Oscilion Cookie policy

1.    Introduction

The Cookie policy applies to Oscilion Teknik AB and Oscilion Naval Systems AB (5567055552; 5567055701), or other businesses within the same corporation group as previous named (henceforth “Oscilion”, “we”, ”our”, ”us”).

When you visit Oscilion website and use the website services, you provide to us certain personal data. Such data can be collected in the context of your interest of our products or services, or with the use of cookies that collects data about your behavioral and use of our website.

2.    How is your data collected?

Your data, such as name and contact information, is collected when you are using our website services and provides us with data, e.g when you make a registration of interest about our products, services or when you apply for a job with us. In order to make a registration of interest it is mandatory to provides us certain data. Registration of interest and other data collection can also be made through our business partners websites, among other LinkedIn, which means that the partner in their turn sends the data to us.

We may also collect data such as IP-address, behavioral patterns when you visit our website (e.g. which websites you have visited before and how you use our website). Such data is collected through cookies or other similar technology. To see what cookies and services we use, scroll down in this document.

3.    About cookies

Oscilion minimizes the use of cookies.
Processing through third party cookies can result in transferring av personal data to a third country. Such transferring is protected by applicable security measures in compliance with the GDPR.

What cookies we use on our website and why is described further down in the document, as well as how you as a user can deny the use of cookies. In this policy the term “cookies” is used as a collective name for web beacons, pixel tags and other identifiers and/or tracking techniques.

3.1 What is cookies?

Cookies are small text files which is stored on your unit, such as computer, tablet or cellphone, when you visit our website and make it possible for us to recognize your browser when you visit our website. The cookies contains information about your browser, e.g what type of browser and screen resolution, and your activity on our website, among other when and which content you have seen and clicked on and which website you visited before ours.

In order to use the website and all its functions without interference it is required that you approve some cookies. When you visit the website you are therefore asked to consent to the use of cookies. You always have the options to limit our use of cookies and/or delete the cookies. This can however affect the website and its functionality. How to limit and delete cookies is describe further down in the document.

3.2 Which cookies us used and why?

We use cookies for a number of different purposes, among others to gain information on how the website is used and to improve the user experience as well as internal statistical purposes, e.g. to count the number of unique visitors of the website. In addition to that we can, with the use of cookies, recognize your unit when you visit the website again, store information about your activities and preferences on the website and offer you targeted advertisement that are adapted to your interests as much as possible.

Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing them other services relating to website activity and internet usage.

The IP-address, that your Browser conveys within the scope of Google Analytics, will not be associated with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also opt-out from being tracked by Google Analytics with effect for the future by downloading and installing Google Analytics Opt-out Browser Addon for your current web browser: https://tools.google.com/dlpage/gaoptout?hl=en.

The different types of cookies we use and why we use them is categorized as follows:

  i.          Necessary cookies

Some cookies are necessary for you to be able to use the website and all its functions, e.g. so that we can identify the request from the same browser under a limited session.

 ii.          Functional cookies

Functional cookies contains a unique ID and helps the website to store your user preferences (such preferences as language, region), to be able to provide you with individualized and adapted services and contents.

iii.          Performance cookies

These cookies is used to analyze the websites performance and identify and fix potential issues as soon as we detect them.

iv.          Marketing cookies

We use marketing cookies to store data about the users activity on our website, among other which websites the user has visited and what links the user has clicked on, and also how the user navigates between different websites. This data is used to be able to offer targeted and adapted marketing which we think is relevant and of interest for the user. With the help of marketing cookies we can also show adds when the user visits other websites. Finally these cookies are used so that the same add is not shown to you too many times and to measure the efficiency of our marketing campaigns.

 v.          Third party cookies

We also use cookies from third parties on the website. Such cookies can collect data about visitors on the website. We are solely responsible for the data which we receive from the applicable third party. If and in the extent the third party collects data for other purposes, the third party is responsible for the processing of that data.

We are using Google Tag Manager and Google Analytics in order to get a estimation of how our visitors navigates on the website, which parts of the website that is visited the most, the amount of time spent on the website. Through this we can obtain statistics and a good overview of the use of our website. Such information is in our favor in order to develop and improve our website, increase the functionality and offer a better user experience for our visitors. In addition to that we use the information for analysis measurements and marketing measurements.

We are solely responsible for the processing that we conduct and are therefore not personal data controller for the processing conducted by Google. You can read about how Google uses cookies and processes collected data and how you can control the information being sent to Google here: https://policies.google.com/privacy/partners?hl=sv

We also use LinkedIn Pixel, in order to track views and the conversion rate of our adds, and LinkedIn Insight Tag, to gain information and to better understand our visitors of the website which come through adds on LinkedIn and thus improve our marketing.

