Privacy & Security.
Cookies in our Service
Our service provided through our platform Companyexpense only applies strictly necessary cookies.
Cookies and related technologies and the processing of personal data
What are cookies?
A cookie is a small piece of data that is placed on the browser on your computer or mobile device when you visit a website and use its functions, or use an app. Cookies are commonly used by online service providers to facilitate and help the interaction with users easy and fast (by helping us to distinguish between you and other users and enabling us to retrieve things like your settings and preferences), as well as to provide reporting information and facilitate online advertising.
Cookies set by Findity on the Websites are called “first party cookies”. Cookies on the Websites set by parties other than Findity are called “third party cookies”. Third party cookies enable third party features or functionality to be provided on or through the Websites (e.g. advertising, interactive content and analytics).
We use first party and/or third party cookies on our Websites for various purposes such as:
- to facilitate the operation and functionality of our Websites;
- to improve the experience of our Websites and make navigation quicker and easier;
- to allow us to make a tailored user experience for you and for us to understand what is useful and of interest to you;
- to analyse how our Websites are used and how best we can customise and improve them;
- to identify potential customers and personalise marketing and sales interactions with them;
- to facilitate the tailoring of online advertising to your interests.
What type of cookies do we use and what are they used for?
We use the following types of cookies in our Websites:
We use essential cookies to make our Websites work. These cookies are strictly necessary to enable core functionality such as security, network management, your cookie preferences and accessibility. Without them you wouldn’t be able to use basic services. You may disable these by changing your browser settings, but this may affect how the Websites function.
Performance and functionality cookies
These cookies are used to enhance the performance and functionality of our Websites but are non-essential to their use. However, without these cookies, certain functionality may become unavailable, like requiring you to enter your login details every time you visit the Service as we would not be able to remember that you had logged in previously.
These account-based marketing cookies enable us to identify future prospects and personalise sales and marketing interactions with them.
Analytics and customisation cookies
These cookies collect information that is used to help us understand how our Websites are being used or how effective our marketing campaigns are, or to help us customise our Websites for you.
These cookies collect information over time about your online activity on the Websites and other online services to make online advertisements more relevant to you. This is known as interest-based advertising. They also perform functions like preventing the same ad from continuously reappearing and ensuring that ads are properly displayed for advertisers.
Cookies are not the only way to recognize or track visitors. We may use other, similar technologies from time to time. Their function is to provide us with statistical information about site traffic and how people navigate through our site, as well as to facilitate marketing and interest-based advertising. Web beacons are typically transparent graphic images placed on a site. Web beacons are used in combination with cookies to measure the actions of visitors on websites and so declining cookies will impair their functioning. We and our marketing and advertising partners may use web beacons to obtain information such as the URL of the page on which the beacon appears, the time the page containing the beacon was viewed, and the type of browser used to view the page.
We may also use web beacons in marketing emails sent by our system. If you receive the HTML formatted version of such emails and your email is configured to download images, a record of whether or not you open the email (and, if you open the email, how frequently you open it) will be saved with your subscriber history. Your engagement with the content of the communication (such as which links you click on) will also be recorded.
We also use caching and local storage in your browser to store personalization settings such as your language and which tabs you were last viewing inside our product. This allows us to enhance your experience and resume sessions where you left off.
We may use this information to give us an indication of the popularity of content and to help us make decisions about future content and formatting. We may also use the information to publish more content relevant to users in future issues and to unsubscribe recipients who haven’t opened our emails for a period of time.
Third party cookies
Some cookies that have been set on our Websites are not set on a first party basis by Findity. These third party service providers may set their own cookies on your web browser. Third party service providers control many of the performance and functionality, marketing and analytics cookies described above. We do not control the use of these third party cookies as cookies can only be accessed by the third party that originally set them.
For a list of third party cookies used in our Websites and why see this table.
Controlling cookies and similar technologies – EU users
You can set and change your preferences, at any time, by accessing our cookie management on our website.
Blocking and disabling cookies and similar technologies
Wherever you’re located you may also set your browser to block cookies and similar technologies, but this action may block our essential cookies and prevent our website from functioning properly, and you may not be able to fully utilise all of its features and services. You should also be aware that you may also lose some saved information (e.g. saved login details, site preferences) if you block cookies on your browser. Different browsers make different controls available to you. Disabling a cookie or category of cookie does not delete the cookie from your browser, you will need to do this yourself from within your browser, you should visit your browser’s help menu for more information.
If you need further information
What is personal data?
