Security and privacy
Reksoft - Software Engineering & IT Outsourcing

Security and privacy

This privacy policy describes how Reksoft Group of companies, including Reksoft Ltd, Reksoft AB and other (“Reksoft”, “we”, “us”) processes your personal data when you access or use any part of our website (www.reksoft.com, the “Website”), purchase our services or communicate or interact with us in any other way.

When we process your personal data for our purposes, in accordance with this privacy policy, we are the data controller regarding such processing. We respect and care about the privacy of individuals and undertake to respect and protect your personal data and privacy in accordance with applicable laws, industry rules and other related standards. This privacy policy describes what personal data we collect, how and why we collect it and what we do with it once it has been collected. You will also find information about the rights you have in relation to our processing of your personal data.

You may always reach out to us on matters of privacy and data protection by contacting us at: privacy@reksoft.com.

1. Personal data

Personal data means any information relating to a person, which, directly or indirectly, may be used to identify the person, such as your name, telephone number, e-mail address, payment information, IP address and customer number.

2. Collection of personal data

Personal data provided by you

Most of the personal data, which we process about you is personal data that you have voluntarily provided us with, for example by submitting an enquiry on our Website, by placing an order for purchase of our services and/or when you contact us through our social media accounts or in any other way. You may also provide such information when contacting Reksoft employees officially representing Reksoft.

The personal data that you provide us with may include your contact information (name, address, telephone number, email address, etc.) and data pertaining to your order and use of our services (customer preferences and settings, purchase history, etc.).

We may need the above information to respond to enquiries and requests from you and to be able to fulfil an agreement with you regarding provision of services that you have ordered. If you choose not to submit certain personal data, we may not be able to respond to your enquiries or provide the ordered services.

Personal data collected by Reksoft

We collect personal data about you when you visit our Website, purchase our services or interact with us in any other way. Personal data that we collect from you include information about your use of the Website, technical information about the units you use to navigate the Website, geographical location data, interaction data and information about the services you have ordered from us.

Cookies
At Reksoft, we use cookies on our Website so that you can enjoy the best possible online experience. A cookie is a small text file that is saved on your computer when you visit a website. It contains information about the website you visit, settings you have made and the duration of your visit. Cookies do not contain viruses and will not harm your computer. They will not identify you personally, only the browser you have installed on your computer.

You can avoid the use of cookies simply by adjusting your settings within your internet browser. This will prevent any cookies from being saved to your hard drive. If you want to avoid the use of cookies on your computer, you can simply turn the function off by adjusting the settings within your web browser. This will prevent any cookies from being saved to your hard drive. Please not that turning cookies off may lead to a reduced browsing experience.

You can find more information about cookies on https://cookiesandyou.com/

Log files
The only information that we collect and store automatically during normal website use is typical webserver log data. This information includes internet protocol (IP) addresses, browser type, referring/exit pages, operating system, date/time stamp and clickstream data. Such data does not tell us who you are or reveal any other information of a personal nature. We use webserver log data to generate statistics and measure site activity for the benefit of our Website users.

How does Reksoft use cookies and log files?
We use cookies and log files to:

  • measure the number of Website visitors;
  • see what pages are the most popular;
  • gather information used for making our Website more customer oriented;
  • deliver relevant information and marketing content to our visitors.
We also use cookies to collect visitor statistics using Google Analytics. This helps us gain a better understanding as to how you and our other visitors interact with our Website.

3. Why we process your personal data

We process your personal data for different purposes. We will not process your personal data unless we have a legal basis for doing so. Below you can read more about why we process your personal data and what legal basis we have for the processing.

Processing based on your consent

Personal data is processed for the following purposes for which we need you consent:
  • to process, evaluate and respond to your enquiries and requests;
  • to verify your identity
  • to provide you as Website visitor with information about products, services and events;
We will make sure we obtain your consent before we begin processing your personal data for the purposes listed above. The request for your consent will be clear and specific and provide you with a description of the purpose of our data processing. We will never assume your consent, but ensure that your will to consent is clearly expressed.

