Privacy Policy

Coretura’s privacy notice for business contacts

1. Introduction

At Evo Truck SDV AB reg. no. 559479-2094 (“Coretura”, “we”, “us”, our”) one of our main priorities is your privacy. It is important to us that you feel safe when we process your personal data. Here (in this “privacy notice”) you can learn more about what personal data we collect and process about you, why we do it and what rights you have. 

“Personal data” is any information that by itself, or together with other information, identifies a specific individual. In other words, it is any piece of information than can be linked to you. “Processing” means any use the personal data, including but not limited to the collection, recording, organization, storing, adaptation, alteration, transferring, deletion or destruction of personal data.

2. Contact information

Coretura is the data controller for the processing of your personal data as specified in this privacy notice and is responsible for ensuring that the processing of personal data is carried out in accordance with applicable data protection legislation, such as the General Data Protection Regulation (“GDPR”). If you have any questions about how your personal data are processed, please contact us by using the contact details below.

Bror Nilssons gata 12,
417 55 Göteborg, Sweden

E-Mail: privacy@coretura.com

3. Individuals covered by this privacy notice and the personal data we process

3.1 Who we process personal data about

We process personal data about the following individuals:

  • Representatives of companies that are potential customers or suppliers/service providers 
  • Representatives of our customers
  • Representatives of suppliers/service providers
  • Individuals who visit our office or our website 
  • Individuals who contact us through one of our other communication channels
  • Representatives of our owners and group companies

3.2 The personal data that we process

  • Contact information: such as name, telephone number, address, e-mail address 
  • Visit information: such as date and time of visit, food preferences, registration number of vehicle
  • Company information: such as company name, your role/title in the company, place of work and country
  • Correspondence: such as the content of e-mails, letters and other correspondence
  • Security information: such as access cards/rights and the use thereof, passport number, driver ID, national registration number
  • IT-related information: such as IP-address, browser type, internet service provider (ISP), log-in details and digital footprints by browsing the website (such as weblogs, date and time stamp, referring/exit pages, number of clicks, etc.), log files, etc.

3.3 How we collect personal data 

Mainly, we collect your personal data directly from you (including from your device) when you communicate or in any other way interact with us. In some cases, we may also collect your personal data from other sources, such as available public sources/registers (for instance if you are the appointed contact person of a company we wish to get in touch with). We may also collect it from the company where you are employed. 

3.4 Do you have to provide us with your personal data?

When we process your personal data, we do so mainly to accommodate your request for a specific interaction with or service from us, and it is voluntary for you to provide your personal data. If you do not wish to provide us with your personal data, we may not be able to fulfil your request or our statutory obligations. For instance, due to security reasons, all visitors must register themselves to visit us. If you do not wish to provide your personal data in connection with a visit, we may not be able to grant you access to our facilities. If you have any doubts or concerns about providing certain personal data, please contact us for further information. Our contact information is stated in section 2 above.

4. Situations where your personal data are processed

4.1 When you represent a potential customer or supplier/service provider 

To identify, contact or respond to inquiries from potential customers or service providers/suppliers, we will process Contact information, Company information and Correspondence about representatives/contact persons of the company in question. We do this based on our legitimate interest in taking steps prior to entering into a contract with a potential customer or service providers/suppliers (GDPR, article 6.1(f)). Contact us if you want to learn more about how we have balanced your interests against ours. We will keep your personal data for as long as we have an ongoing mutual dialogue and three months thereafter, unless we enter into a contract with the company you represent before then.

Please note that we may perform customer and supplier screening before entering into a legal relationship to detect, report, handle and prevent fraud and crime. For this purpose, we process your Contact information, Company information, Correspondence and Security information. The legal basis for our processing is our legitimate interest in protecting our company (GDPR, article 6.1(f)). Contact us if you want to learn more about how we have balanced your interests against ours. We will keep your personal data during the term of the agreement with the company you represent and for twelve months thereafter.

