Privacy Notice – Bubbi
1. INTRODUCTION
In this privacy notice, we describe what personal data about you that we use and why, including your rights under the General Data Protection Regulation (GDPR).
2. WHO IS COVERED BY THIS INFORMATION
This privacy notice covers you who:
• Visit our website (https://www.bubbi.ai) and our digital channels, for example our feeds on social media platforms.
• Represent or are a contact person of a customer that we do business with.
• Represent or are a contact person of a prospective customer.
• Represent or are a contact person of a supplier or a partner to us.
• Apply for job with Bubbi, including referees.
• Otherwise interact with us, for example if you contact us or if you sign up for communication such as our newsletter.
3. RESPONSIBILITY FOR THE USE OF YOUR PERSONAL DATA
Data controller
Bubbi AB, with company registration number 559267-8907, (“Bubbi” “we”, “us” or “our”,) is responsible (data controller) for the use of your personal data under this privacy notice, unless otherwise is stated.
Data processor
When Bubbi provide its services to customers, Bubbi will also (as a data processor) process certain personal data on behalf of the customers, which is regulated in a separate data processing agreement with each customer. Bubbi has selected EU/EEA as storage option/area with the relevant sub-processor for the processing of such personal data.
For the avoidance of doubt, this privacy notice only describes how Bubbi processes personal data in our role as a data controller.
4. FROM WHICH SOURCES WE COLLECT PERSONAL DATA
The personal data that we collect about you is mainly collected directly from yourself when you provide your personal data to us, for example when you contact or otherwise communicate with us, apply for a job or visit any of our website or other digital channels.
We also collect, where necessary, personal data from other sources as described below.
• The company or organisation that you work for,
• Social network platforms if you follow or interact with us on social media,
• Partners that we collaborate with, for example to carry out events or similar activities,
• External persons that we communicate with for the purposes described in this privacy notice.
• Publicly available sources, for example social networking platforms or public records if you apply for certain positions with Bubbi.
• Referees, when carrying out reference checks as a part of the recruitment process.
• Recruitment agencies that help us recruit for certain positions.
5. FOR WHICH PURPOSES WE USE YOUR PERSONAL DATA
We collect and use personal data for various purposes. The purposes for which we in practice process your personal data may, however, vary, depend on your relationship with us or how you interact with us.
To read more about which personal data, which legal basis that we rely on for the processing of your personal data for each purpose and for how long your personal data is stored in relation to the relevant categories of individuals, please see our detailed information on our use of personal data.
6. HOW WE SHARE YOUR PERSONAL DATA
Transfer of personal data to other external recipients (controllers)
We share your personal data with various external recipients, where necessary, for the purposes for which we process your personal data as described in this privacy notice. These recipients are responsible (controllers) for their own processing of your personal data, unless we have stated otherwise.
To read more about for which purposes that we share your personal data and the legal bases for such sharing, please see our detailed information on our use of personal data under the column ”external recipients”, where we have outlined in relation to each purpose for processing of personal data the external recipients that we share your personal data with.
Transfer of personal data to service providers (processors)
We also transfer personal data to service providers that we have engaged when necessary for the purposes for which we process personal data as described in this privacy notice.
These service providers provide, for example, IT services, development services and communication services to us. The services providers which process personal data on our behalf and in accordance with our instructions act as data processors in relation to us. These service providers may not
process your personal data for their own purposes and are legally and contractually obligated to protect your personal data.
Where we process your personal data
We store, as a main rule, your personal data within the EU/EEA area. However, in certain cases we transfer your personal data to recipients established in third countries outside the EU/EEA, for example to service providers which we engage in such third country.
To ensure an essentially equivalent level of protection for your personal data when transferred (or otherwise made available) to service providers in third countries outside of the EU/EEA which do not provide an adequate level of protection, we normally use the EU Commission’s adopted standard contractual clauses for international transfers according to decision 2021/914 and implement.
We also rely upon adequacy decisions by the EU Commission where personal data is transferred to countries and recipients covered by such decision (i.e. when the EU Commission has decided that such country and/or recipient provides an adequate protection for personal data), e.g. the Adequacy Decision for the EU-US Data Privacy Framework .
7. YOUR RIGHTS
Rights in relation to the use of your personal data
You have the following rights in relation to your personal data under the GDPR:
• Access to and receive a copy of your personal data (Article 15).
