Scope and purpose
This policy is applicable to the processing of personal data at all companies included in the Cambio Group (“Cambio Group”, “our”, “us” or “we”). The purpose of this policy is to provide our current, former and potential customers or visitors to our Cambio internet sites (“jointly referred to as “customers”, “potential customers”, “job candidates” or “you”), with a general understanding of:
- The circumstances under which we collect and process your personal data
- The types of personal data we collect
- The reasons for collecting your personal data
- How we handle your personal data
- Distribution of responsibility for the processing of personal data between various legal entities at Cambio Group, and
- Contact details for us so you can receive information about and claim your rights in relation to our processing of your personal data.
This policy is updated continuously to reflect the measures taken by Cambio Group in relation to your personal data.
Principles of data processing
The processing of your personal data forms an important part of our provision of products and services to you. We appreciate the trust you place in us when providing us with your personal data, and consider your privacy an essential part of the services we offer. In order to safeguard your personal data while increasing the value and offering enhanced and safer experiences, we adhere to the following general principles.
- Informing you of the purposes for which personal data is collected, used, retained and disclosed.
- Respecting the freedom of choice and consent with respect to the collection, use, retention and disclosure of personal data.
- Only collecting personal data for the purposes identified to you.
- Review the personal data collected in order to facilitate access and ensure it is correct and accurate.
- Disclosure to third parties of personal data for purposes identified and for which you have provided consent.
- Transferring personal data to other countries in a legal, secure and auditable manner.
- Security for privacy of personal data to help protect against unauthorized access and use.
- Accountability and privacy by design to ensure compliance with the privacy framework.
What information we collect
The personal data we collect about you is limited to information that is usually written on business cards, e.g. name, title, company, address, email and phone number. In some cases, we may also ask you for additional information related to your work, such as industry and company size. When you apply for a job with us, we retain cover letters as well as your CV and other information that you send to us.
Our website also collects and stores certain information automatically, using cookies and similar techniques, e.g. IP addresses, region, browser type and usage information.
How we collect your personal data
When you visit our website
You can visit our website without providing any personal information. CAMBIO uses Google Analytics and cookies to improve our service and usability and to analyze how the website is used. Apart from the IP address, the information gathered by Google Analytics collects is anonymous traffic data such as browser information, device and language. The collected information is primarily used to create an overview of how the website is used.
The data we collect is used as follows:
- To customize the user experience
- To improve our website
- To improve our customer service
- To perform transactions
- To send out regular email messages
- To deliver downloadable content
- To record registrations for courses and events
The information we collect will not be sold, transferred or disclosed to any other company without your consent – except where this is required to provide the products or services you request.
You can retract your consent at any time, and also delete stored cookies. To do this, you can search for instructions on how to delete these from each browser.
When you fill out an online form
If you choose to contact us using a form (for example, to download a whitepaper, register for an event or webinar) during your visit to our website, your personal information will be stored in SharpSpring, our marketing automation and CRM system. The information you provide in a form is processed and stored so that we can contact you, answer your request and provide you with relevant information. Once you have chosen to fill out a form, we can follow your visitor behavior on the website. We do this to optimize your experience.
If you register for an event
Registration for our events takes place via our website and our CRM system, SharpSpring. Your data is processed in, and synchronised between, these systems.
If you apply for a job with us
If you apply for a vacancy at CAMBIO, we store and process the information for recruitment purposes. Your personal data is stored in our recruitment system, TeamTailor. If you consent to future recruitment opportunities, we may also store the information for a period (1 year) in order to possibly contact you for another job. You must then again consent to us storing your information for another period. Notification of this will be sent by email.
Challenges and Competitions
When registering for a challenge or a competition hosted by Cambio, we will collect necessary information to process your registration, such as name and email address. In case other details are requested, they are also considered necessary to process your registration.
For what purpose do we collect your personal data?
Personal data needs to be collected with the purpose of being able to identify and contact you in order to process your participation in a Cambio hosted competition. Other details that may be requested, such as geographical location or motivation to why you are participating shall be stored with the purpose of improving our efforts in having a better and more attractive competition in the future (in case the competition itself or a similar competition is a recurring event).
For how long do we store your personal data?
We will store your personal data for no more than five years counting from the date of registration.
Will we share your personal data?
