Privacy Policy

Introduction

At Candela Technology AB, Reg. No. 556985-3285, Frihamnsgatan 25, 115 56 Stockholm, Sweden (“Candela”) we are committed to protecting the privacy and security of our customers’ personal data, as well as the personal data of our website visitors, visitors to our premises, and any other individual whose personal data we may process. This privacy policy explains how we collect, use, and protect your personal data and your rights in relation to that information. Candela acts as data controller pursuant to the EU General Data Protection Regulation (2016/679) (the “GDPR”) with regards to the processing of personal data described in this privacy policy.

For more detailed information on how we use cookies and similar technologies, please refer to our Cookie Policy.

Data Subject’s Rights:

You have the following rights in relation to your personal data:

Right of Access: You have the right to obtain confirmation as to whether or not we are processing your personal data and, if so, to request access to that information and a copy of the information.

Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.

Right to Erasure: You have the right to request that we delete your personal data under certain circumstances, such as when it is no longer necessary for the purposes for which it was collected, or when you withdraw your consent.

Right to Restriction of Processing: You have the right to request that we restrict the processing of your personal data under certain circumstances, such as when you contest the accuracy of the information we hold.

Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller without hindrance.

Right to Object: You have the right to object to the processing of your personal data where we process it on the basis of our legitimate interests or for direct marketing purposes.

Right to Withdraw Consent: Where we rely on your consent to process your personal data, you have the right to withdraw your consent at any time.

If you wish to exercise any of these rights, please contact us at:

Candela Technology AB
Frihamnsgatan 25
115 56 Stockholm, Sweden
Phone: +46 10 130 08 10
E-mail: dataprotection@candela.com

We will respond to your request within the timeframes required by law and in accordance with this policy.

Please note that certain legal exemptions or limitations may apply to the exercise of these rights, and we may need to verify your identity before processing your request. If we are unable to comply with your request, we will explain the reasons for this and inform you of your options.

Legal Basis

We process your personal data based on one or more of the following legal bases, depending on the specific purpose for which we process it:

Contract Performance: We may process your personal data when it is necessary to enter into a contract with you and to fulfil our obligations under that contract. This includes processing your personal data to provide you with products and services, manage our relationship with you, respond to your inquiries, and provide customer support.

Legitimate Interests: We may process your personal data when it is necessary for our legitimate interests or the legitimate interests of a third party, provided those interests are not outweighed by your rights and interests. This includes processing your personal data to manage our business operations, provide and improve our products and services, maintain our relationship with you, communicate with you about our products and services, personalize our communications with you, and detect and prevent fraud.

Consent: In some cases, we may process your personal data based on your explicit consent. For example, we may process your personal data to send you marketing communications, if you have given us explicit consent to do so. You have the right to withdraw your consent at any time, but this will not affect the lawfulness of any processing carried out before you withdraw your consent.

Legal Obligations: We may process your personal data when it is necessary to comply with a legal obligation to which we are subject. This includes processing your personal data to comply with laws and regulations related to data protection, employment, taxation, and health and safety, among others.

We will always ensure that we have a legal basis for processing your personal data. For more information about the specific legal basis for each purpose for which we process personal data, see more information under the section Processing of Personal Data below. If you have questions about the legal basis on which we process your personal data, please contact us using the contact information provided in this privacy policy.

Processing of Personal Data

Customers

Purposes and Types of Personal Data Processed

If you are a customer, i.e. if you have placed a pre-order or an order for any of our products or if you have subscribed to our newsletter, we may collect and process the following types of personal data for the purposes stated below:

Personal identification information: We collect personal data such as your name, shipping/billing address, email address, phone number, and payment information such as your credit card details. This allows us to process your orders and pre-orders, provide customer support, manage your account, and communicate with you about our products and services.

Transactional data: We collect information about the products you purchase or pre-order, your payment history, and your interactions with our customer support. This helps us manage our business relationship with you, understand your preferences, and provide better service.

Technical data: If you use our website or mobile app, we may collect technical data about your device and your interaction with our services, such as your IP address, browser type, operating system, and other technology on the devices you use. This helps us ensure that our services function properly on your device and allows us to enhance your online experience.

