2. Data Protection Officer

If you have any questions regarding the processing of your personal data, you can contact our data protection officer directly. The data protection officer is also available for requests for information, applications or complaints: hej@adviga.se

3. Scope & Processing of Personal Data

3.1. Your Visit to Our Website

When you visit our website, your browser transmits certain data to our web server for technical reasons. This includes the following data (so-called server log files):
• IP address
• Date and time of the request
• Time zone difference from Greenwich Mean Time (GMT)
• Content of the request (specific page)
• Operating system and HTTP status code
• Volume of data transferred
• Website from which the request originates ("Referrer URL")
• Browser, language and version of the browser software

3.1.1. Legal Basis & Purpose of Processing & Storage Duration

The storage of this data in log files is necessary to ensure the functionality of the website. It also serves to optimise the website and to ensure the security of our IT systems.

We collect this data on the basis of our legitimate interest within the meaning of Art. 6(1)(f) GDPR, in order to display our website and ensure its security.

Information in log files is stored for security reasons (e.g. to investigate misuse or fraudulent activities) for a maximum of seven days and is then deleted. Data whose further retention is required for evidentiary purposes is exempt from deletion until the relevant incident has been finally clarified.

3.1.2. Right to Object and Erasure

The collection of data for the provision of the website and its storage in log files is technically mandatory for the operation of the website. Consequently, users have no right to object.

3.2. Scope & Processing of Personal Data / Contacting Us

You can contact us via the contact forms on our website. In doing so, we process the data from the input form: company, first name, surname, street/no., postcode/city, e-mail, telephone, message.
Alternatively, you may contact us via our e-mail address. In this case, the personal data of the sender transmitted with the e-mail will be processed.

3.2.1. Recipients of the Data

The data transmitted to us is processed by the internal departments responsible for the respective business process.

3.2.2. Legal Basis & Purpose of Processing & Storage Duration

The processing of personal data from the input form is used to process your enquiry. The other personal data processed during the sending procedure (e.g. IP address, date, time) serves to prevent misuse of the contact form and to ensure the security of our IT systems.

When you contact us (via the contact form or e-mail), the user's details are processed for the handling of the contact enquiry and its processing pursuant to Art. 6(1)(b) GDPR.

We delete personal data when it is no longer required for the purposes for which it was collected. For personal data from the contact form input mask and data sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation has ended when it can be inferred from the circumstances that the matter in question or the request for information has been conclusively clarified.

3.2.3. Right to Object and Erasure

You have the right to revoke your consent to the processing of personal data at any time.

If you contact us by e-mail, you may object to the storage of your personal data at any time. In this case, our conversation cannot of course be continued. Please address such revocations to hej@adviga.se. All personal data stored in the course of contacting us will then be deleted.

3.3. Cookies

We use only one technically necessary cookie on this website: PHPSESSID – set by the Contao CMS to manage your browser session (e.g. for the functioning of our contact form). The cookie contains no personal data, only a randomly generated session ID. It is automatically deleted as soon as you close your browser.

3.3.1 Scope, Purpose & Legal Basis of Processing

The legal basis for this processing is Section 25(2)(2) of the German Telecommunications and Digital Services Data Protection Act (TDDDG, implementing the ePrivacy directive) (strictly necessary for providing the service) and Art. 6(1)(f) GDPR (legitimate interest in the proper operation of the website). No consent is required.

3.3.2. Storage Duration

The cookie is deleted as soon as you close your browser (session cookie).

3.3.3. Right to Object and Erasure

You can delete cookies at any time in your browser settings or disable the setting of cookies entirely. To do so, select the corresponding option in your browser settings (e.g. in Firefox under "Settings → Privacy & Security → Cookies and Site Data"). Please note that in this case some functions of our website may no longer work properly.

3.4. Scope, Purpose & Legal Basis of Processing Customer Data

ADVIGA AB processes customer data within the scope of our contractual services, which include conceptual and strategic consulting, campaign planning, software and design development/consulting or maintenance, implementation of campaigns and processes/handling, server administration, data analysis/consulting services and training services.

We process master data (e.g. customer master data such as names or addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. text entries, photographs, videos), contractual data (e.g. subject matter of the contract, term), payment data (e.g. bank details, payment history), and usage and metadata (e.g. in the context of evaluating and measuring the success of marketing activities).

