AAC Clyde Space group is formed of AAC Clyde Space AB and its subsidiary AAC Clyde Space Ltd. The company has its main operations in Sweden, the United Kingdom and the USA, with partner networks in Japan and South Korea.
For the purpose of the relevant laws concerning the protection of personal data and information collected by us, including the General Data Protection Regulation (EU) 2016/679 (the “GDPR”) (collectively the “Data Protection Laws”), there are hereby two different companies that are responsible for and committed to protecting and respecting your personal data, i.e. two different data controllers.
AAC Clyde Space AB, reg. no 556677-0599 (“we”, “us” or “our”), at the address Uppsala Science Park, 751 83 Uppsala, Sweden and Clyde Space Limited, a company incorporated in Scotland, of 123 St Vincent Street, Glasgow, United Kingdom, G2 5EA (“we”, “us” or “our”).
We will do our best to be clear where the data is processed but in case of uncertainty you can always direct your questions to the parent company, AAC Clyde Space AB.
This policy (together with our terms and conditions and any other documents referred to on it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.
We safeguard your personal integrity. It is therefore important for us to protect your personal data and ensure that our processing of your personal data is correct and lawful. This Policy will help you understand what kind of personal data we collect and how it is used as well as your rights as a data subject.
This version was last updated on 15 November 2019.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
How we collect your personal data
We collect and process the following data about you:
- Information that you provide by filling in forms on
www.aac-clyde.space ("our site"). This includes information provided at the time of registering to use our site, subscribing to our service, posting material or requesting further services. We may also ask you for information when you report a problem with our site.
- If you contact us, we may keep a record of that correspondence.
- We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
- Details of transactions you carry out through our site and of the fulfilment of your orders.
- Details of your visits to our site including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access.
- From third parties, such as Euroclear Sweden for shareholders, the Swedish Central Securities Depository.
How we process your personal data
In this section, we describe how we process your personal data, what legal grounds our processing is based on and for how long we store the data.
To be able to contact you for the purpose of creating and thereafter maintaining and developing a business relationship with you or the company you represent. This applies for potential and existing customers, partners and other business contacts (including for example consultants, potential investors, research and development contacts and suppliers).
For example, to carry out our obligations arising from any contracts entered between you and us. To allow you to participate in interactive features of our service, when you choose to do so. Or to notify you about changes to our service.
Storage of personal data, including communication and documentation, in our business systems and back-up systems and communication with you.
Categories of personal data
Name, contact details (such as e-mail address, telephone number, location and business address), professional role/title and information regarding the company you represent.
We may initially store your personal data for a period of six (6) months after collecting it. If a business relationship has been established between us and you within this time, we will store your personal data as long as necessary for the purpose above (or other legitimate purposes, such as fulfilling our legal obligations or exercising legal claims, see section below) We erase and anonymize your data when it is no longer necessary or adequate, for example if our relationship with you or the company represent ends.
To comply with our legal obligations or to exercise legal claims
We may process your personal data in order to comply with legal obligations, set out in law or as decided by a court or other authorities. These requirements may be related to matters such as bookkeeping or money laundering legislation. Our processing for this purpose is that it is necessary for us to comply with legal obligations applicable to us.
We may also process your personal data if the processing is necessary for the establishment, exercise or defence of our legal claims.
How we share your personal data
The personal data that we collect is shared with the following types of third parties:
- Service providers: We use third party service providers to manage some aspects of our business operations. We share personal data with such third parties with regard to, for example, IT infrastructure, operating and hosting services, marketing and communications and other IT services, such as IT support, maintenance and development. When we use such service providers we will enter into a data processing agreement with the service provider which requires it to ensure that your personal data is only processed in accordance with this Policy.
- Authorities: When we are required by law, we may share your personal data to public authorities such as the police or tax authorities.
- We may disclose your personal information to any member of our group.
- In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
- If any member of our group or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
We may process your personal data in order to provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes.
We may also use your data, or permit selected third parties to use your data, to provide you with information about goods and services which may be of interest to you and we or they may contact you about these by post or telephone. If you are an existing customer, we will only contact you by electronic means (e-mail or SMS) with information about goods and services similar to those which were the subject of a previous sale to you.
If you have subscribed for our newsletter and other marketing messages, such messages will be sent to your submitted e-mail address from our service provider beQuoted. beQuoted is, in relation to such marketing, the data controller of your submitted e-mail address, why any objection to the processing of your personal data for marketing purposes shall be directed to beQuoted. You may opt-out from further marketing messages by using the un-subscription link in each message.
