Privacy Policy

(Last updated on 2022-02-09)

 

1. Generally

1.1 We at Plusius.io and Plusius AB (“we”, “Plusius”, “us”, “our”) want you to feel safe when you provide your personal data to us.

1.2 This Privacy Policy explains how we collect, use, disclose and store your personal data and how we otherwise ensure that your personal data is processed in accordance with applicable legislation. It is important to us that you read and understand this Privacy Policy and to feel safe with how we process your personal data.

 

2. Who is the Data Controller?

2.1 Plusius AB, with organizational number 559001-9906 and postal address Klostergatan 5B, 703 61, Örebro, is the Data Controller for the processing of your personal data when Plusius provides and markets products and services as well as in other contacts with Plusius, such as visits to our web service or service matters via e-mail and telephone. As a Data Controller, it is Plusius responsibility to ensure that your data is handled correctly and securely in accordance with applicable legislation.

2.2 Plusius has a common IT infrastructure with certain companies within the Group to which the company Plusius AB belongs. The business transactions with our customers as well as associated personal data and database covered by this infrastructure are handled and owned centrally by Plusius. Plusius thus has the control over your personal data and has ensured control and safe handling of your personal data through agreements with other Group companies.

 

3. What personal data about you do we process?

3.1 Plusius collects and processes the following categories of personal data about you as a customer or potential customer in connection with you applying to use and using our services and that we market and market our product and services.

• Contact details, such as name, title and attestation, e-mail address, delivery address, invoice address and telephone number
• Age
• Account information such as customer number, username, password and when the account was registered
• Customer settings for marketing communication and personal offers
• Identification number, i.e., personal identity number or corporate identity number
• Order information such as order number, transaction number, ordered services, order date, price discount and, transaction history
• Payment details such as payment method, card number, cardholder, transaction time, amount, IP address and payment history
• Financial information such as credit reports
• Correspondence and other information about support cases such as audio recordings of calls, notes, and e-mails when contacting customer service.

3.2 User generated data about your interaction with Plusius marketing communications and websites, such as IP address, device information (technical information about computer, mobile phone and other devices you use, e.g., browser settings, time zone, operating system), location information, answers to surveys and click and visitor history that, among other things, shows which of our offers you have been interested in, how you interact with our newsletters and which of our events you have signed up for and participated in, and results from customer satisfaction or marker research.

• If you are entitled to use different offers or discounts through membership in different associations or organizations that have negotiated agreements with Plusius for their members,
• Information provided in competition entries as well as registration and evaluation of events or other marketing measures including, but not limited to, health data such as information on allergies.

 

4. From what sources do we collect information about you as a customer?

4.1 Plusius collects your personal data directly from you when you carry out a transaction, visit our website, participate in our events, click on links in digital marketing communications that we have sent to you, are in contact with our customer service or when you otherwise have contact with Plusius and provide information about you. Information about you is collected on these occasions for you to enter into an agreement with Plusius and for Plusius to provide its products and services to you.

4.2 If you are a holder of a Plusius customer account, Plusius also collects personal data about you when registering the account and while you are an account holder, such as the history of your transaction, your behavior on the Plusius website, your customer settings for receiving marketing communications and what offers you have been interested in by visiting our website and reading or clicking on links in out digital mailings.

4.3 In addition to the data that Plusius collects from you, we may also collect personal data from someone else, i.e., from third parties. Swish, BankID, Svea Ekonomi, Handelsbanken etc. to check that we have correct contact information for you. We collect creditworthiness data from credit rating agencies, or banks, such as credit agencies like Svea Ekonomi and UC.

4.4 Plusius also collects certain personal data through cookies that log how you use our website and thus which content you prefer. You can find more information about how we use cookies in the Plusius Cookie Policy.