You have the right to withdraw your consent at any time, in which case we will stop processing the personal data provided by you or collected by us under the consent. Please direct a request for withdrawal to privacy@reksoft.com.

Processing that is necessary to fulfil an agreement

In some cases, our processing of your personal data is necessary for us to be able to fulfil an agreement with you or a company you represent. The processing may also be necessary in order to take steps at your request prior to entering into an agreement. For example, we may process your personal data:
  • to verify your identity and contact information
  • to provide system support and services (warranty service, recall information, etc.); for administration of your payments;
  • for product and service development purposes, for example to improve system performance, quality and safety done by ourselves and our chosen third party recipients or suppliers.

Processing that is necessary for our or a third party’s legitimate interests

In some cases, we may also rely on our or a third party’s legitimate interest to process your personal data. For example, your personal data may therefore be used:
  • to comply with legal requirements or lawful authority requests;
  • to protect our legal rights, for example to investigate potential violations of our terms and conditions; to detect, prevent or disclose fraud and unauthorized transactions; to defend ourselves in connection with a potential claim; to detect and/or prevent other security issues; and to manage risk exposure and maintain a high level of security;
  • to operate, evaluate and improve our business, including: for internal administrative purposes
    • for product and service improvement
    • for development of new products and services;
    • to manage our communication with you, other stakeholders, customers and markets;
    • to carry out market research;
    • to determine and manage the effectiveness of our advertising and marketing;
    • to analyse our products, services and websites; and
    • to perform accounting, auditing, billing, reconciliation and collection activities.
If you have any questions regarding this or want to know more about how we determine our legitimate interest, you are welcome to contact us.

Processing that is necessary to comply with legal obligations

Sometimes we need to process your personal data to comply with legal obligations that we are subject to, such as accounting legislation, tax legislation and rules on product liability. Personal data processed for these purposes may include identity and contact information, payment details and information about the products and services that you have purchased.

4. Retention time

We will only retain your personal data for as long as it is necessary to fulfil the purposes outlined in this policy or the purposes of which you have otherwise been informed. The storage time will vary depending on the purposes for which we process the data and the legal basis we have for the processing. The same personal data may also be used for different purposes and based on different legal grounds. This means that certain personal data may still be stored by us even if you withdraw your consent and the processing you’re your consent concerns ceases.

5. Disclosures of personal data

In some cases, we share your personal data with third parties. We aim to choose the option for data processing services that best safeguards the integrity of your personal data towards any third party. We will not share your personal data with third parties for other purposes than those listed in this policy.

Disclosures to third parties

We will, as a general rule, only disclose your personal data to a third party if we have received your consent to do so. We will not sell your personal data to any third party without first obtaining your consent. You will be informed of the third parties involved before giving your consent. If you have provided such consent, but wish to withdraw it, please contact that third party directly. In some cases, we may share your personal data with a third party without your consent, for example in situations where disclosure is required by law or where such disclosure is necessary for our or a third party’s legitimate interest.

We share your personal data with suppliers engaged by us who processes the data on our behalf for the purposes listed above, such as suppliers of IT systems and services. Your personal data is, for example, stored in IT systems that are necessary for us to conduct our business and provide you with the services you request. These suppliers are contractually required to keep your personal data secure and confidential.

Transfers of personal data to third countries

The information we collect from you may be transferred to, and stored at, various locations depending on, for example, where our company’s IT systems are hosted. The data may be processed by employees who work for us or by our suppliers who are located in a country outside of EU/EES.

When your personal data is transferred to a country outside EU/EES, we will take all reasonable legal, technical and organisational measures to ensure that the data is handled securely and in accordance with applicable privacy laws and this privacy policy. For example, the transfer of data may be based on an agreement that includes standard data protection clauses for data transfer adopted by the European Commission.

6. Security

We strive to implement appropriate technical, organisational and legal measures to protect your personal data against accidental or unlawful destruction, accidental loss or alteration, unauthorised disclosure or access and any other unlawful form of processing. We aim to ensure that the security level adopted to protect your personal data are appropriate in relation to the risks presented by the nature of your personal data and our processing thereof.

