PRIVACY POLICY
For Anekdote’s customers
Data controller: Anekdote AB, 559335-6248, Granudden 27, 871 40 Härnösand, Sweden (“Anekdote”, ”we”, ”our”, “us”)
Contact e-mail: info at anekdote.se
When you as a customer of Anekdote use our website, app and services, we always aim to protect your personal information. This Privacy Policy is meant to help you understand what data we collect, why we collect it, and how you can update, manage, export, and delete your data.
Our website, app and services are not directed or marketed towards children. We do not knowingly collect information from children without parental consent except, except when collection directly from children is in compliance with applicable laws.
Definitions
In this Privacy Policy, we use the following definitions:
“Data Controller”
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by European Union or national law, the controller or the specific criteria for its nomination may be provided for by European Union or national law.
“End-User”
A user of the app you create and run through our service.
“GDPR”
The regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation).
“Personal Data”
Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- Categories of collected personal data and reasons for collecting
- We collect the following categories of personal data from you and for the following reasons:
Category and Description
User Data
This is personal data that we need to create your account and enables you to use our services. The type of data may vary depending on the type of services you use and how you create your account. This may include:
- Username
- Full personal name
- Email address
- Phone number
- Address
- Country
We receive most of this data directly from you when you sign up for our services. Some of the data (e.g. country) is collected directly from your device.
Account Data
This is personal information that is specific to your account on our services and consists of:
- username
- password
- email address
Company Data
This is information that distinguishes your company from any other company, such as:
- company registration number
- corporate form
- registered address
- VAT number
Payment Data
If and when you make any in-app purchases we may receive limited information to verify said purchase(s). Such data may include:
- that a purchase has been made by you
- whether the purchase was successful
- the payment date
- the third-party service used for the payment
- a unique identifier, that will make it possible for us to verify purchase process.
We do however not process any payment details relating to your bank accounts or credit cards.
Communications
You may choose to communicate with us in a number of ways in order request information about our services, register for our newsletter, request customer or technical support, apply for a job, or otherwise communicate with us. When doing so we may collect your personal information, such as:
- username
- chat messages, email content, email address, phone number, or mailing address
End-User Data
In case you collect any Personal Data about End-Users and store End-User Data in our service, that same End-Users Data will be collected by us. Such data collected by us depends on the data you collect from your end-users, but may consist of:
- username
- email address
- phone number
- date of birth
- gender
- street address
- country
- Payment Details
For clarity, you are solely responsible for the legality of your collection of End-User Data.
Control Data
In order to verify your Company Data we may collect the following directly from you:
- Ratsit search results
- DUNS registrations
Job Applications
You may be interested in working for us. If you apply for a job or internship, we will collect the information you submit to us. Typically, such information consists of:
- Your personal application
- CV and cover letter
- Professional qualifications
- Contact information such as email and/or phone number
- We collect the following categories of personal data from third parties and for the following reasons:
Error logs/bug searches
In case there are any malfunctions or errors on our website or on our services, we may collect information regarding error logs/bug searches from technical solutions, such as servers, log files and cookies, in order to ensure security, provide maintenance, maintain functionality and for service development on our website and our services. For clarity, any such error logs/bug searches will be anonymous, meaning we will inly collect information stating how many customers have reported a certain error or malfunction.
Control Data
In certain scenarios we may collect data directly from a third party to verify the accuracy of your Company Data. Such data may consist of:
- Ratsit search results
- DUNS registrations
Usage Date
This is aggregated and anonymized data that we collect from our service providers as and when you use the service:
- Technical data, such as, IP address, login information, browser type and version, time zone setting, browser plug-in types and versions, operating system, and platform
- Data about your visits on our website (clickstream, date, time etc)
- Data about which site you visited prior to our service
- The time and date of your visit on our service, and the time spent on our site
- Data about page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page
- Information about your devices, device identifiers, and from which devices you visit our website and make use of the service, which may include mobile network information (including phone number), IP address, language and time zone, operating system, hardware version, device locations (including country specific geographic locations)
- Other online identifiers (such as cookies, pixel tracking technologies)
- Processing of personal data and reasons for processing
- We may carry out the following processing measures regarding you Personal Data, for the following legal bases and regarding the following categories of Personal Data:
Processing: | Legal basis: | Category: |
Invoicing | Performance of contract | User Data Account Data Company Data Control Data |
Service provision | Performance of contract | User Data Account Data Company Data Payment Data Control Data End User Data |
Service and IT support | Performance of contract Legitimate interest | Usage Data Error logs/bug searches |
Marketing and promotion of the service | Legitimate interest ORConsent | User Data Account Data Usage Data |
Communicating | Performance of contract | User Data Company Data Account Data Communications |
Investigating and handling breaches | Performance of contract OR Consent | User Data Account Data Company Data Control Data Payment Data Communications Usage Data Error logs/bug searches |
Fulfilling third-party contracts | Performance of contract | User Data Account Data Company Data Usage Date Payment Data Control Data |
Fulfilling legal obligations | Legal obligation | User Data Account Data Company Data Usage Date Payment Data Control Data |
Employment | Consent | Job Applications |
Developing the service | Legitimate Interest | Usage Data |
Storing | Legal obligation | User Data Account Data Company Data Usage Date Payment Data Control Data End-User Data |
- Sharing of personal data and reasons for sharing
- We may share your Personal Data with the following parties and for the following reasons:
Party:
IT support provider
In case we engage a third-party IT support provider, we may need to share your Personal Data regarding your contact information, your account details, your company registration number, your VAT number and other company information, in order for the IT support provider to provide IT maintenance, maintain IT functionality and for IT service development.