 

5. Why do we process personal data about you?

5.1 Plusius collects and handles data about you for various purposes. These purposes set the external framework for what we may use your personal data for. Below we explain the purpose of our treatment and give examples of what treatment activities take place during each purpose. Please note that some of your personal data may be processed for several purposes.

a. Manage transactions and purchases

The processing of personal data for this purpose includes activities to identify you and check your age, send transaction, and order confirmation, manage payment for booked services and  assess what payment methods we can offer you (based on contact details, ordered services and goods, payment history and financial information), deliver order, notify about delivery, and handle claims and warranty matters regarding transactions and services.

The collection of data that we make to manage your transactions and purchases is required for us to fulfil our obligations under Plusius Terms & Conditions. If the information is not provided by you, our obligations cannot be fulfilled, and we may deny you the transaction or purchase.

b. Providing and managing Plusius account

We process personal data for this purpose to, for example, give you permission to log in to the account, secure your identity, create your transaction systems, maintain accurate contact information, manage your marketing communication settings and personalized offers, make it easier for you to book in our web services through pre-filled data and saved digital shopping carts, make it easier for you to handle cases and complaints, and enable you to follow your transaction and payment history.

The collection of data that we make to provide and administer your Plusius account is required for us to fulfil our obligations under the Plusius Terms & Conditions. If the data is not provided, our obligations cannot be fulfilled, and we may deny you registration of the account or close the account.

c. Provide customized information, benefits and offers and provide a personalized experience of our website to those who have a Plusius account

We at Plusius want you to have the best possible experience when you visit our website and when we communicate with you. Therefore, we process personal data for this purpose so we can improve your user experience for the purpose of creating, offering, and leaving you personalized content in communication and marketing via post, e-mail, SMS, chat, and phone with individual benefits and offers, recommendations, invitations to events, and other information that we believe is relevant you. To enable this, analyses are carried out on the data that Plusius collects such as age, place of residence, transaction and order history and user-generated data.

The collection of data that we do for this purpose is required for us to fulfil our obligations under these terms and conditions. If the data is not provided, our commitments cannot be fulfilled, and we need to limit certain benefits and other benefits associated with your account.

d. Provide information about and market product and services

We process personal data for this purpose to inform you by post, e-mail, chat, SMS, and phone about and market the products, services and offers that the Plusius Group markets to show recommendations, to recall abandoned transactions and to invite you to events, competitions and market and customer satisfaction surveys.

The collection of data that we do for this purpose is required for us to fulfil our obligations under these terms and conditions. If the data is not provided, our commitment cannot be fulfilled, and we need to limit certain benefits and other benefits associated with your account.

e. Conduct and manage participation in events, competitions, and other marketing activities

The processing of personal data for this purpose includes measures such as identifying participants, communicating with participants in a competition and selecting winners and passing on winnings, checking the age of participants, and communicating with participants before and after an event (such as confirmations of registrations, reminders, and evaluations). Please note that information that you have participated in events falls under the category of user-generated data processed for other purposes.

f. Manage issues coming in to Plusius support features

The processing of personal data for this purpose includes, but are not limited to, Plusius activities such as communicating, ensuring the customer’s identity, investigating complaints and support cases, answering questions that come into customer service and other support functions via e-mail, phone, or digital channels, correcting incorrect information, providing technical support, and nurturing the customer relationship.

g. Fulfil legal obligations required by the Plusius Group

Personal data is processed for this purpose for the Plusius Group to comply with laws, judgments, or government decisions. An example of such requirements is the obligation to store certain information under the Accounting Act. If the data collected by Plusius for this purpose is not provided, our legal obligation cannot be fulfilled, and we may deny you the order. Purchase or activity that gives rise to our legal obligations.

h. Prevent abuse and prevent and investigate crimes within the framework of our activities

The processing of personal data for this purpose is done, among other things, to prevent the misuse of Plusius accounts and to prevent and investigate suspicion of theft and fraud. We flag transaction patterns that often occur in connection with fraud and then a manual review is carried out to investigate the risk that it may be a fraud attempt. Suspect crimes and attempted crimes may be reported to the police.

