Privacy Policy

Last Updated: February, 2024

Thank you for visiting www.visualart.com (the “Site”).

Are you thinking about data security and privacy?

For Visual Art, it is important that you have confidence in allowing us to handle and store data about you, and that you are aware that we comply with data protection laws, including GDPR (the EU data protection regulation) which means that we respect your privacy and your right to control your personal data.

This Privacy Policy is designed to help you understand how Visual Art collects, stores, uses, shares, and safeguards your personal information. We are also describing on what legal basis the processing is based and how long your data is kept.

We also describe how you can influence the processing by exercising your rights, and provide you information about who you can talk to if you have questions about personal data processing and where you can turn if you are not satisfied with our processing.

This Privacy Policy is addressed to:

• Representatives of, and contact persons for, current and potential customers.
• Representatives of, and contact persons for, suppliers.
• Persons who contact us for any reason or visit our Site.
• Persons who seek employment.

As an employee of Visual Art, a board member, or a consultant, you can read more about how your personal data is processed on our intranet.

1. Data Controller

Visual Art Sweden AB (556585-8338) is the data controller, and we are responsible for processing personal data in compliance with applicable law.
You must read and understand the Privacy Policy.

Please contact us if you have any questions. Contact details can be found at the end of this Privacy Policy.

2. Information Collection

2.1 What is personal data?

Personal data is data through which we can directly or indirectly identify you.

2.2 What personal data do we process?

To facilitate the understanding of the personal data processed for the purposes set out below, we have divided them into descriptive categories. The categories are illustrative and may include more types of personal data than those mentioned below.

• Contact details: name, organisational affiliation, address, email address, and telephone number.

• Contract and service data, such as information on which of our products and services you use, contract duration, cancellation period, and other contractual information.

• Incident data, such as information about your contacts with our support in the form of e.g. emails, calls or filling in the support form on support issues, complaints and the like.

• Behavioural data: responses to our products and services and how you use our products, services, and Site.

• Device data: data about your computer, tablet, or phone, e.g. IP number, language and browser settings, time zone, operating system, platform, screen resolution, access time, and other data from cookies.

• Communication data, such as your responses to market surveys.

2.3 How do we collect your personal data?

• We may collect personal data directly from you.
• We may collect personal data from the company that you are a representative of, or a contact person for.
• We may collect personal data from other third parties, such us partner organisations.
• We may furthermore collect personal data from publicly available sources.

3. Use of Information

For us to process your personal data, we must have an explicit and legitimate purpose for the processing. Personal data must not be processed in a way that is incompatible with the original purpose for which it was processed.

In addition, we must have a so-called legal basis for processing your personal data.

3.1 Contracts with customers

The processing of your personal data is necessary to enter into a contract with a company that you are a representative of, or a contact person for. The category of personal data processed for this purpose is contact details.

If you do not submit the personal data that we need your company may not be able to enter a contract with us.

Legal basis: Entering into contracts

The processing of your personal data is necessary to administer a contract with a company that you are a representative of or a contact person for. The category of personal data processed for this purpose is contact details.

Legal basis:  Legitimate interest of administering contracts

Time we keep the data: Contact details are stored for as long as needed to fulfil the contract with your company, but no longer than 24 months after the contract has ended – except where we are required by law to save it for a longer period (see section 3.8 Legal documentation requirements).

3.2 Support

When you contact our customer service by filling out the contact/support form, sending an email, or calling, we process personal data about you to help you use your services and to help you troubleshoot or handle your feedback, or otherwise answer your questions. The categories of personal data processed for this purpose are contact details and incident data.

Legal basis: Legitimate interest of answering and managing your support requests.

Time we keep the data: History from your contacts with our support is deleted after a maximum of 30 months after we close the case.

3.3 Development of customer support

We process your personal data with the purpose of improving our customer communication and working methods so that we can offer you a better service. The category of personal data processed for this purpose is the incident data that you have submitted to us when you contacted our support.

