(Last updated on 2022-02-09)
1.1 We at Plusius.io and Plusius AB (“we”, “Plusius”, “us”, “our”) want you to feel safe when you provide your personal data to us.
2.1 Plusius AB, with organizational number 559001-9906 and postal address Klostergatan 5B, 703 61, Örebro, is the Data Controller for the processing of your personal data when Plusius provides and markets products and services as well as in other contacts with Plusius, such as visits to our web service or service matters via e-mail and telephone. As a Data Controller, it is Plusius responsibility to ensure that your data is handled correctly and securely in accordance with applicable legislation.
2.2 Plusius has a common IT infrastructure with certain companies within the Group to which the company Plusius AB belongs. The business transactions with our customers as well as associated personal data and database covered by this infrastructure are handled and owned centrally by Plusius. Plusius thus has the control over your personal data and has ensured control and safe handling of your personal data through agreements with other Group companies.
3.1 Plusius collects and processes the following categories of personal data about you as a customer or potential customer in connection with you applying to use and using our services and that we market and market our product and services.
3.2 User generated data about your interaction with Plusius marketing communications and websites, such as IP address, device information (technical information about computer, mobile phone and other devices you use, e.g., browser settings, time zone, operating system), location information, answers to surveys and click and visitor history that, among other things, shows which of our offers you have been interested in, how you interact with our newsletters and which of our events you have signed up for and participated in, and results from customer satisfaction or marker research.
4.1 Plusius collects your personal data directly from you when you carry out a transaction, visit our website, participate in our events, click on links in digital marketing communications that we have sent to you, are in contact with our customer service or when you otherwise have contact with Plusius and provide information about you. Information about you is collected on these occasions for you to enter into an agreement with Plusius and for Plusius to provide its products and services to you.
4.2 If you are a holder of a Plusius customer account, Plusius also collects personal data about you when registering the account and while you are an account holder, such as the history of your transaction, your behavior on the Plusius website, your customer settings for receiving marketing communications and what offers you have been interested in by visiting our website and reading or clicking on links in out digital mailings.
4.3 In addition to the data that Plusius collects from you, we may also collect personal data from someone else, i.e., from third parties. Swish, BankID, Svea Ekonomi, Handelsbanken etc. to check that we have correct contact information for you. We collect creditworthiness data from credit rating agencies, or banks, such as credit agencies like Svea Ekonomi and UC.
5.1 Plusius collects and handles data about you for various purposes. These purposes set the external framework for what we may use your personal data for. Below we explain the purpose of our treatment and give examples of what treatment activities take place during each purpose. Please note that some of your personal data may be processed for several purposes.
a. Manage transactions and purchases
The processing of personal data for this purpose includes activities to identify you and check your age, send transaction, and order confirmation, manage payment for booked services and assess what payment methods we can offer you (based on contact details, ordered services and goods, payment history and financial information), deliver order, notify about delivery, and handle claims and warranty matters regarding transactions and services.
The collection of data that we make to manage your transactions and purchases is required for us to fulfil our obligations under Plusius Terms & Conditions. If the information is not provided by you, our obligations cannot be fulfilled, and we may deny you the transaction or purchase.
b. Providing and managing Plusius account
We process personal data for this purpose to, for example, give you permission to log in to the account, secure your identity, create your transaction systems, maintain accurate contact information, manage your marketing communication settings and personalized offers, make it easier for you to book in our web services through pre-filled data and saved digital shopping carts, make it easier for you to handle cases and complaints, and enable you to follow your transaction and payment history.
The collection of data that we make to provide and administer your Plusius account is required for us to fulfil our obligations under the Plusius Terms & Conditions. If the data is not provided, our obligations cannot be fulfilled, and we may deny you registration of the account or close the account.
c. Provide customized information, benefits and offers and provide a personalized experience of our website to those who have a Plusius account
We at Plusius want you to have the best possible experience when you visit our website and when we communicate with you. Therefore, we process personal data for this purpose so we can improve your user experience for the purpose of creating, offering, and leaving you personalized content in communication and marketing via post, e-mail, SMS, chat, and phone with individual benefits and offers, recommendations, invitations to events, and other information that we believe is relevant you. To enable this, analyses are carried out on the data that Plusius collects such as age, place of residence, transaction and order history and user-generated data.
The collection of data that we do for this purpose is required for us to fulfil our obligations under these terms and conditions. If the data is not provided, our commitments cannot be fulfilled, and we need to limit certain benefits and other benefits associated with your account.
d. Provide information about and market product and services
We process personal data for this purpose to inform you by post, e-mail, chat, SMS, and phone about and market the products, services and offers that the Plusius Group markets to show recommendations, to recall abandoned transactions and to invite you to events, competitions and market and customer satisfaction surveys.