i. Evaluate, develop, and improve the Plusius Group’s services, products, and systems for our customers in general

The processing of personal data for this purpose includes, but are not limited to, activities to, among other things, make our web service and other services more user-friendly, develop or highlight digital functions, improve our customer offering (e.g., development of services and products), develop and improve the company’s service offerings, and improve our IT-system to increase security, produce statistics for market and customer analyses and business follow-up, business and method development related orders and transactions, automatically archive behaviors that may later need to be reviewed for security reasons and give customers the opportunity to influence the functions provided by Plusius. To fulfil this purpose, Plusius performs general analyses in aggregated form, i.e., not at the individual level, regarding, among other things, click and visit behaviors, unit information, transaction history, payment history, geographic locations, and individual customer’s feedback. 

 

6. What are the legal grounds for our processing of your personal data?

6.1 For Plusius to have the right to collect and process your personal data, there must be a legal basis for every purpose for which the data is processed. The legal grounds on which we base our processing are described in this section. Please note that several legal grounds may apply to the same processing.

a. Legal obligation

This basis means that our processing is necessary to fulfil a legal obligation required by Plusius, for example, to document payment details to comply with the requirements of the Accounting Act.

b. Contractual obligations

This basis means that the processing is necessary to fulfil an agreement with you as a customer or to be able to enter into an agreement at a later stage. For those of you who are the holders of a Plusius account, by accepting the Terms of Plusius account, you have entered into an agreement with Plusius that sets the framework for which processing of your personal data may take place to provide, manage and administer our services associated with the account, such as analysis of your personal characteristics to provide you with personalized benefits, and offers. When ordering or purchasing, we process your data to fulfil obligations under Plusius’ general terms and conditions. Then, for example, it may be necessary for Plusius to register your contact information so that we can fulfil our obligation to deliver the product or service that we make a credit report if you choose invoice as a payment method so that we can ensure your ability to pay.

c. Legitimate interest

This basis means that our treatment is based on so-called balancing of interests. This means that the processing takes place because Plusius believes that we have legitimate interests in processing your personal data that outweigh your interest in not having the personal data processed. On this basis, we process, among other things, your personal data to prevent the misuse of Plusius’ account and prevent and investigate crimes within the framework of our business. If we believe that a crime or attempted crime has been committed and we file a police report, Plusius will also continue to process your personal data for us to establish, defend or enforce legal claims.

 

7. How long do we save your personal data?

7.1 Plusius will save your personal data for as long as it is necessary to fulfil the purposes for which the data is processed. The duration of retention period therefore depends on the purpose for which the data are processed. In addition, Plusius may save the data for longer if necessary to establish, defend or enforce legal claims, e.g., if there is a dispute or if a report of a crime has been submitted to the Police Authority. We regularly carry out screenings and delete personal data that is no longer necessary.

 

8. Overview of our personal data processing

8.1 Below we have made a summary of our processing of personal data to clearly explain which categories of personal data we process for our various purposes, what legal basis for our processing and how long we store the data.

 

9. Who do we share your personal data with?

9.1 Plusius may disclose your information to other companies for you to be able to access our offers, products, and services. The recipients of your personal data can either be data processors of Plusius, i.e., companies that process your data on our behalf and according to our instructions, or independently data controllers, i.e., companies thar are independently responsible for the processing of your data as they have a direct relationship with you as a customer, such as Svea Ekonomi.

9.2 Plusius may also disclose your information to authorities to comply with law, regulations, or government decisions or for Plusius to establish, defend, or enforce legal claims.

