Integritetspolicy

Privacy Policy NEXT

Next Group (”NEXT” or ”we” in any form) is committed to protect the personal data and safeguard the privacy of our website visitors and contact persons representing our customers, suppliers and other business partners or potential business partners. For more information about us, see Section 6.

This Privacy Policy describes how NEXT, in its capacity as a data controller, processes personal data in accordance with the General Data Protection Regulation (EU Regulation 2016/679) (hereinafter referred to as the ”GDPR”).

Soon we will tell you why we process your personal data, what kind of data it is and if we share the data with anyone. You can also read more about your rights and where to turn if you have questions or if you want to use your rights.

Section 1 is processing of personal data connected to our business partners whereas section 2 is relating to prospects, potential business partners.

Sections 3-8 are common for both business- and non-business partners and covers sharing of personal data, where the data is stored, the rights of the data subjects, data security, our contact details and finally changes to this privacy policy.

1. For our business partners

Enter into contract or fulfil contractual agreements

If you represent an organization that we do business with, we process personal data in order to facilitate our business relationship with the organization which you represent, including communicating with you as a representative about products and services.  We process personal data for this purpose as we have a legitimate interest to conduct business including to fulfil our contracts towards our customers and suppliers. The legal basis for this purpose is the performance of a contract.

We will process your personal data for example your first and last name, contact details, position, onboarding information for the customer’s appointed users, IT management details such as details of equipment data to be used with the services comprising of username, technical events related to the services provided, technical identifiers, system and application logs, meta data, email correspondence and communication data.

The data is provided by you or your company.

We will retain the personal data for as long as we have a business relationship and up to three (3) years to facilitate and improve your experience, should the organization that you represent wish to return as a customer within the aforementioned time period.

Please note that some data is stored for a longer time due to legal obligations (the purpose of fulfilling legal obligations).

Customer support

In order to provide customer support, we process personal data such as name, company/organization affiliation, e-mail, information about the case, time, phone number, job role, picture, and support data. The correspondence data may be processed for the purposes of communicating with you and for record-keeping.

Our legal basis for processing personal data is our legitimate interests to develop and conduct our business and communication with the person that has reached out to our customer support as well as maintain documentation of handled support matters.

The data is provided by you or your company.

We will retain your personal data during the period of contract and a short period thereafter.

Marketing

Like other companies, we have an interest in marketing ourselves and our products to companies who are, or want to become, customers with us. If you represent an organization that we do, or consider doing, business with, we process personal data to communicate with your company. The personal data used in the preparations for, and in the marketing itself, is ordinary data which is not sensitive and generally collected directly from you or your company.

We will communicate with you in different medias, for example via emails, text-messages (SMS), in social media like for example LinkedIn.

Our legal basis for doing so is our legitimate interests to market and inform about our products and services to conduct our business.

We would also like to inform you that we process personal data of our website visitors for analytics purposes to better understand how you are using our website. We will do this by inter alia collect user generated data and associated metadata and site activity information (using cookies – see section 9), which includes information about the websites or products that you have visited, which websites or key words that referred you to the website and information on how you interact with the website.

For the purpose of marketing, we will collect and process voluntarily provided details for example preferences, device data, IP address and surfing data. This data is used primarily to communication of greater interest to you. It’s not used for automatic decision making and you may reject to the profiling at any time by simply contacting us.

We will process the personal data for the aforementioned purposes until the receiver decides to unsubscribe or otherwise up to one (1) year after the latest activity.

Fulfilment of legal obligations

We will process personal data for the purposes of fulfilling legal obligations within the area of e.g. book-keeping, accounting and requirements under applicable data protection laws, where the latter may include the processing of personal data to ensure the identity of the data subject associated with a request.

Our legal bases for processing personal data are our legal obligations to handle the above-mentioned requirements and our legitimate interests to maintain documentation of handled requests.

We will retain your personal data for the time stipulated by law but we will not use the data for any other purpose.

Establishing, exercising and defending legal claims

For the purposes of establishing, exercising and defending legal claims, e.g. in connection with a dispute or legal process, we may process your personal data as necessary. For this purpose, the data may be stored for a period of up to 10 years but no longer than necessary.

Our legal basis for processing personal data is our legitimate interests to establish, exercise or defend the legal claim.

2. For our potential business partners and prospects

Marketing

Like other companies, we have an interest in marketing ourselves and our products to companies who are or want to become customers with us. If you represent an organization that we consider doing business with, we process personal data to communicate with your company. The personal data used in the preparations for, and in the marketing itself, is ordinary data which is not sensitive and generally collected directly from you or your company. We may also collect personal data from public sources such as The Swedish Tax Agency and from data providers.

We will communicate with you in different medias, for example via emails, text-messages (SMS), in social media like for example LinkedIn

Our legal basis for doing so is our legitimate interests to market and inform about our products and services to conduct our business.

We would also like to inform you that we process personal data of our website visitors for analytics purposes to better understand how you are using our website. We will do this by inter alia collect user generated data and associated metadata and site activity information (using cookies – see section 9), which includes information about the websites or products that you have visited, which websites or key words that referred you to the website and information on how you interact with the website.

For the purpose of marketing, we will collect and process voluntarily provided details for example preferences, device data, IP address and surfing data. This data is used primarily to communication of greater interest to you. It’s not used for automatic decision making and you may reject to the profiling at any time by simply contacting us.

