Privacy policy
Gaia protects your privacy and always strives for a high level of data protection. This Privacy Policy explains how Gaia System AB, doing business as Gaia (“Gaia,” “we,” “us,” and “our“) collect, use, and share the personal information of people who visit www.gaiapublictransport.com, contact us, receive our communications, or attend on events. It also describes what rights you have and how you can use them. The Cookie Policy explains how we use cookies and similar technologies to recognize you when you visit our website. It explains what these technologies are and why we use them, as well as your rights to control our use of them.
Gaia’s Integrity Policy
Effective as of 2023-05-24
What is personal data, and what is the processing of personal data?
Personal information is any information that can be directly or indirectly connected to a physical person. For example, images and sound recordings processed on a computer can be personal data even if no names are mentioned. Encrypted data and various electronic identities (e.g., IP numbers) are personal data if they can be connected to a physical person.
Processing of personal data is everything that happens with personal data. Every action taken using personal data constitutes processing, regardless of whether it is performed automatically or not. Examples of common actions are collection, registration, organization, structuring, storing, processing, transferring, and erasing.
Who is responsible for the personal data we process?
A data controller is a person or entity that determines the purposes and means of data processing. A data controller can, for example, be a municipality, authority, organization, or company.
Gaia System AB is responsible for the personal data we store.
Our organization number is 556477-6580.
Address: S:t Persgatan 27,
602 33 NORRKÖPING
If you have questions about your personal information, you can contact us via: info@gaia.se
About changes in the privacy policy
We may make changes to our privacy policy. The latest version of the policy is always available on our website www.gaia.se.
For updates that are crucial to our processing of personal data (for example, changes of specified purposes or categories of personal data) or that might be crucial to you, you will receive information via email in advance of the updates taking effect. We also explain the signification of the updates and how they might affect you.
What personal information do we collect about you and for what purpose?
When filling out a form
When you fill out a form on our website or a landing page, we need your approval to handle your personal information. We then specifically ask for your consent to register your information in our customer system. We need your email address to send out relevant information linked to the form you filled out.
We store your personal information based on your approval. We store your personal information for as long as you are active and read our emails. If you have been inactive for one year, we will remove your personal data from our system. You can unsubscribe from communication and emails at any time and request that we erase your personal data. You can find more information about this further down the page.
When you sign up for a physical or an online event
When you register for an activity that we organize, we must be able to handle your registration. We register your registration in our customer system. We need your email address to send booking confirmations and other information about the booking to you.
The collection of your personal data is required for us to be able to fulfill our obligations when you book a course or attend an event that we organize.
The personal information we store is:
- Name
- Contact information (e.g., email)
- Other information that you enter yourself
The registration information is stored for six months. If you have specified other information in your booking, it will not be saved anywhere other than in the booking itself.
When you register, you will also receive information about how we process your personal data.
When you participate in our events
In the form you fill out for the event, we inform you that we sometimes take pictures or film at our events. If you do not want to be in pictures or videos, contact us before the event and let us know. You also need to tell the photographer at the event that you do not want to participate in photos/films where you can be identified.
If you subsequently discover that you are seen in photos/videos published on our website or social media, you have the right to have these removed. In that case, contact us, and we will sort it out.
When you fill out a contact form on our website
When you fill out a contact form on our website, we must be able to reply to your question and contact you. We need your email address for you to receive a confirmation of your request and other requested information.
The personal information we store is:
- Name
- Contact information (e.g., email)
The contact information is stored for six months. When you contact us, you will also receive information about how we process your personal data.
When you apply for a vacant job on our website
When you apply for a job vacancy on our website, we must be able to confirm your application. We need your email address and application documents to keep in touch with you and be able to handle your application in the recruitment process.
The personal information we store is:
- Name
- Contact information (e.g., email, address)
- Application documents
Contact information and application documents are stored during the recruitment process. We may want to save your information longer for future recruitments. You can contact us at any time if you want us to delete your information. When you contact us, you will also receive information about how we process your personal data.
Where do we process your personal data?
We always strive for your personal data to be processed within Sweden. If not possible, we will choose similar solutions within the EU.
How long do we store your personal information?
We never store your personal information longer than necessary. Read more about the specific storage periods under each heading above.
What are your registered rights?
All information about your rights can be found on the Swedish Authority for Privacy Protection’s website:
https://www.imy.se/en/organisations/data-protection/this-applies-accordning-to-gdpr/the-data-subjects-rights/
Right to access (Register Extract)
We are always open and transparent about how we process your personal data. If you want to know more about which personal data we process about you, you are welcome to contact us for access to your data. The information is disclosed in the form of a register extract with a description of the purpose, categories of personal data, storage periods and information regarding where the information has been collected. You have the right to receive one register extract per calendar year.
When you request access to your personal information, we may ask for additional information to ensure efficient handling of your request and that we provide the information to the right person.
Right to rectification
You have the right to obtain rectification of inaccurate personal data concerning you and to have incomplete personal data completed.
