Indivd AB, 559169-7072 (“Indivd” or "we" in any form) is committed to protecting the personal data of the individuals whose personal data we process. This Privacy Policy describes how Individ, in its capacity as a data controller, processes personal data in accordance with the General Data Protection Regulation (EU Regulation 2016/679) (hereinafter referred to as the "GDPR").
1. CATEGORIES OF PERSONAL DATA, PROCESSING PURPOSES, AND LEGAL BASES
We generally collect personal data directly from you. Not providing your personal data may result in disadvantages for you, e.g. you may not be able to receive desirable information about us. However, unless otherwise specified, not providing your personal data will not result in legal consequences for you. We may also collect personal data from third-party sources.
1.1 Ongoing business partners
If you represent an organization that we do business with, we process personal data in order to facilitate our business relationship with the organization which you represent (including purchases), i.e. name and contact details such as e-mail address, telephone number, which organization you represent as well as correspondence. Our legal basis for the processing of personal data is our legitimate interest in conducting our business.
We will retain the personal data for as long as we have a business relationship.
1.2 Potential business partners
If you represent an organization that we consider to do business with, we process personal data in order to facilitate our potential business relationship with the organization which you represent, i.e. name and contact details such as e-mail address, telephone number, which organization you represent as well as correspondence. Our legal basis for the processing of personal data is our legitimate interests to conduct our business.
We will retain the data for as long as it may be relevant and up to one (1) year following the latest contact. Where the contacts have led to a business relationship, the personal data will be processed as described in the previous section, Ongoing business partners.
1.3 Customer support
In order to provide customer support, we process personal data regarding organizational belonging (if applicable), name, email address, phone number, device ID, location data, correspondence, matter number and information about the relevant inquiry. Our legal basis for processing personal data is our legitimate interest in conducting our business.
We will retain the data for up to six (6) months following the termination of the relevant service agreement.
1.4 Meeting data
We will process the name, email address and meeting times. The data will be retained for a maximum of five (5) years.
1.5 Correspondence with the public
Occasionally, we engage in correspondence with individuals in other matters than those accounted for above. This may be the case when individuals have general questions about our products. Our legal basis for processing personal data in this respect is our legitimate interests in conducting our business, including responding to queries from the public.
We will retain the data for as long as it may be relevant and up to one (1) year following the latest contact.
1.6 Newsletters
We process your name, contact information, organizational belonging title and email address in order to provide you with marketing and product information. Our legal basis for doing so is consent or legitimate interests. Where the legal basis is consent, this can be withdrawn at any time by contacting us at privacy@indivd.com. You can also opt out of each message by clicking on the opt-out link.
We will retain the data until you opt out or withdraw your consent or during two (2) years following your latest activity.
We will also process data for analytics purposes, i.e. when the newsletter has been opened, how long it has remained open and whether the receiver has clicked on links in the newsletter. We will retain such data for as long as it may be relevant and up to three (3) years following its collection.
1.7 Shareholders and corporate representatives
If you are a shareholder or if you represent a shareholder we process your contact information (name and contact details such as e-mail address, and telephone number), personal identity number, classes of shares, share pledging, transfer limitations, and meeting data.
If you hold a position as a corporate representative of Indivd, we will process your personal data in the course of communicating with the Swedish Companies Registration Office (Sw: Bolagsverket). Our legal basis for processing personal data in these respects is our legal obligations to fulfil the Companies Act and/or our legitimate interests to document that we have done so. The data will be processed as long as it is relevant and as a maximum during the life of the company.
1.8 Recruitment
We process personal data (name, email, phone number, application data, including CV, interview notes, publicly available social media data and search results from search engines) about persons applying for positions at Indivd. Our legal basis for handling recruitment is our legitimate interest in conducting our business.
The data is retained during the application process. With the candidate's consent, the data may also be processed for six (6) months for future recruitments.
We kindly ask you to not submit any sensitive personal data when applying for a position with us. Sensitive personal data include personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, and data concerning health or data concerning a natural person’s sex life or sexual orientation.
1.9 Branding
We publish material containing personal data to inform about our activities on our website or on social media. Our legal basis for doing so is our legitimate interest in informing about our business for branding purposes.
The data will be processed as long as it is relevant and as a maximum during the life of the company.
1.10 Press releases
We publish material containing personal data to inform about our activities on our website or on social media. Our legal basis for doing so is our legitimate interest in informing about our business for branding purposes.
