Privacy Policy
31 August 2024
Privacy Policy – Mitigater AB
This privacy policy details how we process and protect your personal data. The privacy policy covers the processing of personal data when using in connection with the use of the services and apps where reference is made to this policy and our websites and digital channels.
The privacy policy does not cover the processing of personal data undertaken by us in the role of a data processor. For more information on how we process personal data as a data processor, please see our data protection information below.
Personal data is information that can identify you directly or indirectly.
It is important to us that you feel comfortable with how we process your personal data. We take steps to ensure that the personal data we store is protected and that our processing of it is in accordance with the applicable legislation and regulations, as well as our internal guidelines and procedures.
Who is covered by this privacy policy?
This privacy policy covers:
- Users of our services and apps where reference is made to this policy, as well as of our websites and digital channels.
- Contact person for a customer, supplier, or partner of MITIGATER.
- External parties who have contact with or otherwise communicate with MITIGATER.
Who is responsible for the processing of personal data?
Mitigater AB is responsible for the processing of personal data.
Where do we collect personal data from?
We collect personal data from:
You
We collect personal data from you when, for example, create a user account in our apps, use our services, contact us, visit our websites or other digital channels, sign up for an event or take part in a survey.
Social networking platforms
If you visit our channels on social networking platforms (e.g. Facebook or LinkedIn), we collect the personal data you provide to us via these channels.
Partners
We can collect your personal data from partners, such as when we charge our services or we carry out an event or other activity together with such a partner.
Publicly available sources
We can collect your personal data from publicly available sources, such as websites, various registers, and databases.
External parties
We can also collect personal data about you from external parties that provide us with your personal data, such as in connection with communication.
Why do we process your personal data?
Below is a list of the purposes for which we process personal data. Not all of the processing may apply to you, as this depends on the type of relationship you have with us. Please see the section above on who is covered by this privacy policy. To find out more about the categories of personal data we process and the legal basis for this processing for each purpose, please see our detailed information on our processing of personal data.
Providing our services
If you have registered a user account for an app or a service provided by MITIGATER which makes reference to this policy we process your personal data to provide the app or service to you, e.g. in order to give you access to the app or service and in order to manage your user account. You need to provide the information we request when you register your user account. If not, you may be unable to use the app or service.
Communicating about our services
If you use our services, we process your personal data to communicate with you regarding these services, such as to inform you about updates to the app or service, to provide operational information, or to answer questions that you have about the app or service.
Processing orders of services
When you order services, we process your personal data for the purposes of e.g. registering the order and communicating with you regarding the order.
Managing payments
When you pay for our services, we process your personal data for the purposes of e.g. register payments and communicating with you regarding the payment.
Managing the customer or supplier relationship
If you are the contact person for a customer, supplier, or partner to MITIGATER, we process your personal data in order to manage the customer or supplier relationship or co-operation, such as in order to register you as a contact person, manage and archive agreements, and administer invoices
Following up and evaluating the customer or supplier relationship
We process the personal data of contact people for a customer, supplier, or partner to MITIGATER where this is necessary for following up and evaluating customer or supplier relationships or co-operation.
Communication between employees and external parties
In connection with communication, such as by e-mail and between employees and external parties, we process your personal data when applicable.
Communicating what we offer and providing offers via various channels
We process your personal data to provide you with offers and tailored communication from us and our partners via various digital channels, such as via e-mail or on social media. You can unsubscribe from mailings at any time by clicking on the unsubscribe link in these mailings. For this purpose, some profiling of your data may take place by analysing your use of our websites, digital channels, apps, and services.
Managing our newsletters
We process your personal data to manage our newsletter, e.g. in order to send out the newsletter. You can unsubscribe from mailings at any time by clicking on the unsubscribe link in the newsletter.
Carrying out events, and other activities
When you sign up for an event, or other activity that we arrange, we process your personal data in order to carry out the event, or activity, such as to register your participation or to communicate with you about the event, or activity.
Answering questions
If you contact us, such as by e-mail or phone, we process the personal data you provide us with in order to answer your question.
