Privacy Policy
1. INTRODUCTION
In this privacy notice, you can read about how Prouder AB, registered in Sweden with corporate registration number 559450-4887, Processes Personal Data.
Any references to "we", "our" or "us" refer to Prouder AB. References to "you" or "your" refer to the Data Subject.
This Privacy Notice contains information on, among other things, the following:
- what Personal Data We Process
- why Processing is taking place
- where Personal Data is stored
- to whom Personal Data may be shared
- what rights the Data Subjects have under the GDPR
- other information about our Processing of Personal Data.
2. DEFINITIONS
In addition to the terms defined in running text in this Privacy Notice, the following definitions shall have the following meaning when entered in capital letters as initial letters, whether used in plural or singular form, in definite or indefinite form:
Application: refers to the application "Prouder" for iOS and Android.
Controller: refers to the party who determines the purpose of a particular Processing of Personal Data and how the Processing should be carried out. Natural persons, legal persons, authorities, institutions or other bodies may be Controllers.
Data Subject: refers to the natural person who may be identified by the Personal Data.
Events: refers to an event registered in the Application and organized by the Organizer.
GDPR: refers to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the Processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
Organizer: refers to the organization, trader, association, legal or natural person that arranges and is responsible for an Event. The Event is administered through the Web App and registered in the Application.
Participant: refers to a User as a natural person using the Application for personal use (non-commercial purposes) who has participated in Events.
Personal Data: refers to any data which, directly or indirectly, alone or together with other data, can be linked to an identified or identifiable natural person. Common examples of Personal Data are name, telephone number, address and email address.
Platform: refers to the Web App and/or Application.
Processing: refers to anything that is made with Personal Data, automated or otherwise. Processing can be done through an individual measure or by combination with different measures. Examples of common Processing of Personal Data are storage, erasure, sharing, loading, recording, copying, collection, organization, use, and adjustment.
Processor: refers to the party who Processes Personal Data on behalf of the Controller, in accordance with the Controller's instructions.
Services: refers to the services provided by us and may also include the Platform. Third Party Services are expressly excluded.
Third Party: refers to anyone other than the Controller (and the persons authorized to Process the Personal Data), the Data Subject or the Processor (and the persons authorized to Process the Personal Data). Third Parties may be a legal person or a natural person, institution, authority or other body.
Third Party Services: refers to Third Party information, services, products, systems, websites, software, networks, databases and platforms to which the Platform and/or the Website links, or which the User connects to, or enables integration with, when the User uses the Platform.
User Account: refers to the User's user account to the Platform.
User: refers to a natural or legal person using the Platform.
Web App: refers to the web application "Prouder" for web browsers, used by the Organizer or individuals using the web application on behalf of the Organizer (for example, the Organizer's employees), to administer the Organizer's Events.
Website: refers to prouder.se including any subdomains.
Any other GDPR-related terms not defined herein shall have the same meaning in this Privacy Notice as set out in article 4 of the GDPR.
3. PERSONAL DATA CONTROLLER
Prouder AB is the Controller for all Processing of Personal Data carried out by us or on our behalf, insofar as we determine the means and purposes of the Processing (in accordance with the principle of accountability). Our Processing of Personal Data is carried out in accordance with the GDPR and the data protection principles.
Unless expressly stated otherwise, we are the Controller for the Processing described in this Privacy Notice.
Other Data Controllers
The Organizer is an independent data Controller for its Processing of Users' Personal Data, such as Personal Data belonging to Participants of the Organizer's Events. Such Processing is subject to the Organizer's Personal Data policy and Processing. The Organizer is responsible for ensuring that its Processing of Personal Data is carried out in accordance with the GDPR and for informing the Data Subjects of its Processing of their Personal Data in accordance with applicable law.
Similarly, any other Third Party with which the User interacts through the Platform is responsible for their Processing of the User's Personal Data.
4. HOW WE GET ACCESS TO PERSONAL DATA
We usually get access to Personal Data when:
- someone gets in touch with us
- we sign an agreement with an Organizer, Participant or other Third Party
- performance of a contract concluded
- someone signs up to receive our newsletter
- someone visits the Website or uses the Platform.
