Co. Society AB’s Privacy Policy

For us at Co.Society, personal integrity is important. We strive for a high level of data protection. This policy provides more detailed information on how we collect and use personal data. We also describe your rights and how you can enforce them. The policy is a complement to our general terms and conditions and service-specific terms together with personal data processing agreements that must be signed in cases where Co.Society is the personal data processor. 

You are always welcome to contact us if you have questions about how we process your personal data. Our contact information can be found at the bottom of this page. 

Content

What is personal data and what is processing of personal data? 2

Who is responsible for the personal data we collect? 2

What personal data do we collect about you and why? 2

Sensitive data 3

From which sources do we collect your personal data? 4

Who may we share your personal data with? 4

Where do we process your personal data? 4

How long do we save your personal data? 5

What are your rights as a data subject? 5

What are cookies and how do we use them? 6

How do we protect your personal data? 6

Contact us if you have any questions about how we process personal data. 7

Complaints 7

Changes to the Privacy Policy 7

What is personal data and what is processing of personal data? 

Personal data is any information about a living natural person that can be directly or indirectly linked to that person. This may include names and social security numbers, but also images, e-mail addresses and IP addresses. 

Processing of personal data means all forms of handling of personal data. It can be an operation or a combination of measures such as collection, registration, structuring, storage, processing and transfer of personal data.  

Who is responsible for the personal data we collect? 

Co. Society AB (org.nr 559325-9012) with address Norrlandsgatan 10, 111 43 Stockholm, is the data controller for the company’s processing of personal data. If you have any questions about the personal data that we process please contact us at [email protected]

What personal data do we collect about you and why?

Purpose of processingProcessing activity Categories of personal data
Customer relationship management including ongoing supportEstablishment of administrator account for customersCreation of an account for users of the serviceSupport in case of problems with the serviceFirst and last nameContact information, e-mail and telephone number to the workplaceTitleUser information for the service
Legal basis: Agreement. This processing of personal data is carried out in order for us to fulfill our contractual obligations to our customers and provide its employees with user accounts in the service so that they can access and use the service in accordance with the agreement. 
Storage period: Data about users is deleted in connection with the termination of the contractual relationship or the termination of employment by a person employed by the customer of the data controller. 
Purpose of processingProcessing activityCategories of personal data
Processing of personal data for supplier contact managementNecessary handling for fulfillment of the company’s legal obligations under legal requirements such as the Accounting Act Processing of personal data for payment of invoicesFirst and last nameEmailBusiness connectionTitle
Legal basis: Legal obligation. This collection of personal data is required by law. If the data cannot be collected and processed, we cannot fulfill our legal obligation to pay invoices and prepare accounting in accordance with law. 
Storage period: The data is stored in accordance with the requirements of external regulations for 7 years + the current year. 
Purpose of processingProcessing activityCategories of personal data
To be able to evaluate, develop and improve our services and systems. Troubleshooting IT solutionsTesting of the serviceDevelopment of the serviceFirst and last nameEmailAge rangeOccupationInformation from interviewsBehavioral data
Legal basis: Legitimate interest. The processing is necessary in order to satisfy our and our customers’ legitimate interest in evaluating, developing and improving our services and systems and is therefore based on an assessment that we have a legitimate interest in carrying out this processing, that it is necessary for us to achieve the purpose of the processing and that our interest outweighs your right not to have your personal data processed for this purpose. Some processing related to the development of our platform takes place with the legal basis Consent.      
Storage period: Test data obtained with legal consent is stored for 6 months from the time the data is collected. Personal data that is stored with the legal basis legitimate interest and that is used for troubleshooting, testing and development of the service  is stored for 90 days. 
Purpose of processingProcessing activityCategories of personal data
For marketing and sales of our serviceCollection, processing and analysis of information about customers and visitors to the websiteCollection and processing of data for contact for the sale of the productCommunication with and transmission of marketing materialsCommunication of information about Co. Society and our serviceFirst and last nameEmailAge rangeOccupationWorkplaceInformation from interviewsBehavioral data
Legal basis: Legitimate interest. We base our processing with regard to marketing and sending newsletters on the balance of interests carried out and on Co. Society’s legitimate balance of interests. If you want more information about our legitimate balance of interests, please contact us. If you have given your consent for us to process your personal data for marketing or for the purpose of communicating our product in the form of sales, we process your personal data based on consent. 
Storage period:  If you have given your consent, we will process your data until you withdraw your consent. If you have not given your consent, we will process your data until a possible agreement with us is terminated and for the period thereafter in 15 months. If you do not work for a company that is a customer of ours, we process your data until you notify us that you are not interested in our service or at most for 24 months. 

Sensitive data

In our service we don’t process any data that could be classified as sensitive in accordance with the data protection regulation. If any such data would be communicated with us we immediately make sure that this information is deleted. 

From which sources do we collect your personal data?

We mainly collect information about you when the company where you are employed at chooses to sign an agreement with us for the use of our platform and you as an employee are either appointed as administrator/superuser of the service or use it as part of your daily work. 

In connection with conducting tests for the development of the platform, the data is collected from the data subject. 

For marketing and communication about our service, we either collect your data from public sources or from you after initial contact, 

Who may we share your personal data with?

Personal data assistants. In cases where it is necessary for us to be able to offer our service/product, we share personal data with companies that are personal data processors for us. A personal data processor is a company that processes personal data on our behalf and in accordance with our instructions. 

When personal data is shared with data processors, it is only for purposes that are compatible with the purposes for which we initially collected the data. We conduct ongoing checks of all personal data processors to ensure that they can provide sufficient guarantees regarding the security and confidentiality of personal data. We have written agreements with all personal data processors through which they guarantee the security of the personal data processed. 

