Last update: October 15, 2019
At eddbee group AB (”eddbee”), we take data protection seriously. Safety of your data is of paramount importance to us.
1. WHAT PERSONAL DATA DO WE PROCESS?
When registering an account on Eddbee-platform or during your use of it, we process the following general account data as inserted by you, the user:
IP address and high-level location
Metadata regarding Service usage
PURPOSES AND LEGITIMATE GROUNDS FOR PROCESSING OF PERSONAL DATA
Purposes of processing
To provide you the Service
We process personal data in the first place to be able to offer Service to our Users in accordance with their user contract.
We may process personal data for the purpose of communicating with Users.
For analytics and Service improvements
We may process aggregated information regarding the use of Service to improve our service quality. When possible, we will do this using only aggregated, non-personally identifiable data.
With your consent we may show or send you advertisements within Service.
Legal grounds for processing
We process personal data on the basis of a user contract, which is formed in connection with the creation of an account and acceptance of our terms and conditions. We may also process certain information to comply with legal obligations, such as consumer protection legislation.
3. SHARING YOUR PERSONAL DATA
We may share data with our group companies, subsidiaries and affiliates. Otherwise we do not share personal data with third parties outside of our organization unless one of the following circumstances applies:
For legal reasons
We may share personal data with third parties outside ”eddbee”'s organization if we have a good-faith belief that access to and use of the personal data is reasonably necessary to: (i) meet any applicable law, regulation, and/or court order; (ii) detect, prevent, or otherwise address fraud, security or technical issues; and/or (iii) protect the interests or safety of ”eddbee” or our Users in accordance with the law. Where possible, we will inform Users about such transfer and processing.
To our authorized service providers
With your explicit consent
We may share personal data with third parties outside ”eddbee”'s organization for other reasons than the ones mentioned before, when we have the User’s explicit consent to do so. The User has the right to withdraw this consent at all times.
4. SAFEGUARDING YOUR DATA
We do our best to keep your data safe and secure.
We use administrative, organizational, technical, and physical safeguards to protect the personal data we collect and process. Measures may include, for example, where appropriate, encryption, pseudonymization and access right systems. Our security controls are designed to maintain an appropriate level of data confidentiality, integrity, availability, resilience and ability restore the data. %p We regularly test our Service, systems, and other assets for security vulnerabilities.
We will take all reasonable precautions to ensure that our staff and emplees who have been specifically granted access to information about you have received adequate training to ensure that they process that information only in accordance with this policy and with our obligations under applicable legislations.
Should despite of the security measures, a security breach occur that is likely to have negative effects to your privacy, we will inform you and relevant authorities as required by applicable data protection laws.
5. HOW LONG DO WE KEEP YOUR DATA?
Service does not store personal data longer than is legally permitted and necessary for the purposes specified above. The storage period generally depends on the duration an account lifecycle unless data has been deleted upon request.
6. YOUR RIGHTS
Right to access
You have the right to access your personal data processed by us. You may contact us and we will inform you what personal data we have collected and processed regarding you.
Right to withdraw consent
In case the processing is based on your consent, you may withdraw the consent at any time. Withdrawing a consent may lead to fewer possibilities to use Service. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
Right to correct
Users have the right to have incorrect or incomplete personal data we have stored about the User corrected or completed. You can correct or update some of your personal data through your user account in the Service.
Right to erasure
Users may also ask us to erase the User’s personal data from our systems. We will comply with such request unless we have a legitimate ground to not delete the data.
Right to object
Users may object to the processing of personal data if such data are processed for other purposes than purposes necessary for the performance of Service to the User or for compliance with a legal obligation. In case we do not have legitimate grounds to continue processing such personal data, we shall no longer process the personal data after your objection.
Right to restriction of processing
Users may request us to restrict processing of personal data for example when your data erasure, rectification or objection requests are pending and/or when we do not have legitimate grounds to process your data. This may however lead to fewer possibilities to use Service.
Right to data portability
Users have the right to receive their personal data from us in a structured and commonly used format and to independently transmit those data to a third party.
How to use the rights
The above-mentioned rights may be used by sending a letter or a secured e-mail to us on the addresses set out below, including the following information: the full name, company name, address, e-mail address and a phone number. We may request the provision of additional information necessary to confirm the identity of the User. We may reject requests that are unreasonably repetitive, excessive or manifestly unfounded.
7. DATA OF CHILDREN
We do not knowingly process data of children under the age of 18.
