Tried and true

Privacy policy

This Privacy Policy (“Policy”) explains how XPOS AB, the data controller, (org no. 556851-7733, address: c/o Teknikföretagens Branschgrupper AB, Storgatan 5, Box 5510, 114 85 Stockholm, “we”, “us”, or “our”) uses personal data it receives from you through the XPOS system.

Personal data collection and use
We collect the following personal data from you as XPOS user: XPOS user IP address, name and email.

The personal data are acquired in the following ways: (A) an XPOS user registers personal data in the XPOS system directly, (B) all XPOS users create their own account and user profile, (C) personal data is logged in each claim, there is an activity log that shows all actions performed by each user who logged in to the XPOS system.

The personal data are processed for the purpose of processing a request for a technical return to provide a credit note to a dealer or an exchange and to maintain and operate the XPOS system facilitating the requests.
If you do not provide the personal data relating to you, you will not be able to use XPOS system.

Lawful basis for the processing of personal data
We process personal data as described in this Policy based on our legitimate interest to process requests for technical returns and to facilitate the quick and smooth handling of the requests in the automated system of XPOS to enable a high-quality customer service.

Third party access to personal data
We may provide access to personal data to third parties for specific purposes as described below.
Service Providers. We will disclose your information to carefully selected companies that provide services for us or on our behalf necessary for the handling of return cases, such as logistics partners, our call centre service providers, IT service providers assisting us in maintaining our local customer service systems and integrations. We may use further trusted service providers (such as payment providers, insurance companies, external advisors, etc.) for specific cases relating to e.g. product liability or escalated customer complaints.
These entities are limited by contractual provisions in their ability to use your personal data for purposes other than providing services for us or on our behalf.
We may also share personal data with a third party to allow a merger, acquisition, or sale of all or a portion of our assets, provided that the use of the personal data by that third party remains consistent with this Policy.
We may pass personal data to government authorities as required by applicable law. We may access, preserve and share personal data in response to a legal request (e.g. a search warrant, court order, a subpoena, etc.), or when necessary to detect, prevent and address fraud and other illegal activity, to protect ourselves, you and other users, including as part of investigations.
We use Sentry to process errors in the underlying logical structure and also for front-end error monitoring. Sentry is a third party with strong data security and retention rules.

Data subject’s rights
You have the right to access your personal data, or request that we rectify, erase or restrict the processing of your personal data.
You have the right, on grounds relating to your particular situation, to object to our processing of your personal data based on our legitimate interests at any time, unless we demonstrate compelling legitimate grounds for the processing which override the data subject’s interests, rights and freedoms or the processing is for the establishment, exercise or defence of legal claims.
If you would like to make a request to access your information, contact us. Such a request should contain at least one of the following: the XPOS reference number, serial number, RMA number, RDO number, SO number, or credit number.

Personal data retention
We will store personal data of you for no longer than the period that you work with the XPOS system, unless when we need to keep such personal data for a longer period to comply with applicable law or resolve disputes.

Cookies and similar technologies
We use first-party temporary cookies to store user session information. We use Google Analytics cookies to measure traffic.

Children’s personal data
We do not knowingly solicit or collect personal data from children under 16 years of age.

Changes to this Policy
From time to time we may update this Policy. If we do, we will notify you with a pop-up notification on the XPOS system webpage http://www.xpos.eu.

Contact us
If you have any specific questions, please contact us at matts.spangberg@branschkansliet.se. If you would like to exercise your right to access, rectification, deletion/erasure, objection, restriction of processing, please get in touch with us.

You may lodge a complaint with the relevant supervisory authority if you consider that our processing of your personal data infringes applicable law. Contact details for all EU Supervisory Authorities can be found here (http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080)