Conducting surveys
We process your personal data if you take part in a survey that we carry out, such as in our digital channels or mailings, for the purpose of collecting your views on our business, products, and services.
Enabling functionality on our websites
We process your personal data where this is necessary in order to provide functionality on our websites, such as in order to remember your settings. This enables us to provide a better user experience on our websites.
Following up and evaluating the use of our services, websites and digital channels
If you use our services, websites or digital channels that make reference to this policy, we use your personal data in order to follow up and evaluate the use of our apps, and services and digital channels, such as in order to collect and analyse visitor and user statistics on how you use our, apps, and services and websites and digital channels.
Recording phone calls for training and quality purposes
If you contact us by phone we can, if applicable, record the phone call for training and quality purposes. In such cases, you will be informed about this when you call and can choose to opt out of having your call recorded for this purpose.
Ensuring necessary technical functionality and security
We use your personal data to ensure the necessary technical functionality and security of our and services and websites, such as for security logging, error handling, and backups.
Managing and defending legal claims
We process your personal data if this is necessary in order to manage and defend legal claims, such as in connection with a dispute or a lawsuit. For this purpose, we may share certain information with other recipients. Please see below for more information.
Fulfilling legal obligations
In order to fulfil our legal obligations, if necessary we will process your personal data, for example, in order to fulfil accounting or data protection obligations. For this purpose, we may share certain information with other recipients. Please see below for more information.
Which recipients do we share personal data with?
When necessary, we share your personal data with different recipients. You can find out more about the categories of personal data we share and the legal basis for doing so in relation to the various recipients in our detailed information on our processing of your personal data.
Partners
If you choose to pay for a service or function via invoice, we may receive data from our payment partners so that we can send invoices, process your payment and provide you with what you have paid for.
In connection with events and other activities, we share personal data with the partners we are organising the activity with.
Social networking platforms
We use various social networking platforms in order to, for example, communicate what we offer or to provide information about our services. In connection with this, we share certain information with these platforms.
External parties
When communicating with external parties, such as by e-mail, we share personal data disclosed to them by you or another party.
Service providers
In order to process personal data, we share personal data with service providers that we have engaged. These service providers provide, for example, IT services (e.g. storage) and communication services (which enable us to send you messages and newsletters). When the service providers process personal data on our behalf, they act as data processors for us, and we are responsible for the processing of your personal data. They must not use your personal data for their own purposes and are contractually and legally obliged to protect your personal data.
Other recipients
In some cases, when necessary, we share your personal data with other recipients for certain purposes:
- to manage and defend legal claims
- to fulfil legal obligations
- to respond to a lawful request.
Examples of recipients are external advisors, public authorities, courts, the police, and potential buyers and sellers should we sell the business.
What rights do you have?
You have certain rights under current data protection legislation in relation to the personal data we have collected about you.
You have the right to:
- Request access to and a copy of the personal data we hold on you.
- Request rectification of personal data that you believe is incorrect or incomplete.
- Withdraw your consent to our processing of your personal data based on your consent.
- Request erasure in some circumstances, but not in cases where, for example, we are legally obligated to retain such data.
- Unsubscribe from marketing and mailings, such as by clicking on an unsubscribe link in a mailing.
- Request that the processing of your personal data be restricted in certain circumstances.
- Object to processing which is based on our or another party's legitimate interests for reasons related to your specific situation.
- Transfer your data (data portability) under certain circumstances by requesting a copy of the personal data we hold on you in a structured format (data portability) that you can transfer to another recipient.
If you wish to exercise your rights, please contact us using the contact details below.
Where we process personal data
We always endeavour to store personal data within the EU. In some cases your personal data is shared with recipients outside the EU/EEA, such as to service providers engaged by us.
To protect personal data, we ensure that there are appropriate security measures in place with all service providers processing your personal data outside the EU/EEA by way of data transfer agreements, for example.
If you wish to know which non-EU/EEA countries your personal data is transferred to and the safeguards that we have taken to protect your personal data, please contact us using the contact details below.