Please note that according to our terms and conditions we reserve the right to delete accounts of children, in particular if no proof of parental consent is provided.
8. ANONYMIZED DATA
We may aggregate and anonymize data collected via the application. Such data will be anonymous and cannot be connected to an individual User, therefore no longer qualifying as personal data. We may use this type of anonymous data for analytics, statistics, research, communications and PR purposes as well as for trend detection and for benchmark data.
9. OUR CONTACT INFORMATION
E-mail address: email@example.com
Welcome to Eddbee-platform!
Thank you for using Eddbee-platform mobile app, the web version or through partners (the "Service"). The Service is provided by ”eddbee” AB
Use of the Service
Use of the Service requires a service registration. The service can not be abused, for example by addressing the operation of the service, or by trying to use the Service in other way than Eddbee group AB or ”eddbee”'s partners have instructed to do. We may suspend or terminate the Service, if we suspect miss-usage or the user does not comply with the conditions and practices of the Service.
By using the Service, you will not own the intellectual property rights of the content produced. You can use the content of the Service only by ”eddbee” permission or otherwise permitted by law.
You may be transmitted in connection with use of the Service announcements, administrative messages and other information.
Use of the Service requires the creation of Eddbee-platform account. Protect Eddbee-platform account, by keeping your password confidential.
Information provided by the User in the Service
When using the Service the user can provide his/her opinion of the company attractiveness. Eddbee group AB owns all the rights provided by the users through the service. You do not have any rights for the data you have given or has been derived from this data.
Applications related to the Service
You can use the Service with your mobile terminal by downloading an application. The application can be updated automatically on your device as the new version or feature is available.
You can also access Eddbee-platform Service by web browser or through partner's site as part of their service.
You may not copy, modify, distribute, sell, or lease any of the Services or associated software, or parts of the application. Nor may you reverse engineer the Software or attempt to extract the source code, except where such restrictions are unlawful, or if you have received written permission for such activities from ”eddbee” .
Liability for our Services
Extent permitted by law Eddbee group ABand its suppliers and distributors or partners overall the responsibility for any claims subject to these terms and conditions, the implied warranties, including, is limited to the amount the user has paid for ”eddbee” .
The Service, its use and the information provided by the Service or is derived from the Service is not considered investment advice within the meaning of The Investment Services Act (747/2012). The service is not financial analysis or a recommendation to buy or sell securities. Eddbee group AB can not guarantee the accuracy of the content.
As a user, you are doing all the conclusions from the data collected, produced and presented in the Service. ”eddbee” , its suppliers, distributors or affiliates shall in no situation be liable for any loss or damage of any kind of use of the Service.
Use of the Services in Business Context
We want to clarify the responsibility of the Company to protect your rights and your integrity. Therefore, we will in this policy explain how we use the personal data that you share with us to enable us to offer you the Company’s services and to give you the best possible experience when using them, the applications, the website and when you are in contact with us. The policy describes what personal data we collect and how we use it under the rules set out in the EU’s new data protection regulation, (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC) (“GDPR”). The policy also describes your rights and how you can exercise them.
1. General information
1The “Company”) provides services through our eddbee shares (“the Service”). The Company is the controller for the processing of the personal data that is registered or created when you use the Service.
When you as a costumer creates an account and/or use the Service, the Company processes your personal data by obtaining and providing information on your mobile phone, tablet or other devices.
2. Terminology and definitions
2.1. The following terms are used in this policy with the meanings stated below:
2.2. Personal data refers to all types of information that directly or indirectly can be attributed to a natural person who is alive. This could mean name, personal identity number, address etc. Encrypted data and several types of electronic identifiers (such as IP addresses) are considered personal data if they can be linked to natural persons.
2.3. Processing of personal data refers to everything that happens to the personal data. Every action taken with personal data represents processing, irrespective of whether it is performed in an automated manner or not. Examples of common forms of processing is collection, registration, organizing, structuring, adaptation or alteration, transmission and erasure.
3. Data that we collect
3.1. Data that you provide to us
3.1.1. Registration – when creating an account you must provide information such as your personal identity number through various BankID, your e-mail address and your mobile phone number. We supplement your registration with name and address delivered by customer.
3.1.2. Enhanced customer due diligence – to comply with the rules that we must follow, we will from time to time ask for further information about you, i.e. in which country you were born, in which countries you hold a citizenship, in which country you are resident for tax purposes, what your occupation is and if you or someone in your family or a person known to be a close associate with you is or has been a politically exposed person.
