2023-10-03

Information about our processing of personal data 

This privacy notice describes how Aspia AB (Corporate ID Number 559137-8350) and Skeppsbron Skatt AB (Corporate ID Number 559142-5144) process personal data as data controllers (hereinafter “Aspia”, “us” or “we”), and is aimed for you who visit and contact us through our website, represent an existing or potential customer to us, receive newsletters/email marketing from us, or participate in our events. 

We endeavour to protect your personal data. The purpose of this privacy notice is to provide you with sufficient information on how we process your personal data and your rights. We process your personal data in accordance with applicable data protection law, including the General Data Protection Regulation (“GDPR”). For information on how we process personal data about you as a customer representative within the framework of our engagement contract, please see our separate privacy notice

What personal data do we process? 

When you visit and contact us through our website  

We collect and process personal data about you when you visit and interact with us on our website.   

  • To communicate and to answer questions from you 
    Purpose: We process your personal data in order to communicate with you and answer questions from you when you interact with us, for example if you have a question regarding our services. 
    Categories of personal data: We collect your name, email address, address, telephone number (work) and other information that you provide to us (e.g. department and position). 
    Legal basis: Our legal basis for this processing is based on a balancing of interests, where we have a legitimate interest to be able to communicate with you and to handle questions from you. Retention time and/or criteria: We process your personal data for as long as necessary to meet our purpose stated herein, and will thereafter delete the personal data we no longer need, unless we have a different purpose with the personal data under this privacy notice. 

  • Campaign management and personalisation of our website 
    Purpose: In order to optimise the function and the experience of the website, information is collected and stored from web browsers/devices from your visits of our website, usually through cookies.  
    Categories of personal data: The information consists of the visitor's preferences and information about the device through which the visit is made. This information may include data on the use of the website, traffic data (e.g., IP address and device model) and data traffic source (e.g. if you click through to our website via campaigns). 
    Legal basis: The legal basis for this processing is our legitimate interest. You can object to this processing at any time by changing your cookie preferences. 
    Retention time and/or criteria: Unless you have changed your cookie preferences, we process your personal data for as long as is necessary to meet our purpose and will then delete the personal data, unless we have a different purpose with the personal data under this privacy notice.  

  • The use of our website, troubleshooting and statistics management of our website 
    Purpose: We process certain information about website visitors to be able to use our website as intended, to provide statistics and to conduct troubleshooting. 
    Categories of personal data: Personal data is collected through the use of cookies and consists, for example, of the IP address, device model and data traffic source (e.g. if you click through to our website via campaigns). 
    Legal basis: We process your personal data based on our legitimate interest to be able to improve the website. You can object to this processing at any time by changing your cookie preferences. 
    Retention time and/or criteria: Unless you have changed your cookie preferences, we process your personal data for as long as necessary to fulfil our purpose and then delete the personal data, unless we have a different purpose with the personal data under this privacy notice. 

If you represent a potential customer, receive newsletters/email marketing or participate in our events 

  • Contact with you as a representative to a potential customer 
    Purpose: We process your personal data as a representative of a potential customer to be able to market our services, identify new customers and prepare quotations in our sales process. For example, we use lists of public sources and databases as well as social media to identify representatives of potential customers. 
    Categories of personal data: We collect your name, email address, address, (work) telephone number and information about your department and position. We also make a note if you have shown interest in our services.  
    Legal basis: Our legal basis for this processing is based on a balancing of interests, where we have a legitimate interest to identify new customers to be able to market our services. 
    Retention time and/or criteria: Personal data is stored in our CRM and sales order systems. As a representative of a potential customer, you can request that we remove you from such systems. 

  • Communication of marketing material 
    Purpose:
    Aspia processes personal data to provide information and marketing material to representatives of our existing and potential customers. The personal data is collected directly from representatives of existing and potential customers, for example in connection with events, via cookies or through public sources and databases. The information is provided via telephone, post, email, SMS and/or equivalent means of correspondence as well as through advertisement.
    Categories of personal data: The personal data processed includes your name, email address, address, telephone number (work), department and position. We also process information about the website that you as a visitor use, website clicks, traffic data (IP address and device model) and data traffic source (e.g. if you click through to our website via campaigns), by using cookies to optimise the marketing.
    Legal basis: The legal basis for this processing is our legitimate interest to be able to provide information about and market our services. 
    Retention time and/or criteria: The personal data will be stored until the purpose has been fulfilled. You can always request to unsubscribe from such marketing communication. If you do, we will stop processing your personal data for this purpose. 