Personal data is information that refers to an identified or identifiable natural person. "Identifiable natural person" means a person who can be directly or indirectly identified specifically by reference to an identifier such as a name, identification number, location information, online identifiers, or other factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity.
What does processing mean?
The processing of personal data refers to a measure or combination of measures related to personal data - regardless of whether it takes place automatically or not - such as collection, registration, organization, structuring, storage, processing or modification, production, reading, use, delivery by transfer, dissemination or other provision, adjustment or merging, limitation, deletion or destruction.
Whose personal data do we process?
We process personal data that relates to applicants who apply to work with us, people who represent potential customers, contact persons for our customers and partners, and users of our products.
Personal data processing as a data controller
Findity AB, org.nr. 556838-8200, Box 108, 771 23 Ludvika, Sweden, (“Findity”), is the data controller for the personal data processed regarding job applicants and the Account Information Service users and for the processing of personal data as stated below regarding customer/partner contact persons using the Companyexpense software. The Account Information Service, Companyexpense, may hereinafter be collectively referred to as (the "Products").
When are we data controllers?
Companies in the Group are the data controller for personal data related to:
- Job applicants
- Contact persons for potential customers who want to use the Products
- Contact persons for customers/partners who use the Products
- Some users of the Products
Why do we process personal data and what kind of personal data is processed?
In order for us to be able to manage customer relationships relating to our Product, we must process the personal data of our customers' contact persons as well as the personal data of users of our Product where we are data controllers. The personal data is processed primarily to:
- Manage sales and contract processes with customers
- Upon customer request, provide quotes for Products
- Marketing the Products
- Fulfill our contractual obligations in relation to users where we are the data controller
- Provide support to users of the Products
- To improve the Products' functionality and user-friendliness
- To manage customer agreements by, for example, billing
- To be able to reach contact persons and users. Regarding the Product, our personal data processing is described in Attachment 1.
We collect personal data related to potential customers in order to carry out marketing measures. Primarily, the personal data collected comprises name, telephone number, company name, title, email address. Personal data is collected, for example, at trade fairs, from public registers and company websites, as well as from our own contact form on our website. The personal data is then used to book meetings with potential customers, send out newsletters, and send invitations to our events or webinars.
The legal basis for our processing personal data related to potential customers is our commercially legitimate interest in processing the personal data. Similarly, in our opinion, processing does not have a negative impact on the data subject's privacy, especially when considering that persons whose data we process may opt out of our marketing mailings, and that the data processed is not of a sensitive nature.
For visitors to our website, IP addresses are stored in access logs, however, this information is anonymized.
How do we collect personal data?
The personal data we process is primarily collected directly from you. However, regarding our customers, we can also collect personal data from someone else who is also employed by your employer. When it comes to job applicants, we often receive personal data during the application process, for example. from a recruiter or directly from you as a job applicant.
We may also collect personal data from public records, websites or when you register as a service user. We may also collect personal data from partners.
We may also process personal data related to images that you upload in the Products, for example, images of receipts. The amount of personal data we collect in connection with these images varies depending on the document that has been photographed.
How do we share your personal data?
We may share your personal data with third parties, for example, in the following situations:
We will share your personal data with partners and suppliers. These may be suppliers of servers, web agencies, or other partners that we work with in the delivery of our Products.
In certain situations, authorities may request that personal data be disclosed to an authority. In such a situation, we will only disclose personal data if there is a decision from the authority that requires the personal data to be disclosed.
In connection with an acquisition, merger with another company, or division of any of the companies in the Findity Group, the acquiring company and/or its hired consultants may demand access to certain personal data that we process about you. In the event of such disclosure, we will ensure that the person who receives the personal data is covered by a confidentiality agreement.
You can choose not to accept marketing from us by either:
- Following the instructions included regarding opting out of our communications;
- or Contact us using the contact forms provided on the website.
You have the right to access your personal data, which we process, to review it. You also have the right to request data portability for the processed personal data. Should any of the personal data we process about you be incorrect, you can request that we correct it.
In certain circumstances, you have the right to request that the personal data we process about you be deleted. Should you request deletion, we must delete the personal data if (i) the personal data is no longer needed for the purpose for which it was collected, (ii) you revoke any consent, (iii) the personal data is processed illegally, or (iiii) the personal data must be deleted for legal reasons.
If you have any questions or want to exercise your rights, please contact our Data Protection Officer at firstname.lastname@example.org.