Financial service provider
We usually engage third-party financial service providers in order to facilitate payments for our services. We may in such case share your contact information, your account details, your company registration number, your VAT number and other company information. For clarity, we never collect or share any financial information about you, such as your credit card number and your banking information.
Marketing partners
We may share your personal data, such as your name and email address, with our business partners, on the legal basis of your consent.
Re-structuring partner
If we undergo a re-structuring of its company structure, we may need to disclose your Personal Data to a third-party company or re-structuring partner.
Potential buyer of the service
If we are subject to a company or asset transfer, we may disclose your Personal Data to any potential buyers of the company or the company’s assets. For clarity, all Personal Data stored by us could be transferred assets.
Public authorities
In case we are legally obliged to or we need to disclose any information, in order to enforce or apply our terms of use or other agreements, or to protect the rights, property, or safety of us, our customers, or others, to a public authority or a court, we may also need to share your Personal Data with such public authorities or courts.
- Sharing of personal data outside of the European Economic Area
- Sharing of your Personal Data as described in this Privacy Policy can involve transferring your Personal Data outside the European Economic Area (EEA). When we share your Personal Data with a party outside of the EEA, we will take reasonable measures to ensure that that your Personal Data is protected to the same level as within the EEA as far as possible. This includes using specific privacy contracts approved by the European Commission, especially designed to give your Personal Data the same protection outside of the EEA as inside of the EEA. Additionally, we always use such safeguards and adhere to such requirements of data safety as required by law.
- You may have the right to request a copy of the safeguards we use to protect your Personal Data. Please contact us at info at anekdote.se for any questions regarding this.
- Links to third-party websites and third-party services
- We may include links and connections to third-party websites or services from our communications or in our service. Such third parties are only parties with which we cooperate, for example third-party financial service providers engaged in order to facilitate payments on our services. For clarity, we are not responsible for any handling of your Personal Data by such third parties.
- We may include links and connections to third-party websites or services from our communications or in our service. Such third parties are only parties with which we cooperate, for example third-party financial service providers engaged in order to facilitate payments on our services. For clarity, we are not responsible for any handling of your Personal Data by such third parties.
- How we store your data and for how long
- We will store your Personal Data in a secure and safe manner. The Personal Data will only be accessible to out employees to the extent the access is strictly necessary. We ensure that no third parties will access your Personal Data apart from the third parties and the purposes described under Sections 5-6 above, and we take all reasonable measures to ensure that your Personal Data is protected from any type of threat, such as loss, alteration, unauthorized disclosure, or unauthorized access.
- We will only store your Personal Data for as long as it is strictly necessary and relevant for us to use, for the reasons described in this Privacy Policy. When we no longer need to store your Personal Data, it will be deleted from any and all digital and/or physical files, cloud spaces or other storage spaces at our premises.
- Your privacy rights
- Under the GDPR, you may have the following rights regarding our processing of your Personal Data:
Right:
Access
You have the right to know whether we process your Personal Data. If we do, you also have the right to request access to all Personal Data and relevant information relating to your Personal Data from us.
Rectification
If you believe the Personal Data we store about you is incorrect, you have the right to ask us to correct the Personal Data.
Erasure
You have the right to request that we erase all your Personal Data permanently, also known as the right to be forgotten.
Restrict processing
You have the right to limit what types of processing measures we take with your Personal Data in certain situations. This however means that we are allowed to continue to store you data, but you may ask us to stop all other processing of your Personal Data. This right can be exercised for example in connection with a request to correct incorrect Personal Data, so that the incorrect Personal Data is not used until it has been corrected.
Data portability
You have the right to request that we send all your Personal Data, that we have access to, to you or directly to another Data Controller.
Objection
You have the right to object to any processing of your personal data, even when we have a legitimate legal reason to process it. When we process your Personal Data on the basis of our legitimate interest, you can object to the processing if you believe your interest of privacy outweighs our interest for processing. In case you object to any direct marketing reasons for processing, we will always adhere to your objection.
Withdrawal of consent
When we process your Personal Data on the basis of your consent, you have the right to at any time withdraw your consent. After the withdrawal, we may not process that Personal Data. Please note that your withdrawal of consent does not affect the time prior to your withdrawal, and that some aspects of for example an initiated marketing campaign cannot be stopped once initiated, even though you withdraw your consent.
Submit complaints
If you are unhappy with our processing of your Personal Data, you have the right to submit a complaint to the relevant supervisory authority. In Sweden, the relevant supervisory authority is Integritetsskyddsmyndigheten.
- If you would like to exercise any of the above rights, please see our contact information under Section 10. Please note that you may not have the right to exercise all of the rights as listed above in Section 9.1.
- Changes to this policy and contact information
- We may update this Privacy Policy at its own discretion. Any updates will be made available in this Privacy Policy before the changes enter into effect. Continued use of our website, apps and services after the changes of this Privacy Policy has entered into effect, will be deemed as an approval of the updates.
- In case you need to reach out to us regarding this Privacy Policy, please send us an e-mail at info at anekdote.se. This e-mail is the same as stated at the beginning of this Privacy Policy.