We may, among other things, access Personal Data from the Organizer, such as a summary of which Participants are entitled to receive a digital medal, such as information about the Participant's name, email address, result, start date and any other information.
5. CATEGORIES OF PERSONAL DATA WE PROCESS
We only process Personal Data that is adequate, necessary and relevant to fulfill the purpose for which it was collected (in accordancewith the principle of data minimization). We primarily process the following categories of Personal Data:
- Identifying data: First name, last name, social security number, images, username (user ID), Participant start number.
- Contact information: Email address, address, telephone number, user ID of the Application, social media user ID (if applicable).
- Contract details: Agreements entered into between us and the Data Subject and relevant contractual information.
- Event information: Event name, time, date, result times.
- Case details: The User's contact with our support in the form of email, chat, support calls etc.
- Consensual information: Information about consents given, for example, regarding direct marketing or the use of cookies.
- Unit data: Data collected through cookies based on the visitor's consent, such as computer, tablet or phone data used when visiting our website, IP number, time zone, operating system, language settings, screen resolution and other data provided through cookies.
- Other: Other Personal Data that is provided to us, for example, when contacting our support.
6. WHY DO WE PROCESS PERSONAL DATA?
In accordance with the principle of purpose limitation, we only process Personal Data for specific, explicit and legitimate purposes. In addition, each Processing is legally based in accordance with the provisions of the GDPR.
We Process Personal Data primarily on the basis of one of the following four legal bases:
- Consent: You have given your consent to the Processing of your Personal Data for one or more specific purposes (article 6(1)(a) GDPR).
- Contract: The Processing is necessary for the performance of a contract to which you are a party or for taking action at the request of you prior to entering into such a contract (article 6(1)(b) GDPR).
- Legal obligation: The Processing is necessary for the fulfilment of a legal obligation to which we are subject (article 6(1)(c) GDPR).
- Legitimate interests: The Processing is necessary for purposes relating to our or a Third Party's legitimate interests, unless your interests or fundamental rights and freedoms override and require the protection of Personal Data (article 6(1)(f) GDPR).
In some cases, it is optional for you to provide your Personal Data to us. However, if, for example, you do not provide your Personal Data, we may not be able to provide the requested support or handle the matter.
You may need to disclose your Personal Data in order to enter into a contract with us or in order for us to fulfil legal or contractual obligations. Unless otherwise stated, you will not suffer any adverse legal consequences unless you provide your Personal Data to us.
Where the Processing of your Personal Data is based on your consent, you have the right to withdraw consent at any time, without affecting the lawfulness of Processing based on consent before its withdrawal.
When a Processing of Personal Data is based on Legitimate interests as a legal basis, our assessment is that the Processing does not infringe your right to privacy and integrity. We have found this, after balancing, on the one hand, what the Processing in question means for your interests and the right to privacy, and, on the other hand, our legitimate interest in the Processing in question. However, we never Process sensitive Personal Data based on Legitimate interests as the legal basis.
Below you can read more about the legal basis and purpose of our Processing of Personal Data.
- When you visit the Website and/or use the Platform:
The Website and the Platform use cookies. The use of non-necessary cookies takes place only if you give your consent to it. You can revoke your consent at any time (without affecting the lawfulness of the Processing performed on the basis of the consent before it was revoked). Legal basis for the above-mentioned Processing: Consent. You can read more about how cookies are used in the cookie notice published on the Website.
Anonymization and use of data: When you use the Platform, we have the right to anonymize any data generated in connection with your use. This anonymization process removes all personally identifiable data, making it impossible to link the data directly to you as an individual. This anonymized data is valuable to us, as it helps us better understand User behavior, identify patterns and trends, and improve User experience. Therefore, we reserve the right, without limitation, to store, analyze, use and share this information with our partners. This collection and analysis also enable us to proactively further develop and improve our Services, the Platform and its features, all to create a better experience for you as a User.
