Forterro Privacy Policy
Introduction
Forterro Sweden AB, a company incorporated in Sweden, and its majority owned subsidiaries (hereinafter “Forterro” or “we” or “us”) respect the privacy of its and their customers, suppliers, business partners, contractors and other third parties (“you” or “your”) with whom any Forterro entity interacts from day to day and in the course of business dealings.
If you have any questions about this privacy policy or our privacy practices, you are most welcome to contact us at privacy@forterro.com. Alternatively, please refer to the list of contacts which can be found here, including contact details for our data protection officers.
Forterro is committed to protecting your personal data.
This privacy policy is in a layered format so that you can click through to the area you are most interested in as set out below.
Alternatively, you can download a full copy of this privacy policy here.
1. IMPORTANT INFORMATION
The purpose of this privacy policy is to let you know how Forterro processes your personal data, what rights you have in respect of your personal data, and how the law protects you. Such personal data can be collected and processed through:
- your use of this website;
- your provision of personal data through completing any web based form, signing up for our mailing lists or to requesting to receive information about any of our products or services;
- providing feedback on our products or services or contacting us;
- purchasing or subscribing for our software or services;
- engaging with us on social media platforms;
- attendance at professional, marketing or networking events, workshops and training sessions held either physically or remotely and online.
The personal data arises largely from existing business relationships; orders and licensing requests; contractual enquiries; discussions and negotiations; email and website enquiries that we receive; personal interactions at trade shows and conferences; direct personal referrals; and other circumstances where your information is provided to us. Such business relationships could be existing, past or prospective. Neither our products and/or services or this website is intended for children. We do not knowingly collect data relating to children.
It is important that you read this privacy policy together with any other privacy policy we may provide on specific occasions when we are collecting or processing personal data about you (“supplemental policies”) so that you are fully aware of how and why we are using your data. In the event of a conflict between this privacy policy, and supplemental policies, this privacy policy shall prevail unless the supplemental policies set a higher standard required by applicable law, in which case the supplemental policy shall prevail.
2. CONTROLLER
Forterro is made up of a number of different legal entities across the world, details of which can be found here.
This privacy policy is issued on behalf of Forterro so when we mention Forterro in this privacy policy, we are referring to the relevant company in Forterro responsible for processing your data. Therefore, the Controller of your personal data is the Forterro company in respect of which your business relationship exists from time to time or the Forterro company with whom you shared your data (for instance, at a trade show or event, or through submission on a relevant website), and in certain cases it is a joint controller with Forterro Sweden AB, the parent entity. Forterro Swededn AB is the ultimate Controller of Forterro and is responsible for this website. A list of all Forterro entities and their location can be found here.
This policy is intended to describe the personal data that Forterro collects and manages within its systems, platforms, networks, software, hardware and infrastructure, as well as the types of third-party systems and/or services that are integrated and/or leveraged by a Forterro company in order to process personal data. It also outlines what security measures we take to protect the integrity of your personal data.
3. WHAT PERSONAL DATA DO WE COLLECT ABOUT YOU?
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We collect and use business contact information that you chose to give us when you, for example, download a document, register for an event, or contact a sales representative or customer support or services agent, or any member of our technical or support or services team. We also collect and business contact information when you engage, either in person or remotely and online, through email correspondence or meetings with our employees within the different functions in Forterro. These can include any of the IT, marketing, finance, HR or legal functions. The business contact information that we collect is used to engage with you and manage the relevant business relationship.
The different types of personal data that we collect include the following:
- Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
- Contact Data includes billing address, delivery address, email address and telephone numbers.
- Financial Data includes bank account and payment card details.
- Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
- Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
- Usage Data includes information about how you use our website, products and services.
- Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.
Other than for managing events and attendance at our locations or specific to health and safety issues, we typically do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences. If you are a customer and you use our products or services to process such data, we would ask that you do not provide us with access to such personal data. If you require to provide us with access to such personal data, you are responsible for notifying us before providing such access.