4.2 When you represent one of our customers

4.2.1 Entering and managing the agreement

To enter into an agreement with a customer, to manage the relationship and fulfil terms and conditions of the agreement, as well as to establish, issue and save documents relating to the relationship and providing customer support, we will process Contact information, Company information and Correspondence relating to you as a representative/contact person of the customer. We do this based on our legitimate interest in concluding an agreement with the customer and fulfilling the terms and conditions of such agreement (GDPR, article 6.1(f)). Contact us if you want to learn more about how we have balanced your interests against ours. We will keep your personal data during the term of the agreement with the company you represent and for ten years thereafter.

4.2.2 Marketing, information and events

To send you information about updates, promotions and news about us and our business, events, products, and services and/or to enable you to subscribe (or unsubscribe) to our newsletters or attend our events, we will process your Contact information, Company information, Correspondence and Visit information (if applicable) as well as information about your wish to subscribe/unsubscribe. We do this based on our legitimate interest in marketing our business and to enhance our relationship with you and the company you represent (GDPR, article 6.1(f)). Contact us if you want to learn more about how we have balanced your interests against ours. We will keep your personal data until you unsubscribe from e-mails or opt-out from direct marketing from us or during the period necessary to handle your request (newsletter and events).

4.2.3 Keep our CRM system accurate and up to date

It is vital for the success of our business that we ensure our CRM systems are as up to date as possible and that we have accurate information. Therefore, we work extensively and continuously to keep our records accurate and up to date in the right way. For this purpose, we will process Contact information and Company information about you. We do this based on our legitimate interest in having accurate information about you as a contact person of the company you represent (GDPR, article 6.1(f)). Contact us if you want to learn more about how we have balanced your interests against ours. We will process your personal data for as long as you represent our customer.

4.3 When you represent one of our suppliers/service providers

4.3.1 Entering and managing the agreement 

To enter into an agreement with a service provider or supplier, to manage the relationship and fulfil terms and conditions of the agreement (such as paying for the services and/or products), as well as to establish, issue and save documents relating to the relationship, we will process Contact information, Company information and Correspondence about you as a representative/contact person of the service provider or supplier. We do this based on our legitimate interest in concluding an agreement with the service provider or supplier and fulfilling the terms and conditions of such agreement (GDPR, article 6.1(f)). Contact us if you want to learn more about how we have balanced your interests against ours. We will keep your personal data during the term of the agreement with the company you represent and for ten years thereafter.

4.3.2 Grants or public subsidies

To enable and follow up our applications for grants or public subsidies, we will process Contact information and Contact information. The legal basis for our processing is our legitimate interest in applying for grants and public subsidies (GDPR, article 6.1(f)). Contact us if you want to learn more about how we have balanced your interests against ours. We will keep your personal data 12 months.

4.4 When you visit our office 

To manage your visit at our office, including to enable the provision of meals and personalized services, we will process your Contact information, Company information, Correspondence, Security information and Visit information. We do this based on our legitimate interest in managing visits and ensuring all visitor’s and employee’s safety (GDPR, article 6.1(f)). Contact us if you want to learn more about how we have balanced your interests against ours. We will keep your personal data during your visit and 12 months thereafter.

4.5 When you visit our website 

To provide, operate, maintain, improve, personalize and expand our website, we use cookies and other similar tracking technologies on our website. The website includes necessary, statistical and marketing cookies. Depending on your cookie preferences, we will process IT-related information about you when you visit our website. The legal basis for our sub-sequent processing of personal data collected through cookies is your consent (GDPR, article 6.1(a)), except when personal data are collected through necessary cookies (then, the legal basis is our legitimate interest in being able to provide basic functions on the website (GDPR, article 6.1(f))). 

Contact us if you want to learn more about how we balance your interests against ours. For further information about our use of cookies, please see our cookie banner/cookie policy on our website. 

4.6 When you contact us through one of our communication channels (for a purpose not otherwise described herein)

If you contact us on social media platforms, we will process Contact information, Company information and Correspondence when responding to your query. We do this based on our legitimate interest to respond to your queries (GDPR, article 6.1(f)). Contact us if you want to learn more about how we have balanced your interests against ours. We will keep your personal data for 12 months.