• Rectify or supplement your personal data (Article 16).
• Withdraw your consent to a processing of your personal data (Article 7).
• Delete your personal data (Article 17).
• Object to a processing of your personal data (Article 21).
• Restrict a processing of your personal data (Article 18).
• Obtain a copy of your personal data and have your personal data transferred to an external recipient (data portability) (Article 20).
Automated individual decision-making
We do not carry out any automated individual decision-making which have legal effects or similar
significant effects on you.
Further information on your rights
Please note that each right above comes with certain caveats and exemptions. This means that these
rights only may be successfully exercised in certain situations. For more information on your rights
and when they apply, see for example the information provided by the Swedish Authority for Privacy Protection available on their website.
Exercise your rights
If you wish to exercise your rights at any time, please contact us on the contact details below.
If possible, we would grateful if you use the e-mail address that you have registered with us or used when you have previously been in contact with us. This would make it easier for us to manage your request.
Right to lodge a complaint
You have the right to lodge a complaint with your supervisory authority. Contact details to the data
protection authorities in the EU/EEA can be found here.
8. UPDATES TO THIS INFORMATION
If our use of personal data changes, we will update this privacy notice to reflect such changes. At the top of this page, you can see when this privacy notice was last updated. If we make material changes that are not only editorial to this privacy notice, we will inform you of any such changes and what they mean to you in advance.
9. IF YOU HAVE ANY QUESTIONS
Please contact us if you have any questions about this privacy notice, how we use your personal data or if you wish to exercise your rights.
Bubbi AB, 559267-8907
Götgatan 22a
118 49 Stockholm
info@bubbi.ai
Detailed information on our use of personal data
INTRODUCTION
In this detailed information on our use of personal data, we in explain the purposes for which we use personal data, the categories of personal data processed for each purpose, our legal basis for the use, for how long we store personal data and with which external recipients (in their role as controllers) that we share your personal data for each purpose.
Further down, we describe which categories of personal data that we process and examples of the type of personal data that is included in each category.
DETAILED INFORMATION ON OUR USE OF PERSONAL DATA
Visitors of our website and digital channels
Follow up on and evaluate the use of our website and digital channels
What we do: We process your personal data to better understand how our website and digital channels are used, for example by analysing numbers of visitors and activities on our webpages. This is carried out by using cookies and similar technologies which allow us to analyse visitor and user statistics.
Categories of personal data:
• User generated information
• Technical information
Legal basis:
Consent (Article 6.1 (a) of the GDPR). The processing relies on the consent that you provide by accepting the use of cookies and similar technologies for the same purpose.
External recipients:
–
Storage period: Personal data is stored during the period stated in the cookie banner on our website.
Provide marketing and tailored content on our website and in our digital channels
What we do: If you visit our website or digital channels, we collect your personal data by using cookies and similar technologies to provide you with marketing and other tailored content which we believe are of interest to you, for example based on your interactions with our digital channels, including our website (such as browsing behaviour and websites visited).
Categories of personal data:
• User generated information
• Technical information
Legal basis:
Consent (Article 6.1 (a) of the GDPR). The use of your personal data relies on the consent that you provide by accepting the use of cookies and similar
technologies for the same purpose.
External recipients:
1. Social media providers
Storage period: Personal data is stored during the period stated in the cookie banner on our website.
Ensure functionality on our website and in our digital channels
What we do: We process your personal data to ensure necessary technical functionality and security on our website and in our digital channels, for example by using strictly necessary cookies and other technologies on these platforms.
Since the cookies and similar technologies are necessary in order to provide our website as intended, your consent to our use of cookies and similar technologies is not needed.
Categories of personal data:
• Technical information
Legal basis:
Legitimate interest (Article 6.1 f) of the GDPR). The processing of your personal data is necessary to satisfy our legitimate interest of ensuring technical functionality on our website and in our digital channels.
It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose, given the purpose of the processing as such and that only basic personal data is processed for this purpose.
External recipients:
–
Storage period: Personal data is stored during the period stated in the cookie banner on our website.
Provide newsletters and other business communication
What we do: If you have signed up for our newsletter or similar communication, we process your personal data to send you such business-related communication, including registering you in our sending list.
