We know that your privacy and how your personal data is used is important to you. This Notice outlines in detail how we collect, process, use and transfer (collectively “process”) your personal data. In light of the volume of information in this Notice, please use the content section above to identify the areas you are most interested in.
Personal data is information that relates to an individual who can be identified from that information, whether or not in conjunction with any other information. Common examples of personal data processed by Strafe in its day to day business include name, e-mail and user ID.
It is necessary for us to process your personal data in order to provide our service to you. If we are not allowed to process your personal data we will have to reject you from using the service.
The data controller is Sidledes AB, reg. no 556965-5128, meaning that we determine how and the reason why your personal data is processed. For contact details, please read “Questions and queries” below.
Where we have appointed a data protection officer (DPO), you may contact the DPO via the contact details provided in “Questions and queries” below.
|Personal data||Legal basis||Purpose of processing|
|Data to administer the user account E-mail address, Facebook ID, Country, Profile picture, Profile text, Friends connected with, User name||It is necessary for the performance of our contract with you and to provide our services.||This is required to enable us to set up and administer your user account.|
|Data to provide the service||It is necessary for the performance of the contract with you and to provide our services.||This is necessary for us to provide our service to you.|
|E-mail address, Facebook ID, Country, Profile picture, Profile text, Friends connected with, User name|
|Information on how you use our service (e.g. what you click on and what you follow)||It is necessary for our legitimate interest to adapt offers and communications based on your interests.||We use the information to adapt marketing in the application.|
|Information on how you use our service (e.g. what you click on and what you follow)||It is necessary for our legitimate interest to develop and improve our service. This will mainly be made with data which has been made anonymous.||To improve and develop our services and business for all users.|
|Information on purchases and payments you have made.||To fulfil our legal obligations.||To fulfil our legal obligations in relation to for example book keeping and right to lodge a complaint due to for example a defect service or product|
|E-mail address, twitter ID or Facebook ID and any information you submit to us together with your question(s)||It is necessary based on ours and your legitimate interest that we can answer questions that you have.||To answer your questions.|
|E-mail address, Facebook ID, Country, Profile picture, Profile text, Friends connected with, User name, notifications on improper use||It is necessary to fulfil our legal obligations or our legitimate interest to protect our users and our business.||To prevent abuse and misuse of our service.|
We may use third party service providers who provide services including IT services, audit and security services as well as marketing services. In providing the services, your personal data may, where applicable, be processed by the service provider on our behalf.
We will control any third party that we use to ensure that they can provide sufficient guarantees regarding the confidentiality and security of your personal data. We will have written contracts with them which provide warranties regarding the security of your personal data as well as warranties that they comply with our data security standards and international transfer restrictions.
In certain circumstances, we share and/or are obliged to share your personal data with third parties, for the purposes described above and in accordance with applicable laws. These third parties include:
We may share your personal data with service providers which may have their staff or equipment within or outside the European Economic Area (the “EEA”). This means that your personal data may be subject to privacy laws that differ from the country you reside in. This also means that personal data collected within the EEA may be transferred to third parties in countries outside the EEA. We have put in place adequate safeguards with respect to the protection of your privacy, fundamental rights and freedoms, and the exercising of your rights. We ensure that your privacy is protected by an adequate level of data protection through for example EU Standard Contractual Clauses based on the EU commission’s model clauses or Privacy Shield. If you would like to see a copy of any relevant provisions, please contact us (see “Questions and queries” below).
Strafe operate state of the art IT security systems to protect the confidentiality, integrity and availability of your personal data. We have in particular taken appropriate security measures against unlawful or unauthorized processing of personal data, and against the accidental loss of, or damage to, personal data. Access is only granted on a need-to-know basis to those people whose roles require that they process your personal data.
We will store your personal data for as long as we need it to fulfil the purposes for which it was collected (see above) and in order to comply with legal and regulatory requirements. This may mean that some information is held for longer than other information. If you would like further information about our data retention practices, please refer to our Data Retention Notice.
You have various rights which you can enforce, including the right to be informed in accordance with this Notice. The below table provides a summary of the rights that the law entitles you to. The table also includes information on possible conditions and limitations on how the right can be exercised and how your right can be executed.
|Your right||What does it mean?||How do I execute this right?||Conditions to exercise?|
|Right of access||You have the right to access to the personal data that we have on you.||Requests for such information should be made in writing to email@example.com. If possible, you should specify the type of information you would like to see to ensure that our disclosure meet your expectations.||We must be able to verify your identity. Your request may not affect the rights and freedoms of others, e.g. privacy and confidentiality rights of other staff.|
|Right of data portability||You may be entitled to receive the data which you have provided to us and which is processed by us by automated means, in a commonly-used machine readable format||Requests should be made in writing to firstname.lastname@example.org. If possible, you should specify the type of information you would like to receive to ensure that our disclosure meet your expectations.||The GDPR does not establish a general right to data portability but if the processing is based on your consent or on our contract with you and when the processing is carried out by automated means (e.g. not paper records) you can exercise this right. The right includes only personal data that you have provided to us. Hence, the right does not apply to personal data generated by us.|
|Rights in relation to inaccurate personal or incomplete data.||You may challenge the accuracy or completeness of personal data which we process about you. If it is found that personal data is inaccurate, you are entitled to have the inaccurate data removed, corrected or completed, as appropriate.||We encourage you to notify us of any changes regarding your personal data as soon as they occur, including changes to your contact details, telephone number, immigration status. A request to use this right is made in writing to email@example.com.||This right only applies to your own personal data. When exercising this right, please be as specific as possible.|
|Right to object to or restrict our data processing of your personal data.||You have the right to object to or ask us to restrict the processing of your personal data.||Requests should be made in writing to firstname.lastname@example.org.||This right applies only if the processing of your personal data is explicitly based on our so-called legitimate interests (see “How and why do we process your personal data?” above). Objections or request for restrictions must be based on grounds relating to your particular situation. This means that your request for the objection or restriction cannot be generic or too general.|
|Right to have personal data erased.||You may be entitled to have your personal data erased (also known as the “right to be forgotten”), e.g. where you think that the information we are processing is inaccurate, or the processing is unlawful.||Requests should be made in writing to email@example.com.||There are various lawful reasons why we may not be in a position to erase your personal data. This may apply (i) where we have to comply with a legal obligation, (ii) in case of exercising or defending legal claims, (iii) where we have to comply with legal archiving obligations, or (iv) where the personal data is necessary for the performance of our contract with you.|
|Right to withdrawal||You have the right to withdraw your consent to any processing for which you have previously given consent to.||Requests should be made in writing to firstname.lastname@example.org or as instructed when you gave your consent.||If you withdraw your consent it will only take effect for the future.|
If you would like further information about our processing of your personal data, your rights, including rights about access to data and correction of inaccurate data, please contact your contact person with us or send an email to email@example.com.
You can also contact our DPO via email to firstname.lastname@example.org.
If you find that our processing is in breach of this Notice or applicable laws, please feel free to contact us but also know that you can always lodge an official complaint with the competent authorities, in Sweden this is Datainspektionen.
We may decide to change this Notice. If the change is indicative of a fundamental change to the nature of the processing (e.g. enlargement of the categories of recipients or introduction of transfers to a third country) or a change which may not be fundamental in terms of the processing, but which may be of great importance to you, then the updated Notice will be provided to you well in advance of the change actually taking effect. We send them to you via e-mail or publish them on our website so that you will be aware of the changes. When notifying you of such changes, we will also explain what the likely impact of those changes on you will be, if any.