Privacy Policy
General
We work with digital services, and it is difficult to conduct our business without collecting and processing a certain amount of personal data. Personal data is any information relating to an identified or identifiable person, such as name, email address, and photo. However, every person values their privacy. Therefore, we are also committed to protecting the privacy of our customers, employees, partners, and job applicants.
Adapty processes personal data relating to its customers, employees, and job applicants in accordance with this privacy policy and applicable laws. We may update this privacy policy due to changes in our business or applicable laws.
We also often act as a data processor for our customers. The principles for data processing regarding this are described in our customers' privacy policies and in the agreements we enter into with our customers.
Data Controller
The data controller for the processing of personal data according to this privacy policy is (hereinafter also referred to as "Adapty", "us" or "we"):
Adapty AB
Org. NO: 556723-7689
Korsgatan 10
411 16, Gothenburg
Sweden
Phone: +46722029386
Email: info@adapty.se
Contact persons for privacy matters:
-
HR: Erik Hård Af Segerstad, CEO, erik@adapty.se
-
Sales & Marketing: Hannes Hård Af Segerstad, Sales & Customer Success, hannes@adapty.se
For what purposes does Adapty collect and use personal data and what is the legal basis for processing personal data?
We collect, store, and process personal data relating to customers (existing and potential), employees, and job applicants only for predefined purposes. We also always ensure that there is at least one legal basis for the processing of personal data. The main purposes and the applicable legal basis for the processing of personal data are:
-
Provision and delivery of our services. We collect and process personal data to fulfill contractual obligations related to the provision of our services. During the customer relationship, we also use personal data for billing, collection, complaint handling, and customer support purposes. The legal basis for this processing is an agreement between Adapty and the customer, or preparations made to enter into an agreement, as well as our legitimate interest.
-
Sales and marketing. We contact potential customers and conduct direct and digital marketing, such as advertising on social media and search engine marketing. We may also perform marketing based on customer profiles. The legal basis for this processing is primarily our legitimate interest. However, a person always has the opportunity to object to direct marketing. We do not sell or rent personal data for marketing purposes to third parties.
-
Customer communication. We collect and process personal data for customer communication purposes, such as handling support requests and feedback and for making service announcements. The legal basis for this processing is our legitimate interest, possibly also an agreement between Adapty and the customer.
-
Analysis and business development. We may also use personal data to develop our business related to the development of digital services. The legal basis for this processing is our legitimate interest.
-
Fulfill legal obligations. We may also use personal data to fulfill legal obligations (e.g., accounting, employment contract law, tax legislation).
-
HR and recruitment. Personal data relating to employees is primarily collected and used for HR administrative purposes, such as payroll, fulfilling other rights and obligations related to employment contracts, and complying with legal requirements related to employment. The legal basis for this processing may be to fulfill an agreement between Adapty and the employee, consent, and to fulfill legal obligations related to employment. In recruitment situations, we use personal data primarily to prepare an employment contract and based on the job applicant's consent. Based on consent, we may also process personal data from sources other than the job applicant.
What personal data does Adapty collect and from what sources?
We collect, store, and use personal data primarily relating to our customer contacts (including potential customers), employees, and job applicants.
We collect personal data relating to our customers and potential customers primarily from the individuals themselves. We also collect data on the use of our website with Google Analytics. During the customer relationship, we also collect and store data, but this mainly concerns the company, not an individual. Information about potential customers can also be collected from other service providers and public sources, such as LinkedIn.
Usually, we receive the following information about customers and potential customers from the person themselves:
-
company name
-
person's name
-
position/title
-
work email
-
work phone
-
marketing preferences (opt-in/opt-out)
-
contact for support matters
-
contact for contractual matters
Similar information may also be obtained from other service providers and public sources.
Employee data is collected from the employee and with consent from other sources. We may also process personal data generated during employment.
We collect and store the following personal data about employees in particular:
-
name
-
personal identity number
salary and information required for the payment of salaries and withholding of taxes
-
contact information
-
sick leave information (for legal obligations related to employment)
-
other information (with consent)
Job applicant data is obtained primarily from the candidate themselves and with the person's consent from other sources.
With regard to job applicants, we process the following personal data in particular:
-
basic contact information
-
education, experience, skills, and previous employers
-
application and CV
-
eferences (with consent)
-
LinkedIn profile (applies to applicants, with consent)
-
results from recruitment and selection tests (with consent)
-
statement about the person's work ability (with consent)
Who processes personal data? Are they transferred to anyone?
