THE SYMPATHY FOR DATA PRIVACY NOTICE

Document Version: 1.0

  1. Introduction

    We, Combine Control Systems AB, company reg. No. 556674-5484, provide our software solution “Sympathy for Data” to customers and users in a variety of editions. Regardless of how you, as user of the “Sympathy for Data” solution (hereinafter “the Software”), are provided access to and the right to use the Software, this privacy notice applies to you.

    When you use the Software, we will collect and process certain data relating to you, which qualifies as personal data under the GDPR. When it comes to processing of personal data transparency is a key factor and we want to ensure that we are fully transparent about how we use your personal data by providing you with this notice.

    In this notice, you will learn about the data we collect, how we use it, your rights, and the measures we take to keep it safe. We always make sure that your data is protected in accordance with applicable legislation. If you are using the Software under a commercial license, please note that this notice does not explain how any corporate customer of ours who has nominated you Authorized User on its behalf, may process your personal data.

    If you have any questions, or feel you need any part of this notice explained, please contact us.

  2. Situations where WE may use your personal data

    Combine will collect and process the following data for the following purposes in connection with your use of the Software:

    1. your name, e-mail address, mobile phone number and username, for the purpose of creating and maintain a user account for you and for providing safe and secure access to the Software (applicable to any user of a commercial edition of the Software);

    2. your name, e-mail address, mobile phone number, potential username and other information you may provide in your request (privacy related data supplied by the user to allow Combine to recreate the issue shall be cleaned and under no circumstances contain any real personal data), for the purpose of providing you with user support for the Software (applicable to any user submitting a support request);

    3. data of your use of the Software in aggregated form with other users of the Software for the purpose of evaluation, development, and improvement of the Software as well as training of users of the Software. Combine will use its reasonable best efforts to anonymize the data of your use of the Software, by removing the link to your username/the IP-address etc. and aggregating your data with a large group of other users of the Software (applicable to any user who has agreed to Combine’s collection and use of usage statistics). The aggregated data may include information such as software and platform versions, which functionality is used and how often, the execution time of flows and nodes and an anonymous installation ID. We will never include user data in this aggregated data.

    Combine’s legal basis for the processing of data set out above is Combine’s legitimate interest to provide a secure product and service and to develop and improve the functionalities and other aspects of the Software.

    The retention time for the data – i.e. the time during which the collected data will be stored and used by Combine before being anonymized – is:

    For item (a): for the duration of your use of the Software.

    For item (b): for the duration required to provide and follow up relevant support issues and requests plus additional 2 years to allow faster support on reoccurring issues.

    For item (c): 24 months. After 24 months the data will be anonymized or deleted.

  3. Important information for you attention

    1. Processing of your personal data outside of the EU/EEA

      Most data is processed by us and our suppliers within the EU/EEA. Certain data is however processed by Combine’s suppliers which might have their servers outside of the EU/EEA. The following of Combine’s suppliers process data (including limited amounts of personal data) outside the EU/EAA, as set out below.

      • Gitlab

        Third country transfer: USA

        Purpose: Issue tracking

        Collected data: User’s email address and name as well as other information supplied to us via mail or in the case of a support request from within the software additional the software’s environment specification such as operating system, python version, and installed python libraries.

        Privacy Policy: https://about.gitlab.com/privacy/privacy-compliance/

      • Nalpeiron

        Third country transfer: USA

        Purpose: License handling

        Collected data: A anonymous installation ID as well as some platform and operating system specific information to perform license activation and prevent altering.

        Privacy Policy: https://www.nalpeiron.com/privacy-and-cookie-policy.html

      • Microsoft

        Third country transfer: USA

        Purpose: Connection to Azure Services via the Microsoft Identity service to applications such as PowerBI

        Collected Data: Combine does not collect any data shared by the user with the Microsoft services. The user supplies credential required to login only locally on his/her machine.

        Privacy Policy: https://privacy.microsoft.com/en-us/privacystatement

      When personal data is processed in a third country on our behalf we take measures to ensure that an adequate level of protection is maintained, and that suitable safeguards are adopted in line with applicable data protection legislation requirements. The safeguards we undertake include implementing so-called standard contractual clauses originating from the European Commission.

  4. Your rights

    1. Right to information and access

      You have the right to know if we process personal data about you. If we do, you also have the right to receive information about the personal data we process and why we do it. You also have the right to receive a copy of all personal data we have about you.