We Protect Your Personal Data
We are committed to protecting personal data. We take appropriate technical and organizational measures to ensure the protection of your personal data. We have implemented various policies to protect against unauthorized access and unnecessary storage of personal data in our systems.
Your password protects your user account. We recommend that you use a strong password that is uniquely used for your MITIGATER account, never share your password with anyone, restrict access to your computer and browser, and that you log out after using our services
Updates to this privacy policy
We may update this privacy policy from time to time. For example, we can collect additional information or use information for purposes other than those specified in the text. In such cases, we will notify you in advance by appropriate means, such as by showing a message on the website or by e-mail. The latest version of the privacy policy is always available on this page.
Questions?
Should you have questions about this policy or our processing of your personal data, or should you wish to invoke any of your rights, please feel free to contact us. You can find the contact details for MITIGATER in the table below. Should you not be happy with the answers you receive, you have the right to lodge a complaint with the supervisory authority (the Swedish Data Protection Authority).
| Company | Contact information |
|---|---|
| Mitigater AB Reg.nr 559476-9746 |
Phone number: 036-600 26 Address: Barnarpsgatan 13, 553 16, Jönköping E-mail: info@mitigater.com |
Detailed information on the processing of personal data
When we process your personal data
See below for detailed information on the categories of personal data we process, the legal basis for this processing, and how long we store the data for each purpose.
Providing our services
Personal data | Legal basis |
|---|---|
| Fulfilment of agreements. Processing is necessary in order to fulfil the applicable terms for the service. |
Retention period: Personal data is retained for this purpose for as long as your user account is active, after which the data is deleted. | |
Communicating about our services
Personal data | Legal basis |
|---|---|
| Fulfilment of agreements. Processing is necessary in order to fulfil the applicable terms for the app or service. |
Retention period: Personal data is retained for this purpose for as long as your user account is active, after which the data is deleted. | |
Processing orders of services
Personal data | Legal basis |
|---|---|
| Legitimate interest. Processing is necessary in order for us to fulfil our legitimate interest of managing orders of goods and services. Fulfilment of agreements. If the order is made by an individual firm, we process the data to fulfil our agreement with you. |
Retention period: Personal data is retained for this purpose for as long as is necessary in order to process your order and for a period of 10 years thereafter in order to manage and defend legal claims. Personal data in accounting material is stored for 7 years calculated from the end of the calendar year in which the relevant financial year ended in order for us to fulfil our legal obligations (bookkeeping and accounting requirements in the Swedish Accounting Act (1999:1078)). | |
Managing the customer or supplier relationship
Personal data | Legal basis |
|---|---|
| Legitimate interest. Processing is necessary in order for us to fulfil our legitimate interest of managing our customer or supplier relationships. Fulfilment of agreements. If the agreement has been concluded with an individual company, we process the data to fulfil our agreement with you. |
Retention period: Personal data is retained for the period of the customer or supplier relationship and for a period of 10 years thereafter in order to manage and defend legal claims. | |
Following up and evaluating the customer or supplier relationship
Personal data | Legal basis |
|---|---|
| Legitimate interest. Processing is necessary in order for us to fulfil our legitimate interest of following up on and evaluating our customer or supplier relationships or collaborations. |
Retention period: Personal data is retained for the period required for it to be de-identified in order to produce statistics. Statistics which do not contain personal data are stored indefinitely or until the statistics are deleted. | |
Communication between employees and external parties
Personal data | Legal basis |
|---|---|
| Legitimate interest. Processing is necessary in order for us to fulfil our legitimate interest of facilitating business communication between employees and external parties. |
Retention period: Personal data is retained for this purpose for a period of 1 year calculated from the most recent communication in each conversation and thereafter for a period of 10 years in order for us to fulfil our legitimate interest of managing and defending any legal claims,. | |
Communicating what we offer and providing offers via various channels
Personal data | Legal basis |
|---|---|
| Legitimate interest. Processing is necessary in order for us to fulfil our legitimate interest of communicating and distributing offers, via various channels, regarding our services. |
Retention period: Personal data is retained for this purpose throughout the customer relationship and for a period of 12 months thereafter in order for us to fulfil our legitimate interest of re-recruitment. If there is no customer relationship, the data is retained for this purpose for a period of 3 months calculated from when the data was collected. | |
Managing our newsletters
Personal data | Legal basis |
|---|---|
| Legitimate interest. Processing is necessary in order for us to fulfil our legitimate interest of managing our newsletters. |