Logging and data use: In order to ensure the reliable and safe use of the Platform, we conduct logging of its use. The purpose of this logging ranges from technical aspects, such as troubleshooting and system optimization, to security considerations, including investigation of potential abuse and prevention of unauthorized intrusions.
Furthermore, we analyze User data to understand how the Platform is used, which in turn helps us make improvements and adaptations based on our Users' needs and behaviors.
There are also times when we may need to share certain log information with authorities, either to comply with legal requirements or in connection with a specific investigation. In these situations, our commitment to protecting your privacy remains central. Therefore, where possible and appropriate, we will exclude or anonymize non-essential Personal Data before such data sharing takes place, so that only the most relevant information is disclosed.
- Registering a User Account to the Platform
In connection with the registration of your User Account to the Platform, we Process your login details (such as Google account or Apple ID), first name, last name and email address. We process this information in order to register the User Account and to fulfill our contractual obligations.
It is not a legal requirement to disclose the Personal Data, but if you do not provide the requested information upon registration of the User Account, the account cannot be created. Legal basis for the above-mentioned Processing: Contract.
- When we get in touch through email, telephone or social media
You can contact us, and we may contact you, by email, telephone or social media and in such cases, we will get access to your Personal Data provided in connection with such contact.
For example, we may access the following Personal Data upon contact: first name, last name, phone number, email address, social media user ID (if applicable), message content and other information you provide to us.
In our opinion, we have a legitimate interest in the Processing of Personal Data, in order for us to know who we are talking to and to keep in touch with the matter.
Our assessment is also that the Processing is necessary for a purpose relating to a legitimate interest, and that your interest in the protection of your Personal Data does not outweigh, and that the Processing in question does not infringe your fundamental rights and freedoms.
The provision of the Personal Data to us is voluntary, which means that it is not a statutory or contractual requirement or a requirement necessary to enter into a contract with us, and you are not obligated to provide the Personal Data, but the possible consequences of such data not being provided are that we will not be able to handle the matter.
Legal basis for the above-mentioned Processing: Legitimate interests.
- When we enter into a contract with an Organizer and in performance of the contract
We Process the following Personal Data of individuals who will use the Web App on behalf of the Organizer, in connection with the Organizer entering into an agreement with us and User accounts for such individuals are created:
- First name
- Last name
- Email address
- User ID
The purpose of Processing this Personal Data is for us to be able to enter into the agreement with the Organizer, register User Accounts to the specified individuals and otherwise fulfill what is agreed between us. The Personal Data is Processed to the extent and extent necessary for the performance of the contract.
In case of any complaints or similar matters, we also Process Personal Data in order to be able to administer the matter and to otherwise exercise our rights and fulfil our obligations under the agreement we have entered into.
Legal basis for the above-mentioned Processing: Contract.
Order ID and order history are Processed by us each time the Organizer places an order, so that we can offer a good service and analyze the purchase history.
Legal basis for this Processing: Legitimate interests.
We process the following accounting records within the framework of our business: invoices, receipts and other accounting documents that we are required to Process and store in accordance with the Swedish Tax Agency's requirements and/or legislation in force at any time, such as the Accounting Act (SFS 1999:1078).
Accounting records and supporting documents may in some cases contain Personal Data, such as name, delivery address, order information and any other contact details of physically living persons (e.g. customers, reference persons, signatories, etc.). Such documentation is stored for as long as required by law and/or the Swedish Tax Agency.
Legal basis for the above-mentioned Processing: Legal obligation.
- Newsletters
You can consent to receiving newsletters from us by giving your active consent to us Processing your email address in order to send the newsletters to you. It is voluntary to provide your email address to us for this purpose, which means that it is not a statutory or contractual requirement or a requirement necessary to enter into a contract with us, and you are not obliged to provide your email address, but the possible consequences of not entering your email address to us are that we will not send you, our newsletters.
You can cancel your subscription at any time by clicking on the unsubscribe link in the newsletter and thereby withdrawing your consent. If you withdraw your consent, we will not continue to send you newsletters.
Legal basis for the above-mentioned Processing: Consent.
If you unsubscribe from the newsletters, you will be removed from the mailing list of recipients of the newsletters, but your email address will remain in the database with a block for receiving newsletters. The purpose of this is to ensure that you do not receive multiple newsletters from us.
If you want your email address to be deleted also from the block list, you can contact our support via email and request this. You are hereby informed that if your email address is deleted from the block list, this means that you may receive newsletters from us again if you or someone else registers your email address to receive newsletters again.
In our opinion, we have a legitimate interest in the Processing of Personal Data for the above-mentioned purposes. The Processing is necessary for a purpose relating to a legitimate interest, and that your interest in the protection of your Personal Data does not outweigh. Our assessment is that the Processing in question does not infringe your fundamental rights and freedoms.
Legal basis for the above-mentioned Treatments: Legitimate interests.
- Other purposes for our Processing of Personal Data:
Legal obligation: If we are required by law, court or government decision to Process certain Personal Data, the Processing is based on this legal basis. In such cases, the Processing takes place only to the extent necessary for us to comply with our legal obligations.
Performance of contractual obligations: We have the right to Process Personal Data on the legal basis "Contract", in order to fulfil our obligations under an agreement with the Data Subject.
Balancing of interests: Based on our legitimate interest, we may Process Personal Data to:
- improve and develop the Platform, by analyzing how Users use it (e.g. times of use, most frequently used features, least used features, etc., to improve them) or requesting customers' views and suggestions for improvement.
- operate, develop or improve the Platform, our support and operations in general, including through the use of research and analysis tools for surveys.
- carry out direct marketing of our Services by sending emails with information, promotions and/or offers to our Users by email or other means of communication.
- ensure the technical functionality of the Platform and our Website, by employing developers or special programs to test its features.
- protect us and Users against abuse, crime, fraud, intrusion or other damage to our property, by reporting such events and providing the necessary information to relevant authorities, such as the Police or the Supervisory Authority.
- inform Data Subjects in connection with security issues or incidents involving Personal Data to the extent required by applicable data protection legislation.
7. STORAGE LOCATION
We always strive to process Personal Data within the European Union (EU) or the European Economic Area (EEA). However, in certain situations, Personal Data may be transferred to and Processed in countries outside the EU/EEA. As we are committed to protecting the Personal Data at all times, we will take all reasonable legal, technical and organizational measures to ensure that the Personal Data is handled securely and with an adequate level of protection comparable to and at the same level as the protection offered within the EU/EEA.
When such transfers take place, we take appropriate measures to ensure that the Personal Data is provided with a level of protection consistent with the requirements of EU data protection legislation. These measures may include obtaining your explicit consent, performance of agreements with the receiving party containing standard contractual clauses (SCCs) approved by the European Commission, or verification that the recipient country has adequate data protection laws in place.
We will always strive to maintain the security and confidentiality of your Personal Data, wherever it is Processed, and we will ensure that all transfers comply with applicable data protection laws.
8. STORAGE DURATION
We Process Personal Data for as long as it is necessary to fulfil the purposes for which it was collected, including to comply with any legal, accounting or reporting requirements, in accordance with the__principle of storage limitation. The exact duration of the retention period depends on the type of Personal Data and the purpose for which it was collected.
When the User Account is terminated, all data associated with the User Account will be deleted, but deleted information may be stored in backup files up to one (1) month before being permanently deleted. The purpose of this extended retention period is to be able to investigate and counter any fraud or other abuse and to enable the User who has chosen to close his or her User Account to cancel such termination.
Personal Data collected in connection with the conclusion of a contract will be stored in our customer or supplier register for the duration of the contract and for a period of four (4) years thereafter.
When we store the Personal Data for purposes other than our contractual obligations, e.g. to meet money laundering, accounting and regulatory capital requirements, we only store the data for as long as necessary and/or statutory for each purpose.
We may also delete the Personal Data at your request if we do not need to Process the Personal Data in question in order to comply with contractual or legal obligations.
When the Personal Data no longer needs to be stored, it is deleted or anonymized.