We will only send you communication for marketing purposes if you have provided your consent to this, which you normally do by actively signing up for the relevant communication.
Categories of personal data:
• Identity information
• Contact information
Legal basis:
Consent (Article 6.1 (a) of the GDPR). The processing of your personal data is based on your consent to obtain newsletters and similar communication.
External recipients:
–
Storage period: Personal data is stored for this purpose until you withdraw your consent, which you do by unsubscribing to the communication.
You can always unsubscribe from the relevant communication by clicking on the unsubscribe link in the e-mail or similar communication field or by contacting us.
Contact persons of customers
Manage the business relationship with customers
What we do: We process your personal data to manage the customer relationship, for example to communicate with you as a contact person or representative of such organisation, register you as a contact person as well as manage orders and invoices.
Categories of personal data:
• Communication
• Contact information
• Identity information
• Profile data
Legal basis:
Legitimate interest (Article 6.1 (f) of the GDPR). The processing of your personal data is necessary to satisfy our legitimate interest in managing the
business relationship with our customers and thereby fulfil our rights and obligations under relevant contracts.
Our assessment is that this legitimate interest outweighs your interest of not having your personal data processed for this purpose, since we otherwise
would not be able to manage the relationship.
External recipients:
–
Storage period: Personal data is stored for this purpose as long as there is an ongoing relationship with the customer.
Manage your user account
What we do: We process your personal data to register and manage your user account in the Bubbi platform.
You need to provide the personal data requested by us to register a user account for the Bubbi platform. If you do not provide the requested information, you will not be able to access reports, statistics and other material uploaded in the platform.
Categories of personal data:
• Identity data
• Login credentials
Legal basis:
Legitimate interest (Article 6.1 (f) of the GDPR). The processing of your personal data is necessary to satisfy our legitimate interest in managing your user account.
Our assessment is that this legitimate interest outweighs your interest of not having your personal data processed for this purpose, since you voluntary has registered a user account.
External recipients:
–
Storage period: Personal data is stored for this purpose for as long as we have an ongoing customer relationship with the organisation that you represent.
Follow up on and evaluate sales and campaigns
What we do: We process your personal data to follow up on and evaluate our sales and campaigns that we carry out, for example to compile statistics of orders and in general to better understand what services and features that are used by our customers. This in order for us to obtain a better understanding and insight in our customers’ behaviours and patterns, to allow us to develop and improve our business for the benefit of our customers.
We do not carry out any profiling activities in relation to your personal data for this purpose, since analyses are made on an aggregated level. We are not interested in your specific behaviour, but instead our customers’ behaviours on an aggregated level.
Categories of personal data:
• Communication
• Feedback data
• Identity information
• Profile data
Legal basis:
Legitimate interest (Article 6.1 (f) of the GDPR). The processing of your personal data is necessary to satisfy our legitimate interest of follow up on and evaluate our sales and campaigns that we carry out.
Our assessment is that this legitimate interest outweighs your interest of not having your personal data processed for this purpose, especially since reports and statistics only are saved on an aggregated level and that the information therefore cannot be related to you.
External recipients:
–
Storage period: Reports and results on an aggregated level which do not contain any personal data, including statistics, are stored until further notice.
Provide offers and marketing
What we do: We process your personal data to provide you offers and marketing in different channels, for example via e-mail, regarding our services.
No profiling will take place in connection with this processing. However, we may tailor which target groups that shall receive a certain offer or marketing communication on an organisation level, for example based on where the customer is established geographically and on previous orders, to ensure that the communication is relevant for you.
We will only send you communication for marketing purposes if you have not objected (opted-out) to such communication.
Categories of personal data:
• Contact information
• Identity information
• Profile data
Legal basis:
Legitimate interest (Article 6.1 (f) of the GDPR). The processing of your personal data is necessary to satisfy our legitimate interest of providing you with relevant offers and marketing.
Our assessment is that this legitimate interest outweighs your interest of not having your personal data processed for this purpose, especially since you always may decline or unsubscribe to such communication for this purpose.
External recipients:
–
Storage period: Personal data is stored for this purpose as long as we have an ongoing customer relationship with the customer that you represent and for a period of twelve (12) months thereafter.
You can always unsubscribe from the relevant communication by clicking on the unsubscribe link in the e-mail or similar communication field or by contacting us.