Marketing and Communications data: This includes your preferences in receiving marketing from us and your communication preferences. This enables us to communicate with you in accordance with your preferences and provide you with information or advertising relating to our products or services that may be of interest to you.

Usage data: If you own one of our electric vessels, we may collect data about your usage of the vessel, such as distance travelled, speed, battery usage, and other operational data. This helps us understand how our vessels are being used, improve our products, and provide you with better service and support.

Legal basis

The principal legal basis for our processing of customers’ personal data is the performance of the contract between the customer and Candela. This includes activities such as processing orders and pre-orders, providing subscribers with our newsletter, handling customer support, and account management.

Further to this, we process technical data and usage data based on our legitimate interests to ensure the functionality of our services on your device, understand how our electric vessels are used, continuously improve our products, and enhance our service and support.

In certain circumstances, we may process your personal data to comply with our legal obligations. This includes compliance with the Swedish Accounting Act and anti-money laundering provisions.

Website visitors

Purposes and Types of Personal Data Processed

If you visit our website (www.candela.com), we may collect and process the following types of personal data for the purposes stated below:

Personal identification information: If you choose to provide it, we may collect personal data such as your name, email address, and phone number, for example, when you fill out a form to inquire about our products or services. This allows us to respond to your inquiries and engage in further communication.

Technical data: When you visit our website and have allowed our use of cookies, we automatically collect certain technical data about your device and your interaction with our website. This includes your IP address, browser type and version, time zone setting and location, operating system and platform, and other technology on the devices you use to access our website. We use this information to ensure that our website functions properly on your device and to enhance and personalize your online experience.

Usage data: We collect information about how you use our website, such as the pages you view, the links you click, and other actions you take on our website. This helps us understand what parts of our website are most interesting and useful to our visitors, so we can improve our website and provide more relevant content.

Marketing and Communications data: This includes your preferences in receiving marketing from us and your communication preferences. This allows us to engage with you in accordance with your preferences.

Legal basis

The main legal basis for processing the personal data of visitors of our website is our legitimate interest or consent.

If you provide us with your name, email address, or phone number, we process this information to communicate with you about your interest in our products or services. We also collect technical and usage data to make sure our website works as intended. These processing activities are based on our legitimate interests to respond to your inquiries, manage your cookie preferences and ensure that our website functions properly.

Processing of personal data for marketing purposes and the use of some of the cookies and similar technologies on the website, used to improve your online experience and understand how users interact with our site, requires your consent. This means that we will ask for your approval for the use of certain cookies and to provide you with marketing communication. Please note that you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

Prospective Customers

Purposes and Types of Personal Data Processed

If you are a prospective customer, i.e. if you have booked a test drive or requested a custom quote for our Pro Series products, we may collect and process the following types of personal data for the purposes stated below:

Personal identification information: We may collect personal data such as your name, email address, and phone number when you request a test drive or interact with our sales team. This allows us to respond to your inquiries, manage test drives, send you information about our products and services, and maintain a relationship with you as a potential customer.

Marketing and Communications data: This includes your preferences in receiving marketing from us and our third parties, and your communication preferences. This enables us to communicate with you in accordance with your preferences and provide you with information or advertising relating to our products or services that may be of interest to you.

Usage data: We may collect information about your interactions with our marketing materials, such as which emails you open or which links you click. This helps us understand your interests and preferences, so we can tailor our marketing efforts and provide more relevant content.

Legal basis

When processing personal data of prospective customers, the legal bases we rely upon are our legitimate interests and consent.

Processing activities such as responding to inquiries, maintaining a prospective customer relationship, and ensuring the proper functioning of our website are based on our legitimate interests. Our interest lies in engaging with potential customers, facilitating the prospective customer’s interest in our products, understanding their preferences, and providing a seamless online experience.

For marketing activities and certain types of data processing, we rely on your consent. For instance, if you are not a customer, we will ask for your consent before we provide you with any direct marketing. We will also ask for your consent to our use of cookies on our website. Please be aware that you can withdraw your consent at any time, which will not affect the lawfulness of processing based on consent prior to its withdrawal.

Suppliers and Business Partners

Purposes and Types of Personal Data Processed

If you represent a supplier or business partner, we may collect and process the following types of personal data for the purposes stated below:

Personal identification information: We collect personal data such as your name, business address, email address, and phone number. This information allows us to communicate with you, manage our business relationship, and fulfil our contractual obligations.