Retention period: Personal data is retained for this purpose until further notice and until you unsubscribe from the newsletter. | |
Carrying out events, and other activities
Personal data | Legal basis |
|---|---|
| Legitimate interest. Processing is necessary in order for us to fulfil our legitimate interest of carrying out events, and other activities. Explicit consent. Any special categories of personal data relating to health are processed only on the basis of your explicit consent, which is obtained when you register for an event, or an activity carried out by us. |
Retention period: Personal data is retained for this purpose for the time necessary to carry out the activity and for a period of 12 months thereafter to fulfil our legitimate interest in following up and evaluating the activity, as well as to invite you to new activities. Personal data in accounting material is stored for 7 years calculated from the end of the calendar year in which the relevant financial year ended in order for us to fulfil our legal obligations (bookkeeping and accounting requirements in the Swedish Accounting Act (1999:1078)). Any health information collected for this purpose is retained only for the period necessary in order to carry out the activity and is subsequently deleted. Audio and video material that is collected is retained until further notice and until the material is deleted if this is necessary for us to fulfil our legitimate interest of documenting the activity. | |
Answering questions
Personal data | Legal basis |
|---|---|
| Legitimate interest. Processing is necessary in order for us to fulfil our legitimate interest of responding to your question. |
Retention period: Personal data is retained for this purpose throughout the customer relationship and for a period of 10 years thereafter in order to manage and defend legal claims. If there is no customer relationship, personal data is retained for this purpose for a period of one month from the most recent communication in each conversation. | |
Conducting surveys
Personal data | Legal basis |
|---|---|
| Legitimate interest. Processing is necessary in order for us to fulfil our legitimate interest of carrying out surveys for the purpose of collecting your views on our business and services. |
Retention period: Personal data is retained for this purpose during the period that the survey is carried out and for a period of 3 months thereafter in order for us to compile the responses in a report. Statistics which do not contain personal data are stored indefinitely or until the statistics are deleted. | |
Enabling functionality on our websites
Personal data | Legal basis |
|---|---|
| Legitimate interest. Processing is necessary in order to fulfil our legitimate interest of enabling the functionality of our websites for the purpose of providing a better user experience. |
Retention period: Personal data is retained for this purpose throughout your visit and for a period of 12 months thereafter in order for us to fulfil our legitimate interest of providing a better user experience. | |
Following up and evaluating the use of our websites, digital channels, apps, and services
Personal data | Legal basis |
|---|---|
| Legitimate interest. Processing is necessary in order for us to fulfil our legitimate interest of following up on and evaluating the use of our websites, digital channels, apps, and services. |
Retention period: Personal data is retained for this purpose for a period of 3 months. Statistics which do not contain personal data are stored indefinitely or until the statistics are deleted. | |
Recording phone calls for training and quality purposes
Personal data | Legal basis |
|---|---|
| Legitimate interest. Processing is necessary in order for us to fulfil our legitimate interest of ensuring the necessary technical functionality of our websites, apps, and services. |
Retention period: Personal data is retained for this purpose for a period of 1 month from the time of the conversation. | |
Ensuring necessary technical functionality and security
| Personal data | Legal basis |
|---|---|
| All relevant categories of personal data. | Legitimate interest. Processing is necessary in order for us to fulfil our legitimate interest of ensuring the necessary technical functionality and security of our websites, apps, and services. |
| Retention period: Personal data is retained for this purpose for as long as your user account is active. Personal data in logs is retained in order to fulfil our legitimate interest of troubleshooting and incident management for a period of 12 months from the log entry time. |
Managing and defending legal claims
| Personal data | Legal basis |
|---|---|
| All categories of personal data that are necessary for managing and defending a legal claim in an individual case. | Legitimate interest. Processing is necessary in order for us to fulfil our legitimate interest of managing and defending legal claims. |
| Retention period: Personal data is retained for the period required in order for us to manage and defend the legal claim. |
Fulfilling legal obligations
| Personal data | Legal basis |
|---|---|
| All categories of personal data as are necessary for fulfilling the legal obligation. | Fulfilling a legal obligation. Processing is necessary in order for us to fulfil our legal obligations. |
| Retention period: Personal data is retained for the period required in order for us to fulfil each of our legal obligations. By way of example, personal data in accounting material is retained for 7 years from the end of the calendar year in which the relevant financial year ended in accordance with the Swedish Accounting Act (1999:1078). |
When we share your personal data with different recipients
See below for detailed information on the categories of personal data we share with different categories of recipients for various purposes and on which legal basis we do this.