Carry out surveys
What we do: We process your personal data to carry out customer surveys, for example to determine to which target group we shall send a survey, which questions to be asked in a survey, send out the survey and to collect and analyse the results from a survey.
Your opinions about our business are important to us and help us to improve our services and products.
You can always unsubscribe from our communication about surveys by clicking on the unsubscribe link in the e-mail or similar communication field or by contacting us.
Categories of personal data:
• Communication
• Contact information
• Feedback data
• Identity information
Legal basis:
Legitimate interest (Article 6.1 (f) of the GDPR). The processing of your personal data is necessary to satisfy our legitimate interest of carrying out surveys in order to obtain your opinions of our business.
Our assessment is that this legitimate interest outweighs your interest of not having your personal data processed for this purpose, especially since it is voluntary to participate in surveys.
External recipients:
–
Storage period: Reports and results on an aggregated level which do not contain any personal data, including statistics, are stored until further notice.
Contact persons of prospective customers
Communicate with you regarding our services
What we do: We process your personal data to communicate with you about our services, for example if you represent or is a contact person of an organisation that has shown interest in our services by interacting with us via e-mail or if we otherwise have reasons to believe that the relevant organisation is interested in our services.
We will only use your personal data for marketing purposes if you have not objected (opted-out) to such communication.
Categories of personal data:
• Communication
• Contact information
• Identity information
• Profile data
Legal basis:
Legitimate interest (Article 6.1 (f) of the GDPR). The use of your personal data is necessary to satisfy our legitimate interest of communicating with you about our services.
It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose, especially since only limited personal data would be used for this purpose and that you can always opt-out from the processing.
External recipients:
–
Storage period: Personal data is stored for this purpose for a period of 24 months from the collection, or until the last communication with you concerning our services for this purpose.
You can always unsubscribe from the relevant communication by clicking on the unsubscribe link in the e-mail or similar communication field or by contacting us.
Carry out sales meetings and demos
What we do: We process your personal data to carry out sales meetings and demos of our services and features, including communicating with you for the same purpose.
Categories of personal data:
• Picture, video and audio material
• Identity information
• Communication
• Contact information
• Profile data
Legal basis:
Legitimate interest (Article 6.1 (f) of the GDPR). The use of your personal data is necessary to satisfy our legitimate interest of carrying out sales meetings and demos.
It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose, given the limited impact that the processing of personal data may have.
External recipients:
–
Storage period: Personal data is stored for this purpose during the period the meeting or activity is carried out.
Contact persons of suppliers and partners
Manage the relationship with suppliers and partners
What we do: We process your personal data to manage our business relationship with the company or organisation that you work for or represent, for example to register you as a contact person, manage invoices and to communicate with you.
We also process your personal data where necessary to register orders for products and services, respond to requests for proposals (RFPs) and communicate with you for the same purpose.
Categories of personal data:
• Communication
• Contact information
• Identity information
• Profile data
Legal basis:
Legitimate interest (Article 6.1 (f) of the GDPR). The processing of your personal data is necessary to satisfy our legitimate interest of managing the business relationship with our supplier and partners.
It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose, especially since we otherwise would not be able to manage the relationship with the organisation that you represent.
External recipients:
–
Storage period: Personal data is stored for this purpose as long as there is an ongoing business relationship with the organisation that you work for or represent.
Follow up and evaluate the supplier and partner relationship
What we do: We process your personal data to evaluate the relationship with the organisation that you work for or represent, for example by generating statistics on orders of products and services. This to better understand how the relationship is working between us and the relevant supplier or partner.
Categories of personal data:
• Communication
• Contact information
• Identity information
• Profile data
Legal basis:
Legitimate interest (Article 6.1 (f) of the GDPR). The processing of your personal data is necessary to satisfy our legitimate interest of following up and
evaluating the supplier or partner relationship.
It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose, especially since reports and statistics only are saved on an aggregated level and that the information therefore cannot be related to you.
External recipients:
–
Storage period: Reports and results on an aggregated level which do not contain any personal data, including statistics, are stored until further notice.
Job applicants
Manage the recruitment process
What we do: We process your personal data to manage the recruitment process, for example to collect and review your application (including resume and cover letter), carry out interviews, evaluate your application and communicate with you during the recruitment process.