3.1.3. The processing of this data is a prerequisite for you to be able to use the Service and is undertaken to enable us to fulfil our agreement with you, as well as to enable us to fulfil statutory obligations.
3.2. Data from others
3.2.1. In addition to the data that you provide us with, we may also collect personal data from another source (third party).
3.2.2. The processing of this data is a prerequisite for you to be able to use the Service and is undertaken to enable us to fulfil our agreement with you, as well as to enable us to comply with our statutory obligations.
3.3. Use of the Service
3.3.1. We store user data when you visit or use our Services, including our applications, websites and our platform technologies (for example add-ons outside of the website), such as when you visit or click on content and install or update one of our mobile applications. We use logins, cookies, device information and IP addresses to identify you and to log your use of the Service.
3.4. Cookies, web beacons and similar technologies
3.5. Your device and location
3.5.1. When you download the Company’s application on your mobile phone, tablet or other device the Company needs to store and obtain certain technical information from your device to be able to provide and update the Service. By downloading the application, you agree to the Company storing and obtaining certain technical information from the device. The processing of this data is a prerequisite for you to be able to use the Service and the information is stored to enable the Company to fulfil the agreement with you to provide to Service. If you no longer want the Company to store and obtain the technical information, you must uninstall the application.
4. This is how we use your data
4.1. As stated above, the Company process your personal data for several purposes based on various legal grounds. The Company mainly processes personal data to provide, administrate, develop and adjust the Service and its functionalities to fulfil our agreement with you. The personal data is also processed to ensure customer due diligence, to administrate the customer relationship with you, and to meet requirements related to security and other statutory obligations, to fulfil the Company’s legal obligations. The personal data in all sections above may also be used for market- and customer analysis, market surveys, statistics, business follow-up and business development and method development, which is based on either a consent that is obtained from you when you register to create an account at the Company, or on the Company’s legitimate interest to market itself and its services, and to develop and provide the costumers an improved supply of services.
4.2. The Company also processes your personal data to give you better and more personal offers and service. Personal data and information on positioning data may for example be processed, merged, segmented and analyzed, through targeted marketing, to provide information, offers or recommendations about our own or our partners goods or services, based on the user’s preferences, behaviors, needs or lifestyle. Such processing is based on either a consent that is obtained from you when you register to create an account at the Company, or on the Company’s legitimate interest to market itself and its services, and to develop and provide the customers an improved supply of services.
4.3. Furthermore, personal data may be processed to protect the Company’s legal interests or to discover, prevent or draw attention to fraud and other problems related to security or technology, which all constitute legitimate interests for the Company to perform the processing.
4.4. If you do not wish for the Company to process your personal data for direct marketing, you may announce this to the Company in writing through the contact information in section 10.
5. This is how we share your personal data
5.1. Personal data may be shared if it is necessary to comply with requirements provided in law or by authorities, in order for the Company to comply with legal obligations.
5.2. Furthermore, the Company may share your data to other parties in order to enable the processing of your transaction and to facilitate payments, enable updates of your transaction status and to send offers from the Company and the Company´s partners through SMS, e-mail or other direct marketing. This processing is performed to fulfil the agreement that you have entered with the Company and, in terms of marketing, based on a consent or a legitimate interest.
5.3. To be able to provide the Service the Company will share your personal data to partners. For the management of your data and information.
5.4. Where it is necessary to enable the Company to offer you the Service, we share your personal data with companies that act as processors for the Company. A processor is a company that processes the information on behalf of The Company and in accordance with the Company’s instructions. The Company has processors that assist the Company with IT-services, as well as companies that conduct marketing activities on behalf of the Company. However, the Company is always responsible for ensuring that your personal data is processed correctly. When your personal data is shared with processors, it is only for purposes that are compatible with the purposes for which The Company has obtained the information (for example to be able to fulfil The Company’s commitments in accordance with the agreement with you as a customer). The Company checks processors to ensure that they can provide sufficient guarantees regarding the security and secrecy of personal data. The Company has agreements with all processors (data processing agreements) under which the security of the personal data processed and undertake to fulfil The Company’s security requirements and requirements regarding international transmission of personal data.