Legal basis: Legitimate interest of analysing conversations or specific solved issues to improve or customer communication and our working methods.

Time we keep the data: History from your contacts with our support is deleted after a maximum of 30 months after we close the case.

3.4 Customer Surveys

To improve our service to our customers, we send out an annual customer satisfaction survey to you who is a representative of, or a contact person for a customer. We may ask you for your view on our partnership, the solutions we have provided to you or similar.

Legal basis: Our legitimate interest. Our legitimate interest of processing personal data in customer satisfaction surveys is that we need to collect your opinions to improve our services and be the best possible partner to you. The categories of personal data processed for this purpose are contact details and communication data.

Time we keep the data: We store the above personal data for a maximum of 12 months.

3.5 Newsletters or marketing messages

To provide you who is a representative of, or a contact person for, a customer with information about new features on our digital signage platform, new ideas, inspiration or news or updates to our products and services, so that they work as well as possible, we sometimes send you a newsletter or message about this. We may also send newsletters or marketing messages to you who is a representative of, or a contact person for a potential customer. The category of personal data processed for this purpose is contact details.

Legal basis: Our legitimate interest of marketing our products and services, and informing you about new possible solutions, updates, and inspiration to keep you informed about our work.

Time we keep the data: We store the above personal data for a maximum of 12 months.

3.6 Contracts with suppliers

The processing of your personal data is necessary to enter a contract with the company that you are a representative of, or a contact person for. The category of personal data processed for this purpose is contact details.

If you do not submit the personal data that we need your company may not be able to enter a contract with us.

Legal basis: Entering into contracts

The processing of your personal data is necessary to administer a contract with a company that you are a representative of or a contact person for. The category of personal data processed for this purpose is contact details.

Legal basis:  Legitimate interest of administering contracts

Time we keep the data: Contact details are stored for as long as needed to fulfil the contract with your company, but no longer than 24 months after the contract has ended – except where we are required by law to save it for a longer period (see section 3.8 Legal documentation requirements).

3.7 Legal documentation requirements

We may need to process your personal data to comply with rules regarding bookkeeping and audits. The category of personal data processed for this purpose is contact details.

Legal basis:  Legal obligation.

Time we keep the data:  We store the personal data for up to seven years after the expiry of the calendar year during which the financial year ended.

3.8 Recruitment

When you apply for a job we process your personal data to assess your application, conduct interviews, contact references and possibly hire you. The categories of personal data processed are contact details, personal identification number and other information that you or your references provide us with.  The personal identification number is processed to ensure a proper identification of you. The references that we contact will be informed of our processing of their personal data.

Legal basis: Entering into contracts

If you do not submit the personal data that we need you may not be able to enter an employment contract with us.

Time we keep the data:  We store the personal data for 30 months after the recruitment process has been finalised.

3.9 Events

Sometimes we organise events and if so we need to process your personal data in order to send out invitations, administer the event and evaluate it. The categories of personal data processed are contact details, food preferences and any need for accommodation due to a disability.

Legal basis:  Legitimate interest of organising events. Our lawful basis for processing personal data concerning food preferences and accommodation requirements is explicit consent.

Time we keep the data:  Your contact details will be stored for 24 months after the event. Information about food preferences and accommodation requirements will be erased directly after the event.

3.10 Disputes

In case of a dispute between you, or a company that you represent or are contact person for, and us – we will process your personal data in order to establish, exercise or defence our legal claims. The categories of personal data processed are contact details and other information that you have provided us with.

Legal basis:  Our legitimate interest of establishing, exercising or defencing our legal claims.

Time we keep the data:  Personal data relating to disputes are processed until the dispute is finally resolved.

3.11 Cookies

We process the information created by the cookies set when you visit www.visualart.com, such as the length of your visit, the number of page views, the choices you make, and how you found it.

Your personal data are processed to enable you to use the Site in the manner intended by us and so that we can keep statistics.
You have given your explicit consent to the processing. You can withdraw your consent at any time by clicking on the CookieBot icon on the Site.