Categories of personal data:
• Contact information
• Identity information
• Performance data
• Demographic data
• Skills data
Legal basis:
Performance of a contract (Article 6.1 (b) of the GDPR). The processing is necessary to take steps at your request prior to entering into a potential employment agreement with you.
Legitimate interest (Article 6.1 (f) of the GDPR). To the extent that you have not requested a specific measure the processing is necessary in order to satisfy our legitimate interest of managing the recruitment process.
External recipients:
1. Recruitment agencies
Storage period: Personal data is stored for this purpose during the recruitment process.
Carry out background checks
What we do: Depending on the position you have applied for and how far you proceed in the recruitment process, we may process your personal data to carry out appropriate background checks, such as social media checks and credit checks. If any background checks will be relevant, we will let you know in advance.
Categories of personal data:
• Contact information
• Identity information
• Test data
• Background check data
Legal basis:
Legitimate interest (Article 6.1 (f) of the GDPR). The processing is necessary in order to satisfy our legitimate interest of carrying out relevant background checks.
It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose, especially since we have a strong interest in ensuring that appropriate individuals are hired for the positions in question.
External recipients:
1. Recruitment agencies
2. Third parties carrying out
background checks
Storage period: Personal data is stored for this purpose during the recruitment process.
Carry out pre-employment tests
What we do: Depending on the position you have applied for and how far you proceed in the recruitment process, we will process your personal data when carrying out and reviewing results of pre-employment tests, such as personality and aptitude tests, if you have agreed to participate in such tests.
Categories of personal data:
• Contact information
• Identity information
• Test data
Legal basis:
Legitimate interest (Article 6.1 (f) of the GDPR). The processing is necessary in order to satisfy our legitimate interest of carrying out relevant pre-employment tests.
It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose, especially since we
have a strong interest in ensuring that appropriate individuals are hired for the positions in question.
External recipients:
1. Recruitment agencies
2. Third parties carrying out tests
Storage period: Personal data is stored for this purpose during the recruitment process.
Carry out reference checks
What we do: We process your personal data to carry out reference checks, for example to communicate and verify the candidate’s qualifications and learn more about the candidate’s background, experience, and skills.
Categories of personal data:
• Communication
• Profile data
• Skills data
• Contact information
• Identity information
Legal basis:
Legitimate interest (Article 6.1 (f) of the GDPR). The processing is necessary in order to satisfy our legitimate interest of contacting referees in order to
obtain an opinion about the you in connection with the recruitment process.
External recipients:
1. Referee
2. Recruitment agencies
Storage period: Personal data is stored for this purpose during the recruitment process.
Future recruitment
What we do: If you give your approval, we will store your application documents for future recruitment, for example to contact you if we have a recruitment need for a position that suits your profile.
Categories of personal data:
• Skills data
• Profile data
• Contact information
• Identity information
Legal basis:
Legitimate interest (Article 6.1 (f) of the GDPR). The processing is necessary in order to satisfy our legitimate interest of storing your personal data for future recruitment.
It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose, especially since you have approved to the storage.
External recipients:
–
Storage period: Personal data is stored for this purpose for a period of 12 months following the end of the recruit- ment process for the position that the candidate has applied for and for each period of 12 months thereafter for which the candidate has given its approval to the personal data being stored for this purpose.
Follow up and evaluate the recruitment process
What we do: We process your personal data to follow up on and evaluate the recruitment process, for example to create reports and statistics on the number of applications for a position.
Categories of personal data:
• Skills data
• Profile data
• Identity information
Legal basis:
Legitimate interest (Article 6.1 (f) of the GDPR). The processing is necessary in order to satisfy our legitimate interest of following up and evaluating the
recruitment process.
It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose, especially since statistics and reports will be stored on an aggregated level.
External recipients:
–
Storage period: Reports and results on an aggregated level which do not contain any personal data, including statistics, are stored until further notice.
Referees to job applicants
Carry out reference checks
What we do: We process your personal data to carry out reference checks, for example to communicate with you as a referee and verify the relevant candidate’s qualifications and learn more about the candidate’s background, experience, and skills.
Categories of personal data:
• Communication
• Profile data
• Feedback data
• Contact information
• Identity information
Legal basis:
Legitimate interest (Article 6.1 (f) of the GDPR). The processing is necessary in order to satisfy our legitimate interest of communicating with you as a
referee in order to obtain your opinion about the relevant candidate.