If you have any objections or comments related to our personal data processing, you can also contact the Information Commissioner's Office:
Information Commissioner's Office
SK9 5AF England
or email: email@example.com
When contacting us to assert your rights, we may request ID documents or copies of ID documents in order for you to verify your identity. We process this personal data so that we can fulfill our obligations in accordance with applicable legislation. This data will be deleted as soon as we have verified your identity.
How we process and store your personal data
When we process your personal data, everyone in our business is obliged to comply with Applicable Data Protection Legislation and that which is stated in this document in order to maintain a high level of protection for your privacy.
When we process your personal data, we must:
- Prevent unauthorized access to your personal data
- Prevent the spread of your personal data; and
- Prevent other discrepancies when we process your personal data.
We ensure that your personal data is treated with confidentiality, that your privacy is not compromised by our personal data processing and we guarantee the availability of personal data in accordance with prevailing Applicable Data Protection Legislation.
To achieve the appropriate level of protection when processing your personal data, we use reasonable technical and organizational measures. The reasonableness is assessed on the basis of the category of personal data that we process in relation to the risk that may arise in the event of a breach of our systems or our operations and the costs of introducing protection measures.
- We have appointed a data protection officer
- We have established processes for how we should act in the event of a data breach
- We hold regular training sessions for our employees on issues related to personal data processing
- We have a Data Processing Agreement in place with all our suppliers and other interested parties who process personal data on our behalf.
- We have established instructions for IT management within the organization. Technical measures
- We use 256-bit encryption (128-bit for some older phones with hardware restrictions) and 2048- bit keys.
- All communication to and from users is encrypted using TLS. Data stored in server environments is encrypted with ZFS encryption.
- Checks for detecting and preventing malware are run regularly using rootkit detection and removal tools.
- IDS/IDP monitors check and delete malware continuously.
- Our Products are in operation on servers in data centers that are monitored and staffed around the clock.
- All data is stored in two different locations in Sweden.
- Data is backed up every hour.
- The data centers are climate-controlled and fire-protected.
- The data centers are equipped with secondary power supplies and diesel generators to ensure the power supply to the servers.
- Our server environment and networks are protected by firewalls.
For how long do we process your personal data?
We will process your personal data for as long as necessary for the purpose for which we have collected the personal data and as long as we have a legal basis for the processing of the personal data. This means that we may process your personal data for some time after a contractual relationship has ended. As soon as we no longer need the personal data or do not have a legal basis for processing it, we will delete it.
Personal data processing as a data processor
As part of how we provide the Products, we will, during certain transactions, process personal data related to users and customer representatives on behalf of our customers in partner and direct customer transactions as these parties have been given the right to provide the Products in their own name. In these situations, our customers and partners decide the purposes and means of personal data processing. This means that, in these situations, we only process personal data on behalf of the customer or partner and may only process such personal data in accordance with the instructions they provide us. The relationship between us and any such partner or customer is governed by a Data Processing Agreement.
When our customers or partners are responsible for personal data, it is the customer or partner who must ensure that they have a legal basis for processing the personal data and that the data subjects are informed in accordance with the requirements set out in Applicable Data Protection Legislation.
When our customers or partners use our products, we must ensure that the products meet the requirements set out in Applicable Data Protection Legislation. We will also work with our customers and partners so that they can fulfill their obligations to those whose personal data is being processed.
The use of data processors and sub-processors
In our personal data processing, we may, in certain situations, use other actors to process personal data on our behalf. When we commission these data processors or sub-processors, the personal data will, as a general rule, not be processed outside the United Kingdom or EU/EEA.
When we commission these data processors or sub-processors, we ensure that they can meet the requirements for processing personal data in accordance with Applicable Data Protection Legislation. We always enter into Data Processing Agreements with such actors to ensure that they meet these requirements. If the person we commission is an actor who may process your personal data outside the United Kingdom or EU/EEA, we make sure to take the measures required under Applicable Data Protection Legislation for a transfer to a country outside the United Kingdom or EU/EEA to be considered legal. For the full list of our sub-processors please refer to Attachment 2.
Links to other websites
In the event our website contains links to third party websites or materials published by third parties, these links are for information purposes only. As we have no control over material or personal data processing on these pages, we take no responsibility for personal data processing related to such pages.
Changes to this Policy
In the event this Policy is changed, an updated version of the document will be made available on our website. Therefore, to keep up to date with its content, we recommend that you visit our website regularly. Should we make any significant changes to this document, for example, change the purpose for personal data processing, we will also send an e-mail or post a notice using our social media.
If you have any questions regarding this Policy, your personal information, or if you suspect that we are breaching your rights, please contact us in one of the following ways:
P.O. Box 108
771 23 Ludvika