Privacy Notice
1. Introduction
Casa Fonseca AB ("we", "our", "us") is committed to protecting and
respecting your privacy. This Privacy Notice explains how we collect, use,
disclose, and safeguard your personal data in accordance with the General
Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable Swedish
data protection laws.
2. Data Controller
Casa Fonseca AB, registered in Sweden with company number 559308-0533,
is the data controller responsible for your personal data. Our registered
address is Valnötsgatan 4B, 426 74 Västra Frölunda, Sweden.
3. Personal Data We Collect
We may collect and process the following categories of personal data:
- Identity Data: Name, job title, and company affiliation.
- Contact Data: Email address, telephone number, and postal address.
- Technical Data: IP address, browser type and version, time zone
setting, browser plug-in types and versions, operating system and
platform, and other technology on the devices you use to access our
website.
- Usage Data: Information about how you use our website, products,
and services.
- Marketing and Communications Data: Your preferences in receiving
marketing from us and your communication preferences.
4. How We Collect Personal Data
We use different methods to collect data from and about you, including:
- Direct Interactions: You may provide us with your Identity and Contact
Data by filling in forms or corresponding with us by post, phone, email,
or otherwise.
- Automated Technologies or Interactions: As you interact with our
website, we may automatically collect Technical Data about your
equipment, browsing actions, and patterns.
- Third Parties or Publicly Available Sources: We may receive personal
data about you from various third parties and public sources.
5. Purpose and Legal Basis for Processing Personal Data
We will only use your personal data when the law allows us to. Most
commonly, we will use your personal data in the following circumstances:
- Performance of a Contract: Where we need to perform the contract
we are about to enter into or have entered into with you.
- Legitimate Interests: Where it is necessary for our legitimate interests
(or those of a third party) and your interests and fundamental rights do
not override those interests.
- Legal Obligation: Where we need to comply with a legal obligation.
- Consent: Where you have given consent to the processing of your
personal data for one or more specific purposes.
6. Data Sharing
We may share your personal data with:
- Internal Third Parties: Other companies within our group acting as
joint controllers or processors and who are based within the European
Economic Area (EEA).
- External Third Parties: Service providers acting as processors who
provide IT and system administration services, professional advisers
including lawyers, bankers, auditors, and insurers who provide
consultancy, banking, legal, insurance, and accounting services, and
regulators and other authorities who require reporting of processing
activities in certain circumstances.
We require all third parties to respect the security of your personal data and
to treat it in accordance with the law. We do not allow our third-party
service providers to use your personal data for their own purposes and only
permit them to process your personal data for specified purposes and in
accordance with our instructions.
7. International Transfers
We do not transfer your personal data outside the European Economic Area
(EEA). If we do, you can expect a similar degree of protection in respect of
your personal data.
8. Data Security
We have put in place appropriate security measures to prevent your personal
data from being accidentally lost, used, or accessed in an unauthorized way,
altered, or disclosed. In addition, we limit access to your personal data to
those employees, agents, contractors, and other third parties who have a
business need to know. They will only process your personal data on our
instructions, and they are subject to a duty of confidentiality.
9. Data Retention
We will only retain your personal data for as long as necessary to fulfill the
purposes we collected it for, including for the purposes of satisfying any
legal, accounting, or reporting requirements
10. Your Legal Rights
Under certain circumstances, you have rights under data protection laws in
relation to your personal data, including:
- Direct Interactions: You may provide us with your Identity and Contact
Data by filling in forms or corresponding with us by post, phone, email,
or otherwise.
- Automated Technologies or Interactions: As you interact with our
website, we may automatically collect Technical Data about your
equipment, browsing actions, and patterns.
- Third Parties or Publicly Available Sources: We may receive personal
data about you from various third parties and public sources.
- Request Access: To your personal data (commonly known as a "data
subject access request").
- Request Erasure: Of your personal data.
- Object to Processing: Of your personal data where we are relying on a
legitimate interest.
- Request Restriction: Of processing of your personal data.
- Request the Transfer: Of your personal data to you or to a third party.
- Right to Withdraw Consent At any time where we are relying on
consent to process your personal data.
If you wish to exercise any of the rights set out above, please contact us at .
11. Changes to This Privacy Notice
We may update this Privacy Notice from time to time. We will notify you of
any significant changes where required by law.