The collection of data that we do for this purpose is required for us to fulfil our obligations under these terms and conditions. If the data is not provided, our commitment cannot be fulfilled, and we need to limit certain benefits and other benefits associated with your account.
e. Conduct and manage participation in events, competitions, and other marketing activities
The processing of personal data for this purpose includes measures such as identifying participants, communicating with participants in a competition and selecting winners and passing on winnings, checking the age of participants, and communicating with participants before and after an event (such as confirmations of registrations, reminders, and evaluations). Please note that information that you have participated in events falls under the category of user-generated data processed for other purposes.
f. Manage issues coming in to Plusius support features
The processing of personal data for this purpose includes, but are not limited to, Plusius activities such as communicating, ensuring the customer’s identity, investigating complaints and support cases, answering questions that come into customer service and other support functions via e-mail, phone, or digital channels, correcting incorrect information, providing technical support, and nurturing the customer relationship.
g. Fulfil legal obligations required by the Plusius Group
Personal data is processed for this purpose for the Plusius Group to comply with laws, judgments, or government decisions. An example of such requirements is the obligation to store certain information under the Accounting Act. If the data collected by Plusius for this purpose is not provided, our legal obligation cannot be fulfilled, and we may deny you the order. Purchase or activity that gives rise to our legal obligations.
h. Prevent abuse and prevent and investigate crimes within the framework of our activities
The processing of personal data for this purpose is done, among other things, to prevent the misuse of Plusius accounts and to prevent and investigate suspicion of theft and fraud. We flag transaction patterns that often occur in connection with fraud and then a manual review is carried out to investigate the risk that it may be a fraud attempt. Suspect crimes and attempted crimes may be reported to the police.
i. Evaluate, develop, and improve the Plusius Group’s services, products, and systems for our customers in general
The processing of personal data for this purpose includes, but are not limited to, activities to, among other things, make our web service and other services more user-friendly, develop or highlight digital functions, improve our customer offering (e.g., development of services and products), develop and improve the company’s service offerings, and improve our IT-system to increase security, produce statistics for market and customer analyses and business follow-up, business and method development related orders and transactions, automatically archive behaviors that may later need to be reviewed for security reasons and give customers the opportunity to influence the functions provided by Plusius. To fulfil this purpose, Plusius performs general analyses in aggregated form, i.e., not at the individual level, regarding, among other things, click and visit behaviors, unit information, transaction history, payment history, geographic locations, and individual customer’s feedback.
6.1 For Plusius to have the right to collect and process your personal data, there must be a legal basis for every purpose for which the data is processed. The legal grounds on which we base our processing are described in this section. Please note that several legal grounds may apply to the same processing.
a. Legal obligation
This basis means that our processing is necessary to fulfil a legal obligation required by Plusius, for example, to document payment details to comply with the requirements of the Accounting Act.
b. Contractual obligations
This basis means that the processing is necessary to fulfil an agreement with you as a customer or to be able to enter into an agreement at a later stage. For those of you who are the holders of a Plusius account, by accepting the Terms of Plusius account, you have entered into an agreement with Plusius that sets the framework for which processing of your personal data may take place to provide, manage and administer our services associated with the account, such as analysis of your personal characteristics to provide you with personalized benefits, and offers. When ordering or purchasing, we process your data to fulfil obligations under Plusius’ general terms and conditions. Then, for example, it may be necessary for Plusius to register your contact information so that we can fulfil our obligation to deliver the product or service that we make a credit report if you choose invoice as a payment method so that we can ensure your ability to pay.
c. Legitimate interest
This basis means that our treatment is based on so-called balancing of interests. This means that the processing takes place because Plusius believes that we have legitimate interests in processing your personal data that outweigh your interest in not having the personal data processed. On this basis, we process, among other things, your personal data to prevent the misuse of Plusius’ account and prevent and investigate crimes within the framework of our business. If we believe that a crime or attempted crime has been committed and we file a police report, Plusius will also continue to process your personal data for us to establish, defend or enforce legal claims.
7.1 Plusius will save your personal data for as long as it is necessary to fulfil the purposes for which the data is processed. The duration of retention period therefore depends on the purpose for which the data are processed. In addition, Plusius may save the data for longer if necessary to establish, defend or enforce legal claims, e.g., if there is a dispute or if a report of a crime has been submitted to the Police Authority. We regularly carry out screenings and delete personal data that is no longer necessary.
8.1 Below we have made a summary of our processing of personal data to clearly explain which categories of personal data we process for our various purposes, what legal basis for our processing and how long we store the data.
9.1 Plusius may disclose your information to other companies for you to be able to access our offers, products, and services. The recipients of your personal data can either be data processors of Plusius, i.e., companies that process your data on our behalf and according to our instructions, or independently data controllers, i.e., companies thar are independently responsible for the processing of your data as they have a direct relationship with you as a customer, such as Svea Ekonomi.
9.2 Plusius may also disclose your information to authorities to comply with law, regulations, or government decisions or for Plusius to establish, defend, or enforce legal claims.
