Toteme recognizes the importance of protecting the privacy of your personal data. We have instituted strict policies and security measures to protect the information you provide us.
2. Who is responsible for the processing of your personal data?
The Swedish company Toteme AB, reg. no. 556951-0182 (“Toteme” "We" "Us"), is the controller of your personal data. Toteme’s affiliated companies (including other companies within the Toteme group, joint ventures, franchisees and licensees) and selected suppliers may process your personal data on Toteme’s behalf and in accordance with Toteme’s instructions as stated below and are thereby processors of your personal data.
You may contact Toteme at any time, please find our contact details below.
Mail address: Engelbrektsgatan 5, 114 32 Stockholm
Visiting address: Engelbrektsgatan 5, 114 32 Stockholm
Phone: +46 8 20 38 20
3. Categories of data processed, purpose and legal basis for processing
If you are the contact person at one of Toteme’s suppliers Toteme processes your name, telephone number and email address. Toteme processes the data for the purpose of administering and exercising its rights and obligations under the agreement with the supplier, communicate with the supplier during the product development phase, place and distribute orders and to otherwise be able to communicate with the supplier. The processing is based on a “balancing of interests” legal basis, where Toteme’s legitimate interest is to administer its contractual obligations and rights, communicate with the supplier regarding orders and otherwise maintain a good relationship with the supplier.
If you work with Toteme as a sole proprietorship (Sw. Enskild firma) Toteme processes your name, telephone number, email address and personal identity number (in case this is the same as the sole proprietorship’s registration number). Toteme processes the data for the purpose of administering and exercising its rights and obligations under the agreement with the supplier, communicate with the supplier during the product development phase, place and distribute orders and to otherwise be able to communicate with the supplier. The processing is based on the sole proprietorship’s agreement with Toteme.
4. Does Totême share your information with others?
Toteme does not sell or rent our customers’ personal data to any other entity.
We may share your data with affiliated companies including other companies within the Toteme group, joint ventures, franchisees and licensees. These recipients are only entitled to process your personal data on behalf of Toteme while performing a service for Toteme. Toteme takes all reasonable legal, technical and organizational measures in order to ensure that your data is handled securely and with an adequate level of protection when transferring to, or sharing with, such selected third parties.
Toteme may also release your personal data to public authorities where we are obligated to do so by law.
In the event all or part of Toteme’s operations are sold, Toteme may transfer your personal data to a potential purchaser of the business.
5. How long do we keep your data?
Toteme will retain your name and contact information in our register of contact persons while our contractual relationship with the supplier is active or if we otherwise require the data for any matter related to our contractual relationship with the supplier. If you notify us that your employment with the supplier has terminated or that you should no longer be the contact person, we will delete your data from our register of contact persons within one month.
Your data (for example your name) may be found in agreements, correspondence or other documentation regarding Toteme’s relationship with the supplier which Toteme needs to save for commercial, business or legal reasons. The processing is based on Toteme’s legitimate interest to store such documentation to the extent it is of commercial, business or legal significance to Toteme’s business operations. This data will be stored for as long as it is necessary for the reasons mentioned.
Toteme may also save your personal data for a longer period of time where necessary in order to fulfill a legal obligation which requires processing according to applicable law or in order for Toteme to be able to establish, enforce, or defend against legal claims.
6. Transfers outside the EU/EES
We may share your data with our selected suppliers, who may process your data in countries both inside and outside of the EU/EES when performing functions on our behalf as set out in section 4 above.
Please note that countries outside of the EU/EEA may not provide an adequate level of protection for your personal data. Toteme has however taken appropriate safeguards to ensure that the receiving parties of your data in countries outside of the EU/EEA shall provide an adequate protection of your data. Such safeguards may be that the receiving party has joined the Privacy Shield (if the receiving party is a company established in the United States) or that the receiving party has signed so called standard data protection clauses adopted by the EU Commission. Please contact us at email@example.com. if you want further information on what safeguards have been taken and if you want a copy of such safeguards.
7. Your data subject rights
In this section 7, we have summarized your data subject rights to request access, portability, rectification, erasure of your personal data, to restrict the processing of your personal data, to object to processing, and your right to lodge a complaint with the supervisory authority.
If you want to exercise your rights, please send us an e-mail to firstname.lastname@example.org. Please note however that if you want to lodge a complaint with the supervisory authority, you need to contact the authority directly.
Right of access
You have the right to obtain confirmation of whether personal data concerning yourself is being processed and, where that is the case, access to the personal data and information regarding, inter alia, the purpose of processing, the categories of personal data concerned, the categories of recipients to whom your data have been or will be disclosed, and the envisaged period of time for which personal data will be stored (or the criteria for determining this).
Right of rectification
You have the right to request rectification of inaccurate personal data concerning yourself, and to complete incomplete data.
Right of erasure
Under certain circumstances you are entitled to request that we erase your personal data or restrict our processing of your data, namely in the following events.
- When it is no longer necessary for us to process your data taking into consideration the purposes for which it was collected.
- When our processing is based on your consent and you have withdrawn your consent, and there is no other legal basis for the processing of your data.
- When our processing of your data is based on a legitimate interest legal basis and you object to such processing, and there is no overriding legitimate ground for our processing.
- When you have objected to our processing of your data for direct marketing purposes.
- When your personal data has been unlawfully processed.
- When the personal data must be erased for compliance with a legal obligation that applies to us.
- When the personal data collected concerns a child (under 13 years of age) in relation to the offer of information society services.
Right to objection
Under certain circumstances you have the right to object to our processing of your data, whereupon we shall no longer process your data unless we can demonstrate compelling legitimate grounds for the processing.
If our processing is based on your consent or if the processing is necessary for our performance of a contract with you, you have the right to request that the data which you have provided to us shall be provided to you in a structured, commonly used and machine-readable format and you also have the right to transmit such data to another controller.
Right to lodge a complaint with supervisory authority
Please note that if you consider the processing of your data to be in violation of applicable data protection laws, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence or the place of the alleged infringement (see http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm).