This Privacy Policy (the “Policy”) describes how Lifesum AB, reg. no. 556729-2841 (“Lifesum”, “we”, “us” or “our”), at the address Valhallavägen 117, Stockholm, Sweden, process your personal data when you visit and use our website or come into contact with us because of our business and services – usually because you represent a corporate customer, supplier or a partner to us, or a potential corporate customer, supplier or partner to us.
We are responsible for the processing of your personal data as described in the Policy in the capacity of data processor. If you would like to know more about our processing of your personal data, you are welcome to contact us, e.g. via the address above or via our email address: contact@lifesum.com.
It is important to us that you feel comfortable with our processing of your personal data, and we therefore ask you to read through this Policy, which we may update from time to time. If we make changes in the Policy, the new version applies from the time it is published on our website. At the top of the page, you can see when the last changes to this Policy were made.
The personal data we process relating to you is mainly collected from you when you visit and use our website or when we come into contact with you – e.g. via email, telephone or personal meetings. We may also collect your personal data from a third party, usually from the company you represent.
We only process your personal data to the extent necessary in accordance with applicable data protection legislation. This inter alia means that we need to have a legal basis for the processing we carry out and the purposes for our processing your personal data, which in our context generally mean one of the following legal bases.
Performance of a contract – the processing is necessary in order for us to be able provide our services to you or otherwise perform a contract between us (this applies only if you conduct your business in a sole proprietorship, which is usually never the case), or to take steps at your request prior to entering into a contract.
If you are acting on behalf of someone else, e.g. in the capacity of representative of a company (which is usually the case), our processing is carried out with reference to our legitimate interest balanced against your interests or fundamental rights or freedoms, where our legitimate interest is to conclude and perform the contract with the company you represent.
Performance of legal obligations – the processing is necessary in order to fulfil our legal obligations according to law or other statutes that we are subject to, or if we are subject to court orders or decisions by other authorities, which require us to process your personal data.
Legitimate interests – the processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, provided that they are not overridden by your interests or fundamental rights or freedoms (in which case our processing is not allowed based on such legitimate interests).
Consent: The processing is carried out with reference to your prior consent, where we are inter alia responsible for clearly informing you of what processing you consent to and your right to withdraw your consent in relation to our continued processing.
Below, we explain more about the categories of personal data we process, for what purposes we process them and what legal bases we rely on when processing your personal data, including for how long your personal data is stored with us.
Collect and analyse statistics regarding the web traffic on our website as well as other technical information generated through website visits, in order to test, maintain and improve its functionality, the user experience, and in order to discover and counteract errors, breaches and incidents.
To do this we use third party analytics-services. The statistics we produce and the analysis we carry out by using these services are based on aggregated data and other de-identified or anonymized data.
The personal data relating to you that we process include:
Legitimate interest, where our legitimate interests are to collect information to test, maintain and improve the functionality, content, and security of our website. Collection of information by the use of cookies and similar technologies is carried out based on your consent, unless they are strictly necessary in order for you to be able to use our website in appropriate manner. For more information on how we use cookies and similar technologies, please see our cookie policy.
We only store your personal data during the time relevant for the above-mentioned purposes and we review our need to store or delete your personal data periodically, which usually occurs on a two (2) year basis. In most cases, the collected personal data is however converted to aggregated data (anonymized data) before the said time period, in connection with our production of statistics.
Contact and communication with you for the purposes of creating, maintaining and developing our business relationship with you or the company you represent.
This includes, among other things, communication via email regarding our business, services and current activities (see Section 3.6 below).
The personal data relating to you that we process include:
Legitimate interests, where our legitimate interest is to create and thereafter maintain and develop a business relationship with you or the company you represent.
We only store your personal data during the time relevant for the above-mentioned purposes and we review our need to store or delete your personal data periodically, which usually occurs on a two (2) year basis. If a business relationship is established between us and you or the company you represent during this time, we will however continue processing your personal data in accordance with Section 3.4-3.7 below.
Contact and communication with you in your capacity as a representative of one of our existing customers, partners, suppliers or other business contacts, in order to maintain and develop our business relationship with you or the company you represent.
This includes, among other things, regular administration and communication regarding our customer- partner- and supplier agreements and communication via email about our business, services and our current activities (se Sections 3.5 and 3.6 below).
The personal data relating to you that we process include:
Legitimate interest, where our legitimate interest is to maintain and develop our business relationship with you or the company you represent.
We only store your personal data for as long as we have a business relationship with you or the company you represent and during the time relevant for the above-mentioned purposes. We review our need to store or delete your personal data periodically, which usually occurs on a two (2) year basis.
We may however need to store your personal data for a longer time for other purposes, e.g. if we need to take measure in order to establish, exercise or defend legal claims. We may also need to store your personal data for a longer time in order to fulfil our legal obligations, e.g. relating to book keeping according to the Swedish Accounting Act (see further Section 3.7 below).
