GDPR & Personal Privacy
The EU General Data Protection Regulation (GDPR) is a privacy and data protection regulation in the European Union effective from May 25, 2018.
GDPR replaced the previous Personal Data Act (PuL). Personal data includes all data that can be directly or indirectly linked to a natural person.
Besides strengthening and standardizing user data privacy across the EU nations, it introduces new or additional obligations on all organizations that handle EU citizens’ personal data, regardless of where the organizations are located.
We protect your personal privacy and it is therefore important that you can feel safe when it comes to the handling of your personal data. We are open about how your personal data is handled and we follow current laws, rules and guidelines regarding data protection. You can also feel secure that we do not sell your personal information on to other companies.
The new rules mean that you as a registered person have a number of rights. Below you can read about how we process your personal data, what rights you have, who you can contact if you have questions, etc.
Personal Data shall be:
- Processed lawfully, fairly and in a transparent manner
- Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
- Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
- Accurate and, where necessary, kept up to date
- Stored for no longer than necessary for the purposes for which the Personal Data are collected
- Processed in a manner that ensures appropriate security of the Personal Data, using appropriate technical or organisational measures
We respect our customers (Issuers), their customers (Recipients), and our employees rights to data privacy and protection, and as such we have updated applicable policies and procedures in order to meet the requirements of GDPR. We have established a number of measures to ensure that customers and their data are treated in a manner consistent with privacy principles and the new GDPR requirements.
TRUE is committed to compliance with the GDPR as both a processor and controller of Personal Data. We can provide a Data Processing Agreement for our customers, and we are also open to using Agreements supplied to us by potential customers, as long as they comply with all current GDPR rules and regulations.
Who is responsible for personal data?
For what purposes do we process your personal data?
The legal basis for processing your personal data is in the public interest. If you have received a TRUE document using our technology, we process your information in order to be able to secure your document, to show your document online, and for you to be able to share it, and download it. We also process your personal data for communication purposes in order to offer you relevant information about the secure documents and their use.
If you represent one of our suppliers or customers, we handle your personal information in order to administer our contractual relationship and/or communicate our services in relation to your employer or the organization you represent. We also process personal data for business and method development.
In order to send you newsletters, we need to save and process personal information about you, in this case your e-mail address. True Value Software AB saves your information until you announce that you no longer want the newsletter, or when we stop sending out the newsletter.
What legal basis do we have for the processing of your personal data?
We need to process your personal data in order to fulfil our agreements. We are also obliged to process certain information according to law, e.g. concerning money laundering and accounting. We also have a legal obligation to process personal data in order to comply with the regulations for some of our customers whom are registered as a certification / accreditation bodies.
Where do we get your personal information from?
From our customers or any future customers, we collect personal data directly, e.g. at the request for quotation, or in connection with an audit. From their customers, the Recipients of TRUE documents, we get the personal information from our customers.
Does True Value Software AB send your personal information to an outsider?
Where is my personal data processed?
We process your personal data within the EU / EEA area.
How long is my personal information stored?
We process your personal data for as long as necessary in accordance with the requirements of each standard and the Accounting Act. They are then thinned in accordance with special routines. If you request to have your data removed, both TRUE as well as the customer who issued a document to you can remove the document, and the data it contains.
What rights do I have?
You as a registrant have a number of rights regarding the processing of your personal data.
You have the right to know how we process your personal data and receive a register extract (right to access).
Furthermore, you have the right to have incorrect and incomplete information corrected (right to correction).
You also have the right to have your personal data deleted or restricted in certain cases, e.g. when there is no legal basis or when we no longer need the personal data (right to deletion and restriction).
In addition, you have the right to transfer your information that you have provided to someone else (right to data portability). Just like before, you have also have the right to request that your personal information not be used for direct marketing.
Who can I contact if I have questions?
Fulfilling our privacy and data security commitments is important to us. We are glad to help you comply with GDPR rules. If you have questions about your rights under the GDPR as a Recipient of a document or as a customer of TRUE, please reach out to us at support@trueoriginal. com
You can also write to us at the address:
True Value Software AB, Brahegatan 10, 114 37 Stockholm, Sweden.
You also have the right to submit a complaint or report directly to the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten).
This information text was last updated on April 01, 2022. We may update the information text if any content changes, e.g. if our purposes were to change. The latest version must always be available on this page.