1. Our Commitment to GDPR Compliance

At Leggit.se, we are committed to ensuring that all personal data processing activities comply with the General Data Protection Regulation (GDPR). This page outlines our approach to GDPR compliance and provides information about how we protect your data rights.

2. Data Processing Principles

We adhere to the following principles when processing personal data:

Lawfulness, fairness and transparency: We process data lawfully, fairly and in a transparent manner.
Purpose limitation: We collect data for specified, explicit and legitimate purposes.
Data minimization: We ensure that personal data is adequate, relevant and limited to what is necessary.
Accuracy: We take reasonable steps to ensure personal data is accurate and kept up to date.
Storage limitation: We keep personal data for no longer than necessary.
Integrity and confidentiality: We process data in a manner that ensures appropriate security.
Accountability: We take responsibility for complying with the GDPR principles.

3. Your Rights Under GDPR

Under the GDPR, you have the following rights regarding your personal data:

Right to access: You can request a copy of your personal data.
Right to rectification: You can request correction of inaccurate personal data.
Right to erasure: You can request deletion of your personal data in certain circumstances.
Right to restrict processing: You can request restriction of processing in certain circumstances.
Right to data portability: You can request transfer of your data to another controller.
Right to object: You can object to processing based on legitimate interests.
Rights related to automated decision making: You have rights regarding automated individual decision-making and profiling.

4. Data Protection Officer

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the DPO at dpo@leggit.se.

5. Data Breach Procedures

We have implemented procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. Our incident response plan ensures that we can react quickly to minimize the impact of any data breach.

6. Data Protection Impact Assessments

For processing activities that are likely to result in high risk to individuals, we conduct Data Protection Impact Assessments (DPIAs) to help us identify and minimize data protection risks.

7. International Data Transfers

When we transfer personal data outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place to provide an adequate level of protection for your data, as required by the GDPR.

8. How to Exercise Your Rights

To exercise your rights under GDPR, please contact us at gdpr@leggit.se. We will respond to your request within one month. This period may be extended by two further months where necessary, taking into account the complexity and number of the requests.