioned, the Employees shall contact their HR manager and/or use the following internal e-mail address:  Company Email. ConiferSoft AB will allow Employee to review his/her Personal Data. However, in certain limited circumstances, ConiferSoft AB may not be able to provide Employees with access to all their Personal Data where such refusal is permitted or required by applicable law or regulation.

Subject to all applicable laws and regulations, should any Personal Data concerning an Employee be found no longer needed, to be inaccurate or incomplete, or if the Employee has withdrawn consent, ConiferSoft AB will take reasonable steps to erase, correct or update the information it maintains unless ConiferSoft AB has a legitimate reason not to do so.

These rights can vary depending on your country. Please consult your local HR manager for a list of your rights under applicable data protection and employment law.

 

Enforcement and Recourse

 

As a general principle, ConiferSoft AB is committed to resolve complaints about collection and/or use of Personal Information.

Any inquiry or complaint regarding this Employee Privacy General Instruction can be referred to Customer.service@conifersoft.com, to the Group VP Compliance Officer, to the Ethics Committee, or to the local Privacy Officer in the country where it is mandatory to have one, who shall alert the Group VP Compliance Officer.

In compliance with the European Laws, ConiferSoft AB will strive to acknowledge any complaint or enquiry and to take all appropriate action to remedy any such issue within one (1) month of receipt. However, if ConiferSoft AB is unable to satisfactorily resolve the issue, ConiferSoft AB will inform the Employee of the reasons preventing the implementation of measures to resolve such issue. As mentioned above in Article 3.8, the Employee has also the possibility to lodge a complaint to the EU local data protection authorities (DPAs). To contact the DPAs directly, please visit: ec.europa.eu/newsroom/article29/.

Under the GDPR, Employees who consider that the processing of their Personal Data infringes their rights have the right to an effective judicial remedy.

In the context of the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework Certification with the Department of Commerce, ConiferSoft AB is subject to the investigatory and enforcement powers of the Federal Trade Commission.

Pursuant to Privacy-Shield Frameworks, an individual has the possibility under certain circumstances to invoke binding Arbitration.

Changes to this Group Employee Privacy General Instruction

ConiferSoft AB reserves the right to make changes to this Employee Data Privacy General Instruction from time to time in order to reflect changes in legal or regulatory obligations, or changes in the manner in which the Personal Data are managed.

 

Third-Party Privacy Policy


 

Summary

 

This Third-Party Privacy Policy describes the manners in which ConiferSoft AB and all Full ConiferSoft AB affiliates (“ConiferSoft AB”), as the data controller, collect, use, and protect Personal Data received from Third Parties and/or Personal Data from its Employees transferred to Third Parties.

ConiferSoft AB agrees to comply in all material respects with all applicable privacy laws, rules, and regulations, including but not limited to: (i) the European Regulation (EU) 2016/679 “on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing the EU Data Protection Directive” (the “GDPR”) and any implementing legislation enacted by the member states of the European Union (“European Laws”).

ConiferSoft AB complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal information transferred from the European Union and Switzerland to the United States. ConiferSoft AB has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.

Affiliates (and their employees) shall not be considered as Third Parties for the purpose of this Third-Party Policy. A separate Group Employee Data Privacy General Instruction applies to ConiferSoft AB employees (including the third-party employees subcontracted to ConiferSoft AB, “the Employees”).

Third Parties include applicants, clients, subcontractors, vendors/suppliers, investors, insurers, and visitors to ConiferSoft AB website (such parties referred to herein individually as a “Third Party” or collectively as “Third Parties”).

By providing Personal Data as below defined to ConiferSoft AB, Third Parties consent to the disclosure and/or collection and use of information as set forth herein unless otherwise required.

 

Definition

 

“Personal Data” and “Personal Information” are used interchangeably herein and refer to information that can be used to identify a Third Party either on its own or in combination with other readily available data (e.g., the individual’s name, title, work location, home address, date of birth, compensation, benefits, or family members). 

“Sensitive Data” means Personal Data which reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data, biometric data, or data which concern health, sex life or sexual orientation.

Please note that Personal Data and Sensitive Data may have different definitions depending on your country.

 

Personal Data Collected

 

ConiferSoft AB collects Personal Data entered by Third Parties on ConiferSoft AB website or through cookies used by ConiferSoft AB as specified below, or given in any other way, such as writings or phone calls during any transactional or administrative communications.

