PRIVACY POLICY

This Privacy Policy describes how Diabetesia will process your personal data when you visit our website diabetesia.se, contact us via phone, e-mail or social media, or when we perform an assignment. The terms “we, ours, our and us” below refer to Diabetesia.

Diabetesia is the data controller for our processing of personal data and we always process personal data in accordance with applicable law, including the EU’s General Data Protection Regulation. 

We want you to feel secure with the data we process and for the purposes we process your data. We therefore request that you read this privacy policy that describes how we process your personal information and which also provides you with information about your rights according to law. You are always welcome to contact us if you have any questions about our processing of your personal data. You will find our contact information in section 6 below.

1. What personal data do we process?

We process the following personal data about you:

  • Name, title and picture,

  • Information about the organisation that you represent,

  • Contact information, such as address, phone number and e-mail address, 

  • Correspondence, documentation, and meeting notes, and

  • Information about your contacts with us via phone, e-mail, and social media such as Facebook, Instagram, and LinkedIn.

 

In the event that we do not receive personal data directly from you, we can receive access to it from our employers or collaboration partners. 

We may receive emails and other correspondence that contain personal data about third parties, and we therefore processes such personal data. If required, we will inform you as a third party about the processing. 

2. For which purposes and according to which legal bases do we process your personal data?

Cooperation or business relationship between us and the organisation that you represent

If you represent an organisation that we have a cooperation or a business relationship with, we will process the personal data that you have submitted to us within and for this relationship. We will process your name, phone number, address, e-mail address, title, correspondence and documentation, meeting notes and information about the organisation that you represent. We do this in order to mainly perform assignments and to handle invoicing. The legal basis for our processing of your personal data is that it is necessary for the purposes of legitimate interests pursued by us to initiate cooperations and business relationships and to maintain and fulfill our commitments in these relationships. This means that our interest of processing your personal data as a representative of your organisation overrides your interest in protecting your personal privacy. If you do not submit your personal data, we will not be able to have a business relationship with your organisation or perform our commitments to the organisation that you represent.

Personal data that we process in order to initiate, maintain, and fulfill cooperations and business relationships with your organisation will be processed during the time our cooperation exists and as long as necessary to maintain and fulfill our commitments in the relationship with your organisation.

For marketing and information

We will process your name, phone number, e-mail address, address, title, and information about the organisation that you represent for the purpose of sending offers and information about Diabetesia and our business to your organisation. The legal basis for our processing of your personal data for this purpose is that the processing is necessary for our legitimate interest in being able to market products and services that we believe your organisation may be interested in. Our interest in processing your personal data for this purpose to further our cooperation with your organisation takes precedence over your possible interest in protecting your privacy. 

Personal data that we process to send offers and information about us to you or your organisation is processed as long as we have a relationship or an agreement with your organisation and one year thereafter. Alternatively, if shorter, as long as you represent an organisation that we are in contact with.

For marketing and contacts on our website and in social media

We process name, title, pictures, and information about your contacts with us through social media such as Facebook, Instagram, and LinkedIn for the purpose to market Diabetesia and sponsorships with third parties, and to handle contacts and messages in social media. The legal basis for our processing of your personal data for this purpose is that the processing is necessary for our legitimate interest in being able to market Diabetesia and other cooperations on the website and in social media, and to handle our contacts in these channels. Our interest of processing your personal data for this purpose takes precedence over your possible interest in protecting your privacy.

 

Personal data that we process for marketing and contacts on the website and in social media is processed as long as the post is relevant for marketing of Diabetesia, or as long as the processing is necessary to handle potential contacts.

For following up and optimising the website

When you visit our website diabetesia.se, our website supplier collects and processes information about how you use the website, such as information about web activity, clicking pattern, colour charts for the session and scrolling, as well as information about your device, operative system, web browser, display resolution, keyboard and language settings, internet service provider, referring page, exit page, date and time stamp etc. This information is collected and processed in an aggregated form and cannot be traced to you, and therefore does not constitute personal data. The purpose of collecting and processing this information is to follow up and optimise the website in order to provide as good content and user experience as possible.

For accounting 

We may process all categories of personal data described in this privacy policy and which constitute accounting information according to the accounting legislation for accounting purposes. The legal basis for our processing of your personal data for this purpose is that it is necessary to fulfill our legal obligations under the accounting legislation.