We do not generally process special categories of personal data, unless these are components of a commissioned processing activity. Data subjects include our customers, prospective customers as well as their customers, users, website visitors or employees, and third parties. The purpose of processing is the provision of contractual services, accounting, and our customer service. The legal bases for processing are derived from Art. 6(1)(b) GDPR (contractual services) and Art. 6(1)(f) GDPR (analysis, statistics, optimisation, security measures). ADVIGA AB processes data that is required for the establishment and performance of contractual services and points out the necessity of providing such data. Disclosure to external parties only takes place if it is necessary within the scope of a contract. When processing data provided to us within the scope of a contract, we act in accordance with the instructions of the client and the statutory requirements for commissioned processing under Art. 28 GDPR, and we do not process the data for any purposes other than those specified in the contract.

ADVIGA AB deletes this data after expiry of statutory warranty and comparable obligations. The necessity of retaining the data is reviewed every three years; where statutory archiving obligations apply, deletion takes place after their expiry (6 years pursuant to Section 257(1) of the German Commercial Code, 10 years pursuant to Section 147(1) of the German Fiscal Code). In the case of data disclosed to us by the client within the scope of a contract, we delete the data in accordance with the requirements of the contract, generally upon termination of the contract.

4. Data Security

We take technical, contractual and organisational measures to ensure data security in accordance with the state of the art. In this way, we ensure that the provisions of data protection laws, in particular the General Data Protection Regulation, are complied with and that the data processed by us is protected against destruction, loss, alteration and unauthorised access. These security measures also include the encrypted transmission of data between your browser and our servers. Please note that SSL encryption for transmissions over the internet is only activated if the key symbol appears in the lower menu bar of your browser window and the address begins with https://. SSL (Secure Socket Layer) protects data transmission against illegal data access by third parties through encryption technology. If this option is not available, you may also decide not to send certain data via the internet.

All information you transmit to us is stored and processed on our servers within the European Union.

5. Disclosure of Data to Third Parties

We do not actively disclose your personal data to third parties for advertising, tracking or commercial purposes.

Disclosure only takes place in the following cases:

• Insofar as this is necessary for the performance of a contract concluded with you (Art. 6(1)(b) GDPR).
• Insofar as we are legally obliged to disclose the data (Art. 6(1)(c) GDPR).
• Within the scope of commissioned processing pursuant to Art. 28 GDPR by service providers carefully selected and contractually bound by us.

Categories of Processors

We operate the web server and the associated infrastructure ourselves on root servers leased by us. These are located in data centres within the European Union (location: Federal Republic of Germany). The operators of these data centres provide technical infrastructure services (electricity, cooling, network connectivity, physical security) and, due to the rental relationships, formally have the status of processors within the meaning of Art. 28 GDPR. Data processing agreements have been concluded with these operators.

No transfer of data to third countries outside the EU/EEA takes place.

6. Audience Measurement with Umami Analytics

For the statistical analysis of visitor behaviour on this website, we use the self-hosted open-source software Umami Analytics. Umami runs on a server operated by us within the European Union (Helsinki, Finland); no data is transmitted to third countries.
Umami is designed with privacy in mind:

• No cookies are set.
• No personal data is collected.
• IP addresses are used solely to generate anonymous, daily-rotating visitor hashes and are not stored.
• No cross-device or cross-site tracking is performed.

We only record aggregated information about the use of this website, such as pages visited, time on page, approximate country of origin, browser used, and device and operating system type. This data helps us improve the content of this website.
The legal basis for this processing is Art. 6(1)(f) GDPR (our legitimate interest in a statistically informed optimisation of our online offering). Since no cookies are set and no personal data is stored, consent under Section 25 TDDDG or the ePrivacy directive is not required.
You can find more information about Umami at umami.is.

7. Third-Party Services

We do not use any third-party services (e.g. Google Analytics, Google Fonts, Google Maps, YouTube embeds, social media plugins) on our pages. All content is delivered directly from our own server.

8. Protection of Minors

Consent to the processing of personal data may only be given by a person of full legal age. For information society services, consent of a child is permissible from the age of sixteen pursuant to Art. 8 GDPR.

9. Your Rights

If we process personal data of yours, you are a data subject within the meaning of the General Data Protection Regulation (GDPR) and you have the following rights with regard to the personal data concerning you:
• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object to processing (Art. 21 GDPR)
• Right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR)