Handheld Device Policy

Handheld Group

1. Introduction

This Privacy Policy (the “Privacy Policy”) describes how Handheld Group AB and its subsidiaries (“Handheld”, “we”, “us” or “our”), processes your personal data collected on our handhelds, tablets, and in some cases our wearable devices (collectively the “Devices”).

We are responsible for the processing of your personal data as described in the Privacy Policy in the capacity of data controller. If you would like to know more about our processing of your personal data, you are welcome to contact us via our email address: privacy@handheldgroup.com or by the contact details found at the bottom of this Privacy Policy.

We may update this Privacy Policy from time to time. If we do, we will update the date at the top of the Privacy Policy. If we make material changes to how we use personal data, we will notify you of the change. We will always post the updated Privacy Policy on all the affected websites.

We encourage you to review this Privacy Policy periodically to stay informed about our collection, use, and disclosure of personal data.

2. The scope of this Privacy Policy

The Privacy Policy covers our processing of personal data relating to our Devices that is collected through our application suites and otherwise in connection to your use of our Devices.

If you want to know how we process your personal data outside the scope of this Privacy Policy, e.g., when you use our websites, we refer to our general privacy policy found at https://www.handheldgroup.com/legal/.

3. How we collect your personal data

The personal data we process relating to you is collected directly from you when you use our Devices.

4. How we process your personal data

We only process your personal data to the extent permitted in accordance with applicable data protection legislation. This means inter alia that we need to have a legal basis for the purposes for our processing of your personal data, which in our context generally means one of the following legal bases.

Performance of a contract – the processing is necessary in order for us to provide you with our services or otherwise perform a contract between us (this applies if you conduct your business in a sole proprietorship), or to take steps at your request prior to entering into a contract.

If you are acting on behalf of someone else, e.g., in the capacity of representative of a company (which usually is the case), our processing is carried out with reference to our legitimate interest balanced against your interests or fundamental rights or freedoms, where our legitimate interest is to conclude and perform the contract with the company you represent.

Performance of legal obligations – the processing is necessary in order to fulfil our legal obligations according to law or other statutes that we are subject to, or if we are subject to orders or decisions by courts or authorities, which require us to process your personal data.

Legitimate interests – the processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, provided that they are not overridden by your interests or fundamental rights or freedoms (in which case the processing would not be allowed).

Consent – the processing is carried out with your prior consent, where we inter alia are responsible for clearly informing you of what processing you consent to and your right to withdraw your consent in relation to our continued processing. 

Below, we explain more about the categories of personal data we process, for what purposes we process them and what legal bases we rely on when processing your personal data, including for how long we store your personal data.

 

• To improve the usage of our Devices

What we do and why:	The personal data that we process:
We collect device usage information which includes personal data relating to the user of the Device, to improve our Devices’ functionality, to find usage bugs or other problems, and to give better and faster product support. However, if you do not want us to collect any device usage information at all, you can opt-out and disable data collection in the Device settings any time you want.	·            Device usage information, including device serial number, type of device, installed OS version, device time and date, Android language, Android region, time the device has been running and number of installed applications; and ·            Information of applications started at least once, including the name of the app times the app was started and time spent in the app.
Our legal basis for processing:
Legitimate interest; where our legitimate interest is to improve the Devices’ functionality and give product support.
How we share and transfer your data:
To fulfil our undertakings to customers or stakeholders, we may share personal data with our IT-suppliers. We will not transfer your personal data outside the EU/EEA within the scope of this processing activity.
How long we keep your data:
We will keep your personal data for as long as you use our Devices, however not longer than for a period of two (2) years.

 

5. Additional processing purposes

In addition to the processing purposes listed above, we may be required to process personal data for additional purposes. This might be to tell you about changes to our terms, conditions and policies or to share personal data with authorities, if we are required to do so by law or with your consent.

We may also be required to keep certain personal data for longer periods of time e.g., to be able to establish, exercise, and/or defend against legal claims. We will generally process such personal data for ten (10) years from creation or for the time necessary to fulfil the purpose in the relevant case. This processing of your personal data is based on our legitimate interest of establishing and/or defending legal claims.

