Effective Date: 1 January 2021
Collection of personal data
When you register for a SciCommerce account, your are required to provide email address for us to be able to send you on-boarding information and verify your account. Other information such as your name, company name or affiliation and location are optional to your discretion.
For subscriptions of premium accounts, we may collect additional personal data such as credit card number and billing address that is required to process the payment transaction.
SciCommerce has no knowledge about your full credit card number as this resides with our payment gateway providers, who are independent data controllers.
Do you have to provide personal data to us?
We are required to process certain personal data in order to enter into and perform in accordance with an agreement concluded with you and to comply with legal requirements. What personal data you are required to provide follows from the tables below where the legal basis is specified as “performance of contract” and “legal obligation”. If you do not provide this personal data that is necessary, you will not be able to enter into a contract with us and purchase our services.
Use of personal data
SciCommerce uses the Personal Data it collects for the following general purposes:
- Services provision, including billing
- Handling of your customer account
- Improvement of services and our website
- Handling of complaints and claims
- Sending newsletters and direct marketing
- Compliance with legal requirements
Sharing of personal data
SciCommerce does not rent, sell, or share personal data about you with other people or non-affiliated companies except to provide products or services you’ve requested, when we have your permission, or under the following circumstances:
- We provide the information to trusted partners such as performance engineers, testing professionals, other IT service providers or consultants who work with or on behalf of SciCommerce under confidentiality agreements. When our partners constitute data processors that only processes personal data on our instructions, we enter into data processing agreements with them.
- We may share information with public authorities when complied to do so by law, for instance in relation to law enforcement requests and accounting requirements. When public authorities receive personal data from us, they are independent data controllers.
Transfer of personal data to a third country
SciCommerce, our suppliers and partners will as a main principle only process your personal data within the EU/EES and the U.S. In case personal data is processed outside of the EU/EES, there is either a decision from the European Commission ensuring that the third country in question has an adequate level of protection or appropriate safeguards in the form of standard contractual clauses or binding corporate rules, which ensures that your rights are protected. SciCommerce continuously evaluates the use of standard contractual clauses and binding corporate rules to ensure that your personal data is subject to appropriate safeguards and only transferred and processed in accordance with applicable legislation and guidelines. If you have any questions regarding how we share your personal data or if you want more information about the appropriate safeguards we have in place to protect your personal data, please feel free to contact us.
Data transmission and storage
Under data protection legislation, depending on the circumstances, you are entitled to a variety of rights when we process your personal data. We set these out below.Right to withdraw consent and to object to processing
If we are relying on your consent to process your personal data you have a right to, wholly or partly, withdraw any given consent for the processing of your personal data. Your withdrawal will have effect from the time of your withdrawal.
You have a right to object to direct marketing and automated decision making (including profiling), such as newsletters and customized marketing.
You have a right to object to our processing when the processing is based on a “balance of legitimate interests” legal basis (see the table above for information regarding when we process your personal data on this basis). In some other cases, the right to object does not exist (e.g. since we must store your personal data). Please note that we are not obliged to uphold your objection, if we can show compelling legitimate reasons for the processing that outweigh your interests or if it is for the purpose of establishing, exercising, or defending legal claims.
Right to information and access
You have the right to obtain confirmation as to whether we are processing personal data about you and information about the personal data that we process, such as the purposes of the processing, categories and receipts of your personal data, and for how long we store your personal data. You can gain access to this information and obtain a copy of the personal data processed by us by contacting us as described below.
Right to rectification
You have a right to correct or update any inaccurate personal data concerning you that we may be processing and to ask us to have incomplete personal data completed. We may need to verify the accuracy of the new data you provide to us.
Right to erasure (“the right to be forgotten”) and restriction of processing
Under certain circumstances, you have a right to request that we delete your personal data. This is the case for example where the personal data is no longer necessary for the purposes for which they were collected or otherwise processed, or you withdraw your consent on which the processing is based and where there is no other legal ground for our continued processing for your personal data.
You also have a right to request that we restrict our processing of your personal data. That is the case for example when the accuracy of the personal data is contested by you, or the processing is unlawful but you do not want us to delete it and instead you request that we restrict our use of it.
Right to lodge a complaint to a supervisory authority
If you have any complaints regarding our processing of your personal data, you have the right to lodge a complaint with a supervisory authority. You may do this in particular in the EU/EEA member state of your habitual residence, place of work or of an alleged infringement of the applicable data protection laws. In Sweden, the Swedish Data Protection Authority (www.datainspektionen.se) is the supervisory authority. You also have the right to seek a remedy from a national court.
Right to data portability
You have a right to ask us to transfer certain of your personal data we have about you to another company (data portability). If the right is applicable, we will provide your personal data in a structured commonly used, machine-readable format.