Last updated: May 30, 2021
deBroome’s collection, storage, and use of personal data will continually be governed to comply to the GDPR as set forth by the European Parliament and PUL according to Swedish law. Clients are encouraged to take the same measures when using deBroome services.
If you have a question or request concerning the policy, please contact us at gdpr@deBroome.com.
1. Third parties
When we feel you will benefit from our partner’s services, we may get in touch with them about your company's needs. We do not sell, trade, or rent users personal identification information to others.
2. deBroome’s treatment of client’s personal data
2.1. Contact info
The information of the client’s main contact, including name, phone number, email address, corporation, and corporation’s address, are collected to maintain communication between parties. Mainly, information is collected to respond to questions and concerns to help our clients improve their experience and the development of deBroome’s services. In addition, billing information may be collected to meet contractual obligations.
2.2. Feedback and testimonials
Clients may also receive a request to fill out a survey to let us know about their experience with our services. The responses may be used for client testimonials.
deBroome likes to showcase our services in the form of blogs and on social media, mainly LinkedIn. We always ask permission from our clients before publishing articles or interviews which will be published on our website and social media channels. These publishings are not only to promote deBroome services, but also to promote our client’s accomplishments. Our clients have the right to decline all these requests by deBroome. We may also present our services to potential clients in a closed setting.
3. deBroome’s treatment of user’s personal data
3.1. Google Analytics
deBroome services collect information on the users within our brand portals including website visits, location, pageviews, and other general information collected by Google Analytics. deBroome uses this information for general statistical purposes. In sum, deBroome tracks engagement on our brand portals.
When users register on our brand portals, we do not address user’s personal information unless a client has a request. As a result, deBroome uses personal information on deBroome’s services to assist with customer support when needed.
4. Client’s treatment of personal data
4.1. Registration form
All brand portals are customized to the client’s needs. Therefore, some clients may choose to conceal their brand portals from the public. To protect a brand portal’s information, a client will decide what to include on a registration form to confirm identity of individuals.
The client takes responsibility of a user’s personal information within a brand portal. Thus, the client is accountable for who has access to user information within their organization and outside sources in which they share the information.
4.4. User requests
Clients will process any requests from registrants including but not limited to providing, updating, and deleting personal information.
5. Sharing information
5.1. Clients sharing info
- User’s info: Clients take responsibility for the sharing of user’s information on deBroome’s platforms.
5.2. deBroome sharing info
Personally identifiable information: deBroome will not sell client’s identifiable information to others.
Non-personally identifiable information: deBroome shares non-personally identifiable information (such as anonymous number of sessions/pageviews, visit duration, and top countries) on our services to clients. This is to measure the engagement of their own brand portal. Our clients have the right to share this information. Non-personally identifiable information is stored for 38 months.
6. Storage of personal data
6.1. Location of server – Sweden
deBroome’s servers are located in Sweden.
6.2. Storage and processing
deBroome’s clients: Clients’ information collected through deBroome will be stored and processed in deBroome’s server location.
deBroome’s Brand Portals: Clients have the right to collect information within their local servers.
6.3. Deletion of data
deBroome retains personal information for the duration of our business relationship and afterwards for as long as it is necessary and relevant for our legitimate business purposes.
When information is deleted from our services, some information will remain in our backups until it automatically deletes at its scheduled time. Therefore, personal information is not completely deleted from deBroome’s services at the time of the request.
It is important to note that deBroome has its own backups that automatically deletes information periodically. Thus, if a client deletes personal information from a Brand Portal, it is not completely deleted from deBroome’s services until our backups are deleted.
7. Personal data security
7.1. Data protection – deBroome
deBroome will keep your information secure by taking appropriate technical and organizational measures. We are concerned with protecting your privacy and data, but we cannot guarantee that your information will not be accessed, disclosed, altered, or destroyed by a breach within our database.
7.2. Data protection – clients
When creating brand portals for clients, we apply secure socket layer technology (SSL). The certificate assures that information is kept private between the web server and the clients web browsers.
If you use a password to access our services, we advise you to keep your password safe and use discretion when sharing passwords with those in need of access to your Brand Portal. We do not share passwords with anyone without given permission.
7.3. Routine for a security breach
If a security breach should occur, deBroome will take the following actions:
- If the intrusion is successful, deBroome cuts the internet connection to avoid loss or destruction of data
- Analyze and reconfigure the firewall
- Increased preparedness and supervision
- Report to all clients, partners, and users in the database
8. Responsibility for damage
- deBroome’s responsibility: deBroome assures to take security measures to protect our services from vulnerability. Moreover, deBroome provides a platform to perform actions in accordance to the GDPR requirements. Therefore, we do not take responsibility if any damage happens to a user. deBroome is not accountable for any damage to our clients that is inflicted by our partners.
- deBroome client’s responsibility: deBroome clients take responsibility of any damage inflicted on a user.
9. Your rights
9.1. Right to stay informed
deBroome is completely transparent to our partners and clients on how personal data is treated and stored. If there occurs a breach in deBroome’s database, deBroome will inform our clients as soon as we have knowledge of this event. We will also inform on the measures we take to secure the system.
9.2. Right to delete information
At anytime, you can revoke the use of your personal data. While we will delete any personal information about you on our active database instantly within a reasonable period of time, we may retain information in our backups, analytics, to the satisfaction of legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so.
9.3. Request to access information
You can contact us at any time to request to access information that deBroome has about you. However, we will first take measures to verify your identity. deBroome will then ensure that you will be provided with a copy of the data we process about you. You can use this information for your own use.
9.4. Request to correct information
You can contact us at any time to correct any information that deBroome has about you.
9.5. Complying to your rights
deBroome will comply to any requests you may have in accordance to the law. deBroome has the right to refuse a request if deBroome believes it is outside of the GDPR laws. However, deBroome must supply a sufficient reason why. If you believe deBroome’s reasoning is unjust, you have the freedom to contact Information Commissioner's Office (ICO).
If you have any questions about deBroome’s collection and/or storage of data, or want to make a complaint, or want to be forgotten, please contact us at firstname.lastname@example.org.
You also have the right to make a complaint with the Swedish Data Protection Authority also known as Datainspektionen, or your local data protection authority.