BUSINESS CONTACT AND EXTRANET PRIVACY NOTICE

The purpose of this privacy notice is to provide information on how Thule Group AB, Corp. Reg. No: 556770-6311, Fosievägen 13, SE-214 31 Malmö (“Thule” or “we”) as data controller process your personal data in connection with our business relationship and the Thule Group extranet (“Extranet”). We are responsible for ensuring that your personal data is processed in accordance with the EU General Data Protection Regulation (“GDPR”). The following describes how we collect, process and share your personal data.

Please be referred to our Cookie Notice for information about the specific cookies we use and details regarding such cookies.

What personal data is processed? For what purpose is the personal data processed? What are the legal grounds for processing of personal data? How long is the personal data stored?
When using the Extranet services, we process the following personal data about you; Name
  • Address
  • Log-in credentials
  • City and country
  • Email address
  • Phone number
  • Which company you represent
  • IP address
  • Personal data included in order and invoice data
  • Personal data included in correspondenc
  • To provide you with an Extranet account and offer you the Extranet services.

    To provide you with product information, marketing and newsletters.

    To provide you with access to our media bank.

    To communicate effectively with you and conduct our business, including to process and fulfil your order requests.

    To conclude, execute, fulfil and terminate agreements with the company you represent.

    To provide items or products.

    To establish and maintain a business relationship with you and the company you represent.

    To manage compliance and risk, including quality assessments of the products and processing product claims.
    Our processing is based on our legitimate interest to provide you with access to Extranet, and provide relevant services and information to you and the company you represent, which supports the business relationship between our companies. This processing is initiated by your contact and the personal data collected is limited to such information which is absolutely necessary in order for us to provide access to and process your orders through Extranet, as well as improve our services and provide you with information relevant to your business. Based on the factors mentioned above, we have conducted a balance of interest assessment and have concluded that our legitimate interest outweigh your potential interest in not having your personal data processed for this purpose. You are always entitled to object to this assessment. You can read further about your rights below. We will save the data 12 months after the last contact with us, or from termination of the Extranet account by either party.

    However, certain personal data relating to your purchase will be stored in accordance with applicable bookkeeping- and tax legislation.
    If you visit the Extranet website, we process personal data collected through cookies, i.e. your Internet Protocol (IP) address, browser language, geographical location data, demographic information, date and time, information about webpages, weblinks, and any other information on our website accessed by you. For processing of personal data collected through strictly necessary cookies, the purpose of such processing is to provide a functioning website.

    For processing of personal data collected through performance cookies, the purpose of such processing is to develop our website and improve its functions.

    For processing of personal data collected through functional cookies, the purpose of such processing is to improve usability and enable personal settings.

    For more detailed information about the purpose of each specific cookie, please see our Cookie Notice.
    Our processing of personal data collected through strictly necessary cookies is based on our legitimate interest in providing you with a functioning website, as the basic website functions would not work properly without these cookies. You are always entitled to object to this assessment.

    Our processing of personal data collected through performance and functional cookies is based on your consent.
    The individual storage periods relating to specific cookies are available in our Cookie Notice.

    As a general rule, we will collect the personal data directly from you, or from the company you represent. The provision of your personal data is necessary to use the Extranet. If you do not provide your personal data to us, we will not be able to provide you with access to or process your orders through the Extranet service, or provide you with information relevant to your business.

    Who has access to your personal data?
    We have implemented appropriate technical and organisational measures to protect your personal data against loss, accidental and unlawful access and unauthorised disclosure. The number of persons with access to your personal data is limited. Only individuals within Thule that need to process your personal data in accordance with the purposes above have access to your personal data.

    We may share your personal data with other companies within the Thule company group, in order to provide you with relevant services and information. To the extent other Thule group companies process your personal data, they do so in accordance with the information provided in this privacy notice. We may also share your personal data with suppliers and partners that carry out services on our behalf or in other ways collaborate with us in order to provide you with relevant information. This includes IT platform and service provider Sitecore and marketing service provider APSIS.

    Your personal data may be transferred to countries outside of EU/EEA, including the United States, which may have a lower level of protection than within the EU/EEA. The transfer is based on Thule’s legitimate interest and is needed to provide you with relevant service and information. When transferring personal data to countries outside the EU/EEA, we use standard contractual clauses approved by the European Commission to ensure a sufficient level of protection for your personal data. The standard contractual clauses can be found via the following link: https://ec.europa.eu/info/strategy/justice-and-fundamental-rights/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en.

    What are your rights?

    Right to access:You are entitled to know what personal data we are processing about you, for which purposes we are processing the personal data and who we share your personal data with etc. You also have the right to gain access to the personal data and request a copy of such data.

    Right to rectification: If you notice that we have incorrect or incomplete personal data about you, you can always request that we correct or complete such personal data.

    Right to erasure and restriction:In some cases, you may request that we delete your personal data or that we restrict our processing for a certain period of time. Please note that deletion or restriction of your personal data may result in us not being able to provide you with access to our Extranet.

    Right to object:In certain cases, you have the right to object to the processing, for example you may object to the processing that we perform based on our legitimate interest or for direct marketing purposes.

    Right to data portability:In cases when we base our processing on your consent or the fulfilment of an agreement with you, you are entitled to extract your personal data in a structured, commonly used and machine-readable format and to transfer the personal data to another controller.

    Withdrawal of consent:If you have given your consent to processing of your personal data for an explicit purpose you may always withdraw your consent. If you want to withdraw your consent, you may contact us through the contact information provided below.

    If you have questions regarding how we process personal data about you, you are most welcome to contact us at privacy@thule.com. If you have any objections or complaints about the way we process your personal data, you have the right to file a complaint with the relevant supervisory authority (Sweden: Swedish Authority for Privacy Protection (Sw. Integritetsskyddsmyndigheten)).

    Changes to this privacy notice
    If any changes are made concerning the processing of your personal data, we will inform you of such changes by publishing an updated version of this privacy notice on the Extranet.