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with products or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
4. HOW IS YOUR PERSONAL DATA COLLECTED?
We may ask you to provide us with your name, role/title, company name, phone number, and email address. In some cases, for example when registering for an event, we may ask for additional relevant information, such as dietary requirements. Whenever we ask for personal data, our primary objective is to enhance and personalize your experience and engagement with Forterro and our solutions and we consider that our lawful basis to do this is on the grounds of it being within our legitimate business interests.
You may also choose to provide your provision of personal data through completing any web based form, signing up for our mailing lists or to requesting to receive information about any of our products or services, when purchasing or subscribing for our software or services, engaging with us on social media platforms, attending at professional, marketing or networking events, workshops and training sessions held either physically or remotely and online.
We may also collect information about you which we receive from other sources, such as data brokers or aggregators, or through engagement on social media platforms, external business partners, suppliers, professional advisors and other third parties. The information collected from other sources is collected either on the provision of your consent or our legitimate business interest.
Forterro does not control the content that you may post to its companies' community forums or publicly available forums or social media networks.
For example, our companies subscribe to services offered by LinkedIn in order to recruit employees, as well as learn more about persons who may have a legitimate interest in them and their solutions. These services are available to us based on your consent and participation on LinkedIn, as well as how you have chosen to configure your personal profile. You should carefully consider whether or not you wish to submit personal information to forums or social networks, as well as whether or not you wish to make your profile available to other users.
Please note that the collected personal data mentioned above is not exhaustive and that Forterro may also collect and process personal data to the extent we consider it necessary for the provision of our services. Where our software is implemented at your location or on hosting on your behalf with a third party with whom you have entered into a contract and/or we are providing services to your location (or to that of a third party with whom you have entered into a contract), we have no control over the data, included any personal data to which we are provided with access in the provision of software, maintenance, support or professional services. The provision of such access is within your control. Where we are providing software or services through a solution where we host the data on your behalf, including personal data, again, other than where we required the personal data which we need to provide the software or services, it is your responsibility to determine what data, including personal data, is uploaded to such a solution.
As you interact with our website, we will automatically collect technical about your equipment, browsing actions and patterns. We collect this personal data by using analytics, cookies, server logs, and other similar technologies. We may also receive technical data about you if you visit other websites employing our cookies. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.
5. HOW DOES FORTERRO USE YOUR PERSONAL DATA?
The purposes of processing your Personal Data are:
Support: Support collects and processes information about you so that when you contact us regarding an incident or ticket, we can review your incident or ticket and report back to you in an efficient manner.
Marketing: Our marketing team processes limited personal data in order to ensure that the promotional and educational content provided to you (e.g., emails, newsletters, webinars) is relevant or otherwise for you to be able to form a view in terms of what you may want or need or what may be of interest to you in terms of our products and services. You will receive marketing communications from us if you have requested information from us or purchased products or services from us and you have not opted out of receiving that marketing. Additionally, we may use such information to carry out customer satisfaction surveys or obtain customer testimonials, comments, or reviews. Unless we explicitly request your consent to process your personal data (if required by applicable law), we rely on Forterro’s and your company’s legitimate interest to send you relevant marketing communications. You can opt out of processing for direct marketing purposes by clicking on the “unsubscribe” link situated within any marketing emails sent to you. You also have the right to object to the processing at any time by contacting privacy@forterro.com. Where you withdraw your consent or unsubscribe (as applicable), we will retain certain personal data (only to the extent that it is absolutely required) on our “do not contact” list. We often publish pictures and videos of our customers (typically either at their facility, our offices, or at an event). Any personal data, including images, used for promotional or educational purposes is governed by our media release agreement, which can be revoked by an individual at any time by contacting the marketing department.
Events: When we arrange external activities, such as events, we may need to collect your personal data. We further may need to share your information with external parties, such as event coordinators and facility providers. In those cases, we will only provide any information deemed necessary in order to provide you with the best experience during your meeting with us. Any sensitive information you provide us, such as allergies or other health-related information, will only be shared in accordance with applicable data protection or local laws.
Sales: Aligning personal data with individual goals and objective helps our sales team offer your business the best possible solution. Sales holds and manages personal data of contacts associated with customer accounts in order to manage the customer relationship. If you are not yet a customer but we see a potential future relationship, our sales team may contact you. During the first point of contact with our sales team, you have the right to request to be removed from our records. If you do wish to be removed, just tell our team and they will process your request immediately.
Professional Services: If you are a customer, our consultants may process your information, including personal data, in order to fulfil their duties as part of your relevant agreement with a Forterro entity.
Research & Development: We may undertake the carrying out of customer reviews, or feedback sessions, in order to improve our products or services, or support strategic objectives. We may do this ourselves or through a third party, and we do so on the basis of our legitimate business interests.
Human Resources: We use recruiting firms and websites in the process of finding a new colleague. . If you have applied for a job at one of our companies or have registered your information in the career site for a potential future job opportunity, please read the separate privacy policy on recruitment, including any applicable local policies.
Legal/Finance: If you are entering into or have entered into an agreement with us, we will process business contact information in order to negotiate, draft, and enter into an agreement with you, and for the ongoing management of the legal and financial obligations in respect of such agreement. Additionally, we may use such information for the purpose of seeking financial, taxation or legal advice, if required.
6. ON WHAT GROUNDS DO WE PROCESS YOUR PERSONAL DATA?
When we process your personal data, we do so on one of the following legal bases:
- Performance of a contract: The use of your personal data may be necessary to perform the contract that you are about to enter into or have with one of our companies, for instance as it relates to your potential employment or engagement. Please read the separate employee privacy notice applicable to Forterro.
- Consent: Where we rely on your consent, we may process your personal data for specifically expressed reasons. You can withdraw your consent at any time provided that there are no legal obligations for us to continue processing the data.
- Legal obligation: In certain cases, we may need to process your data to handle and resolve legal disputes, for regulatory investigations and compliance, or to comply with lawful requests from law enforcement or other official authorities.
- Legitimate business interests: We may, where we already hold your personal data and there is an existing or potential relationship between Forterro and your company, process your personal data in the legitimate interests of Forterro and your company, and your interests and fundamental rights do not override those interests. This could be because you have already indicated an interest in hearing about existing or new products/or services, or we are obligated to fulfil our contractual obligations toward your company (e.g., in the provision of support or services).
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your personal data.
Generally, we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to us using your personal data for marketing purposes at any time by clicking the relevant link in the email or text message.
We have set out below, in a table format, a description of the ways we use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate: We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Purpose/Activity | Type of data | Lawful basis for processing including basis of legitimate interest |
To register you as a new customer |
(b) Contact | Performance of a contract with you |
(a) Manage payments, fees and charges (b) Collect and recover money owed to us |
(b) Contact (c) Financial (d) Transaction (e) Marketing and Communications |
(b) Necessary for our legitimate interests (to recover debts due to us) |
(a) Notifying you about changes to our terms or privacy policy (b) Asking you to leave a review or take a survey |
(b) Contact (c) Profile (d) Marketing and Communications |
(b) Necessary to comply with a legal obligation (c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services) |
To enable you to partake in a prize draw, competition or complete a survey |
(b) Contact (c) Profile (d) Usage (e) Marketing and Communications |
(b) Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business) |
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) |
(b) Contact (c) Technical |
(b) Necessary to comply with a legal obligation |
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you |
(b) Contact (c) Profile (d) Usage (e) Marketing and Communications (f) Technical | Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy) |
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences |
(b) Usage | Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy) |
To make suggestions and recommendations to you about goods or services that may be of interest to you |
(b) Contact (c) Technical (d) Usage (e) Profile (f) Marketing and Communications | Necessary for our legitimate interests (to develop our products/services and grow our business) |
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
7. SHARING YOUR PERSONAL DATA
In certain circumstances, we will share your personal data within Forterro, as necessary, in order to develop or improve products and services, or provide services and fulfil our contractual obligations.
Forterro leverages centralised group IT infrastructure and networks for many of its functions using large IT solution providers (e.g. marketing automation systems, CRM, professional services automation, enterprise IT); in which circumstances all Forterro companies use the same solution on a shared basis where feasible. We seek to control access to such personal data to the extent necessary using the available functionality within the applicable group IT infrastructure and networks. Additionally, such IT solution providers may be based outside of the UK, EU/EEA or Switzerland or otherwise require the ability to share limited personal data to a location outside of the UK, EU/EEA or Switzerland.