Read more about what cookies we are using, why, and for how long we store the data in our Cookie Policy.

4. Sharing of Information

We do not sell, trade, or otherwise transfer your personal information to third parties without your consent, except as described in this Privacy Policy or as required by law.

In some situations, we share your personal data with others. Below we describe when and why we do this. We would like to emphasize that we never disclose your personal data unless this is necessary for us to carry out any of the processing operations listed above, for which we have a legitimate purpose and a legal basis.

4.1 Suppliers and partners

We use suppliers and partners to install, implement, and develop our products and services such as service technicians, electricians, and installers. We also have lead generation partners and customer service providers who help us with sales and customer relations. You can learn more about how we share your data below.

When we use suppliers who process personal data on our behalf, we always sign a data processing agreement with the supplier. The data processing agreements state that the supplier (data processor) may only process personal data for purposes that we determine and on specific instructions from us. Our suppliers may not do anything with your personal data that we have not expressly instructed them to do, unless required by law. We also require the supplier’s handling of personal data to be secure and correct.

Suppliers of IT systems and system administration services

When we process your data for any of the purposes listed above, we use cloud services. We furthermore use a backup system to protect your personal data. Your personal data will therefore be shared with our suppliers of these systems.

When you contact us to purchase our products and/or services we will share your personal data with our lead generation partner. We will moreover share your personal data with our lead generation partner to enable them to contact you who is a representative of, or a contact person for, current or potential customers.

When you contact our customer support, we will share your personal data with our customer service provider. When you contact us via the contact/support form on the Site your personal data will also be shared with our Site supplier.

When you email us, or we email you, your personal data will furthermore be shared with our email system supplier.

Professional advisers such as lawyers and accountants

In case of a dispute between you, or the company that you represent or are contact person for, and us – we may share your personal data with external lawyers. We may furthermore share your personal data with external lawyers in case we need legal counsel for any other reason.

In case you are a representative of, or a contact person for, a customer or a supplier – we may share your personal data with our accountant. We may furthermore share your personal data with our authorized auditor.

The Swedish Tax Agency

In case your personal data is enclosed in documents that we are legally obligated to submit to the Swedish Tax Agency we will share your data with that agency.

Other third parties

In case you participate in one of our events we may share your personal data with the event organiser, the venue and/or the caterer.

4.2 Transfer to suppliers in third countries

Sometimes we need to transfer your personal data to suppliers who have all or part of their operations outside the EU/EEA, known as “third countries”. This depends on where our customers have implemented their solutions and consequently where we need to install, implement, or handle issues about their digital signage solution that we have provided. Another reason for third country transfers of personal data is that we want to be able to offer you service more hours of the day.

We do not use suppliers in third countries unless the country has an adequate level of protection according to the European Commission (adequacy decision), or if we have taken appropriate contractual safeguards for the transfer in accordance with the requirements of the GDPR. We always ensure that the provider enters a contract with us, using the EU Standard Contractual Clauses, where they commit to comply with provisions regarding the protection of personal data. We only transfer personal data to the US if the recipient (importer of personal data) adheres to the European Commission’s adequacy decision, the EU-US Data Privacy Framework.

If you require more information about the safeguards employed by us when we transfer your personal data to a third country, please contact us using the contact details below.

5. Security

We take reasonable measures to protect your personal information from unauthorized access or disclosure. However, no data transmission over the internet or method of electronic storage is completely secure, so we cannot guarantee absolute security.

6. Links to Third-Party Websites

The Site may contain links to third-party websites. Please note that we cannot be held responsible for the privacy policies or content of any third-party websites. We encourage you to review the privacy policies of these sites before providing them with any personal information.

7. Your Rights

As a data subject you have several rights. If you want to exercise your rights you are welcome to contact us. You can find contact details at the bottom of the Privacy Policy. For more information about your rights please visit the Swedish Authority for Privacy Protection’s (IMY), website www.imy.se.

You will not have to pay a fee to exercise any of your rights. However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to exercise any of your rights. This is a security measure to ensure that personal data are not disclosed to any person who has no right to receive it.

