Privacy Policy Pluslife

Valid from 2019-09-08

Candelit takes an uncompromising approach to our users' privacy and personal data. Without your trust, we are nothing.

Candelit is careful to protect and respect your personal privacy. This Privacy Policy explains how we collect and use your personal data in connection with your use of our Service, through our mobile application (the "Service"). It also describes your rights vis-à-vis us and how you can enforce your rights.

You should read this privacy policy before using the Service. Please note that the Service is not aimed at persons under the age of 18 and we therefore ask persons under the age of 18 not to provide personal information to us through the Service.

1. Your personal data is in safe hands

Candelit AB, org.nr 559113-5370 ("Candelit", "we", "us", "our") is the data controller for the processing of your personal data described here.

You can contact us at any time if you have questions or comments regarding your personal data. Feel free to email us at feedback@candelit.se or contact us at:

Candelit AB

Postal address, see https://www.allabolag.se/5591135370/adresser

Phone: +46 (0)70 - 963 39 73

2. Data Protection Officer

Candelit has appointed a Data Protection Officer, who will help us ensure that your personal data is processed correctly and legally.

You can contact the Data Protection Officer in all matters relating to Candelit's processing of your personal data and the exercise of your rights, by emailing feedback@candelit.se, writing 'Data Protection Officer' in the subject line.

3. Personal data collected about you

Candelit may process the following types of personal data about you:

User information. To use the Service, you need to register a user account. In connection with registration, you will be required to provide information about yourself, such as your name, address and e-mail address. You also have the option to add other information or account settings, such as your mobile phone number, Specific data, and General data (defined below).

Specific data. We will save data that you as a user choose to provide within the Service. This includes information such as, but not limited to, vehicles, your, your children's and your partner's date of birth, membership, employment, purchases, insurance, agreements and subscriptions, interests, passports, holidays, gift cards, loans, types of housing, bank and credit cards, possessions, and the like that fit within the Service.

General data. We will save information about your use of the Service, your choices and settings. We save data about what times you use the Service, which parts of the Service you use, what you choose to add and not. It may also be about which suppliers you have chosen to use, terms and conditions regarding these and any information about agreements and your relationship with the supplier that you have chosen to specify within the Service. Please note that some subscription data may also contain sensitive personal data, for example if the subscription relates to membership in a trade union or political party, health care, church or other religious community.

Sensitive personal data. Financial and subscription data may contain sensitive personal data, for example about payments to or membership in trade unions, political parties, healthcare, churches or other religious communities. Just like any other data, your sensitive personal data is collected and processed with the utmost consideration for your privacy.

Correspondence. We will collect personal data when you contact us regarding the Service. Correspondence may include user information and other relevant information that you share with us about yourself. For example, we collect relevant information about your interactions with our customer support, such as date, time, method of contact and topic of conversation. As email is an open form of communication, please avoid including sensitive personal information in your communications to us.

Customer surveys. We may contact you to offer to participate in digital customer surveys. If you choose to participate, you may be asked to provide certain information that may include personal information.

Technical data. We may collect technical information from your mobile device in connection with your use of the Service, such as IP address, browser type and version, screen resolution, language settings, geographic location, operating system and mobile platform. Technical data may also include information about how you use the Service and identify technical problems. Although we do not normally use technical data to identify specific people, sometimes people can be identified from it, even if this is not the intention.

4. How your personal data is collected

Information you provide to us. Most of the information that Candelit collects about you provide us with us. You may directly or indirectly provide us with information about yourself in various ways, for example when you register your user account in the Service. You can always choose not to provide further information to us. However, some information is needed for us to be able to provide you with the Service.

Information collected by other means. We may also collect information about you in other ways. It is always done responsibly with your privacy in mind. For example, we may collect information about your vehicles, so you do not have to fill in this information yourself. This could also apply, for example, to information about your home, your children's school or similar.

5. How your data will be processed

Candelit processes your personal data for the following purposes and based on the following legal bases:

To provide the Service to you. We process your personal data to administer your user account and provide you with the Service (i.e. to fulfill the agreement between us). For example, technical data is used to ensure that the Service is presented in the best way for you and your device.

To register your user account. We process your personal data in order to register your user account. This is necessary for us to be able to enter into an agreement with you about the Service.

To communicate with you. Your name and email address will be used to send reminders, confirmations, service messages and other relevant information about the Service to you. This processing is necessary for legitimate interests, including our interest in promoting and maximizing your use of the Service. You can freely control and turn notifications on and off in your account settings. However, we may continue to send you important administrative messages, which are required for us to provide you with the Service.

To provide customer support. Your personal data (e.g. user data, technical data, subscription data, etc.) may be used to investigate, respond to and resolve complaints and problems with the Service (e.g. bugs). This process is necessary for us to be able to provide you with the Service as promised and for legitimate interests, including our interest in ensuring the functionality of the Service.

To conduct customer surveys. Your name and email address may be used to invite you to respond to surveys. By continuously collecting qualitative feedback from you and other users, we can reach a deeper understanding of your and other users' problems and needs. This process is necessary to achieve legitimate interests, including our interest in developing and improving the Service.

To develop and improve the Service. Vi may use technical data, customer surveys and other aggregated and anonymized data (e.g. subscription data that is not specifically related to you, and without sensitive personal data) to develop and improve the Service. This may include, for example, troubleshooting, information analysis, investigative measures, statistical purposes and tests (e.g. beta tests and evaluation of new features, which are in line with the basic nature of the Service). For example, we may collect and evaluate technical data about your use of the Service in order to analyze and understand how the Service is used to make it more intuitive. This process is partly necessary for us to be able to provide you with the Service, but primarily to achieve legitimate interests, including our interest in developing and improving the Service and its functions.

