Data Protection and Integrity

GDPR

The Regulation

The GDPR (General Data Protection Regulation) is a new EU Regulation that replaces the 1995 EU Data Protection Directive (DPD) to significantly enhance the protection of the personal data of EU citizens and increase the obligations on organizations who collect or process personal data. It came into force on May 25th, 2018. The regulation builds on many of the 1995 Directive's requirements for data privacy and security but includes several new provisions to bolster the rights of data subjects and add harsher penalties for violations.

Our commitment

Here at Pactumize, we are focused on regulatory compliance efforts. During the implementation period for the regulation, we are evaluating new requirements and restrictions imposed by the GDPR and will take any action necessary to ensure that we handle customer data in compliance with the applicable law. You´ll receive notifications of new functionality and changes to our terms and conditions in the usual way.

Pactumize has always made information security and customer privacy a top priority and that made us well prepared for the GDPR regulation. Read more about our capabilities here.

Our Legal Documentation

Our Legal team has been busy ensuring our legal documentation (namely our Customer Terms of Service, our Data Processing Agreement, and our Privacy Policy) has been updated to reflect the mandatory Processor provisions required by Article 28 of the GDPR.

Frequently Asked Questions

Data collected by us

Who is the data controller and how can I contact them?

Pactumize is the controller for the personal data which you provide when creating your account, and you can contact us here.

As for any personal data provided by our clients, Pactumize is only the Processor of that data and each client is the Controller of the personal data they provide. You can read more about when the personal data has been provided to us by our clients further down in this policy.

What legal right does Pactumize have to collect and process personal data?

Pactumize needs to collect and process name and email in order to deliver the service.

Also, providing a name and an email address is a criteria to enter into an agreement with Pactumize, since we need that information to create an account on the platform to perform our services.

Processing is necessary for the performance of the contract to which the data subject is a party. This is the reason why Pactumize does not base our processing on consent. But our clients can (if they want) base their collection and processing of personal data in the platform on consent. Our platform is well fit for this.

Who will Pactumize share the personal data with?

We use hosting sites to store the personal data we collect, which currently is Glesys. Except for storage, we don’t share the personal data we collect.

Will Pactumize transfer personal data outside of the EU?

No, we store and process all the personal data we collect within the EU.

Where does Pactumize store its data?

Pactumize store all of its data in professional hosting sites within Sweden.

What personal data is stored by Pactumize?

By default, we only store name and email for our registered users and customers. However, our Contract Automation solution can be used to process personal data in the contracts you create with our solution.

How long do Pactumize store personal data?

We keep personal data about our clients as long we have an active business relation regulated in an agreement, or as long as we intend to create a business relationship that is regulated in an agreement.

How long do Pactumize process personal data our clients decide to store on our platform?

Customers can build contracts within the Pactumize platform. They can fill these contracts with any type of data. Our clients are in total control of their own data, including how long to store and process the data in our platform. By now, data need to be deleted manually, or by using our automatic functions. This will need to be set up together with a Pactumize expert designed to your specific needs.

Also, note that all data will be stored 30 days extra after deletion in our backups before the data is deleted beyond restoration. This can be good to take into consideration when communicating with registered individuals before they consent to any processing.

Can I see what data you have collected from me?

Yes, you can contact us to gain access to your personal data and have us correct, delete or limit our processing of that data. You can also ask us to transfer that data to other services.

Where do I turn if I have complaints regarding the processing of my personal data?

You can contact us if you have any concerns with the processing of your data and we will do our best to resolve all questions and issues you may have. Should you still have concerns after our communication, you can file a complaint with Integritetsskyddsmyndigheten, the Swedish supervisory authority, here.

Does the Pactumize Licence Agreement comply with GDPR regulations?

It is very well aligned, however, we are investigating if we need to add an extra appendix to the master agreement.

Data received from our clients

Who is the Controller of the personal data?

For information that we receive from our clients, each client is the Controller of all the personal data that they have entered on our platform.

However, if you enter your personal data here on the platform, we become the Controller for that data. You can read more on how we process and store your personal data above.

What is the purpose and legal ground of the processing?

Our client’s purpose is to negotiate and, in the end, send an agreement for signing with you or the company you work at. Our client wants to pursue this purpose by drafting the agreement and holding the negotiations in a secure, transparent, and collaborative environment to ensure efficiency. This falls under the category “legitimate interest” of the legal grounds.

What categories of personal data is being processed?

Only business contact information such as name, work email, work phone, work title and company, company address, etc.

With whom has the personal data been shared with?

The personal data has been shared to us, and we in turn only share personal data for storage. You can read more in the title above.

For how long will the personal data be stored?

We store the data for as long as our clients need it. Since we only are a personal data Processor for the data our clients share with us, they are in complete control of how long the data is stored. Also, note that all data will be stored 30 days extra after deletion in our backups before the data is deleted beyond restoration.

Can I request my data to be removed?

Of course! As a Data Subject, you have the right to gain access to your personal data and have us correct, delete, or limit our processing of that data. Since our client is the Controller, you can contact them with your request and then we will execute that request.

Where do I turn if I have complaints regarding my personal data?

You can either contact our client and we will do our best to help them solve the issue. You can also turn directly to IMY to file a complaint against our client's processing of your personal data.