Depending on the structure of the competition, your personal data will be shared in the case your submission requires assessment by an external jury of experts (i.e. experts in the relevant field).
When you use Service at our Customer Extranet
When you use our customer portal
To be able to use the customer portal we need to create an account with a user ID. For that we need your name, email address. This information will be will be stored in our Active Directory.
When you use Cambio’s issue tracking system
The issue tracking system is used as service management tracking system where the customers can file support issues. The system is used for incident management, problem management, defect management, service request management, and improvement suggestions. We need the reporters contact data to be able to communicate questions, comments and resolutions. The name, email address and user ID will be stored in our Active Directory in order to give you login credentials.
Why do we need your information?
We use the personal data we collect to communicate with you, to respond to your inquiries and to improve our services, but also to provide other information and offers that may be of interest to you.
We want to always provide you with relevant and valuable information
The personal data and cookie information you provide helps us personalize your experience, and also to deliver the correct content and offers to you. It also affords us the opportunity to be at the forefront of developments and to continuously create value for you as a visitor.
The legal basis for processing of your personal data
We apply established practice in accordance with applicable law and regulations on the protection of personal data, including the EU’s General Data Protection Regulation (GDPR).
Our processing of your personal data has its legal basis in legitimate interest and, in some cases, the consent of persons visiting our site. If consent is required, we will request it from you. In other cases, the legal basis for processing your personal data may be the fulfilment of an agreement with you, for instance if you are a customer of ours.
How we protect your personal information
Cambio is careful about the security of personal information. When we collect information about you, we also ensure that the information is protected against unauthorized access, loss, manipulation, forgery, destruction or unauthorized disclosure. This is achieved through secure technical measures.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. The general rule is your information will be stored for up to 24 months, counting from the date it was entered or updated.
In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you.
- Opt out from marketing e-mail via the unsubscribe function.
- Opt out from access to Customer portal and Service Delivery Issue system via the Customer portal.
- Withdraw an application via the Recruitment portal at any time. This will remove the application with the personal data we hold about you.
Sharing of information and data security
Cambio Group may also transfer the personal data collected to any relevant unit within Cambio Group and to our contracted service providers around the world. Since Cambio Group is present in several countries, personal data will be transferred across international borders to Cambio entities in other countries. You find the list of Cambio entities below. If a country does not meet the EU commission’s decision of an adequate level of protection the personal data is transferred under data transfer agreements, to privacy shield certified companies or based on individual consent, in order to secure an adequate data protection level in accordance with GDPR and other relevant privacy laws.
Third parties will only process your personal data on our instructions and where they have agreed to treat the information confidentially and to keep it secure. We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Cambio Group entities
• Sanolium Group Holding AB
• Sanolium Holding AB
• Sanolium AB
• Cambio Holding AB
• Cambio Healthcare Systems AB
• Cambio CDS AB
• Cambio Welfare Systems AB
• Cambio Healthcare Systems A/S
• Cambio Healthcare Systems Ltd
• Cambio Software Engineering Pvt Ltd
Cloud Based tools
We use the following US based tools.
- SharpSpring (CRM-system)
- TeamTailor (Recruitment tool)
You have certain rights under the GDPR. These are, however, not unconditional and must be determined on a case-by-case basis. Your rights under the GDPR include the following:
- Right to access – According to article 15 of the GDPR, you are entitled to access the personal data and receive certain information about the processing. That information is provided in this document.
- Right to rectification – According to article 16 of the GDPR, you are entitled to obtain rectification of inaccurate personal data concerning you and to have incomplete personal data completed.
- Right to erasure – Under certain circumstances, you are according to article 17 of the GDPR entitled to have the personal data erased. This is the so-called “right to be forgotten”.
- Right to restriction of processing – Under certain circumstances, you are according to article 18 of the GDPR entitled to restrict the processing of the personal data.
- Right to data portability – You are according to article 20 of the GDPR entitled to receive the personal data (or have the personal data directly transmitted to another data controller) in a structured, commonly used and machine-readable format.
- Right to object – According to article 21 of the GDPR, you are entitled to object to certain processing activities.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
You can send requests, concerns or questions to DPO@cambio.se. If you find that our processing of your personal data is not compliant with applicable legislation, you have the right to lodge a complaint with your supervisory authority.
Changes to this policy