In the event of a claim being made against us, we may retain the Personal Data until the expiry of the statutory limitation period. Similarly, in the event of an ongoing dispute, the relevant Personal Data will be stored until the dispute has been resolved. We ensure compliance with applicable laws and regulations regarding the storage of Personal Data in these circumstances.
9. SHARING OF PERSONAL DATA
We Process all Personal Data that we access with care and do not share the Personal Data with unauthorized persons. In order to effectively operate and conduct our business, we may need to share your Personal Data with selected companies that have expertise in their respective areas or if it is necessary for us to comply with applicable law (including social, labor or tax laws). In such cases, we will ensure that these companies act as our trusted partners and comply with strict privacy and data protection standards.
Any sharing of Personal Data is in accordance with applicable data protection laws and regulations, with a focus on protecting your rights and your privacy.
We may also share aggregated data, consisting of anonymous data, with Third Parties. This aggregated data is derived from information collected through our digital channels (including the Platform and Website), or in connection with various market research, and may include statistics on internet traffic or geographic location data related to Service usage. It should be noted that the aggregated data does not contain any information that can be used to identify individuals and therefore does not constitute Personal Data.
We may disclose Personal Data to the recipients listed below for the purposes set out in Section 6 (Specific Processing Activities) and as described below.
- Authorities
We may provide necessary information to authorities, such as police, tax authorities or other authorities if we are legally required to disclose Personal Data in order for us to comply with our legal obligations.
Personal Data may also be disclosed to authorities in response to legal requests or when it is necessary to prevent, detect or investigate criminal activities. This disclosure takes place to protect the property, interests and safety of our and other relevant parties.
- Suppliers
We may share Personal Data with our suppliers, who also in some cases act as our Personal Data Processors and strictly follow our instructions and implement appropriate security measures, in order to:
- Protect and protect our legal interests.
- Fulfill our contractual and legal obligations.
- Detect and prevent technical, operational or safety issues;
- Provide and improve our Services.
- Provide, improve and maintain our digital channels (including the Platform and Website).
We have carefully selected each of our service providers based on their expertise in delivering the specific goods/services required, as well as their ability to Process Personal Data. These providers have demonstrated sufficient guarantees to implement the necessary technical and organizational measures in accordance with the requirements of the GDPR and our own data protection standards.
We cooperate with different types of categories of Personal Data Processors, including:
- Server and hosting companies responsible for the infrastructure supporting our Website and Platform.
- Cloud services to efficiently manage our business, improve productivity, streamline workflows and ensure secure access to business resources from different locations.
- Email clients that facilitate email communication.
- Other companies that are committed to delivering our Services and supporting our business.
Before we disclose any Personal Data to such service providers, we enter into a data processing agreement with them in accordance with the provisions of the GDPR, to ensure a secure and accurate Processing of Personal Data.
- Other Third Parties
We may disclose Personal Data to legal advisers, banks, auditors and other partners in accordance with applicable data protection legislation if this is done in order for us to fulfil legal obligations, contractual obligations or to fulfil our legitimate interest.
In connection with or during negotiations on a transfer of our company's assets, merger, sale, financing or acquisition of all or part of our business, Personal Data may be disclosed to the potential buyer or seller involved in such transactions, including their personnel/suppliers.
We have concluded that we have a legitimate interest in the Processing of Personal Data for the purposes set out above, and that our legitimate interest does not infringe your right to privacy and privacy.
Legal basis for the above-mentioned Processes: Legitimate Interests.
In some cases, we may share certain Personal Data with a Third Party if the Third Party has a legitimate interest in Processing the Personal Data in question. It is important to note that in such cases the Third Party is considered to be an independent Controller with respect to its own Processing of the shared Personal Data in question, and the Third Party is responsible for complying with all relevant data protection laws regarding their Processing of Personal Data, including informing the Data Subject of their Processing activities.
10. DATA SUBJECT'S RIGHTS
The following is a summary of the rights that you have in your capacity as a Data Subject under the GDPR:
Right to information: You have the right to receive information about our collection and use of your Personal Data. This includes information about the purposes of the Processing, the categories of Personal Data involved and any Third Parties with whom your Personal Data may be shared.