9.3 Depending on the contracts you have had with Plusius, e.g., if you are the holder of a Plusius account or receive marketing communications, Plusius may disclose your personal data to the following recipients:

• Other companies within the Plusius Group that act as a personal data processor to Plusius for us to be able to fulfil the various purposes set out in this Policy. The legal grounds for the transfer to our Group companies are the same as for our own treatment.
• Companies that provide information from the population register or other public registers to ensure that we have the correct contact information for you so we can manage your transactions and purchases as well as your Platform account and the services associated with your account holding. The information disclosed is identification number and contact details based on our contractual obligations to you as a legal basis.
• Analytics and marketing companies that provide services such as automated marketing tools, analytics, communication, print and distribution. These recipients help Plusius to analyze your data and inform about and market the products and services that Plusius sells. The information disclosed is contact details, account information, customer settings, order details and user-generated data based on legitimate interest and our contractual obligations to you as the holder of Plusius account as legal grounds.
• Government authorities, such as the Swedish Police Authority or the Swedish Tax Agency, to which we are obliged to disclose your personal data by law or government decision or to which we disclose personal data due to suspicion of a crime or attempted crime. The categories of data disclosed are contact details, identification numbers, account information, order information, payment details, user-generated data and video recordings based on legal obligation incumbent on Plusius for us to establish, defend or enforce legal claims.

9.4 In addition, if you make a transaction or make purchases from one of Plusius Platform customers, we may disclose your personal data to the following recipients in the context of handling your transactions and purchases based on our contractual obligations to you as a legal basis:

• Suppliers, partners, and subcontractors of products and services that Plusius markets and sells. The information provided is contact details and order information.
• Logistics companies and freight forwarders to help us with goods transport so we can deliver the products and services to you. We disclose contact details and order information to these recipients.
• Insurers who provide insurance for some of our products and services. The information that is disclosed when you have chosen to take out insurance is contact details and order information.
• Partners and providers of payment solutions, such as card-redeeming companies. Banks, credit institutions and other financial actors, that ensure that you can make payments and offer you different financing solutions. The information disclosed is contact details, identification numbers and payment details.
• Financial services companies such as ledgers and debt collection businesses that ensure that Plusius is paid for delivered products and services in the context of managing your transactions and purchases. The information disclosed is contact details, identification numbers, order information and payment details.

9.5 Plusius will not sell your personal data to third parties unless we have your permission to do so.

 

10. Where do we store your personal data?

10.1 Plusius will primarily handle your personal data within the EU/EEA. However, we may also transfer your personal data to a country outside the EU/EEA if we need to share your personal data with Plusius suppliers or partners located outside or storing personal data in a country outside the EU/EEA. If your personal data is transferred to any country outside the EU/EEA, Plusius will take the necessary steps to legally transfer the personal data by ensuring that your personal data is handled securely and with an adequate level of protection comparable to the protection offered within the EU/EEA, for example by entering into agreements with the recipient that include the European Commission’s standard contractual clauses or, if transferred to the US, by certifying the recipient to comply with the Privacy Shield principles.

 

11. What rights do you have as a registered customer?

11.1 Plusius is responsible for ensuring that your personal data is processed in accordance with applicable legislation. This section describes your rights related to our processing of your personal data. We will, at your request or on our own initiative, correct, de-identify, delete, or supplement data that is found to be inaccurate, incomplete, or misleading. If you have any questions about this or wish to exercise any rights, please contact us at the information listed in at the bottom of this Policy.

a. Right of access to your personal data
We at Plusius want to be open about how we process your personal data. If you want to gain insight into the processing, we do about you, you have the right to request information about the processing,
including a copy of your personal data that is under processing, a so-called register extract. This includes information on purposes, categories of personal data, categories of recipients of personal data, retention period or criteria for determining the retention period, information on where data has been collected and the existence of automated decision-making including information on the logic and importance of the processing. Please note that in the event of a request for access, we may ask for additional information about you, to ensure that we disclose the data to the right person and what
information you wish to access. The register extract is free of charge, but in case of repeated requests, Plusius has the right to charge an administrative fee of SEK 100.