Professional data: We may collect information related to your professional role, such as your job title, department, and the organization you work for. This information helps us understand your role and responsibilities in our business relationship.

Transactional data: We collect information related to our business transactions with the company you represent, such as the products or services you supply to us, your payment details, and your payment history. This information allows us to manage our contracts, process payments, and maintain accurate business records.

Legal basis

The key legal basis for the processing of personal data of our suppliers and business partners is the performance of the contract we have with you or the company you represent. This includes activities such as communicating with you, managing our business relationships, fulfilling contractual obligations, processing payments, and maintaining accurate business records.

Furthermore, we also process certain personal data based on our legitimate interest. specifically in the stages leading up to entering a contract. This includes processing professional data to understand your or your company’s business and suitability for a potential business relationship.

In certain circumstances, we may process your personal data to comply with our legal obligations. This includes compliance with the Swedish Accounting Act and anti-money laundering provisions.

Job Applicants

Purposes and Types of Personal Data Processed

If you apply for a job with us, we may collect and process the following types of personal data for the purposes stated below:

Personal identification information: We collect personal data such as your name, address, email address, phone number, and social security number. This information allows us to manage your job application and communicate with you throughout the application process.

Professional and employment-related information: We collect information related to your professional background, such as your resume, cover letter, employment history, educational background, professional qualifications, references, and any other information you provide to us in the context of your job application.

Interview records: If you are invited for an interview, we may keep records of the interview, such as notes taken by the interviewer and any scores or assessments. This helps us make fair and informed decisions about your application.

Background check information: Depending on the nature of the job you are applying for, we may conduct background checks where permitted by law. This could include checking your criminal record, credit history, and verifying your professional qualifications.

We use this information to manage the recruitment process, make informed decision about your application, comply with our legal obligations, and, if applicable, prepare for entering into a contract with you.

Legal basis

Your personal data collected as part of the recruitment process will be stored and processed primarily based on our legitimate interest to manage your application and administer the recruitment process. Under the Swedish Discrimination Act, we are required to store all your application documents for two years after the position you applied for is filled. Unless you express a wish for the data to be stored longer, the data will be deleted after this time.

Profiling

Profiling usually involves analysing various aspects of your personal data, such as your preferences, interests, behaviours, location, and other characteristics. However, at Candela, we limit our profiling activities to creating a profile based solely on your location. This is done to ensure that we send you information about events or opportunities that are relevant to your region, provided we have a legal basis to process your personal data for marketing purposes.

Please be assured that our profiling does not include automated decision-making activities as defined under Article 22 of the GDPR. Consequently, our profiling activities will not produce any decision that has legal implications for you or that significantly affects you in any other substantial way.

 

Safety Measures

We take reasonable and appropriate measures to safeguard your personal data from unauthorized access, disclosure, alteration, or destruction. We have implemented technical, administrative, and physical security measures designed to protect your personal data, such as encryption and secure servers.

 

Disclosure of Personal Data

We always strive to protect the confidentiality of our customers’ personal data and we do not sell this information to anyone. We only transfer personal data in accordance with what is described below. Candela always exercises the utmost caution when transferring your personal data.

Business Partners: We work closely with a range of business partners, including resellers, agents, and ambassadors. Depending on whether you have been in contact with our business partners or if it is otherwise necessary to facilitate and perform our contractual undertakings, we may share your personal data with our business partners, enabling them to fulfil their obligations related to any purchases you make or services you use through our Website. We ensure transparency by clearly stating whenever a partner is involved in your transaction.

Marketing Partners: Our marketing partners, such as LinkedIn and other marketing providers, may also have access to your personal data. This access is granted to help us provide more targeted and relevant marketing to you.

Legal Obligations: Candela may share user accounts and personal data to comply with legal requirements, enforce our terms of service, or protect the rights and property of Candela, our users, and others. This can involve sharing information with other organizations for purposes such as fraud prevention and credit risk reduction. However, this never suggests that Candela would sell, rent, or share personal data for commercial purposes contrary to our privacy policy.