Personal data that we processes for accounting purposes is retained for seven years from the end of the calendar year when the current fiscal year ended. 

 

 

To defend our interests in the event of legal claims

We may process all categories of personal data described in this privacy policy when required in order for us to act against undue actions from customers, collaboration partners, and other external parties, and in order to ensure the defence of our rights in in relation to third parties (i.e. exercising or defending legal claims). The legal basis for our processing of your personal data is that the processing is necessary for our legitimate interest in being able to defend our interests in the event of legal claims. Our interest of processing your personal data for this purpose takes precedence over your possible interest in protecting your privacy.

Your personal data will be processed during the longest applicable retention period for the relevant category of personal data according to section 2 above. We may however store personal data for up to ten years considering the applicable statutes of limitation. In the event of a dispute, the personal data will be stored until they are no longer needed to defend our rights or until the dispute has been settled.

3. To who do we disclose the personal data and where do we process it geographically? 

Your personal data may be disclosed to and processed by others. Examples of third parties that we disclose your personal data to include external consultants such as auditors or other consultants for handling accounting and other matters in our business. These operators are independently responsible for their handling of your personal data. 

 

We also disclose your personal data to our collaboration partners and to our service providers who process personal data on our behalf, so-called personal data processors. We have agreements with our personal data processors to ensure that they process your personal data in accordance with this policy and our instructions. 

 

We may disclose your personal data in order to permit a merger, an acquisition or a sale of all or parts of Diabetesia’s assets.

We may disclose your personal data to public authorities that require us to disclose such personal data.

We and our collaboration partners process, as a general rule, your personal data only within the EU and EEA. Should personal data be processed outside of the EU and EEA, we will take measures to ensure that the personal data continues to be equally protected and also take the necessary measures to legally transfer personal data to countries outside of the EU and EEA. 

4. Storage of personal data 

We will only process personal data as long as there is a need to retain them in order to fulfill the purposes for which the data was submitted or collected, in accordance with what is indicated for the respective purposes under section 2 above. The same personal data may be stored in several different places for different purposes. This may mean that data which has been removed from a system because it is no longer necessary there and for that purpose may remain in another system for another purpose where the personal data is still needed. 

Your personal data may be stored for longer period of time than stated above if it is necessary in order to comply with legal requirements or government decisions. 

5. Your rights

When we process your personal data you have certain rights according to law. Please note that exercising these rights is subject to certain requirements and conditions specified by law (EU’s General Data Protection Regulation) 

Information, access, rectification and erasure etc. 

You have the right to request, in writing and free of charge, to receive information about what personal data we have registered about you. You can, at any time, request rectification of incorrect information and you may also have the right to request that we erase personal data we have registered about you, request that the processing is restricted or object to the processing and request that we provide you with a copy of this personal data. 

If you do not have grounds for your request or your request is unreasonable, we have the right to refuse to meet your request or to charge an administrative fee for costs incurred by your request. 

Data portability 

You may also have the right to obtain personal data relating to you and that you have provided to us in a structured, generally used and machine-readable format, and you may have the right to transfer this data to another personal data controller when technically possible. 

 

 

Objections

You may, at any time, object to the processing of personal data based on our legitimate interests, e.g. direct marketing. We will subsequently no longer be able to process the personal data if we are unable to prove compelling legitimate grounds for the processing that override your interests, rights and freedoms or if it is for the establishment, exercise or defence of legal claims. If you do not wish for us to process your personal data for direct marketing, please notify us through our contact information in section 6 below. We will then cease to process your personal data for this purpose.  

Your right to file a complaint 

If you are dissatisfied with how we have processed your personal data, please contact us, see our contact information in section 6. You also have the right to file a complaint about our personal data processing to: 

Swedish Authority for Privacy Protection

Box 8114

104 20 Stockholm

imy@imy.se

6. Data controller and contact information

Data controller for Diabetesia is Sofia Segersson, corporate identity number 9303281506.

You can contact us as follows:

7. Changes

We reserve the right to change and update this privacy policy. In the event of material changes of the privacy policy or if existing personal data is to be processed in another way than specified in the privacy policy, we will inform you of such changes in an appropriate manner.