Right to erasure
You have the right to have your personal data erased if:
- The data are no longer necessary for the purposes they were collected or processed.
- You object to a balancing test we have carried out based on our legitimate interest, and the reason for your objection overrides our legitimate interest.
- You object to your personal data being used for direct marketing purposes.
- Personal data is processed illegally.
Right to limitation of processing
In certain cases, you have the right to request a limitation of our processing of your personal data. Reasons for limitation is:
- If you dispute that the personal data we process is correct, you can request limited processing during the time we work to check whether the personal data is correct.
- If you dispute that we delete your information. This may, for example, be because you need the information we have about you in order to establish, assert or defend legal claims. In these cases, you can request limited data processing from us.
- If you have objected to a balance of interests of legitimate interest that we have made as a legal basis for a purpose. Then you can request limited processing during the time we work to check whether our legitimate interests outweigh your interests in having the data deleted.
- If the processing has been restricted according to any of the above situations, we may only, in addition to the actual storage, process the data to establish, assert or defend legal claims, to protect someone else’s rights or if you have given your consent.
Right to object
You have the right to object to certain processing activities conducted by Gaia on the personal data, such as all Gaia’s processing of the personal data based on Gaia’s legitimate interest. An objection can be made on two grounds:
Balance of interests: in cases where we use a balance of interests as a legal basis for a purpose, you are entitled to object to the processing. In order to continue to process your personal data after such an objection, we need to be able to show a compelling justified reason for the processing in question that outweighs your interests, rights or freedoms. Otherwise, we may only process the data to establish, exercise or defend legal claims.
Direct marketing: you are entitled to object to your personal data being processed for direct marketing. The objection also includes the analysis of personal data (so-called profiling) that is performed for direct marketing purposes. Direct marketing refers to all types of outreach marketing measures, for example via mail, email, and SMS.
If you object to direct marketing, we will discontinue the processing of your personal data for that purpose and discontinue all types of direct marketing measures.
How is your personal data protected?
We use IT systems to protect confidentiality, integrity, and access to your personal information. We have taken special security measures to protect your personal data against illegal or unauthorized processing (such as illegal access, loss, destruction, or damage). Only those who need to process your personal data to fulfill our stated purposes have access to them.
What does it mean that the Swedish Authority for Privacy Protection is a supervisory authority?
The Swedish Authority for Privacy Protection (Sw: Integritetsskyddsmyndigheten) is responsible for monitoring the application of the legislation. Anyone who believes that a company mishandles personal data can submit a complaint to the Swedish Authority for Privacy Protection.
If a personal data incident arises, we are obliged to report it to the Swedish Authority for Privacy Protection within 72 hours if the incident is deemed to entail a risk for you as a registered person. An incident is an event that leads to unintentional or illegal destruction, loss, or alteration of your personal data.
It may also be a case of a personal data incident if it leads to unauthorized disclosure of or unauthorized access to the processed personal data. If the incident is deemed severe, we will inform you about it.
COOKIE POLICY
What are cookies?
Cookies are small data files that are placed on your computer or mobile device when you visit a website (if you allow it). It allows the site or service provider’s system to recognize your browser and collect and remember certain information.
Cookies set by the website owner (in this case, Gaia) are called “first party cookies”. Cookies set by parties other than the website owner are called “third party cookies”. Third party cookies enable third party features or functionality to be provided on or through the website (e.g. like advertising, interactive content and analytics). The parties that set these third party cookies can recognize your computer both when it visits the website in question and also when it visits certain other websites.
Cookies are small files that a site or service provider transfers to your computer’s hard drive via your browser (if you allow it) that allow the site or service provider’s system to recognize your browser and collect and remember certain information. For example, we use cookies to get an idea of your preferences – based on previous or current activity on the site. This enables us to provide you with more relevant services. We also use cookies to compile data such as website traffic and site interactions so that we can offer better site experiences and tools in the future. We may also use trusted third party vendors to collect information for us.
You can choose to receive an alert from your computer every time a cookie is sent, or you can choose to turn off all cookies. You do this via your browser’s settings. Because different browsers work a little differently, you can look in your browser’s help menu to find out how you handle cookies on your particular browser.
If you as a visitor turn off cookies in your browser
If you turn off cookies, some of the features that help make your site experience more effective may work worse.
How can you control cookies?
You have the right to decide whether to accept or reject cookies. You can also choose to receive an alert from your computer every time a cookie is sent. You can exercise your cookie rights by setting your preferences in the Cookie Consent Manager. The Cookie Consent Manager allows you to select which categories of cookies you accept or reject. Essential cookies cannot be rejected as they are strictly necessary to provide you with services.
The Cookie Consent Manager can be found in the notification banner and on our website. If you choose to reject cookies, you may still use our website though your access to some functionality and areas of our website may be restricted. You may also set or amend your web browser controls to accept or refuse cookies. As the means by which you can refuse cookies through your web browser controls vary from browser-to-browser, you should visit your browser’s help menu for more information.