More information about which personal data processors we use can be found in the appendix to this privacy policy. 

Where do we process your personal data? 

We always strive to process your personal data within the EU/EEA. For system support and maintenance, we may be required to transfer certain personal data to a country outside the EU/EEA. This may be the case if we share your personal data with a personal data processor who is established or stores information in a country outside the EU/EEA through an approved subcontractor. In such a case, the personal data processor may only access information that is relevant to the specific situation. 

For the transfer of your personal data to a country outside the EU/EEA, these countries may have laws that gives the public authorities the right to request personal data stored in the country for the purpose of fighting crime or defending national security. Regardless of whether it is we or one of our suppliers who process your personal data, we will ensure a high level of protection in the event of a transfer of these and that appropriate safeguards have been taken in accordance with applicable data protection regulations. Such safeguards include, among other things, ensuring: 

  • If the EU Commission has decided that the country outside the EU/EEA to which your personal data is transferred achieves an adequate level of protection equivalent to the level of protection provided by the GDPR. 
  • That the EU Commission’s standard contractual clauses between us and the company that is the recipient of the personal data outside the EU/EEA. This means that the recipient guarantees that the protection that the personal data receives is the same as the requirements set out in GDPR. 

Information regarding which countries that are considered to have an adequate level of protection of personal data in their regulation is found on the EU commissions website. More information regarding standard contractual clauses can be found here.  

How long do we save your personal data? 

We never save your personal data longer than is necessary for each purpose. The identified necessary storage time for each processing activity are specified in more detail under the respective purposes/processing above.

What are your rights as a data subject? 

As a data subject, you have a number of rights under the data protection regulation (GDPR) that give you control over your own personal data, including obtaining information directly from us about how we process your personal data. If you want to know more about your rights or get in touch with us to use any of your rights, the easiest way to do it is to send an email on [email protected]

As a data subject, you have the following statutory rights:

  •  Right to be forgotten (Right to have information deleted)

In some cases, you have the right to have your personal data deleted. This right applies to:

  • in the event that the data processed about you is no longer necessary for the purposes for which it was collected. 
  • If the processing is based on your consent and you withdraw it. 
  • If the processing takes place for direct marketing and you object to the processing of the data.
  • If you have objected to personal data processing that we based on legitimate interest and your reason for objection outweighs our legitimate interest.  
  • If the personal data must be deleted in order to comply with a legal obligation to which we are subject. 
  • If the personal data is processed unlawfully. 

Keep in mind that we may deny your request to be forgotten if there are legal obligations for us to save your information for a certain statutory period of time. 

  • Right to information

You have the right to receive information about how we process your personal data, both when the data is collected and when you request more information about the processing. We provide this partly by providing this data protection information, but also by answering questions from you. 

  • Right to access your personal data – Register extract

You have the right to find out if we process your personal data and to receive a copy of what personal data we handle, a so-called register extract. This information shows what personal data we process, the purpose of the processing of your personal data, which recipients, if any, may receive your personal data, how long we save your personal data, where the information about you was collected and whether there is any automatic decision-making regarding your personal data. 

Keep in mind that the right to receive a copy of your personal data does not mean that you always have the right to receive the actual document where your personal data exists, but you are provided with a summary of the personal data that exists so that you can check the accuracy and legality of the data. 

If we receive a request for a register extract we may request additional information to ensure effective handling of your request and to ensure that the information is provided to the right person. 

  • Right to access and to move your personal data – Data portability

You can request a copy of the data we process about you in a machine-readable format in order to be able to move your personal data to another recipient. You can only request this right if we process your personal data for the purpose of fulfilling a contract or based on your consent. 

  • Right to rectification

You have the right to request that we correct incorrect information that we process about you and that we supplement the information we already have in case it is incomplete. 

  • Right to restriction of processing

You have the right to request that our processing of your personal data be restricted. You can do this if you believe that the information we have about you is not correct, that our processing is contrary to law or that we do not need the information for a specific purpose. You also have the right to request that we do not process your personal data while we control this. 

  • Right to object to our processing of your personal data

You have the right to object to our processing of your personal data if it is based on our legitimate interest. In addition, you always have the opportunity to object to direct marketing from our side. 

What are cookies and how do we use them? 

To provide an optimal experience, we use cookies and similar tracking technologies which are stored on your browser or device. On cosociety.co we use the following cookies:

  • Session cookies (a temporary cookie that expires when you close your browser or device)
  • Persistent cookies (cookies that remain on your computer until you delete them yourself or the time for them has expired)
  • Third-party cookies (cookies set by a third-party website)

More information about our handling of cookies can be found in our cookie policy. 

How do we protect your personal data? 

When processing your personal data, we have implemented special security measures to protect your personal data against unlawful or unauthorized processing by protecting the confidentiality, integrity and access to your personal data. Only those persons who actually need to process your personal data in order for us to fulfill our stated purposes have access to the data. 

If you want to know more about how we protect your personal data you are welcome to contact us at [email protected]

Contact us if you have any questions about how we process personal data.

If you have questions about how we process your personal data, you are always welcome to us at [email protected]. If you wish to send a request or receive information regarding the processing of personal data, please indicate that your message relates to data protection. 

Complaints

The Swedish Authority for Privacy Protection is responsible for monitoring and reviewing compliance with the rules in the area of data protection (GDPR). If you think that we are processing your personal data incorrectly, you can file a complaint with the Swedish Authority for Privacy Protection. 

Changes to the Privacy Policy

We may make changes to our privacy policy. The latest version of the privacy policy is always available here on the website. In the event of updates that are of significant importance for our processing of personal data, including changes in the purpose of our processing of personal data, information will be published on our website and by e-mail if we have this information in good time before the updates take effect. 

Privacy policy last updated 2023-08-23