      If you are interested in specific information, please indicate it in your request. For example, you can specify if you are interested in a certain type of information (e.g. what contact and identification information we have about you) or if you want information from a certain time period.

    2. Right to have erroneous data corrected

      If the data we hold about you are incorrect, you have the right to have it corrected. You also have the right to supplement incomplete information with additional information that may be needed for the information to be correct.

      Once we have corrected your data, or it has been supplemented, we will inform those we have shared your data with about the update, provided that it is not impossible or too cumbersome. If you ask us, we will also tell you who we have shared your data with.

      If you request to have data corrected, you also have the right to request that we limit our processing during the time we investigate the matter.

    3. Right to have data deleted

      In some cases, you have the right to have your data deleted. You have the right to have your data deleted if:

      The data is no longer needed for the purposes for which we collected it,

      You withdraw your consent, if applicable,

      The data is used for direct marketing, and you unsubscribe from it,

      You oppose to use that is based on our legitimate interest and we cannot show compelling grounds that outweigh your interests,

      The personal data has been used illegally, or

      Deletion is required to fulfill a legal obligation.

      If we delete data following your request, we will also inform those we have shared your data with, provided that it is not impossible or too cumbersome. If you ask us, we will also tell you who we have shared your data with.

    4. Data portability

      Under certain circumstances, you may request to have your data transferred to another actor in a commonly used machine-readable format. This is also known as data portability. You can request data portability if we have collected the data from you, and our processing is based on your consent or if it is processed to enter into or fulfill an agreement with you.

    5. Right to object

      You have the right to object to processing that is based on our legitimate interest. If you object to the use, we will, based on your particular situation, evaluate if our interests in using the data override your interests, rights and freedoms. If we are unable to provide compelling legitimate grounds that outweigh yours, we will stop using the data you object to – provided we do not have to use the data to establish, exercise or defend legal claims. If you object to the use, you also have the right to request that we restrict our use during the time we investigate the matter.

      You always have the right to object to, and thus unsubscribe from, direct marketing.

    6. Right to withdraw consent

      You have the right to withdraw your consent for a specific processing at any time. You can withdraw your consent by contacting us via e-mail (see Contact information).

      Your withdrawal will not affect processing that has already been carried out.

    7. Right to request restriction

      Restriction means that the data is marked so that it may only be used for certain limited purposes. The right to restriction applies:

      When you believe the data are incorrect and you have requested correction. If so, you can also request that we limit our use while we investigate if the data are correct or not.

      If the use is illegal but you do not want the data to be deleted.

      When we no longer need the data for the purposes for which we collected it, but you need it to be able to establish, assert or defend legal claims.

      If you object to the use. If so, you can request that we limit our use while we investigate if our interest in processing your data outweighs your interests.

      Even if you have requested that we restrict our use of your data, we have the right to use it for storage, if we have obtained your consent to use it, to assert or defend legal claims or to protect someone's rights. We may also use the information for reasons relating to an important public interest.

      We will let you know when the restriction expires.

      If we limit our use of your data, we will also inform those we have shared your data with, provided that it is not impossible or too cumbersome. If you ask us, we will also tell you who we have shared your data with.

    8. How to exercise your rights

      You can exercise many of your rights by contacting us and we will help you with your request (Contact information).

  5. Changes to this privacy notice

    We reserve the right to change this Privacy Notice from time to time. We will inform you of any changes by posting the updated notice on our website. If we make any material changes to our notice, we will push a notification through a banner on our website or by e-mail (if we have your e-mail address and you have not opted-out from such use). We encourage you to contact us if you have any questions about the notice or about how we process your personal data.

    You may also submit complaints to a supervisory authority, in particular in the Member State of your habitual residence, place of work or where the alleged infringement of the GDPR took place. In Sweden, the supervisory authority is the Swedish Supervisory Authority for Privacy Protection.

  6. Contact information

    1. Data controller

      Name: Combine Control Systems AB
      Registration number: 556674-5484
      Postal address: Pumpgatan 1, 417 55 Gothenburg, Sweden
      Telephone number: +46 (0)31 42 10 60
      E-mail address: compliance@combine.se
  7. Versions in other languages than English

    The original version of this Privacy Notice is written in English. To the extent a translated version of the Privacy Notice is in conflict with the English version, the English version shall prevail.