7. Your rights and choices

Your right to information about your personal data

You have the right to request access to information about the personal data that we process about you, such as what personal data we process, how the personal data is collected, the purpose and legal basis of the processing, and with whom the personal data is shared. Requests for such information must be made in writing and include your name, address and, preferably, your e-mail address. The request must also be personally signed by you (or that you have otherwise given proof of identity).

Your right to control of your personal data

You also have the right to request that we correct any incorrect data relating to you and, under certain circumstances, you have the right to request that we delete your personal data or restrict our processing of your personal data. Examples of such circumstances include situations in which you have withdrawn all or part of your consent to our processing, if you object to our processing or if you think that the processing is no longer necessary for the purposes that we have stated.

Requests should be sent to Reksoft AB at the address stipulated below under “Contact Details”. Requests to delete personal data will be subject to any applicable legal requirements.

Your right to withdraw your consent

You have the right to withdraw your consent at any time, in which case we will stop processing the personal data provided by you or collected by us under the consent. Your withdrawal of consent may, however, have no effect on our processing of your personal data prior to such withdrawal. You also have the right to object to the processing of your personal data for the purpose of direct marketing and profiling. Your right to submit complaints Reksoft is committed to handling any request, complaint or concern that you may have about our use of your personal data, in a fair and transparent way. If you have any complaints regarding our processing of your personal data, you have the right to submit a complaint to the Swedish Supervisory Authority or to another supervisory authority.

8. Changes

Reksoft reserves the right to amend this policy from time to time.

9. Contact details

Please use the following contact details to exercise your rights as described above. Your requests will be dealt with in a prompt and proper manner. All communication and measures taken by us relating to you exercising your rights will be provided free of charge. If you make an obviously unreasonable or unjustified request, we do, however, reserve the right to charge you with a reasonable fee for the costs that arise for us in order to fulfil your request.

Physical security and infrastructure

Infrastructure, which includes physical components, power components, telecom and the overall system, is reliable, state-of-art and offer very high availability. We have solid systems and processes for infrastructure control, upkeep and management.

We have comprehensive security in place at our buildings and at individual rooms to prevent unauthorized access, damage, or interference to the information systems as well as to protect equipment from physical and environmental threats.

  • Office security guard 24x7
  • Electronic access control system
  • Video surveillance
  • Intrusion alarm
  • Fire alarm
  • Secure server room
  • Backup power supply sources
  • Backup communication channel
  • Lightning protection
  • External backup facility

Information security

We have built an effective and standardized methodology for managing information security that is continually improved, to minimize risks before, during and after deployment.

  • NDA and Confidentiality agreements with clients and all employees
  • Access control: Active Directory
  • Firewalls for both external and internal  access
  • Media: controlled access and secure disposal
  • Encryption of VPN tunnels and emails
  • Automatic event log monitoring
  • Fault prevention tools
  • Isolated network segments, centralized antivirus control
  • Controlled Internet access via proxy server and traffic monitoring

IP protection

We have thoroughly developed our security systems, policies and institutionalization to guarantee that your intellectual property is always safe. We are highly conscious of security issues, respecting IP rights and adhering to all appropriate EU and US standards. We have established a European legal entities across Europe.

  • Corporate Legal Plan, includes
    • General Terms and Conditions
    • Code of Conduct
  • Corporate Continuity Plan, includes
    • Pandemic Plan
    • Infrastructure Recovery Plan 
  • Corporate Security Plan, includes
    • IT Security Policy
    • IP Security Policy
    • Physical Security Policy
  • Regular IP awareness workshops

E-mail: privacy@reksoft.com
Postal address: Reksoft AB, Isafjordsgatan 39b, 16440, Kista, Sweden

VERSION
This policy was published May 24, 2018

Recognition

Clients

We are very satisfied with the accuracy and speed shown by Reksoft’s SAP team in accomplishing this project, which allowed us to streamline company processes to a considerable degree. We would not hesitate to recommend Reksoft to any business seeking an integration solution.

Gerrit van Kammen,
Head of Software Engineering
Springer Science+Business Media

All clients