The data will be processed as long as it is relevant and as a maximum during the life of the company.
1.11 Social media analytics
We use Facebook, LinkedIn, and Instagram to market and inform about our company. The legal basis is our legitimate interests to use such channels for marketing and information. In order to better understand visitors' activity on our social media pages, we are provided with analytics data.
The social media providers each inform about their privacy, including analytics practices and we encourage you to inform yourself thereof.
We process analytics data as long as it may be relevant and for a maximum during the time under which we hold the relevant social media account.
1.12 Handling Data Subject rights
We will process email address, name, correspondence and data about the request. Our legal basis for processing personal data is compliance with a legal obligation. The data will be retained as long as it may be relevant and for a maximum of ten (10) years.
1.13 Website analytics
We will process IP addresses, device location, browser type, operating system and other usage information about the use of our website, how many individual visitors to our website we have, and how often these individual users visit our website, to understand how effective our website is by measuring visitor experience and thereby customized content to be as relevant as possible. Our legal basis for processing personal data is consent, this can be withdrawn at any time by contacting us at privacy@indivd.com. The data will be retained for a maximum of two (2) years. For more information about the use of cookies, please read our Cookie Policy.
RETENTION
Your personal data will be retained as long as necessary to provide you with products, services or communication. In addition to retention for the foregoing purposes, we may also retain your personal data in order to comply with applicable laws, such as bookkeeping laws, or if we need your personal data to establish, exercise or defend legal claims. Where the data is only stored, it will be archived with highly limited access rights.
WHO TO WE SHARE YOUR PERSONAL DATA WITH?
Indivd may engage external service providers, who act as data processors of Indivd, to provide certain services to Indivd, such as website service providers, marketing service providers or IT support service providers. When providing such services, the external service providers may have access to and/or may process your personal data. We request those external service providers to implement and apply security safeguards to ensure the privacy and security of your personal data.
In addition to the foregoing, Indivd may transfer - in compliance with applicable data protection law - personal data to law enforcement agencies, governmental authorities, legal counsels, external consultants, or business partners. In the case of a corporate merger or acquisition, personal data may be transferred to the third parties involved in the merger or acquisition.
INTERNATIONAL TRANSFERS OF PERSONAL DATA
Personal Data may be transferred to and processed by recipients that are located inside or outside the European Economic Area ("EEA"). The countries include those listed at http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm which provide an adequate level of data protection from a European data protection law perspective.
Recipients in the US may be certified under the EU-U.S. Privacy Shield and thereby recognized as providing an adequate level of data protection from a European data protection law perspective.
Other recipients might be located in other countries that do not adduce an adequate level of protection from a European data protection law perspective. Indivd will take all necessary measures to ensure that transfers out of the EEA are adequately protected as required by applicable data protection law.
With respect to transfers to countries not providing an adequate level of data protection, we base the transfer on appropriate safeguards, such as standard data protection clauses adopted by the European Commission or by a supervisory authority, approved code of conduct together with binding and enforceable commitments of the recipient, or approved certification mechanisms together with binding and enforceable commitments of the recipient.
You can ask for a copy of such appropriate safeguards by contacting us as set out below.
DATA SUBJECT'S RIGHTS
You have a number of rights in connection with the processing of your personal data, subject to certain conditions set out in the GDPR and local data protection laws, including the right to:
- Request access to your personal data ( “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request the rectification of the personal data that we process about you. This enables you to have incomplete or inaccurate data we hold about you corrected.
- Request the deletion of your personal data. This enables you to ask us to delete or remove personal data where there is no overriding reason for us to retain it.
- Ask us to stop processing personal data where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground.
- Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example, if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal data to another party.
If you have given your consent for the processing of your personal data and that consent has served as a legal basis for processing, you can withdraw this consent at any time with future effect by contacting us as stated in the Contact Us section below.
To exercise your rights please contact us as stated below.
In case of complaints, you also have the right to lodge a complaint with the competent data protection supervisory authority in particular in the EU Member State of your habitual residence, place of work or of an alleged infringement of the GDPR. In Sweden, this is Datainspektionen (www.datainspektionen.se).
COOKIES AND OTHER TRACKING TECHNOLOGIES
This website uses cookies. For further information please visit our Cookie Policy.
CONTACT US
If you have concerns or questions regarding this Privacy Policy, please contact us at privacy@indivd.com.
Version: 1.3
Date: 13 Apr 2023