9.3 Depending on the contracts you have had with Plusius, e.g., if you are the holder of a Plusius account or receive marketing communications, Plusius may disclose your personal data to the following recipients:
9.4 In addition, if you make a transaction or make purchases from one of Plusius Platform customers, we may disclose your personal data to the following recipients in the context of handling your transactions and purchases based on our contractual obligations to you as a legal basis:
9.5 Plusius will not sell your personal data to third parties unless we have your permission to do so.
10.1 Plusius will primarily handle your personal data within the EU/EEA. However, we may also transfer your personal data to a country outside the EU/EEA if we need to share your personal data with Plusius suppliers or partners located outside or storing personal data in a country outside the EU/EEA. If your personal data is transferred to any country outside the EU/EEA, Plusius will take the necessary steps to legally transfer the personal data by ensuring that your personal data is handled securely and with an adequate level of protection comparable to the protection offered within the EU/EEA, for example by entering into agreements with the recipient that include the European Commission’s standard contractual clauses or, if transferred to the US, by certifying the recipient to comply with the Privacy Shield principles.
11.1 Plusius is responsible for ensuring that your personal data is processed in accordance with applicable legislation. This section describes your rights related to our processing of your personal data. We will, at your request or on our own initiative, correct, de-identify, delete, or supplement data that is found to be inaccurate, incomplete, or misleading. If you have any questions about this or wish to exercise any rights, please contact us at the information listed in at the bottom of this Policy.
a. Right of access to your personal data
We at Plusius want to be open about how we process your personal data. If you want to gain insight into the processing, we do about you, you have the right to request information about the processing,
including a copy of your personal data that is under processing, a so-called register extract. This includes information on purposes, categories of personal data, categories of recipients of personal data, retention period or criteria for determining the retention period, information on where data has been collected and the existence of automated decision-making including information on the logic and importance of the processing. Please note that in the event of a request for access, we may ask for additional information about you, to ensure that we disclose the data to the right person and what
information you wish to access. The register extract is free of charge, but in case of repeated requests, Plusius has the right to charge an administrative fee of SEK 100.
b. Right to rectification of your personal data
Plusius is committed to having accurate and up-to-date personal data. If the information we have about you is incorrect, you have the right to request that it be corrected. You also have the right to supplement any incomplete personal data, e.g., if we have the correct street address but do not have a street number. At your request, we will correct as quickly as possible the incorrect or incomplete data we
process about you.
c. Right to delete your personal data
We respect that the personal data we process about you is borrowed from you. You therefore have the right to request that Plusius delete your personal data when the data has been processed unlawfully, must be deleted in order to fulfil a legal obligation to which Plusius is subject, is no longer necessary for the purposes for which the it has been processed or when you object to a balancing of interest of
legitimate interests that Plusius has made and there is no legitimate interest in Plusius or third parties that weigh more heavily (see section f for information about the right to object). However, we cannot always comply with your request as there may be reasons that entitles us to continue processing, e.g., if the personal data is processed in order to fulfil a legal obligation as a legal basis (as required by the Accounting Act) or if the data is necessary for Plusius to establish, enforce or defend legal claims.
d. Right to data portability
You have the right to receive a copy of the personal data relating to you in a structured format and in some cases have the data transferred to another data controller. However, this right only covers data that you have provided to Plusius yourself and which we have processed based on consent or contractual obligation to you as a legal basis.
e. Right to restriction of processing
You have the right to request that our processing of your personal data be restricted in certain situations, which means that the data may only be processed for certain purposes. For example, you can request limitation of incorrect information after you request a correction. While Plusius investigates the accuracy of the data, their processing will be restricted.
f. Right to object to certain types of processing
When Plusius processes your personal data based on balancing of interests as a legal basis or for direct marketing, you have the right to object to our processing. Objection to Plusius’ balancing of interests can me made when you have personal reasons regarding the situation. In the event of such objection, Plusius assess whether we have legitimate reasons for the processing that outweigh your interest in protecting your privacy. If this is the case, Plusius may continue to process your personal data even though you have objected to the processing. Objection to direct marketing and analytics performed for direct marketing purposes, you can do so without giving any reasons. In addition, you are given the opportunity to object to marketing in each individual digital mailing. If you object to direct marketing, we will cease processing your personal data for that purpose as well as all types of direct marketing measures such as sending newsletters and offers. If you only object to personalized offers, the marketing communication to you will be general, as we will find it difficult to assess which marketing is relevant to you if we are not allowed to analyze your personal characteristics.
11.2 If you think we are handling your personal data incorrectly, please feel free to contact us. Contact details can be found at the bottom of this policy. You also have the right to lodge any complaints regarding the processing of your personal data with the Swedish Data Protection Authority, which is the responsible supervisory authority for the processing of personal data in Sweden.
12.1 You should always be able to feel safe when you provide us with your personal data. Plusius has therefore taken appropriate technical and organizational security measures to protect your personal data against inappropriate or involuntary disclosures use, improper access, deletion, alteration, or damage to your personal data. For example, all customer data is stored in a database that is protected by firewall and permission control, so only employees within the Plusius Group who need access to your data to perform specific tasks have such access.
Please email us using the form to the right.
Message is sent
Failed to send message