Partners
Carrying out events, and other activities
Personal data | Legal basis for the transfer |
|---|---|
| Legitimate interest. Processing is necessary in order for us to fulfil our legitimate interest of carrying out events, and other activities. |
Social networking platforms
Communicating what we offer and providing offers via various channels
Personal data | Legal basis for the transfer |
|---|---|
| Legitimate interest. Processing is necessary in order for us to fulfil our legitimate interest of communicating and distributing offers, via various channels, regarding our services. |
Communicating about our services
Personal data | Legal basis for the transfer |
|---|---|
| Legitimate interest. Processing is necessary in order for us to fulfil our legitimate interest of communicating about our services. |
External parties
Communication between employees and external parties
Personal data | Legal basis for the transfer |
|---|---|
| Legitimate interest. Processing is necessary in order for us to fulfil our legitimate interest of facilitating business communication between employees and external parties. |
Other recipients
| Purpose | Legal basis for the transfer |
|---|---|
| _Managing and defending legal claims_ Only the personal data that is necessary for this purpose is shared with the recipient. |
Legitimate interest. Processing is necessary in order for us to fulfil our legitimate interest of managing and defending legal claims. |
| _Fulfilling legal obligations_ Only the personal data that is necessary for this purpose is shared with the recipient. |
Fulfilling a legal obligation. Processing is necessary in order for us to fulfil our legal obligations. |
| _To respond to a legal request_ Only the personal data that is necessary for this purpose is shared with the recipient. |
Legitimate interest or to fulfil a legal obligation. To the extent that we are obliged to respond to a legal request, personal data is processed in order to fulfil this legal obligation. Otherwise, processing is based on a balance of interests when it is necessary to fulfil our and the requester’s legitimate interest in our responding to the enquiry. |
Categories of personal data
In the table below you will find further information on the categories of personal data we process.
| Category of data | Example of data |
|---|---|
| _User-generated data_ Data that you provide when using our apps, and services and websites and digital channels. |
Data on clicks, visits, and your behaviour on our websites, digital channels, apps, and services. |
| _Audio and video materials_ Data such as your image when photographed or your voice when recorded. |
Photography, film, audio file. |
| _Health data_ Data on your health. |
Allergies or other intolerances. |
| _Identity information_ Data that makes it possible to identify you. |
Name, personal identity number, username, IP address. |
| _Communication_ Data included in communications with us. |
E-mail content. |
| _Contact information_ Data that enables us to contact you. |
Address, phone number, e-mail address. |
| _Payment and purchase information_ Data |
Name, date of birth, expiry date and certain figures from your card number, address, phone number and purchase information and transaction history. |
| _Order information_ Data on an ordered service. |
Service, delivery time, price. |
| _Organisational information_ Data related to your organisation. |
Title, name of company or organisation, address of the person or organisation. |
| _Profile data_ Data about your user profile when using our services. |
Profile settings. |
| _Technical data_ Technical data related to the device you use when using our apps, and services and websites. |
App version, device information, operating system, browser, screen size, internet connection. |