Your request will normally be answered no later than 30 days after the day on which we received it. If your request is complicated it may take more time, but we will keep you informed. If for some reason we cannot fulfil your request, we will notify you.

You can read about each right below.

7.1 Right of access

You have the right to receive information about what personal data about you that we process (a so-called register extract).

When submitting your request, it is advisable to specifically state which personal data you are interested in, such as contractual documents, customer service notes, chat history or similar. This way, we can provide you with the information that is most relevant to you.

7.2 Right to rectification

It is our responsibility to ensure that the personal data we process are correct and relevant. We therefore systematically maintain our registers and update address details and similar information about you so that we always have the correct information. If you notice that the information we have about you is incorrect or if we are missing important information, you have the right to have your data corrected. We are grateful to you for helping us with this.

7.3 Right to erasure
You have the right to request that we erase personal data in the following situations:

• If the personal data are no longer necessary for the purposes for which they were collected and for which we process them.
  
• If we process personal data based on your consent and you withdraw it.
  
• Where we process personal data for direct marketing purposes and you object to the continued processing of your personal data for this purpose.
  
• If we process personal data based on a balance of interests and there are no overriding legitimate grounds that outweigh your interest.The personal data have been unlawfully processed.

When we receive your request, we will assess whether there are grounds to erase your personal data and we will notify you of our assessment. If we delete your data at your request, we will inform any suppliers and partners to whom we have disclosed the data that the data has been deleted.

However, the right to erasure does not apply if we need the personal data to comply with a legal obligation which requires processing by Union or national law. The right to erasure does furthermore not apply if we need the personal data to establish, exercise or defence legal claims.

7.4 Right to restriction of processing

In certain cases, you have the right to demand that the processing of your personal data be restricted. In case the processing has been restricted we may only process the data for the purpose to establish, claim or defend legal claims, to protect someone else’s rights or if you have provided your consent.

The right to restriction applies, for example, if you believe that the personal data are incorrect and have requested correction. In such cases, you can also request that our processing of your personal data be restricted while the accuracy of the personal data are being investigated.

You also have the right to restriction if the processing is illegal and you do not want us to erase the data, or if we do not need the data any longer for the purpose of the processing but you need the data to be able to establish or claim or defend legal claim. Lastly you may request restriction if you have objected to a processing based on the lawful basis legitimate interest, pending the verification whether our legitimate grounds override your legitimate grounds.

7.5 Right to object

You have the right to object to the processing of your personal data that we process based on our legitimate interest. In that case, you need to specify in writing which processing you object to. In the event of such an objection, we may only continue processing your personal data if we can demonstrate compelling legitimate grounds for processing the personal data that outweigh your interests. However, we may still process your personal data to establish, exercise or defend legal claims.

7.6 Data portability

You have the right to request the transfer of your personal data to another party if our processing is based on the legal bases consent or contract, and the processing is carried out by automated means.

7.7 Right to object to direct marketing

If your personal data are processed for direct marketing purposes, you always have the right to object to the processing at any time. If you object to your personal data being processed for direct marketing purposes, we will no longer process them for such purposes.

7.8 Right to withdraw consent

In most cases, we do not base the processing of your personal data on your consent. However, to the extent that we process your personal data based on consent, you always have the right to withdraw it at any time. The withdrawal of the consent does not affect the lawfulness of the processing based on the consent before it was withdrawn.

8. Complaints

You have the right to make a complaint to Integritetsskyddsmyndigheten – the Swedish Authority for Privacy Protection (www.imy.se).

9. Contact details and data controller

If you have questions, or concerns or wish to contact us to exercise your rights, please contact us.

Data controller: Visual Art Sweden AB (556585-8338)

Address:
Visual Art
Hälsingegatan 47
113 31 Stockholm, Sweden

Telephone: +468 15 32 00

Or send us an e-mail to hello@visualart.com

10. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The date of the latest revision will be indicated at the top of the page.