It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose, especially since we
have a strong interest in ensuring that appropriate individuals are hired by us.
External recipients:
1. Recruitment agencies
Storage period: Personal data is stored for this purpose during the recruitment process.
All individuals above and other external persons
Carry out meetings, events and similar activities
What we do: We process your personal data to carry out meetings, events and similar activities, for example to register your participation, carry out the activity and to communicate with you about the activity.
Categories of personal data:
• Picture, video and audio material
• Communication
• Contact information
• Identity information
• Profile data
Legal basis:
Legitimate interest (Article 6.1 (f) of the GDPR). The use of your personal data is necessary to satisfy our legiti-
mate interest of carrying out meetings, events and similar activities.
It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose, especially if
you have voluntarily signed up for or participates in the activity.
External recipients:
1. Partners
Storage period: Personal data is stored for this purpose during the period the meeting, event or activity is carried out.
Follow up and evaluate activities carried out
What we do: If you have participated in an activity that we have carried out, for example a meeting, a demo, or an event, we process your personal data to follow up and evaluate the activity, for example to compile statistics of the number of participants and to plan for future activities.
Categories of personal data:
• Picture, video and audio material
• Communication
• Contact information
• Identity information
• Profile data
Legal basis:
Legitimate interest (Article 6.1 (f) of the GDPR). The processing of your personal data is necessary to satisfy
our legitimate interest of following up and evaluating activities carried out.
It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose, especially since it concerns harmless personal data.
External recipients:
–
Storage period: Reports and results on an aggregated level which do not contain any personal data, including statistics, are stored until further notice.
Communicate in the course of the business
What we do: We process your personal data that you and others share with us in connection with internal and external communication in the course of the business, for example when our personnel communicate with each other and external persons via e-mail to carry out their work duties.
Categories of personal data:
• Picture, video and audio material
• Identity information
• Communication
• Contact information
• Profile data
Legal basis:
Legitimate interest (Article 6.1 (f) of the GDPR). The processing of your personal data is necessary to satisfy our legitimate interest of communicating internally and externally in the course of the business.
It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose, especially since it concerns harmless data and data normally used for this purpose.
External recipients:
1. External persons that we interact with or who are included in the communication
Storage period: Personal data in communication is stored as long as necessary for the relevant purposes under this privacy notice.
Document the business
What we do: We process your personal data to document the business and activities relating to our business, for example in connection with company milestones, events, including personal data in legal documents and other material which we deem are of interest for the business to keep.
Categories of personal data:
Relevant categories of personal data as are necessary for the purpose.
Legal basis:
Legitimate interest (Article 6.1 (f) of the GDPR). The processing of your personal data is necessary to satisfy our legitimate interest of documenting the business.
It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose.
External recipients:
–
Storage period: Personal data is stored for this purpose until further notice.
Develop and improve the business
What we do: We process your personal data to develop and improve the business, including our services. By way of example, this includes to draft reports, analyses and compile statistics of various activities and events (such as sales, results and partnerships).
Categories of personal data:
Relevant categories of personal data as are necessary for the purpose.
Legal basis:
Legitimate interest (Article 6.1 (f) of the GDPR). The processing of your personal data is necessary to satisfy our legitimate interest of developing and improving the business.
It is our assessment that our legitimate interest outweighs your interest of not having your personal data proessed for this purpose.
External recipients:
–
Storage period: Reports and results on an aggregated level which do not contain any personal data, including statistics, are stored until further notice.
Manage sales and restructuring of all or parts of the business
What we do: If all or parts of the business would be sold, or in any other way transferred or restructured, we process your personal data where necessary for this purpose. Should the business be transferred to a buyer, your personal data would also be transferred and disclosed to the buyer. The buying company would in such case be responsible (data controller) for your personal data and the processing that takes place for the same purposes as
stated in this privacy notice, unless you receive any other information in connection with the sale.
Categories of personal data:
Relevant categories of personal data as are necessary to manage the sale or restructuring of all or parts of the business in each case.
Legal basis:
Legitimate interest (Article 6.1 (f) of the GDPR). The processing of your personal data is necessary to satisfy our legitimate interest of managing a sale or restructuring of all or parts of the business.
It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose if the buyer carries out the same or similar type of business that we do.