Subject to applicable laws and regulations, Personal Data and/or Personal Information collected may include, but is not limited to, the following:

  • Personal Data such as date of birth, gender, marital status, and identification numbers including social security, driver’s license, tax identification, passport numbers and resume.
  • Contact information such as name, ConiferSoft AB, address, phone number, fax number and e-mail address
  • Financial and billing information such as billing name and address, payment information (which might include credit card and/or bank account information)
  • Additional information such as title, department name, fax number and additional company information, such as shareholder names, annual revenues, number of employees or industry
  • Intended Use of Personal Data

 

Purpose and Legal Basis of the Processing

 

ConiferSoft AB uses Personal Information collected from Third Parties for the purposes of ConiferSoft AB operations and activities management, training programs, and recruiting job applicants.

ConiferSoft AB collects and uses the Personal Data of Third Parties for the execution of its contracts with them, to comply with its legal obligations, on the basis of Third Parties’ consent and for the purposes of the legitimate interests of ConiferSoft AB.

Failure to provide this information may prevent or delay the fulfillment of these obligations.

ConiferSoft AB processes Third Parties’ Personal Data on the following legal basis:

  • Performance of a contract – the use of Third-Party Personal Data may be necessary to perform the contract that you have with us
  • Legitimate interests – ConiferSoft AB may use Third-Party Personal Data for its legitimate interests, as for example to improve our products and services
  • Consent – ConiferSoft AB will rely on Third Parties’ consent to use Personal Data for marketing purposes
  • Legal obligation – to comply with ConiferSoft AB legal obligations

Sensitive Data shall be processed only where required by local law and only where there is a legitimate purpose for ConiferSoft AB in doing so.

 

Recipient of Personal Data

 

To fulfill the purposes mentioned in Article 4.A of the Third-Party Privacy Policy, ConiferSoft AB may disclose Personal Data to Third Parties on a limited and as-needed basis, including without limitation for example, services providers who advise ConiferSoft AB on compensation and benefit programs or administer such programs for ConiferSoft AB, insurers, or as otherwise required by law or detailed in this Third-Party Privacy Policy.

In the event that ConiferSoft AB or any portion of its assets are acquired, sold, or transferred, ConiferSoft AB may disclose Personal Data with the company involved to perform the operation and complete the transition, on a limited basis in compliance with applicable law.

In certain circumstances, ConiferSoft AB may be requested or required to disclose Personal Data in response to valid legal process or under applicable laws and/or regulations. Such circumstances may include a search warrant, subpoena, court order or other request from a government or regulatory authority or agency, including to meet national security or law enforcement requirements. ConiferSoft AB reserves the right to disclose such information in response to any such legitimate government or regulatory request or requirement.

ConiferSoft AB does not disclose or sell any Personal Data received from a Third Party (individual or legal entity) for marketing or any other commercial purpose.

 

International Transfer of Personal Data

 

Subject to applicable laws and/or regulations, Personal Data may be transferred to any country in the world where ConiferSoft AB does business, including countries where privacy laws may be more or less protective than the privacy laws where a Third Party is located.

In particular, ConiferSoft AB may transfer Personal Data of Third Parties located in the European Economic Area to countries located outside the European Economic Area. Where appropriate, ConiferSoft AB will ensure that Third Parties are informed of such transfer and that appropriate transfer mechanisms are in place.

 

Onward Transfer and Choice “Opt In – Opt Out”

 

ConiferSoft AB does not intend to disclose or use Personal Data received from a Third Party in a manner not described herein. However, should at any time ConiferSoft AB need to use Personal Data for a new purpose that is materially different from that for which the Personal Data was originally collected or subsequently authorized, or is to be disclosed to a non-agent Third Party, ConiferSoft AB will provide individuals with an opportunity to choose whether to have their Personal Data so used or disclosed. Requests to opt out of such uses or disclosures of Personal Data should be sent to: Customer.service@conifersoft.com

If Personal Data that qualifies as Sensitive Data is to be used for a new purpose that is different from that for which the Personal Data was originally collected or subsequently authorized, or is to be disclosed to a Third Party, ConiferSoft AB will obtain the Third Parties’ explicit consent prior to such use or disclosure, except if the use or disclosure is in the vital interests of the Third Party or another person; necessary for the establishment of legal claims or defenses; required to provide medical care or diagnosis; necessary to carry out ConiferSoft AB obligations in the field of employment law; or related to data that are manifestly made public by the individual.

If the Third Party does not consent explicitly to such disclosure or use, ConiferSoft AB will take all reasonable measures to remove the Third Party’s Personal Data from the intended disclosure or use.