  • Organisation of market activities and events 
    Purpose: We may get in touch with you as a representative of an existing or potential customer in order to invite you to marketing activities (events, lectures, seminars or similar). We process personal data to the extent necessary to organise the activities, to follow-up on the participation, and to be able to conduct marketing. 
    Categories of personal data: We process your name, email address, address, telephone number (work), and other relevant contact details which you give us, or which we have obtained from public sources and databases, or from our CRM system if you are a representative of an existing customer, in order to be able to send out invitations, lists of participants and material before and after the activity. 
    Legal basis: We process your personal data for this purpose based on our legitimate interest to be able to inform you about events which we organise, to organise the event and to send offers about our services to the participants. 
    Retention time and/or criteria: We process your personal data for as long as is necessary to organise the event. The list of participants is saved for administration and follow-up purposes, in order for us to conduct direct marketing of our services to such participants. You may, at any time, object to our processing of your personal data for this purpose and we will then stop to process your personal data, unless we have a different purpose with the personal data under this privacy notice. 

  • Specific details regarding dietary preferences at events 
    Purpose and categories of personal data: In case meals are served during activities organised by us, we will ask if you have any specific dietary preferences.  
    Legal basis: The personal data processed for this purpose is based on your voluntary consent. It is entirely voluntary if you want to give us this information, and you can contact us at any time to withdraw your consent.  
    Retention time and/or criteria: We will not save these preferences for longer than necessary for the organisation of the event, and will thereafter delete them immediately after the event. 

  • Media production for marketing 
    Purpose:
    To promote and spread knowledge about our business we may, if you have given your consent, process personal data such as photos, sound recordings, posts and links to social media, and publication of articles on our intranet and on our websites. 
    Categories of personal data: Personal data that we process consists of photos, films, sound recordings, information in articles that we publish (e.g. name, title and username on social media) which we collect directly from you or from the photographers we hire. 
    Legal basis: We base the processing of your personal data on your consent, and you have the right to withdraw your consent at any time.  
    Retention time and/or criteria: The processing will take place until our purpose has been fulfilled or until you have withdrawn your consent. In cases where media has been published on social media and similar, and you withdraw your consent, we will remove the personal data from the channels that we have control over and for which we are the data controller. However, we are not responsible for media that have already been published and spread on other pages which a third party controls and is data controller for. 

Transfer and disclosure of personal data

Data processors 
To meet the purposes of our processing of your personal data, we engage suppliers of IT services and systems, website services, marketing services (e.g. marketing automation and optimisation tools and services for email marketing), CRM system, prospecting tools, and sales systems which process personal data on our behalf (data processors). Our data processors may only process personal data in accordance with our instructions and are required by law to take appropriate technical and organisational security measures to protect the personal data. 

Aspia group companies 
We may also share personal data with other Aspia group companies to be able to fulfil our administrative purposes and to carry out the processing activities described in this document.  

Other data controllers and authorities 
We may disclose personal data to recipients other than those specified above and who act as independent data controllers (e.g. when we organise events and activities with external organisers), as well as to other recipients to comply with applicable law, a request/order by a competent court or government authority, and to ensure our legitimate interest to establish, exercise or defend legal claims. 

Transfer to third countries outside the EU/EEA 
We strive to process all personal data within the EU, but in some cases we may transfer personal data to recipients in countries outside the EU/EEA which do not have the same level of protection of personal data as in the EU. To ensure that the personal data is adequately protected, we will take necessary measures such as entering into the EU Commission’s standard contractual clauses (available here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en), or ensuring that there are other appropriate security measures in place.

Your rights 

You have certain rights related to how we process your personal data, namely: 

  • The right to access (a copy of your personal data) - you have the right to request information about what personal data we process about you, e.g. by requesting a copy of your personal data.  

  • The right to rectification - if you believe that your personal data is incorrect or incomplete, you have a right to request rectification of or to complete your personal data. 

  • The right to object to processing for direct marketing purposes - you may at any time unsubscribe from marketing communication from us by notifying us, for example by clicking on an unsubscribe link in an email.  

  • The right to object to processing based on Aspia’s legitimate interest - under certain circumstances you have the right to object to our processing of your personal data, and we will then not continue to process the personal data unless we have interests that outweigh your privacy interests. 

  • Restriction of the processing - you can request restriction, for example, if you believe that the personal data is incorrect or if you believe the personal data is no longer necessary for the purpose for which it is being processed. 

  • The right to erasure - in some cases you are entitled to have the personal data erased, e.g. if it is no longer necessary for the purpose for which it is processed or if you believe that the processing is incompatible with applicable data protection law. 

  • The right to data portability - under certain circumstances you also have the right to obtain your personal data relating to you in a structured, commonly used and machine-readable format (data portability), and to transmit it to another data controller. 

  • The right to withdraw your consent - you may withdraw your consent at any time, and we will then stop the processing of your personal data for that purpose. 

Cookies 

For information about how we use cookies, which cookies we use and how you can set your cookie choices, please see our information about cookies

Contact person for questions 

If you have questions you can contact us via personuppgiftsombudet@aspia.se or at Personuppgiftsombudet, Aspia AB, Box 6350, 102 35 Stockholm. You also have the right to contact Integritetsskyddsmyndigheten, IMY (www.imy.se) if you want to make a complaint.