‍Privacy Policy at KGK

This Privacy Policy describes how KGK handles personal data.

When using our services, our customers and users may provide personal data to us as individuals or as representatives of a company. We are the data controller for your personal data and their processing in accordance with this Privacy Policy.

1. What data do we process?

We collect personal data, such as name, surname, company name, professional title, email address, telephone number and payment information when you use our services, including when you register a user account, enter into a contract, order services, provide payment information or otherwise provide your personal data to us.

2. Purpose of processing personal data

Personal data of customers and potential customers are stored for the following purposes: Administration of sales of KGK products and services, marketing and preparation of quotation proposals.

3. Legal basis

According to the current data protection regulation, there must be legal support, a so-called legal basis, for our processing of your data to be lawful and necessary.

Below are the legal bases we use.

1) Performance of contracts

We process only the necessary data to identify you about the customer or user in order to process and deliver orders in accordance with your contract.

(2) Legal obligation

We process your data for the purpose of fulfilling our statutory obligations, such as your billing information under the Accounting Act.

3) Balance of interests

We process your data to develop our services, processes and to market our products and services directly to you.

4th) Consent

In some cases, by subscribing to our website, you may receive our newsletters and marketing materials, or through web forms submit your request for our products and services, or in other circumstances consent to our processing of your data. Then you agree that we process your data only for the stated purpose.

4th. Recipients of the data

In some cases, KGK transmits personal data about customers to the following categories of recipients with whom KGK cooperates: Insurance companies, finance companies, cooperating car repair shops and possibly other cooperating companies.

In some cases, the data may be transferred and processed by own companies within the group in order to provide services or extensive security measures. However, these parties may not use your data for any purpose other than the one we have provided to you.

5. Retention period of personal data

Your data will be stored for as long as you have a contractual or business relationship with us and as long as it is necessary for the purpose of the processing. After the termination of the relationship, we store your data for up to 12 months. In cases where there is a legal requirement to save data for a long time, we comply with such laws.

Data that forms an invoice basis is stored for seven years in accordance with the Swedish Accounting Act.

6. Right to information about the processing of personal data

Any person who wishes to receive information about the personal data that KGK stores about the person concerned is entitled, under applicable law, to be informed thereof, regardless of how it was collected. Such notice may contain information about where we received the personal data, the recipients or categories of recipients with whom the personal data has been shared and the purpose of processing the personal data. If you would like such information, please submit a written request to data.privacy@kgk.se.

Requests for register extracts are archived by KGK. We will respond to your requests without undue delay and within one month. If for any reason we are unable to fulfill your requests, a justification must be provided and we will also inform ourselves how long we need to respond to your request.

We will send your extract from the register to your population register address or to the email address you provided at the start of the treatment.

7. Right to rectification

We have a responsibility to ensure that the data we process is accurate. If you, as the questioner, believe that any information is incorrect, you have the right to request that it be corrected. The request must be made to KGK customer service by e-mail: data.privacy@kgk.se.

KGK customer service shall promptly determine whether the request is justified and take appropriate action, and then inform you as the questioner of how the correction has been handled.

8. Right to erasure

Your data will be stored for as long as you are a customer of ours and will then be deleted as soon as possible unless otherwise indicated by applicable law. Invoicing data and invoice documentation are stored for as long as it is required by law, e.g. the Accounting Act.

9. Right of objection

If we perform on the basis of a balancing of interests, you have the right to object to the processing of your data. You must then specify which treatment you object to. If, after evaluation, we believe that such treatment should still take place, we must demonstrate that our interest in the treatment outweighs.

10. Right to restriction

The right to restriction applies when you believe that the data is incorrect and have requested correction. In such cases, you may also request that the processing of the data be restricted while the accuracy of the data is investigated.

The right of limitation applies from 25 May 2018.

11. Right to portability

You have the right to obtain the data that you yourself have provided to us and to use it in other ways, provided that you have given your consent to the data processing or if you have provided the data in connection with a contract.

However, you do not have the right to data portability if we process these due to a balance of interests or an obligation under law.

The right to portability is valid from 25 May 2018.

12. Right to complain

If you believe that the processing of your data is contrary to the applicable regulations, you have the right to lodge a complaint with us as soon as possible.

I'm 13. Withdrawal of consent

You also have the right to withdraw your consent to the processing of personal data at any time.

14. Email Address Management Policy

KGK respects your personal privacy. For information and email newsletters, the following applies to the management of subscribers' email addresses and other information. Under no circumstances will our subscribers' email addresses be sold or leased to another party. Mailing is done in such a way that an email address is not available to anyone other than the current recipient. The reason we collect our customers' email addresses, names, regions, etc. is solely to improve the information service and make it more relevant and personal. If you do not want this, of course we respect it!

Our subscribers can easily unsubscribe from our email service. You can do this by clicking on the unsubscribe link found in all KGK emails. The link can be found at the bottom of all emails sent to you from us. There you can unsubscribe from part or all of the information service without reservation. After this, you will not receive any e-mail from KGK unless you provide your e-mail address again. If you have any questions about the email service in addition to this, please feel free to email us at data.privacy@kgk.se

I'm 15. Security measures

In order to keep the personal data we process in safe custody, we have taken several security measures. We enter into agreements with our suppliers and partners regarding their processing of your personal data to ensure that these are processed in accordance with our instructions. If your personal data is transferred to operations in countries outside the EU/EEA, we enter into agreements, regulating the transfer and handling of personal data, including, for example, the standard contractual clauses approved by the European Commission, with the receiving company. Furthermore, access to the spaces where personal data is stored is restricted and our employees must use a personal identifier to access them, passwords and usernames are required to log in to the corporate network, we have firewalls and antivirus software, and otherwise take the necessary technical and organizational security measures to protect and prevent unauthorized access to your personal data.