Business Transactions: In the event of a business transition, such as a merger or acquisition, your personal data may be disclosed to our advisors, potential buyers, and their advisors, and subsequently transferred to the new owners.

Cookies and other Similar Technologies: If you enable cookies and similar technologies when visiting our Website or making purchases, we may collect data about your website usage. This information could be used for customer segmentation, marketing, and advertising. For the purposes stated earlier, we share this information with our social media, advertising, and analytics partners.

 

Transfers to Third Countries

In limited instances, the transfers of personal data described in the section Disclosure of Personal Data above may entail that your personal data be transferred to recipients outside of the European Economic Area (EEA) where the laws may not provide the same level of protection for personal data as the laws of the EEA. If we transfer your personal data to a country outside the EEA, we will ensure that appropriate safeguards are in place, including standard contractual clauses approved by the European Commission and, for transfers to the US, that the recipient has been certified in accordance with the EU-US Data Privacy Framework.

 

Retention of Personal data

We retain your personal data only for as long as necessary to fulfil the purposes for which we have collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements. Here is how we determine the appropriate retention period for your personal data:

Contract Performance: If we process your personal data to fulfil our contractual obligations to you, we typically retain the data for the duration of the contract plus a reasonable period of time thereafter to comply with applicable statutory limitation periods or to establish, exercise, or defend legal claims.

Legitimate Interests: If we process your personal data based on our legitimate interests or the legitimate interests of a third party, we retain the data for as long as necessary to achieve those interests, provided you have not objected to this processing.

Consent: If we process your personal data based on your consent, we retain the data for as long as you have not withdrawn your consent.

Legal Obligations: If we are legally required to retain your personal data, we will do so for as long as required by that legal obligation. For example, in accordance with the Swedish Accounting Act, we keep any information found within invoices for a ten-year period. Similarly, job application data is stored for two years in compliance with the Swedish Discrimination Act.

Job Applicants: If you apply for a job with us, we typically retain your personal data for a reasonable period of time after the recruitment process ends, either to fulfil legal obligations, to keep you informed about future employment opportunities, or to establish, exercise, or defend legal claims, unless you ask us to remove your personal data from our system.

Please note that in some circumstances, we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

At the end of the retention period, we will securely delete or destroy your personal data in accordance with applicable laws and regulations. If you have any questions about our data retention practices, please contact us using the contact information provided in this Privacy Policy.

 

CCTV

We use CCTV on our premises during out-of-office hours when our alarm system is active. The primary purposes of our CCTV system are to deter and detect crime, prevent and detect sabotage, and ensure the safety and security of our premises.

The CCTV cameras are triggered by our alarm system and are only operational when the alarm is on. The footage captured by our CCTV system is monitored live by a trusted third-party security company. We only process live recordings and do not record sound. Our CCTV system does not record video footage. This means we do not store or archive any video data captured by the CCTV system.

We share the live CCTV footage with our third-party security company for real-time surveillance. This company is contractually obliged to handle the data in a secure and confidential manner, and to use it solely for the purpose of providing security services to us.

We have carefully considered and balanced the legitimate benefits of the CCTV system (crime prevention, security of premises) against potential privacy intrusions. The use of CCTV is strictly limited to areas where a higher level of security is necessary.

We provide clear and visible signage at our premises to inform visitors that CCTV surveillance is in operation.

You may have certain rights in relation to the CCTV footage, such as the right to object to the surveillance. However, given that we do not record or store CCTV footage, we are generally unable to provide copies of the footage or otherwise fulfil most data subject requests concerning the CCTV data. If you have any questions or concerns about our CCTV system, please contact us using the contact information provided below.

 

Contact Us

If you have any questions or concerns about our privacy practices or this Privacy Policy, please contact us at:

Candela Technology AB
Frihamnsgatan 25
115 56 Stockholm, Sweden
Phone: +46 10 130 08 10
E-mail: dataprotection@candela.com

If you have objections to our processing of your personal data, you may file a complaint with the Swedish Authority for Privacy Protection (Sw. Integritetsskyddsmyndigheten). More information on how to file a complaint is available here.

We may update this Privacy Policy from time to time to reflect changes in our privacy practices. We encourage you to review this Privacy Policy periodically to stay informed about our collection, use, and disclosure of personal data.