People within our organization have access to personal data in order to perform their duties. The more sensitive the data, the fewer people have access.
We store most data only in electronic form, and we use a large number of different digital services and tools to carry out our work. Such service providers can be considered data processors for Adapty. We use third-party services particularly in the following matters:
-
cloud storage;
-
project management and communication;
-
marketing automation and CRM;
-
finance and accounting;
-
internal communication;
-
email marketing;
-
web hosting;
-
customer chat and support systems; and
-
electronic signing of agreements.
In these situations, we contractually and otherwise ensure that the confidentiality of personal data is protected and that the data is processed and transferred legally and only for our benefit.
We may also transfer personal data to a third party to fulfill a legal obligation or a request from an authority. We may also transfer personal data to a third party if we are involved in a business sale or restructuring.
Export to Sheets
Is personal data transferred outside the EU?
Personal data is primarily processed within the EU, but since the data is mainly stored electronically, some of the cloud services we use may be located outside the EU. These include, for example, Google. If personal data is transferred outside the EU, we ensure that it is done with appropriate safeguards. Appropriate safeguards may involve (1) transferring data to a recipient located in a country that is approved (according to the EU Commission's decision from time to time), (2) transferring data to a recipient that is Privacy Shield certified (if it is a US company), or (3) that the transfer takes place using standard contractual clauses published by the EU Commission.
How long is the data stored?
We will not store personal data for a longer period than is necessary for its purpose or required by contract or law. The storage times for personal data may vary depending on its purpose and situation, as well as on the legal basis for processing personal data. The data may be deleted (1) when a person withdraws their consent or requests deletion of their data and we have no other basis for processing personal data, (2) when a contractual relationship ends, (3) or when the data becomes outdated or incorrect. The storage time may also be based on laws (e.g., accounting, tax legislation). We may also update information from time to time.
How is the data stored and protected?
Personal data is stored primarily in electronic form and is protected in accordance with general industry standards and practices. We consider and keep personal data confidential. Access to personal data is also protected with user-specific logins, passwords, and user rights. We do not sell or rent personal data for marketing purposes. Our premises are also safe and secure.
Is it mandatory to provide personal data? What happens if you do not provide it?
We need a certain amount of personal data, especially in customer relationships, to enter into and fulfill agreements. In the case of employment, we also need to process at least the personal data required to fulfill employment contracts and legal obligations relating to employment.
Does the website use cookies and what are they?
We use cookies on our website to provide the best possible user experience for our visitors. Cookies are small text files that are placed on a web user's computer and are designed to hold a small amount of data specific to a user and a website. Cookies provide us with information about how users use our website. We may use cookies to develop our website and services, analyze website usage, and target and optimize marketing efforts. If you do not want to receive cookies, you can set your browser to disable them. Please note that most browsers accept cookies automatically. If you disable cookies, you should be aware that some services on our website may not function properly.
What rights do you have?
-
Withdraw your consent: If we process personal data based on your consent, you can withdraw your consent at any time by notifying us, for example by contacting us using the contact details above.
-
Access to data: You have the right to obtain confirmation as to whether or not we are processing your personal data and also to know what information we have about you. In addition, you have the right to certain supplementary information described in the law regarding the processing activities.
-
Right to rectification: You have the right to request that we correct any inaccurate or outdated personal data we have about you.
-
Right to object to direct marketing: You have the right to request that your personal data not be processed for direct marketing purposes by contacting us using the contact details above.
-
Right to object to processing: If we process your personal data based on public interest or our legitimate interest, you have the right to object to the processing of your data, insofar as there is no other significant reason that would override your rights or the processing is not necessary to handle legal claims. Please note that in this situation we may not be able to serve you anymore.
-
Right to restriction of processing: In certain situations, you have the right to request that we restrict the processing of your personal data.
-
Right to data portability: If we process your personal data based on your consent or fulfillment of an agreement, you have the right to request the transfer of the data you have provided to us to another service provider in a commonly used electronic format.
How can you exercise your rights?
You can exercise and use your rights by contacting us, for example by using the contact information above. Also, remember that we need to take reasonable steps to verify your identity before we exercise your rights. If you believe that the processing of your personal data is not lawful, you can always also file a complaint with a supervisory authority (the Swedish Data Protection Authority; www.imy.se).
Can this privacy policy be updated?
We may make updates to this privacy policy when our business changes or develops. Changes in the law may also make it necessary to update this privacy policy. The changes will become effective when we have published them in the form of an updated privacy policy. Therefore, visit this page and read this privacy policy from time to time.