Data process: Website
Categories of data:
Permanent cookies, session cookies
Cookies are necessary to use our website. Users can adjust their cookie settings to limit the storage of cookies. This can affect the functionality of the website.
Permanent cookies are stored for a longer period of time, but no more than 24 months. Session cookies are stored temporarily on the computer and are deleted as soon as you close the page.
How we share the data we collect, international transfers
Only persons who need to process the data for the above-stated purposes have access to your personal data. Ethos International’s operations and our own IT systems are located within the EU/EEA. Ethos International assures that all transfers or other processing of personal data take place within the EU/ESA or to and from countries that guarantee an adequate level of protection in accordance with the Data Protection Act and the EU Commission, eg. Privacy Shield for treatment in the United States.
Personal Data Processors
A data processor is a company that processes data on our behalf and according to our instructions. We have data processors who help us with:
Authorities to the extent required by legal requirements, e.g. the Swedish Tax Agency
Data processors only process personal data for purposes consistent with the purposes for which we have collected them. This is always regulated in a Personal Data Processing Agreement.
For how long do we store personal data?
Personal data is not stored for a longer period than is necessary with regard to the purposes for which the data is processed. As soon as the purpose of the processing is fulfilled, the data will be deleted, unless Ethos International is obliged to save the personal data in accordance with requirements laid down by law.
Ethos International only collects personal data for specific and legitimate purposes, which are described in this policy. If personal data is processed for other purposes, they are compatible with the original purposes.
How is your personal data protected?
Ethos International has taken appropriate technical and organisational security measures to protect your personal data. Examples of technical security measures we have taken include customised IT-systems, firewalls, encrypted hard drives, regular backups, and developed protection through, for example, antivirus, anti-malware and spam filters.
Appropriate organisational security measures we have taken include password-protected folders when needed, regular updates of passwords for computers and systems, establishing an IT-policy and training of all staff in the IT-policy.
Be aware that Ethos international may change these technical and organisational security measures as needed.
We regularly overview our security policies and processes to ensure that the systems we use are safe and secure.
Your choices and rights
The rights of the data subject when Ethos International processes their data are briefly described below:
The right to be informed:
Data subjects have the right to be informed about the collection and use of their personal data. Data controllers must give data subjects specific privacy information about:
the business, including contact information
the data processing activities carried out
the length of time data is stored
the rights available to them in respect of processing
the right to lodge a complaint
The right of access
Data subjects have the right of access to personal data. If demanded, the data controller must provide a copy of the personal data that is being processed and for which purposes.
The right to rectification
Data subjects can ask data controllers to erase or rectify inaccurate or incomplete data.
The right to erasure, “the right to be forgotten”
Individuals have the right to ask controllers to delete their data if:
the data is no longer needed for the original purpose,
the processing is based on consent and the data subject withdraws it,
the data subject exercises their right to object to processing, and the controller can’t override their objection,
the data subject objects to the processing for the purpose of direct marketing.
The right to restrict processing
The data subject can ask the controller to restrict processing their personal data if, for example, they believe their data is not accurate. The data controller should stop processing until they have verified the accuracy of the data.The right to object to processingIf the data controller relies on lawful bases of legitimate interests for processing, individuals can object to such processing. The data controller may have to cease processing unless they can demonstrate that the controller has compelling legitimate grounds for processing which override the interests, rights, and freedoms of the individual.Direct marketing
As a data subject, you always have the right to resign from direct marketing. Direct marketing refers to all types of outreach marketing measures (e.g. through e-mail or post).Marketing measures where an individual has actively chosen to contact us to learn more about our services does not constitute direct marketing.
Ethos International will provide appropriate training for its employees. The training should provide the necessary knowledge of the GDPR and this Policy. The training should be provided to all new employees and then be repeated annually.
If you have questions about how we process personal data, please contact us at email@example.com
You have the right to know if Ethos International processes your personal data, the types of personal data that are processed as well as receive a copy on request. You also have the right, in some cases, to get incorrect personal data about you corrected and deleted. You also have the right to object to personal data about you being processed and requesting that the processing be limited. Please note that limiting or deleting your personal information may mean that we cannot keep in touch with you. In certain circumstances, you also have the right to obtain personal information about you that you have provided us, in a machine-readable format and to have information transferred to another data controller.
The Swedish Data Protection Authority is the authority that is responsible for the implementation and compliance of the data protection regulation in Sweden. Anyone who feels that their personal data is being processed in an incorrect manner can always submit a complaint to the Data Protection Authority.
Ethos International offers both free and fee-based courses and seminars within sustainable business. To market our business, Ethos International collects personal data for people who may be interested in receiving information about the services we offer. These are sometimes collected from a third party.