Corresponding applies to our use of LinkedIn Pixel where LinkedIn can process your personal data for their own purposes. In those cases LinkedIn is personal data controller for the processes which they have control of. Please, read LinkedIn’s privacy policy and other applicable terms and policy’s here: https://www.linkedin.com/legal/privacy-policy.

We regularly scan our website using a third-party tool to maintain a record of the cookies we deploy.

3.3 How you can limit or delete cookies

The user can delete all cookies from the unit and set the browser to automatically deny cookies and to be informed when a website uses cookies. You can change your cookie preferences any time by clicking the above button. This will let you revisit the cookie consent banner and change your preferences or withdraw your consent right away.

In addition to this, different browsers provide different methods to block and delete cookies used by websites. You can change the settings of your browser to block/delete the cookies. Listed below are the links to the support documents on how to manage and delete cookies from the major web browsers.

Chrome: https://support.google.com/accounts/answer/32050

Safari: https://support.apple.com/en-in/guide/safari/sfri11471/mac

Firefox: https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox?redirectslug=delete-cookies-remove-info-websites-stored&redirectlocale=en-US

Internet Explorer: https://support.microsoft.com/en-us/topic/how-to-delete-cookie-files-in-internet-explorer-bca9446f-d873-78de-77ba-d42645fa52fc

You can also opt-out from being tracked by Google Analytics with effect for the future by downloading and installing Google Analytics Opt-out Browser Addon for your current web browser: https://tools.google.com/dlpage/gaoptout?hl=en.

If you are using any other web browser, please visit your browser’s official support documents.

In order to gain full access to our products and services through the website it is required that you accept cookies. If you choose to delete or limit the use of cookies, some functions on our website will not be working and the use will not be able to use the full services of the website. In addition to that the user is required to manually set the preferences, such as language, with every visit of the website.

4.    Why are we processing your personal data and with which legal grounds?

We are processing your personal data in according to the following purposes:

1. In order to ensure an effective and secure use of our website and to optimize and improve the user experience of it.
2. To analyze statistics and user behavioral patterns on the website.
3. To be able to provide individualized services and content adapted accordingly to the data we have about the user.
4. To be able to offer targeted marketing including adds, offers and recommendations adapted accordingly to the data we have about the user.
5. To contact and communicate with the user if contact is initiated by the user through our website or business partners website; and
6. to develop and improve the website in order to make adjustments to the users wishes.

Personal data processing referred to the list above is necessary for our legitimate interests, including our legitimate interest in good IT and Information security, direct marketing and further development of the website. Unless otherwise specified, the legal basis for these processing operations is therefore a balancing of interests.

5.    Contact information

If you have any questions about the processing of your personal data or about cookies, or if you want to exercise your rights referred to above you are welcome to contact us as set out below.

Oscilion Teknik AB and Oscilion Naval Systems AB (5567055552; 5567055701)

Borgarfjordsgatan 18
164 40 Kista
E-mail: info@oscilion.com

Oscilion Privacy policy

1.1  Background and purpose

The Privacy policy applies to Oscilion Teknik AB and Oscilion Naval Systems AB (5567055552; 5567055701), or other businesses within the same corporation group as previous named (henceforth “Oscilion”, “we”, ”our”, ”us”).

The policy is approved by the management and is updated at a needs basis. The policy constitutes general information, about how the company processes internal and external personal data.

Personal data controller is responsible for the annual update of the policy according to decision by the management.

Personal data is handled within the company and its operations. The data is processed, among other things, in order for the company to be able to fulfill agreements entered into with customers, suppliers and employees and due to obligations under law. As a starting point, Oscilion customers are the data controller for all processing of personal data made under agreements between us and our customers. For such processing, the company enters into personal data processing agreements with its customers and processes the data under instruction from and on the behalf of the customer.

This general privacy policy (the “Privacy Policy”) applies when we process data on our own account, i.e. when Oscilion is the data controller. The Privacy policy applies to all employees and hired personnel of our company including management, employees and persons acting on behalf of the company (such as third party consultants).

The overall purpose of this Privacy policy is to establish roles and responsibilities within our organization, as well as to establish the standards and principles that will ensure that the collection and processing of personal data within the company is carried out in accordance with applicable Data Protection Legislation (as defined below).

1.2  Definitions and dictionary

Processing (personal data) is any measure of series of measures taken in respect of personal data, whether automatic or not, such as collection, registration, organization, storage, processing, alteration, restriction, adjustment, erasure or destruction, disclosure by transmission, dissemination or other provision of data, compilation or interconnection.

Processing register refers to the register Oscilion is obliged to keep of personal data processing in accordance with Article 30 of the GDPR. We use the service “GDPR Hero” to keep our processing register.

Data protection legislation refers to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April on the protection of physical persons with regard to the processing of person data and on the free movement of such data (“GDPR”) and any other national or European law, regulation or directive applicable from time to time to the company’s processing of personal data.