6. Where is your personal data processed?
6.1. Your personal data is in general processed within the EU/EEA and other territories.
6.2. Your personal data may be transmitted to or stored in a country outside the EU/EEA, on and other territories the condition that there is a legal ground, i.e. a legal obligation or consent from you, and that there are appropriate safeguards or that The Company and its processors have taken adequate precautions. Appropriate safeguards are that an agreement is in place that covers EU standard agreement clauses or other approved clauses, codes of conduct, certifications, etc. approved in accordance with GDPR. See ec.europa.eu/info/law/law-topic/data-protection_en for further information. It is also required that the country outside the EU/EEA and other territories where the recipient is located has a reasonable level of data protection which is established by the European Commission, and that the recipient is certified in accordance with Privacy Shield (applicable to recipients in the United States).
6.3. Further information on transmission of personal data to countries outside the EU/EEA can be obtained on request.
7. Information about storage
7.1. Data storage
7.1.1. Your personal data is normally not stored for longer period of time than what is necessary to fulfil the purposes for which the data was collected. The Company will erase or de-identify the data collected that may be traced back to you when you terminate your account at The Company, except for such information that The Company is obliged to keep in accordance with law, normally ten years after you have terminated your account at the Company. The personal data is stored only to comply with such legal obligations or to protect the Company’s legal interests, such as if there is a pending legal process.
7.1.2. When an account is terminated, we normally erase information that is stored in the terminated account within 30 days of the termination of the account.
8. Your choices and rights
8.1. The right to access and control your personal data
8.2. Regarding personal data that we store about you:
· Delete personal data: you can request erasure of all or some personal data (for example if the data is no longer necessary to provide the Services).
· Change or correct personal data: you can edit some of your personal data through your account. You can also request that we edit, update or correct your personal data if, for example, the personal data is inaccurate.
· Object to or request limited or restricted processing of personal data: you can ask us to stop using all or some off your personal data or limit our processing of it.
· Right to object to a particular type of processing: you have the right to at any time object to the Company’s processing of your personal data if the legal ground for the processing is public interest or balance of interest under Article 6(1)(e) and (f) GDPR, or if the processing refers to direct marketing. You also have the right to at any time withdraw your consent regarding processing of personal data that is based on such consent.
· Right to access and/or obtain your personal data: you can ask us about information regarding the personal data that the Company processes about you and request a copy of the personal data in electronic form. You can also request to be informed about the purpose of the processing that the Company has conducted and who has received your personal data. If it is technically possible and the legal ground for personal data processing is consent or that the processing is necessary to fulfil an agreement, you have the right to obtain the personal data that you have provided us to transmit data to another controller.
8.3. The Company may charge an administrative fee in case of unfounded or implausible requests (for example if they are made repetitively). You will then be notified about this in advance. The Company will normally answer your request within one (1) month. Requests are made through firstname.lastname@example.org.
9. Other important information
9.1.1. We have appropriate safeguards designated to protect your information, such as encryption of your data during all processing. We supervise our systems regularly to discover possible weaknesses and attacks. We can, however, not guarantee the security of all information that you provide us. There is no guarantee that information cannot be accessed, exposed, changed or destructed through attacks on our physical, technical or administered firewalls.
9.2. Management of personal identity numbers
9.2.1. The Company will only process your personal identity number when it is clearly warranted in consideration of the purpose, necessary for a reliable identification or if there is any other notable reason. The Company always minimizes the use of your personal identity number as far as possible through, when it is sufficient, using a User ID that does not contain your birth date.
9.3. Legal grounds for processing
9.3.1. We will only collect and process your personal data when there is a legal ground for it. These legal bases include consent (when you have given us your consent), agreement (when processing is necessary for the execution of the agreement (for example to deliver the Services from the Company that you have requested)) and legitimate interests, such as to protect you, us or others from security threats or frauds, to improve your experience with the Service or to comply with the statutory obligations that apply to us.
9.3.2. If the processing of personal data is based on your consent, you have the right to withdraw your consent at any time. If the processing is based on legitimate interests, you have the right to object to our processing. If you have any questions about the legal grounds on which we collect and use your personal data, you may contact us in accordance with section 10 below.
9.4. The Company reserves the right to make changes in this policy at any time. The Company shall, with reasonable notice through website or application, inform users that hold an account at the Company in case of upcoming changes of the policy. If you do not accept the changes, you have the right to terminate the agreement with the Company before the revised policy enters into force. You terminate your agreement with the Company by terminating your account at the Company.
10.1. The Company is the controller and responsible for that your personal data is processed in accordance with applicable law.
10.2. Do not hesitate to contact the Company if you have any questions regarding the processing of your personal data or any complaints. eddbee group AB email@example.com