4.7 When you represent one of our owners or group companies

To enter into agreements with our owners or group companies, to manage the relationship and fulfil terms and conditions of the agreement, as well as to establish, issue and save documents relating to the relationship, we will process Contact information, Company information and Correspondence relating to you as a representative of our owners or group companies. The legal basis for our processing is our legitimate interest in concluding an agreement with the owner or group company and fulfilling the terms and conditions of such agreement (GDPR, article 6.1(f)). Contact us if you want to learn more about how we have balanced your interests against ours. We will keep your personal data during the term of the agreement with the company you represent and for ten years thereafter.

4.8 Product and service development

To enhance our products and services we will process your Contact information, Company information and Correspondence. We do this based on our legitimate interest in reviewing and analysing external feedback and developing our products and services based on that (GDPR, article 6.1(f)). Contact us if you want to learn more about how we balanced your interests against ours. We will keep your personal data in accordance with the retention periods otherwise stated here, i.e., we will not keep identifiable data for this purpose for a period longer than the original retention period.

4.9 To comply with laws, legal obligations and voluntary undertakings

4.9.1 To comply with legal obligations

Purpose and specific legal obligation (GDPR, article 6.1(c)): Handle and respond to data subject rights requests (GDPR, chapter III)

  • Categories of personal data: Contact information as well as information provided in your request and additional information required to meet your request
  • Retention period: For up to one year from the date your request has been met

Purpose and specific legal obligation (GDPR, article 6.1(c)): Handle incidents and participate in supervisions (GDPR, articles 33-34 and 58)

  • Categories of personal data: The categories of personal data relating to you that are necessary and requested during the incident/supervision
  • Retention period: For as long as the incident or subsequent supervision is ongoing and one year thereafter

Purpose and specific legal obligation (GDPR, article 6.1(c)): Bookkeeping (Bokföringslag (1999:1078))

  • Categories of personal data: Personal data relating to you to the extent we are obligated to save the data for bookkeeping purposes
  • Retention period: Up to and including the seventh year after the end of the financial year the transaction took place

4.9.2 Claims, complaints and legal disputes

To administer, investigate and respond to claims and complaints, including to establish, exercise or defend legal claims, we will process your Contact information as well as other information you provide us that is relevant for the claim, complaint or dispute. The legal basis for the processing is our legitimate interest to administer your claim or complaint (GDPR, article 6.1(f)). Contact us if you want to learn more about how we have balanced your interests against ours. We will keep your personal data during the period we investigate and administer your claim, complaint and dispute and for ten years thereafter.

4.9.3 Mergers and acquisitions of our assets

In the event of a merger, acquisition or a sale of all or parts of our assets, we will transfer the categories of personal data relating to you that are covered by the merger or acquisition to the new owner. The legal basis for the processing is our legitimate interest to proceed with a merger or acquisition and transfer relevant personal data for this purpose (GDPR, article 6.1 (f)). Contact us if you want to learn more about how we balance your interests against ours. No personal data is stored for this particular purpose. 

5. Who we share your personal data with

We may need to share your personal data with others to manage our business and to comply with laws and regulations. This includes:

  • Other companies within our group of companies or the group of one of our owners (together “group companies”). 
  • Service providers, such as IT service providers who manage the necessary operation, technical support and maintenance of our IT solutions, such as internally used systems, platforms and hosting services. 
  • Providers of analytics services (such as Google). 
  • Providers of social media platforms (such as LinkedIn). 
  • External advisors and consultants who help us in different areas of our business, such as financial advisors, lawyers and auditors. 
  • Potential buyers in case of a merger, an acquisition or a sale of all or parts of our assets.
  • Authorities in the event of a request, export control and customs
  • Courts in the event of a dispute or other proceedings.
  • Emergency service providers, such as the police, ambulance, etc. in connection with emergency assistance. 

6. Geography

We strive to process your personal data within the EU/EEA area. However, in some situations the personal data may be processed outside the EU/EEA (e.g., in USA), such as when we share your personal data with our group companies operating outside the EU/EEA. 

We always ensure that that your personal data enjoys a high level of protection, even when the personal data is processed outside of the EU/EEA. In most cases, the importing party will reside in a country that has been deemed to offer adequate protection by the EU commission or adheres to the EU-US Data Privacy Framework (GDPR, article 45). If not, we will enter into the EU Standard Contractual Clauses (GPDR, article 46). In addition, we take additional technical and organisational security measures when needed. 

7. Your rights

7.1 General

We are accountable for your personal data being processed in a legal, transparent and open manner in relation to you, and that your personal data are accurate and up to date. You have certain rights regarding our processing of your personal data. If you want to exercise any of your rights, you can contact us by using the contact details in section 2 above. We will get back to you as soon as we can, and at the latest within one month of receiving your request. If we cannot answer your request or need more time, we will explain why.

7.2 Right of access

You have the right to know if we process personal data about you or not. If we do, you also have the right to receive information about the personal data we process and why we do it. Further, you have the right to receive a copy of all personal data we have about you. If you are interested in any specific information, please indicate this in your request. For example, you can specify if you are interested in a certain type of information, such as the specific contact details we have about you, or if you want information from a certain time period.

7.3 Right to rectification

If the personal data we hold about you is inaccurate, you have the right to have the personal data corrected. You also have the right to complete incomplete personal data, including by providing supplementary information. Once we have corrected or completed your personal data, we will inform those we have shared your personal data with (when applicable) about the update, if it is not impossible or too cumbersome. If you ask us, we will also tell you who we have shared your personal data with. If you request to have data corrected, you also have the right to request that we restrict our processing during the time we investigate the matter. 

7.4 Right to erasure (right to be forgotten)

In certain cases, you have the right to request that your personal data are erased, e.g.:

  • If the personal data are no longer necessary for the purposes for which they were collected or otherwise processed, or
  • When the personal data have been unlawfully processed.

If we erase the personal data following your request, we will also inform those we have shared your personal data with (when applicable), if it is not impossible or too cumbersome. If you ask us, we will also tell you who we have shared your personal data with.

7.5 Right to request restriction

Restriction means that the personal data are marked so that it may only be used for certain limited purposes in the future. The right to restriction applies:

  • When you believe the personal data are inaccurate/incomplete and you have requested rectification. If so, you can also request that we restrict our processing while we investigate if the personal data are accurate/complete or not,
  • If the processing is unlawful but you do not want the personal data to be erased, 
  • When you have objected to the processing and during the time we verify our legitimate grounds, or
  • When we no longer need the personal data for the purposes for which we collected it, but you need it to be able to establish, exercise or defend legal claims.

Even if you have requested that we restrict our processing of your personal data, we have the right to use it for storage, to assert or defend legal claims or to protect someone else’s rights. We may also use the personal data for reasons relating to important public interest. We will let you know before the restriction expires.

If we restrict the processing of your personal data, we will also inform those we have shared your personal data with (when applicable), if it is not impossible or too cumbersome. If you ask us, we will also tell you who we have shared your personal data with.

7.6 Right to object

You have the right to object to processing that is based on our legitimate interest. If you object to the use, we will, based on your situation, evaluate if our interests in using the personal data outweigh your interests in the personal data not being used for that purpose. If we are unable to provide compelling legitimate grounds that override yours, we will stop using the personal data you object to – provided we do not have to use the data to establish, exercise or defend legal claims. If you object to the use, you also have the right to request that we restrict our use during the time we investigate the matter. 

You always have the right to object to, and unsubscribe from, direct marketing. 

7.7 Right to data portability

If the processing is based on your consent or an agreement between us, you have the right to obtain personal data that you have provided to us in a structured, commonly used and machine-readable format and transfer it to another controller (“data portability”). Please note that we seldom use one of these legal bases to justify our processing.

7.8 Right to withdraw consent

You have the right to withdraw your consent for a specific processing at any time. Your withdrawal will not affect processing that has already been carried out. Please note that we seldom use consent to justify our processing.

7.9 How to exercise your rights and right to complain

If you want to exercise any of your rights, please contact us using the below contact information.

If you have any objections or complaints about the way we process your personal data, please let us know and we will do our best to help you. You also have the right to lodge a complaint with the supervisory authority where you live, work or where you believe an infringement has taken place. In Sweden, the supervisory authority is the Swedish Supervisory Authority for Privacy Protection (IMY).

8. Changes to this privacy notice

We reserve the right to change this privacy notice from time to time. We will inform you of any changes by posting the updated privacy notice on our website. If we make any material changes, we will send you a notification by e-mail.