b. Right to rectification of your personal data
Plusius is committed to having accurate and up-to-date personal data. If the information we have about you is incorrect, you have the right to request that it be corrected. You also have the right to supplement any incomplete personal data, e.g., if we have the correct street address but do not have a street number. At your request, we will correct as quickly as possible the incorrect or incomplete data we
process about you.

c. Right to delete your personal data
We respect that the personal data we process about you is borrowed from you. You therefore have the right to request that Plusius delete your personal data when the data has been processed unlawfully, must be deleted in order to fulfil a legal obligation to which Plusius is subject, is no longer necessary for the purposes for which the it has been processed or when you object to a balancing of interest of
legitimate interests that Plusius has made and there is no legitimate interest in Plusius or third parties that weigh more heavily (see section f for information about the right to object). However, we cannot always comply with your request as there may be reasons that entitles us to continue processing, e.g., if the personal data is processed in order to fulfil a legal obligation as a legal basis (as required by the Accounting Act) or if the data is necessary for Plusius to establish, enforce or defend legal claims.

d. Right to data portability
You have the right to receive a copy of the personal data relating to you in a structured format and in some cases have the data transferred to another data controller. However, this right only covers data that you have provided to Plusius yourself and which we have processed based on consent or contractual obligation to you as a legal basis.

e. Right to restriction of processing
You have the right to request that our processing of your personal data be restricted in certain situations, which means that the data may only be processed for certain purposes. For example, you can request limitation of incorrect information after you request a correction. While Plusius investigates the accuracy of the data, their processing will be restricted.

f. Right to object to certain types of processing
When Plusius processes your personal data based on balancing of interests as a legal basis or for direct marketing, you have the right to object to our processing. Objection to Plusius’ balancing of interests can me made when you have personal reasons regarding the situation. In the event of such objection, Plusius assess whether we have legitimate reasons for the processing that outweigh your interest in protecting your privacy. If this is the case, Plusius may continue to process your personal data even though you have objected to the processing. Objection to direct marketing and analytics performed for direct marketing purposes, you can do so without giving any reasons. In addition, you are given the opportunity to object to marketing in each individual digital mailing. If you object to direct marketing, we will cease processing your personal data for that purpose as well as all types of direct marketing measures such as sending newsletters and offers. If you only object to personalized offers, the marketing communication to you will be general, as we will find it difficult to assess which marketing is relevant to you if we are not allowed to analyze your personal characteristics.

11.2 If you think we are handling your personal data incorrectly, please feel free to contact us. Contact details can be found at the bottom of this policy. You also have the right to lodge any complaints regarding the processing of your personal data with the Swedish Data Protection Authority, which is the responsible supervisory authority for the processing of personal data in Sweden.

 

12. How do we protect your personal data?

12.1 You should always be able to feel safe when you provide us with your personal data. Plusius has therefore taken appropriate technical and organizational security measures to protect your personal data against inappropriate or involuntary disclosures use, improper access, deletion, alteration, or damage to your personal data. For example, all customer data is stored in a database that is protected by firewall and permission control, so only employees within the Plusius Group who need access to your data to perform specific tasks have such access.

 

13. Application and amendment of the Privacy Policy

13.1 The latest updated version of Plusius’ Privacy Policy is always available on our website. Our Privacy Policy applies at any time in the form and to the content published on the website.

13.2 Plusius has the right to update the Privacy Policy at any time. If the Privacy Policy changes, the updated version will be published on the Plusius website. If you do not wish to accept the amended policy, you can close your Plusius account by contacting customer service, see the contact details at the bottom of this policy.

 

14. Contact details

Do not hesitate to contact us if you have questions about this Privacy Policy or if you want more information about our processing of your personal data or if any information is incorrect and you want us to correct it. Our customer service can be reached by phone. 010-3300066 or, you can e-mail to info@plusius.io stating in the subject matter of your email “Privacy Policy”.