We will retain the data for as long as it may be relevant and up to two (2) years following our latest contact.

Where the contacts have led to a business relationship, the personal data will be processed as described in the section “Business partners”.

Establishing, exercising and defending legal claims

For the purposes of establishing, exercising and defending legal claims, e.g. in connection with a dispute or legal process, we may process your personal data as necessary. For this purpose, the data may be stored for a period of up to 10 years but no longer than necessary.

Our legal basis for processing personal data is our legitimate interests to establish, exercise or defend the legal claim.

3. Who do we share your personal data with?

Data processors acting on behalf of NEXT

NEXT may engage external service providers, who act as data processors of NEXT, to provide certain services to NEXT, such as website service providers, marketing service providers or IT support service providers. When providing such services, the external service providers may have access to and/or may process your personal data. We request those external service providers to implement and apply security safeguards to ensure the privacy and security of your personal data.

4. Where do we store your personal data

We aim to store your personal data within the EU/EES-area.

Personal Data may however be transferred to and processed by recipients which are located inside or outside the European Economic Area (”EEA”). The countries include those listed at the European Commission website which provide an adequate level of data protection from a European data protection law perspective. Other recipients might be located in other countries which do not adduce an adequate level of protection from a European data protection law perspective. NEXT will take all necessary measures to ensure that transfers out of the EEA are adequately protected as required by applicable data protection law. With respect to transfers to countries not providing an adequate level of data protection, we base the transfer on appropriate safeguards, such as standard contractual clauses adopted by the European Commission or by a supervisory authority, approved code of conducts together with binding and enforceable commitments of the recipient, or approved certification mechanisms together with binding and enforceable commitments of the recipient. You can ask for a copy of such appropriate safeguards by contacting us as set out below in Section 7.

5. Data subject rights

You have a number of rights in connection with the processing of your personal data, subject to certain conditions set out in the GDPR and local data protection laws, including the rights to:

1. Request access to your personal data (”data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
2. Request the rectification of the personal data that we process about you. This enables you to have incomplete or inaccurate data we hold about you corrected.
3. Request the deletion of your personal data. This enables you to ask us to delete or remove personal data where there is no overriding reason for us to retain it.
4. Ask us to stop processing personal data where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground.
5. Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
6. Request the transfer of your personal data to another party.

If you have given your consent for processing of your personal data and that consent has served as a legal basis for processing, you can withdraw this consent at any time with future effect by contacting us as stated in section 6.

To exercise your rights please contact us as stated below in Section 6.

In case of complaints, you may contact us as set out in Section 6 and you also have the right to lodge a complaint with the competent data protection supervisory authority in particular in the EU Member State of your habitual residence, place of work or of an alleged breach of the GDPR. In Sweden, this is Integritetsskyddsmyndigheten (www.imy.se).

6. Data security

Through the use of technical and organisational measures, NEXT ensures that the appropriate security measures are continuously taken to protect personal data. We adhere to generally accepted standards and frameworks for the protection of personal data. This means that personal data is, for example, protected against unauthorised access, alteration or destruction.

• Physical access to data and systems: NEXT engages subcontractors for its server environment and the Supplier guarantees that it takes the necessary measures to ensure that unauthorised persons cannot access premises and systems where personal data is processed.
• System security NEXT performs all necessary updates to underlying systems continuously and as required and uses applications that process personal data in accordance with supplier recommendations and the following generally accepted practices for this type of system.
• Application security System users have access to personal data only through individual logins using encrypted communication.
• Data availability
  • Access to personal data is assigned to authorised personnel to the extent that measures are necessary to maintain the purchased service and to perform measures ordered by the data controller.
  • Authorised personnel connect to the system through methods that ensure an adequate level of data security and traceability.
  • Authorised personnel are continuously reviewed.
  • Use of subcontractors:
  • Subcontractors are used only after checking suitability with regard to security awareness.
  • Subcontractors are engaged only under contracts that ensure an adequate level of data protection.

7. Contact information

If you have concerns or questions regarding this Privacy Policy, please contact us by email on ncs@next-tech.com.

8. Changes to the Privacy Policy

NEXT reserves the right to change this Privacy Policy at any time. We will give you reasonable notice of any changes to the Privacy Policy, where appropriate. If so, we will notify you by a message or by email. You will also find the date of the latest change to the Privacy Policy on this website.

9. Cookies

Only the cookies required for the purpose of managing user logins are stored in the System. The cookie is stored in the form of session data that contains a randomly generated key. On the NEXT website, cookies are used to provide anonymised tracking data to third-party applications such as Google Analytics. Cookies will, generally, make your browsing experience better. However, you may prefer to disable cookies on this website and on other websites. The most effective way to do this is to disable cookies in your web browser. We recommend consulting the help section in your web browser or looking at the website https://www.aboutcookies.org/, which provides guidance for all modern web browsers. Each user can choose to delete cookies from their computer at any time.

Whistleblowing

We encourage our employees and other stakeholders affected by our operations to report any misconduct, violations, or irregularities that come to their attention. This is based on existing legislation, including the EU Whistleblower Directive and Swedish legislation, ensuring protection for the whistleblower. You will find our reporting channel here.