Personal data is any information relating to and identified or identifiable physical person who is alive. Identifiable physical person means a person who can be identified directly or indirectly by reference to an identifier as a name, identification number, location data or online identifiers or one or more factors specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of the physical person.

The personal data controller is the legal person who alone or together with others determines the purposes and means of the processing of personal data.

The personal data processor is a legal entity that processes personal data on behalf of the controller, e.g. Oscilion IT-providers.

The Privacy Protection Agency (IMY) conducts checks in response to complaints from individuals, information in the media or on its own initiative. Measures include field inspections and inspections by questionnaires or other verification by e-mail, telephone or letter.

2.   Basic principles of Oscilion personal data processing

We shall comply with applicable Data Protection Legislation when processing personal data at any time.

We shall only process personal data in a lawful, correct and transparent manner in relation to the data subject and the controller. This means, among other things, that our personal data processing must follow these basic principles:

• Documented personal data liability: For each processing of personal data, where we determine the purpose and means, there shall be one or more companies within the company that have been deemed to be the data controller. Responsibility for processing where companies within the company are data controller must be documented in the Processing Register.
• Legal basis: Any processing of personal data shall be carried out on the basis of a documented legal basis.
• Purpose limitation: The data shall be collected for specified, expressly stated purposes and shall not subsequently be processed in an incompatible manner.
• Purpose limitation: Only personal data that is adequate, relevant4 and not too comprehensive in relation to the purpose shall be collected.
• Accuracy: The data shall be accurate and up-to-date and it shall be possible to trace changes.
• Storage minimization: The data may not be kept for longer than is necessary in relation to the purpose, see further paragraph 5.
• Confidentiality: Personal data shall be protected by appropriate technical and organizational security measures to prevent unauthorized processing and loss, destruction or corruption of the data. See further, paragraph 6.

3.   When the processing of personal data is legal

3.1    General legal basis

The processing of personal data is only legal if at least one of the following conditions is met:

• The data subject has given his or her consent to the processing of his or her personal data for one or more specific purposes.
• The processing is necessary for the performance of a contract in which the data subject is a party or to take action at the request of the data subject before such contract is concluded.
• The processing is necessary in order to fulfil a legal obligation where the responsibility lies with the controller.
• The processing is necessary to protect interests of fundamental importance to the data subject or to another physical person.
• The processing is necessary for the performance of a task of general interest or as a part of the controller’s exercise of authority.
• The processing is necessary for the purposes relating to the legitimate interests of the controller or a third party unless the interests or fundamental rights and freedoms of the data subject outweigh and require the protection of personal data.

The legal basis for our processing of personal data shall be determined and documented in the controller’s Processing Register. In case of uncertainty, consultation shall take place with our Data Controller.

3.2    Legal basis for personal data processing in recruitment

Processing is necessary in order to be able to handle the application from the person applying to work with us and is based on the consent given in connection with the application. We have no interest knowing trade union, religious beliefs, sexual orientation, political opinions, any illnesses or other information that is irrelevant to the recruitment process.,

For certain specific processing operations in connection with recruitment, Oscilion may need additional supplementary or deviant information about individual processing of your data.

4.   Rights of the data subject

A fundamental aspect of the GDPR is that it contains certain statutory and mandatory rights for data subjects whose personal data are processed. As a data controller, Oscilion has an obligation to facilitate those who wish to exercise their rights under the GDPR.

If a person wishes to know what information is registered about him or her, or if the person wants to exercise any other of their rights under the GDPR, you are referred to Oscilion GPM.

The data subject also has the right to withdraw any consent given. The withdrawal of consent shall not affect the legality of processing based on consent before it is revoked.

Data subjects have the following rights, among others:

• Right to access your personal data, which means that the data subject have the right to receive confirmation of whether personal data relating to the data subject is being processed and, if also access the personal data and certain additional information about the processing.
• Right to data portability, which means that the data subject has the right to access personal data under certain circumstances, in order to transfer the personal data to another controller.
• Right to rectification, erasure or restriction of their personal data and the right to object to the processing.
• Right to complain to the national data protection agency (in Sweden IMY) if the processing of their personal data does not meet the requirements of EU/EEA data protection legislation.
• Right to withdraw their consent if and to the extent that specific consent was given for certain processing.
• Right to object to the balancing of interests when processing is based on the so-called balancing of interests according to nature 6.1 (f) of GDPR.
• Right to object to direct marketing when processing their personal data. In that case, the personal data shall no longer be processed for such purposes.

5.   Storage and deletion of personal data

According to data protection law, personal data may not be stored for longer than permitted by law, or otherwise necessary for the purposes for which the data is processed. Data that may no longer be stored shall be permanently deleted and destroyed (thinning). Under special conditions thinning can be carried out by anonymizing personal data instead of being destroyed. Anonymization means that any information that makes it possible to trace the data to a data subject is irrevocably deleted.