To comply with laws. We are obliged to comply with Swedish (and sometimes other) laws. This means that your personal data may sometimes need to be processed to the extent required by law or other legal obligations, for example for reporting to authorities.

To protect Candelit, you and others. We may need to process your personal data to defend or enforce our, your or others' legal rights. This may be needed, for example, if you or someone else make claims against us, or to investigate abuse or fraud. It is necessary to protect you and others and for other legitimate interests, including our legitimate interest in being able to respond to claims.

6. How your personal data is shared

Candelit takes an uncompromising approach to our users' privacy and personal data. Without your trust, we are nothing. We will never sell, share or give any external party, i.e. anyone outside Candelit, access to your personal data and the choices and settings you have made, current or historical. Except for the contexts listed below, then with the aim of further delivering the best possible service to you. This may involve sending letters by post, email or similar.

Within Candelit's organization and its possible subcontractors and authorities, your personal data may be shared with:

People who work with us. Your personal data will be shared with people who work with us, but only people who are authorized to process your personal data. This means that your personal data is only shared with people who need access to it in order to perform their jobs, for example to provide you with customer support. Of course, everyone who works with us is covered by confidentiality.

Your personal data may be shared with suppliers who help us provide you with the Service, or who provide us with other services that require your personal data to be processed. For example, we store and provide the Service using the Microsoft cloud platform, they could exceptionally access limited data for troubleshooting purposes. There may also be other service providers who help us with things like marketing, e-mailings and the like. These companies may only process your personal data on instructions from us, or to comply with their legal obligations.

Authorities and legal contexts. Sometimes we may need to share your personal data with others due to legal obligations. For example, when it is required to respond to a request from the Police, supervisory authority or other public authorities. We may also share your personal data if it is necessary in connection with a legal process, for example to enforce our general terms and conditions or to defend the rights of Candelit, our partners, you or others.

7. Where your personal data is processed

Candelit always strives to process and store your personal data within the EU/EEA. However, in exceptional cases in the event of a disaster (e.g. in the event of war, natural disaster or similar), your personal data may need to be transferred and stored outside the EU/EEA.

You should be aware that other rules may apply to your personal data outside the EU/EEA, which may sometimes entail different protection than that offered in Sweden. However, we choose all our suppliers with great care and with consideration for your privacy. We will also make sure to take the necessary measures to ensure that your personal data is handled securely and with an adequate level of protection (e.g. using approved standard clauses and Privacy Shield). You can always contact us if you have questions about applicable safeguards.

8. How long your data is stored

Candelit saves your personal data if the data is needed to fulfill the purpose for which the data was collected. The duration of this depends on the type of data. We regularly check our need to save your data, considering applicable legal requirements.

Until you delete your user account or withdraw your consent. Normally, we need to save most of your information if you have an active user account in the Service. Personal data processed on the basis of your consent (for example, sensitive personal data) will be deleted when you withdraw your consent, or when the purpose for which you consented has been fulfilled.

But sometimes longer. Your personal data may sometimes be saved even after you have deleted your user account or withdrawn your consent. This applies, for example, if and to the extent that we deem it necessary to be able to defend our legal rights, legitimate interests and the interests of others. Your personal data may also be stored longer if required by law, such as accounting and tax legislation.

9. Cookies

As the Service is delivered in the form of a mobile application, cookies are not used in any form.

10. Your rights

It is your personal data. You therefore have the right to influence how your personal data is processed by us. Here is a brief summary of your rights.

Right to object to processing. You have the right to object to your personal data being processed for legitimate interests. This means that we must either prove that there are compelling legitimate reasons for the processing, which outweigh your interests, or stop the processing. You can always contact us to get more information about the balance of interests that has been made.

You also have the right to object to your personal data being used for direct marketing (e.g. newsletters). You do this by turning off notifications in your account settings or following the unsubscribe instructions set out in emails from us.

Right to access and move your data. You have the right to request a copy of your personal data as well as information about how it has been used, shared and more. You sometimes also have the right to transfer your personal data to another data controller.

Right to erasure ('right to be forgotten'). You have the right to request that your personal data be deleted, for example, if data is no longer necessary for the purpose for which it was collected or otherwise processed, or if we have no legal basis for processing the data.

Right to rectification of data. You have the right to request that incorrect personal data be corrected. You also have the right to have incomplete personal data completed. You can change and supplement your information directly in the Service, under your settings and the like.

Right to restriction. You have the right to request that the processing of your personal data be restricted until incorrect or incomplete information about you has been corrected or until an objection from you has been investigated.

Right to withdraw your consent. You have the right to revoke any consent you have given to us at any time. Note, however, that it does not affect the processing carried out before the withdrawal. Unfortunately, Candelit currently has no technical ability to provide you with the Service without processing sensitive personal data. Normally, you therefore need to withdraw your consent by deleting your user account in the Service.

You can read more about your rights on www.datainspektionen.se. You can contact us at feedback@candelit.se to exercise your rights.

You should be aware that restricting or deleting your personal data may affect or hinder your use of the Service. There may also be legal regulations (such as confidentiality, accounting and tax laws) that sometimes limit, or extend, your rights. For example, legal obligations may prevent us from disclosing or deleting or moving some of your information.

11. Complaints

You have the right to contact and complain to the Swedish Data Protection Authority if you believe that your personal data has been handled incorrectly by us. You can read more about this on www.datainspektionen.se. You can also contact the supervisory authority in the country where you live or work.

12. Changes to the Privacy Policy

This privacy policy may need to be updated from time to time to reflect changes in the Service and the use of your personal data. You will be informed if any significant changes are made (for example, by email), but we also recommend that you review this policy periodically to ensure that you are aware of any changes made. We will indicate at the beginning of this Privacy Policy when it is last updated.

This privacy policy is valid until a new one is published.