We do not disclose information about identifiable individuals to our advertisers, but we may provide them with aggregate information about our users (for example, we may inform them that 500 men aged under 30 have clicked on their advertisement on any given day). We may also use such aggregate information to help advertisers reach the kind of audience they want to target (for example, women in SW1). We may make use of the personal data we have collected from you to enable us to comply with our advertisers' wishes by displaying their advertisement to that target audience.
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Where we store your personal data
We strive to always process your personal data within the EU and EEA. However the data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing. In the event of such transfer, it will be made in accordance with applicable data protection legislation, for example by ensuring that the country in which the recipient is located ensures an adequate level of data protection according to the European Commission or by use of standard contractual clauses that the European Commission has issued ensuring suitable measures to safeguard your rights and freedoms.
All information you provide to us is stored on our secure servers.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
We have taken a number of security measures to ensure that the personal data we keep is secure. For example, access to areas where personal data is stored is limited to our employees and service providers who require it in the course of their duties and who are informed of the importance of maintaining the security and confidentiality of the personal data we keep. We maintain appropriate safeguards and security standards to protect your personal data against unauthorized access, alteration, disclosure or misuse. We also monitor our systems to discover vulnerabilities in order to protect your personal data, including secure hosting of our website, virus and malware protections.
In this section we describe your rights under applicable data protection legislation.
You are welcome to email us at firstname.lastname@example.org or send regular mail to the addresses above to exercise your rights, if you have any questions or comments regarding our processing of your personal data or this Policy. We will respond within a reasonable period of time upon verification of your identity.
- Right of access and rectification
You have the right to information regarding which of your personal data we process and to access and rectify such personal data.
You may request that we erase your personal data without undue delay in the following circumstances:
- The personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed.
- you withdraw your consent on which the processing is based (if applicable) and there is no other legal ground for the processing;
- you object to our processing of personal data and we do not have any overriding legitimate grounds for the processing;
- the processed personal data is unlawfully processed; or
- the processed personal data has to be erased for compliance with legal obligations.
We may deny your request if we are prevented from erasing your personal data by requirements set out in applicable laws and regulations (e.g. in relation to accounting and tax legislation) or if they are needed for the establishment, exercise or defence of legal claims. If we cannot meet your request, we will instead restrict the personal data so they cannot be used for another purpose than the purpose preventing the erasure.
You have the right to restrict the processing of your personal data in the following circumstances:
- you contest the accuracy of the personal data during a period enabling us to verify the accuracy of such data;
- the processing is unlawful and you oppose erasure of the personal data and request restriction instead;
- the personal data is no longer needed for the purposes of the processing, but are necessary for you for the establishment, exercise or defence of legal claims;
- you have objected to the processing of the personal data, pending the verification whether our legitimate grounds for our processing override your interests, rights and freedoms.
If your personal data has been restricted in accordance with this section they may, with exception of storage, only be processed for the establishment, exercise or defence of legal claims, or for the protection of the rights of a third party or for reasons of important public interest according to EU or EU member state legislation.
You have the general right to object to our processing of your personal data when it is based on our legitimate interest. If you object and we believe that we may still process your personal data, we must demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.
- Right to data portability
If your personal data has been provided by you and our processing of your personal data is based on your consent or on the performance of a contract with you, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format in order to transmit these to another service provider where it would be technically feasible and can be carried out by automated means.
- Right to withdraw consent
When our processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. Please note that the lawfulness of any processing based on your consent before its withdrawal is not affected by the withdrawal.
- Right to file a complaint
You have the right to make a complaint at any time to either of the below.
To the supervisory authority (the Swedish Data Protection Authority) if you believe that our processing is performed in breach of applicable data protection legislation.
Or to the Information Commissioner’s Office (ICO), the UK super-visory authority for data protection issues (www.ico.org.uk).
We would, however, appreciate the chance to deal with your concerns before you approach the authorities so we ask you please to contact us in the first instance.
IP ADDRESSES AND COOKIES
We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users' browsing actions and patterns, and does not identify any individual.
For the same reason, we may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer's hard drive. They help us to improve our site and to deliver a better and more personalised service. They enable us:
- To estimate our audience size and usage pattern.
- To store information about your preferences, and so allow us to customise our site according to your individual interests.
- To speed up your searches.
- To recognise you when you return to our site.
THANK YOU FOR VISITING OUR SITE