Personnel in our subsidiaries in India, United States, and Morocco (if applicable to your product or service) have access to read-only personal data required to resolve support tickets or otherwise provide professional services pursuant to a relevant agreement. We may need for you to provide or for us to be able to download a customer’s database in cases where we need to provide support or professional services in respect of the product or services. Downloading a customer database will only occur when we have approval from a customer or a customer provides access to us. In those cases, we do not store, manage, share, alter or remove any personal data kept within the database after the ticket is closed.
We may also share your personal data with third parties for a specific purpose or to undertake a specific task on our behalf. We use business partners in the provision of certain of our services or otherwise in connection with our products and services. We may share personal data with those business partners in order to engage with you in the provision of relevant services. As we have integrated our products with other systems we work together with third party partners to provide the best possible product for our customers. In certain cases, we may need to provide our third-party partners with your personal data in order for them to contact you regarding the use and integration of their product. Additionally, this could include using your information for marketing and market research if we think one of our products, services, or offers or those of our third party partners may interest you.
We may share your personal data to third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners or acquired entities may use your personal data in the same way as set out in this privacy policy.
Where Forterro shares your personal data with third parties, we ensure that if relevant and required, agreements are in place according to applicable data protection law, and we only share the personal data that is necessary for Forterro to use or provide the relevant services or otherwise in support of providing you with options on additional products or services, including those of our third party partners, as applicable, or with your consent where explicitly required. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. Forterro does not sell your personal data.
8. INTERNATIONAL TRANSFERS
We generally process your personal information within the UK or EU/EEA. Should personal data be transferred outside the UK or EU/EEA, such transfers shall be in accordance with applicable data protection laws and require the receiving entity, if located in a country outside EU/EEA, to have adequate levels of data protection and safeguards in place, such as the UK or Switzerland, which is based on the adequacy decisions of the European Commission. Alternatively, we may enter into relevant and applicable agreements under applicable relevant for the transfer of your personal data, and in doing so we use the standard contractual clauses approved by the European Commission (“EU Standard Contractual Clauses”) which contractually ensure the protection of your Personal Data. The EU Standard Contractual Clauses can be found via the following link: http://ec.europa.eu/justice/data-protection/international-transfers/transfer/index_en.html.
The legal basis for any such transfer is as set out above.
9. DATA SECURITY
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
10. DATA RETENTION
By law we have to keep basic information about our customers the applicable statutory limitation period after they cease being customers for tax and audit purposes. We will otherwise only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period, such as the statutory limitation period for breach of contract, in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
If we are able to anonymise your personal data (so that it can no longer be associated with you), we may retain this information indefinitely as it is no longer personal data.
11. YOUR LEGAL RIGHTS
We take responsibility for your personal data very seriously. You have the right to review the personal information we keep about you, and, where applicable, update it. You can request an overview of your personal data by emailing us at privacy@forterro.com. Please write 'Request personal information' in the subject line of your email to speed things along a bit.
You can also contact us if you believe that the personal information we have for you is incorrect; if you believe that we are no longer entitled to use your personal data and require erasure, objecting or restricting processing, or withdrawing consent, in certain circumstances take your personal data with you, in each case, in accordance with applicable data protection laws. You may also contact us if you have any other questions about how your personal information is used or about this Privacy Policy.
You have the right to make a complaint at any time to the relevant supervisory authority for the Controller determined in accordance with Section 2 above. We would, however, appreciate the chance to deal with your concerns before you approach the relevant supervisory authority so please contact us in the first instance. Limitation or deletion of your personal data may result in Forterro not being able to fulfil its commitments to you or your company.
In any of these circumstances or you have any questions about how your personal data is processed, please email us to contact our data protection officer at privacy@forterro.com.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
12. CHANGES
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
We might amend or update this policy from time to time to update our processes or comply with changes made in relevant law. We recommend that you visit this page regularly to keep up to date with how your personal data is being processed.
13. CONTACT INFORMATION
If you have any questions about this privacy policy or our privacy practices, you are most welcome to contact us at privacy@forterro.com. Alternatively, please refer to the list of contacts which can be found here, including contact details for our data protection officers.