Additionally, we may also be required to process personal data to comply with legal obligations e.g., relating to bookkeeping or tax legislation, or if we are ordered to process personal data (including disclosing it) by a competent court or government authority.

6. Security measures

Handheld is committed to safeguard your privacy and personal data and have taken measures to ensure that your personal data is handled in a safe way. For example, we encrypt all data transferred via our website using secure socket layer technology (HTTPS/SSL).

Additionally, we will never store any personal data locally. Access to systems where personal data is stored is limited to our employees and service providers who require it in the course of their duties. Such parties are informed of the importance of maintaining security and confidentiality in relation to the personal data we process. We maintain appropriate safeguards and security standards to protect your personal data against unauthorised access, disclosure or misuse. We also monitor our systems to discover vulnerabilities.

7. Where we process your personal data

We strive to always process your personal data within the EU or EEA. However, if a third country transfer is described in the tables under section 4 above, we will transfer your personal data, to service providers who, either themselves or by their sub-contractors, are located or have business activities in a country outside the EU or EEA. In such cases, we are responsible for ensuring that the transfer is made in accordance with applicable data protection legislation before it occurs, e.g., by ensuring that the country in which the recipient is located ensures an adequate level of data protection according to the European Commission, or by ensuring appropriate safeguards based on the use of standard contractual clauses that the European Commission has adopted and other appropriate measures to safeguard your rights and freedoms.

You may access a list of the countries that the European Commission has decided provide an adequate level of data protection at http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm.

You may access the European Commission’s standard contractual clauses at https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32021D0914.

8. Your rights

In this section we describe your rights as a data subject. You can exercise them by contacting us using the contact information at the end of this document. Please note that not all rights listed below are absolute and there are exemptions which can be valid. Your rights are the following:

• Right of access

You have the right upon request to get a copy of your personal data which we process and to get complementary information regarding our processing of your personal data.

• Right of rectification

You have the right to have your personal data rectified and/or complemented if they are wrong and/or incomplete.

• Right to erasure

You have the right to request that we erase your personal data without undue delay in the following circumstances: (i) the personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed; (ii) you withdraw your consent on which the processing is based (if applicable) and there is no other legal ground for the processing; (iii) you object to our processing of personal data, and we do not have any overriding legitimate grounds for the processing; (iv) the processed personal data is unlawfully processed; or (v) the processed personal data has to be erased for compliance with legal obligations.

• Right to restriction

You have the right to restrict the processing of your personal data in the following circumstances: (i) you contest the accuracy of the personal data during a period enabling us to verify the accuracy of such data; (ii) the processing is unlawful, and you oppose erasure of the personal data and request restriction instead; (iii) the personal data is no longer needed for the purposes of the processing, but are necessary for you for the establishment, exercise or defense of legal claims; or (iv) you have objected to the processing of the personal data, pending the verification whether our legitimate grounds for our processing override your interests, rights and freedoms.

• Right to data portability

If your personal data has been provided by you and our processing of your personal data is based on your consent or on the performance of a contract with you, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format in order to transmit these to another service provider where it would be technically feasible and can be carried out by automated means.

• Right to object

You have the general right to object to our processing of your personal data when it is based on our legitimate interest. If you object and we believe that we may still process your personal data, we must demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.

• Right to object to direct marketing

You have the right to at any time object to processing which is done for the purpose of direct marketing. If you object to such processing, we will no longer process your data for such purposes.

9. Complaints with the supervisory authority

In Sweden, the Swedish Authority for Privacy Protection (Sw. Integritetsskyddsmyndigheten) is the authority responsible for supervising the application of current data protection legislation. If you believe that we process your personal data in a wrongful manner, we encourage you to contact us so that we can review your concerns. However, you may file a complaint with the Swedish Authority for Privacy Protection at any time.

10. Contact us

If you have any questions or suggestions about our Privacy Policy or how we process your personal data, do not hesitate to contact us at the following contact details:

 

Handheld Group AB

Strandgatan 40

531 60 Lidköping

SWEDEN

 

Phone: +46 (0)510 54 71 70

E-mail: privacy@handheldgroup.com

__________