Administration and communication in order to conclude or perform contracts between us and you, or the company you represent.
This includes, among other things, invoicing and regular handling, following up and documentation of matters relating to contracts.
The personal data relating to you that we process include:
The processing is necessary to conclude and perform a contract with you or the company that you represent. If you are acting on behalf of someone else e.g. in the capacity of representative of a customer, partner or supplier, our processing is carried out with reference to our legitimate interests, where our legitimate interests are to conclude and perform the agreement with the company you represent.
We only store your personal data during the time relevant for the above-mentioned purposes and we review our need to store or delete your personal data periodically, which usually occurs on a two (2) year basis.
We may however need to store your personal data for a longer time for other purposes, e.g. if we need to take measure in order to establish, exercise or defend legal claims. We may also need to store your personal data for a longer time in order to fulfil our legal obligations, e.g. relating to book keeping according to the Swedish Accounting Act (see further Section 3.7 below).
To administer and send marketing messages via email for the purposes of providing information about our business, services and current activities.
The personal data relating to you that we process include:
We only send marketing messages via email to you if the content is relevant in relation to you and the company you represent. Our marketing then occurs with reference to a legitimate interest, where our legitimate interest is to be able to market ourselves and our services.
We process and store your personal data to send marketing messages via email to you as long as you have not opted out from receiving further messages. Such opt-out can be done at any time by using the link for opt-out provided in our messages.
We may process your personal in order to fulfil our legal obligations as set out in e.g. law or other legal statutes which apply to us, or if we are subject to court orders or decisions by other authorities which require us to process your personal data.
We may also process your personal data so that you, or the company you represent, we ourselves, our any relevant third party can establish, exercise or defend its legal claims, e.g. in connection with an ongoing dispute.
We have taken measures to ensure that your personal data is handled in a safe way. For example, access to areas where personal data is stored is limited to our employees and service providers who require it in the course of their duties and who are informed of the importance of maintaining the security and confidentiality of the personal data we keep. We maintain appropriate safeguards and security standards to protect your personal data against unauthorized access, disclosure or misuse. We also monitor our systems to discover vulnerabilities in order to protect your personal data.
Access to your personal data is limited to persons who require such access for the purposes described in Section 3 above. Your personal data may therefore be shared with the following categories of third party recipients:
We strive to always process your personal data within the EU and EEA. However, we may transfer your personal data to service providers who, either themselves or by their sub-contractors, are located in or have business activities in a country outside the EU or EEA. In such cases we are responsible for ensuring that the transfer is in accordance with applicable data protection legislation before the transfer occurs, e.g. by ensuring that the country in which the recipient is located ensures an adequate level of data protection according to the European Commission, or by ensuring appropriate safeguards based on the use of standard contractual clauses that the European Commission has adopted and other appropriate measures to safeguard your rights and freedoms.
You may access a list of the countries that the European Commission has decided provide an adequate level of data protection at http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm.
You may access the European Commission’s standard contractual clauses at http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32010D0087.
You have rights in relation to us and our processing of your personal data. Below, you will find information about your rights and how you can exercise them.
Please note that your rights apply to the extent that follows from applicable data protection legislation and that there may be exceptions to the rights where applicable. We also ask you to note that we may need more information from you in order to e.g. confirm your identity before proceeding with your request to exercise your rights.
To exercise your rights or request information about them we ask that you contact us, which is most easily done via email: contact@lifesum.com.
You have the right to obtain a confirmation as to whether or not we process your personal data. If that is the case, you also have the right to receive copies of the personal data concerning you that we process as well as additional information about the processing, such as for what purposes the processing occurs, relevant categories personal data and the recipients of such personal data.
You have the right to, without undue delay, have incorrect personal data about you rectified. You may also have the right to have incomplete personal data completed.
You have the right to obtain that we erase your personal data without undue delay in the following circumstances:
You have the right to obtain that we restrict the processing of your personal data in the following circumstances:
You have a right to object to our processing of your personal data when it is based on our or another party’s legitimate interest. If you object, we must demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms in order to be allowed to continue with our processing.
If our processing of your personal data is based on the performance of a contract with you or your consent, you have the right to receive the personal you have provided us relating to you in an electronic format. You also have the right to have the personal data transferred from us directly to another data controller, where technically feasible.
We ask you to observe that this right to so called data portability does not cover personal data which we process manually.
If our processing of your personal data is based on your consent, you always have the right to withdraw your consent at any time. A withdrawal of your consent does not affect the lawfulness of the processing that took place based on the consent before your withdrawal.
In Sweden, the Swedish Data Protection Authority (Sw. Datainspektionen) is the authority responsible for monitoring the application of current data protection legislation. If you believe that we process your personal data in a wrongful manner, we encourage you to contact us so that we can review your concerns. You may, however, file a complaint with Datainspektionen at any time.