If there are certain laws or regulations that require the storage of personal data for a certain period of time, such as in tax-, accounting- or money laundering legislation, such provisions apply before the GDPR. For example, the Accounting Act states that accounting information must be kept for seven years from the year in which the financial year ended.

The main rule within the company is that personal data that is not subject to certain laws or regulations (in addition to data protection legislation) should be deleted when we no longer need the data to fulfil the purposes of the processing.

6.   Security in the processing of personal data

6.1 General

Oscilion shall take appropriate technical and organizational measures to prevent that destruction, altering or distortion of personal data. This means that a security assessment needs to be made on a case-by-case basis and that different processing/systems require different levels of security measures depending on the sensitivity of the information, the risk of intrusion (and other risks) and vulnerability.

6.2 Risk analysis

Before we start processing personal data, an initial risk analysis must be carried out to take a position on:

• The technical and organizational security measures appropriate for the processing in question, based on an assessment of information sensitivity, relevant risks and vulnerabilities.
• If the processing is adapted from the outside and meets our requirements regarding privacy by design and information security.
• Where the processing is likely to pose a high risk to the rights and freedoms of the data subject, for example through the use of new technologies or by the fact that data subjects cannot be expected to know that they are subjects to the processing. If such high risk is identified our Data Controller shall be informed and determine whether further analysis in the form of a Data Protection Impact Assessment is necessary.

7.   Transfer of personal data

Personal data may be transferred to external parties with or without a personal data assistant agreement, depending on whether the recipient processes the data on Oscilion’s behalf or on his own account. In all cases, there must be a legal basis for the transfer and only the data that needs to be transferred. The transfer shall be documented in an appropriate manner.

7.1 Transfer to data processors

Oscilion may transfer personal data to external parties that processes personal data on our behalf and according to our instructions. Such external parties is a data processor assistant to us and shall always sign a personal data assistant agreement with Oscilion. Our Personal data controller is responsible to keep such templates updated and accordingly to applicable Data Protection Legislation from time to time.

7.2 Transfer to parties with their own personal data liability

Oscilion may transfer personal data to other external party which have their own personal data liability, provided that we have legal basis for such transferring. Such legal basis may be, for example, that the transfer constitutes a legal obligation for us, or a customer agreement that gives us the right to transfer the data.

7.3 Transfer of personal data to a third country

If and to the extent our personal data processing involves the transfer, storage or otherwise processing of personal data outside the EU/EEA, further measures are required for the processing to be lawful. It is sufficient that the personal data is accessible from the outside the EU/EEA, or that certain infrastructure or resource is outside the EU/EEA, that further action is necessary. When transferring personal data outside the EU/EEA, the data subject shall be informed of the purpose and scope of the transfer.

The measures we take to ensure that personal data processing outside the EU/EEA is legal must always be documented and approved by our Data Controller.

7.4 Request by the authority for information

Oscilion and its employees are obliged to provide information about our personal data processing and related circumstances if requested by the Privacy Protection Authority. Other authorities may also have the right to receive information that contains personal data from us, such as the Enforcement Authority, The Swedish Tax Agency or the Swedish Economic Crime Authority. There may also be an obligation to disclose information to the police or prosecutors in the event of a criminal investigation, information being disclosed only at the written request of the lead investigator och prosecutor.

In addition to regular and mandatory transfers of personal data to authorities that we have a legal obligation to report (e.g. salary data to the Swedish Tax Agency and information about sick leave to the Swedish social insurance), personal data shall be disclosed to the authority only after consultation with our Data Controller.

Our Data Controller is responsible for contact with the Privacy Protection Authority. All contacts with the Privacy Protection Authority, or other authorities regarding personal data processing issues, on behalf of Oscilion shall be referred to our Data Controller.

8.   Reporting

Our Data Controller shall report annually or if necessary to management about our processing of personal data and, in addition, immediately report to management if serious flaws, privacy risks or problems arise.

The report shall contain the results of the follow-up and verification of personal data carried out in accordance with this Privacy Policy, including:

• If the processing as adapted from the outside and meets our privacy by design and information security requirements.
• Number of personal data breaches
• Our compliance of the applicable Data Protection Legislation and this Privacy Policy.
• Any contact with the Privacy Protection Authority; and
• Changes in applicable Data Protection Legislation and supervisory practices regarding the processing of personal data.

9.   Contact information

If you have any questions about the processing of your personal data or about cookies, or if you want to exercise your rights specified above your are welcome to contact us according to below

Oscilion Teknik AB and Oscilion Naval Systems AB (5567055552; 5567055701)
Borgarfjordsgatan 18
164 40 Kista
E-mail: info@oscilion.com