# Personal data we process as the controller --- ## **Ensure technical functionality and security in Pagero Health Solutions** ### What we do We use your personal data to ensure necessary technical functionality and security of our IT systems and our service Pagero Health Solutions, for example, in connection with access controls and for security logging and error handling. For information on which security measures that we implement, please visit our page on [information security](https://www.pagero.se/informationssakerhet/). ||| **Categories of personal data** - User credentials - Log data ||| **Legal basis** _Legitimate interest (Article 6.1 f) of the GDPR)._ The use of your personal data is necessary to satisfy our legitimate interest in ensuring the technical functionality and security of our IT systems and services and fulfilling our responsibility of ensuring the security of our service provided to our customers according to Article 32 of the GDPR. It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose. ||| ### Storage period User credentials are stored as long as the user is an active user and up to 3 months thereafter. Logs are kept with different timespans depending on the type of log, the shortest being 3 months, and some logs are kept indefinitely after being anonymized. ### Sharing of data We share this data with suppliers of internal IT systems where such data is processed internally with information security and RnD teams. ### Third-country transfers Yes, internally to group companies and suppliers of IT systems subject to the Standard Contractual Clauses, the Data Privacy Framework and additional technical and organizational security measures. --- ## Incident management ### What we do To manage incidents in the services and fulfil our legal and contractual obligations to manage and report incidents, we will process personal data that is necessary to investigate, report and remediate a specific incident. Depending on the type of incident, such as an availability incident or a confidentiality incident, we may process personal data relating to our security logs, metadata about affected customer documents, your registered incident email and any support case data related to the incident. ||| **Categories of personal data** - User credentials - Log data - Support case data - Metadata about affected customer documents - Your registered incident email ||| **Legal basis** _Legitimate interest (Article 6.1 f) of the GDPR)._ The use of your personal data is necessary to satisfy our legitimate interest in ensuring that we appropriately manage, remediate and report incidents according to our legal and contractual obligations when providing our services. It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose. ||| ### Storage period Personal data in relation to support case data are kept according to our support process. Logs and documentation in relation to the specific incident is kept indefinitely as evidence. The incident email is stored for as long as our customer keeps the incident email registered in our services and/or is using our services. ### Sharing of data We share this data with suppliers of internal IT systems where such data is processed internally with information security and RnD teams. ### Third-country transfers Yes, internally to group companies and suppliers of IT systems subject to the Standard Contractual Clauses, the Data Privacy Framework and additional technical and organizational security measures. --- ## **Use of technical, functional and security cookies in Pagero Health Solutions** ### What we do For Pagero to ensure technical functionality and security of Pagero Health Solutions, strictly necessary and functional cookies and similar technologies may be used within the service. This includes remembering your settings and preferences. ||| **Categories of personal data** - Language settings - Cookie data - Technical Information - IP Address ||| **Legal basis** _Legitimate interest (Article 6.1 f) of the GDPR)._ The use of your personal data is necessary to satisfy our legitimate interest in ensuring the technical functionality and security of our services and fulfilling our responsibility of ensuring the security of our service provided to our customers according to Article 32 of the GDPR. It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose. ||| ### Storage period Language Settings, Cookie Data, and Technical Information are stored during the period stated in the Pagero Health Solutions Cookie Notice. ### Sharing of data We share this data with suppliers of internal IT systems where such data is processed internally and R&D teams. ### Third-country transfers Yes, internally to group companies and suppliers of IT systems subject to the Standard Contractual Clauses, the Data Privacy Framework and additional technical and organizational security measures. --- ## **Provide support services** ### What we do We use your personal data to respond to questions when you contact our support and to provide customer service. ||| **Categories of personal data** - Case history - Communication - Communication history - Contact information - Identity information - Order information - Order history - Profile information - Technical information ||| **Legal basis** _Legitimate interest (Article 6.1 (f) of the GDPR)._ The use of your personal data is necessary to satisfy our legitimate interest of responding to questions that you have and to provide customer service, for example providing customer support and managing any potential issues, errors and incidents that the customer may experience using our services. It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose, especially when you yourself has reached out to us. ||| ### Storage period Personal data related to the individual who submitted the support request is deleted after a period of twenty-four (24) months of inactivity. Support cases (without the connection to the submitter) are kept for seven (7) years in order to ensure consistency in the delivery of our services to customers. ### Sharing of data This data may be accessed by the supplier of our support case system and internally within the group companies. ### Third country transfers Yes, this data may be accessed by Pagero employees located in a third country subject to the Standard Contractual Clauses, the Data Privacy Framework and additional technical and organizational security measures. The supplier of the support cases system may upon prior authorization access specific cases for technical support subject to the Standard Contractual Clauses. --- ## **Enable functionality and security in the Support Center** ### What we do We use cookies and similar technologies to enable functionality on our websites and ensure the security of the Support Center, including remembering your settings and preferences. ||| **Categories of personal data** - Cookie consent settings - Cookie data ||| **Legal basis** _Legitimate interest (Article 6.1 (f) of the GDPR)._ Where we use cookies (and similar technologies) for this purpose, we rely on our legitimate interest of providing strictly necessary functionality for our websites to function and ensure their security. It is our assessment that our legitimate interest outweighs your interest in not having your personal data processed for this purpose. _Consent (Article 6.1 (a) of the GDPR)._ Where we use cookies (and similar technologies) that are not strictly necessary for the website to function, we base this processing on your consent to cookies. ||| ### Storage period Personal data is stored during the period stated in the [Pagero Support Center Cookie Notice](https://support.pagero.com/hc/en-us/p/cookie-notice). ### Sharing of data This data may be accessed by the supplier of our support case system, the third-party cookie provider, and internally within the Group Companies. ### Third country transfers Yes, this data may be accessed by Pagero employees and third-party cookie providers located in a third country subject to the Standard Contractual Clauses, the Data Privacy Framework where applicable and additional technical and organizational security measures. --- ## **Quality assurance of customer service** ### What we do If you have been in contact with our customer support, we use your personal data to ask if you would like to help us ensure the quality of our customer service and support processes by providing your feedback. It is completely voluntary to provide feedback. ||| **Categories of personal data** - Support case data - Name and email - Title and organization - Contact information - Identity information - Order information - Order history - Profile information ||| **Legal basis** _Legitimate interest (Article 6.1 (f) of the GDPR)._ The use of your personal data is necessary to satisfy our legitimate interest of ensuring the quality of our customer service in order to provide the best customer service experience possible. It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose. ||| ### Storage period Personal data related to the individual who submitted the feedback is deleted after a period of twenty-four (24) months of inactivity. ### Sharing of data This data may be accessed by the supplier of our support case system and internally within the group companies. ### Third country transfers Yes, this data may be accessed by the supplier of our support case system, Pagero employees located in a third country subject to the Standard Contractual Clauses and additional technical and organizational security measures.