The same principles apply for the Personal Data received from Employees that is anticipated to be disclosed and/or used to a Third Party as described in the Employee Privacy General Instruction above referred to.

When the processing of Personal Data is outsourced to a Third Party processor, ConiferSoft AB will select reliable Third Parties, and data processing will be subject to a written agreement between ConiferSoft AB and the relevant Third Party processor. This written agreement will require that the Third Party processor: (i) has at least the level of security measures in place as those implemented by ConiferSoft AB, and (ii) will process Personal Data in strict compliance with ConiferSoft AB specific written instructions only for the purpose(s) mentioned in the said agreement. ConiferSoft AB shall be liable in case the Third Party does not process the Personal Data in an appropriate manner.

 

Personal Data Security

 

ConiferSoft AB maintains appropriate technical and organizational measures to process Personal Data collected from Third Parties in a secure-access environment and in a manner that complies in all material respects with applicable laws and industry standards to guard Personal Data against loss, destruction, misuse, improper disclosure, and unauthorized access or modification. These safeguards are routinely tested internally and periodically audited by outside firms.

 

Personal Data Retention Period

 

Personal Data is not kept for longer than necessary to fulfill the purpose for which it was collected. Personal Data will generally not be retained longer than the term of Third Parties’ contractual relationship with ConiferSoft AB unless there is any legal or regulatory provision requiring otherwise.

 

Personal Data Accuracy

 

ConiferSoft AB relies on the accuracy and integrity of Third Parties’ Personal Data in order to comply with its business obligations. ConiferSoft AB expects Third Parties to inform it of any changes to their Personal Data, such as changes to contact information, address, or any information affecting benefits or services provided by ConiferSoft AB.

ConiferSoft AB makes reasonable efforts to ensure that the Personal Data it collects and maintains is reliable for its intended use, and is accurate, complete for the purposes for which it was collected.

 

Rights Over Personal Data

 

Third Parties have a right to request access to their Personal Data and to request the rectification of any incorrect or incomplete data. Third Parties also have the right to data portability, to request the erasure of their Personal Data, to restrict the processing of their Personal Data, as well as to object to their processing by ConiferSoft AB, unless ConiferSoft AB demonstrates compelling legitimate grounds. Third Parties which are not satisfied with the way ConiferSoft AB processes their Personal Data have the right to lodge a complaint with the competent data protection authority.

Should a Third Party have any request for assistance regarding the exercise of their rights as above mentioned, the Third Party shall use the following e-mail address: Company Email Addresses.

ConiferSoft AB will allow a Third Party to review the Third Party’s Personal Data that ConiferSoft AB stores and maintains about that Third Party in his or her personnel file, including information relevant to the use and disclosure of that person’s Personal Data. However, in certain limited circumstances ConiferSoft AB may not be able to provide a Third Party with access to all of his or her Personal Data where such refusal is permitted or required by applicable law or regulation.

Subject to all applicable laws and regulations, should any Personal Data concerning a Third Party be found to be no longer needed, to be inaccurate or incomplete, or if a Third Party has withdrawn consent, ConiferSoft AB will take reasonable steps to erase or correct or update the information it maintains unless applicable laws or regulations exempt ConiferSoft AB from doing so.

These rights can vary depending on your country.

 

Website

 

An individual can access ConiferSoft AB website without providing any Personal Data. However, should you choose, you may provide us with certain Personal Data. ConiferSoft AB may use this information:

  • To correspond with you
  • To allow you to participate in features or services we offer on this website
  • To provide you with a subscription or newsletter
  • To transmit your resume within ConiferSoft AB for possible employment opportunities

If you subscribe to any service provided by ConiferSoft AB through ConiferSoft AB website or otherwise, and you wish to terminate that subscription and have all Personal Data about you removed from any list we maintain, please contact ConiferSoft AB by sending an e-mail to Customer.service@conifersoft.com, informing us of your request. We will promptly make reasonable efforts to remove all Personal Data about you from our data banks. In addition, e-mail communications from ConiferSoft AB inform the recipient how to stop receiving further communication.

ConiferSoft AB does not automatically log Personal Data about visitors to our website. ConiferSoft AB does not use cookies to store Personal Data, nor does ConiferSoft AB link non-Personal Data stored in cookies with Personal Data about specific individuals. We may collect certain non-Personal Data from a visitor to our website such as what browser was used, what pages were accessed, and the Internet address of the service provider in order to compile statistics and analyze this data for trends.

 

Use of Cookies

 

Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.

Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org.

Request Deletion of Personal Information

Update Your Contact Preferences