Last updated: May 23, 2018
deBroome’s collection, storage, and use of personal data will continually be governed to comply to the GDPR as set forth by the European Parliament and PUL according to Swedish law. Clients are encouraged to take the same measures when using deBroome services.
1. Third parties
When we feel you will benefit from our partner’s services, we may get in touch with them about your company’s needs. We do not sell, trade, or rent users personal identification information to others.
2. deBroome’s treatment of client’s personal data
2.1. Contact info
Client’s information including name, phone number, email address, corporation, and corporation’s address are collected to maintain communication between parties. Mainly, information is collected to respond to questions and concerns to help our clients improve their experience and the development of deBroome’s services. In addition, billing information may be collected to meet contractual obligations.
2.2. Feedback and testimonials
Clients may also receive a request to fill out a survey to let us know about their experience with our services. The responses may be used for client testimonials.
deBroome likes to showcase our services in the form of blogs and on social media, mainly Linkedin. We may also present our services to potential clients in a closed setting. In most cases, we ask permission from our clients before publishing articles or posts. We may also ask our clients to participate in an interview that is published on our website and social media channels. These publishings are not only to promote deBroome services, but also promote our client’s accomplishments. Our clients have the right to decline all these requests by deBroome.
3. deBroome’s treatment of user’s personal data
3.1. Google Analytics
deBroome services collect information on the users within our brand manuals including website visits, location, pageviews, and other general information collected by Google Analytics. deBroome uses this information for general statistical purposes. In sum, deBroome tracks engagement on our brand manuals.
When users register on our brand manuals, we do not address user’s personal information unless a client has a request. As a result, deBroome uses personal information on deBroome’s services to assist with customer support when needed.
4. Client’s treatment of personal data
4.1. Registration form
All brand manuals are customized to the client’s needs. Therefore, some clients may choose to conceal their brand manuals from the public. To protect a brand manual’s information, a client will decide what to include on a registration form to confirm identity of individuals.
The client takes responsibility of a user’s personal information within a brand manual. Thus, the client is accountable for who has access to user information within their organization and outside sources in which they share the information.
4.4. User requests
Clients will process any requests from registrants including but not limited to providing, updating, and deleting personal information.
5. Sharing information
5.1. Clients sharing info
- User’s info: Clients take responsibility for the sharing of user’s information on deBroome’s platforms.
5.2. deBroome sharing info
Personally identifiable information: deBroome will not sell client’s identifiable information to others.
Non-personally identifiable information: deBroome shares non-personally identifiable information (such as anonymous number of sessions/pageviews, visit duration, and top countries) on our services to clients. This is to measure the engagement of their own brand manual. Our clients have the right to share this information. Non-personally identifiable information is stored for 38 months.
6. Storage of personal data
6.1. Location of server – Sweden
deBroome’s servers are located in Sweden.
6.2. Storage and processing
deBroome’s clients: Your information collected through deBroome will be stored and processed in deBroome’s and deBroome’s partners’ server locations.
deBroome’s brand manuals: Clients have the right to collect information within their local servers.
6.3. Deletion of data
deBroome retains personal information for the duration of our business relationship and afterwards for as long as it is necessary and relevant for our legitimate business purposes.
When information is deleted from our services, some information will remain in our backups until it automatically deletes at its scheduled time. Therefore, personal information is not completely deleted from deBroome’s services at the time of the request.
It is important to note that deBroome has its own backups that automatically deletes information periodically. Thus, if a client deletes personal information from a brand manual, it is not completely deleted from deBroome’s services until our backups are deleted.
7. Personal data security
7.1. Data protection – deBroome
deBroome will keep your information secure by taking appropriate technical and organizational measures. We are concerned with protecting your privacy and data, but we cannot ensure or warrant the security of any information you transmit to deBroome. Moreover, we cannot guarantee that your information will not be accessed, disclosed, altered, or destroyed by a breach within our database.
7.2. Data protection – clients
When creating brand manuals for clients, we always advise the use of applying secure socket layer technology (SSL). However, clients may choose to not purchase a SSL certificate or not renew their SSL certificate, leaving communication open between two devices. Therefore, deBroome cannot guarantee absolute security as it is the client’s responsibility to maintain personal data on our services.
If you use a password to access our services, we advise you to keep your password safe and use discretion when sharing passwords with those in need of access to your brand manual. We do not share passwords with anyone without given permission.
If you believe your account has been compromised, please contact us at firstname.lastname@example.org.
7.3. Routine for a security breach
If a security breach should occur, deBroome will take the following actions:
- If the intrusion is successful, deBroome cuts the internet connection to avoid loss or destruction of data
- Analyze and reconfigure the firewall
- Increased preparedness and supervision
- Report to all clients, partners, and users in the database
8. Responsibility for damage
- deBroome’s responsibility: deBroome assures to take security measures to protect our services from vulnerability. Moreover, deBroome provides a platform to perform actions in accordance to the GDPR requirements. Therefore, we do not take responsibility if any damage happens to a user.
deBroome is not accountable for any damage to our clients that is inflicted by our partners.
- deBroome client’s responsibility: deBroome clients take responsibility of any damage inflicted on a user.
9. Your rights
9.1. Right to stay informed
deBroome is completely transparent to our partners and clients on how personal data is treated and stored.
If there occurs a breach in deBroome’s database, deBroome will inform our clients and then the users as soon as we have knowledge of this event. We will inform all on the measures we take to secure the system.
9.2. Right to delete information
At anytime, you can revoke the use of your personal data. While we will delete any personal information about you on our active database instantly within a reasonable period of time, we may retain information in our backups, analytics, to the satisfaction of legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so.
9.3. Request to access information
You can contact us at any time to request to access information that deBroome has about you. However, we will first take measures to verify your identity. deBroome will then ensure that you will be provided with a copy of the data we process about you. You can use this information for your own use.
9.4. Request to correct information
You can contact us at any time to correct any information that deBroome has about you.
9.5. Complying to your rights
deBroome will comply to any requests you may have in accordance to the law.
deBroome has the right to refuse a request if deBroome believes it is outside of the GDPR laws. However, deBroome must supply a sufficient reason why. If you believe deBroome’s reasoning is unjust, you have the freedom to contact Information Commissioner's Office (ICO).
If you have any questions about deBroome’s collection and storage of data or requests, please contact us at:
deBroome AB, Tomtebogatan 5, SE-113 39 Stockholm
+46 8 52 20 50 00