External recipients:
1. Buyers/investors
2. Potential buyers/investors
3. External advisors
4. Public authorities
Storage period: Personal data is stored for this purpose for the period that is necessary to manage the sale or the restructuring.
Manage, defend and exercise legal claims
What we do: We process your personal data where necessary to manage, defend and exercise legal claims in an individual case, for example in connection with a dispute or a court proceeding.
Categories of personal data:
Relevant categories of personal data needed for managing and defending a legal claim in the individual case.
Legal basis:
Legitimate interest (Article 6.1 (f) of the GDPR). The processing of your personal data is necessary to satisfy our legitimate interest of managing, defending and exercising legal claims.
It is our assessment that our legitimate interest clearly outweighs your interest of not having your personal data processed for this purpose.
External recipients:
1. Counterparty
2. Courts
3. Debt collecting companies
4. External advisors
5. Insurance companies
6. Relevant authorities
Storage period: Personal data is stored for this purpose for the period as necessary to manage, defend and/or exercise the legal claims.
Fulfil our legal obligations
What we do: We process your personal data where necessary to fulfil our legal obligations, for example accounting obligations and obligations under the GDPR.
Categories of personal data:
Relevant categories of personal data that are necessary to fulfil the specific legal obligation.
Legal basis:
Fulfil legal obligation (Article 6.1 (c) of the GDPR). The use of your personal data is necessary to fulfil our legal obligations.
External recipients:
1. Relevant authorities
Storage period: Personal data is stored for such period that is necessary in order for us to fulfil the specific legal obligation. By way of example, personal data in accounting material is stored for seven (7) years calculated from the end of the calendar year when the relevant fiscal year ended according to the Swedish Accounting Act (1999:1048).
Ensure technical functionality and security in our IT systems
What we do: We process your personal data to ensure necessary technical functionality and security in our IT systems, for example in connection with backups, access controls and troubleshooting.
Categories of personal data:
All categories of personal data that are stated in relation to the purposes of processing your personal data.
Legal basis:
Legitimate interest (Article 6.1 f) of the GDPR). The processing of your personal data is necessary to satisfy our legitimate interest of ensuring technical functionality and security of our IT systems.
It is our assessment that our legitimate interest outweighs your interest of not having your personal data processed for this purpose.
External recipients:
–
Storage period: Personal data is stored for the same period as stated in relation to each relevant purpose of the processing.
Respond to legal requests
What we do: We process your personal data to respond to legal requests from authorities, for example law enforcement, tax authorities or any other authorities.
Categories of personal data:
All categories of personal data as necessary to respond to and evaluate the request in each case.
Legal basis:
Fulfil legal obligation (Article 6.1 (c) of the GDPR). The processing of your personal data is necessary to fulfil our legal obligations.
Legitimate interest (Article 6.1 f) of the GDPR). If there is no explicit legal obligation requiring that we respond to the legal request, but we consider that
we and the public authority have a legitimate interest (which outweighs your privacy interest), we rely on this legitimate interest for the use of your personal data for this purpose.
External recipients:
1. Relevant authorities
Storage period: Personal data is stored for this purpose for the period that is necessary to respond to the specific legal request and thereafter for the period as necessary to document the request and our response to the request.
CATEGORIES OF PERSONAL DATA
In the below table we describe what categories of personal data that we process with examples of types of personal data covered by each category.
Categories of personal data
Examples of types of personal data
Background check data
Results from background checks, for example social media, credit and KYC checks.
Communication
Content in e-mail, published posts and other forms of communication
Contact information
Address, e-mail address, phone number
Demographic data
Sex, citizenship, language, age
Feedback data
Grade, feedback, potential evaluation, performance assessment, assessment
Identity information
Name, personal identity number, signature, registration number
Login credentials
Username, password
Performance data
Goals, fulfilment of goals, performance
Picture, video and audio material
Video, photos, audio recordings
Profile data
Title, position and the company or organisation that you work for
Skills data
Education, professional experience, courses, qualifications, supporting training documentation
Technical information
Type of device, IP address, version of web browser and operating system
Test data
Result, status, date, type of test
User generated information
Click and visit statistics on the website, user preferences, interactions when using the website and other digital channels
Contact us
You know your brand. We know your customers. Let’s connect and create growth.