Right of access: You have the right to access your Personal Data held by us. You can request information about the Processing of your Personal Data, obtain a copy of the Personal Data in a machine-readable format (provided there is no applicable exception to the right of access) and be informed of the safeguards in place for cross-border transfers. However, this does not mean that you have the right to receive the documents containing the Processed Personal Data.
Right to rectification: You have the right to request the rectification of inaccurate or incomplete Personal Data about you that we Process. If we Process Personal Data about you that is inaccurate or incomplete, we will, at your request or on our initiative, complete, correct or delete the Personal Data in question. Once we have corrected the Personal Data, we will notify you of this, provided that it is not too burdensome for us.
Right to erasure: Under certain circumstances, you have the right to have your Personal Data deleted. This applies, for example, if the data is no longer necessary for the purpose for which it was collected, or if you withdraw your consent and there is no other legal basis for the Processing. However, legal obligations may prevent us from immediately deleting parts of the Personal Data. These obligations stem from accounting and tax legislation, banking and money laundering legislation, and possibly consumer law. When we delete the Personal Data at your request, we will inform you after the deletion, provided that this is possible and not too burdensome for us.
Right to restriction: You have the right to restrict the Processing of your Personal Data under certain conditions. This means that your data can only be stored and not further processed, or only Processed for specific and limited purposes. An example of when this right applies is when the Personal Data we Process needs to be corrected. If you request us to correct your Personal Data, you may also ask us to limit the Processing of the specific data until it has been corrected. We will inform you when the restriction expires.
Right to data portability: You have the right to receive your Personal Data in a structured, commonly used and machine-readable format. You may also request the transfer of your data to another Controller, where technically possible. This right applies only if the Processing of Personal Data is carried out automatically and only if our Processing takes place in order to perform a contract where you are a party to the agreement or based on your consent.
Right to object: You have the right to object when your Personal Data is Processed after a balancing of interests. If you make an objection under this right, we shall cease the Processing, unless our interest overrides your interests, rights and freedoms. However, you always have the right to request that your Personal Data not be Processed for direct marketing purposes. Such objections may be raised at any time. If an objection is made to direct marketing, the Personal Data may no longer be Processed for such purposes and we will inform you when we have deleted the Personal Data if you request it.
Right not to be subject to automated decision-making: You have the right not to be subject to decisions based solely on automated Processing, including profiling, if these decisions significantly affect you. Exceptions apply if the decision is necessary for the performance of a contract or is permitted by law. If an automated decision has been made, with or without profiling, you can request that it be reviewed or contested. We do not make automated decisions, whether with or without profiling.
11. HOW TO EXERCISE THE RIGHTS
You are most welcome to contact us via the contact details set out below, if you would like to exercise any of the above rights regarding your Personal Data that we Process.
Exercising the rights is free of charge, provided that your requests are not excessive, repeated or manifestly unfounded. In such cases, we have the right to charge a reasonable fee for Processing your request or the right to deny the execution of your request.
Before we handle or respond to your request, we may request additional information from you if necessary to confirm your identity.
We will inform you about our handling of your request without delay and at the latest within one month of receiving the request. If the request is complex or if, for example, we have received a large number of requests, this period may be extended by a further two months. In such cases, we will notify you of the extension within the first month of receipt of your request.
It is important to note that the rights are subject to certain restrictions and conditions under the GDPR. Some of the rights apply only in certain situations and only if it is lawful and possible for us to carry out your request.
If we are unable to comply with your request due to applicable law or other exceptions, we will notify you of this and inform you of the reasons why we are unable to comply with your request with the limitations imposed by law.
12. CHANGES
We regularly review the content of this Privacy Notice to ensure that the information is accurate and up to date. The content may, with or without prior notice, be updated as necessary. You are responsible for reviewing the content of our privacy notice at any time and for keeping you up to date with any changes. We will notify you if we make material changes provided that such disclosure is mandatory under applicable law. The applicable version is always published on the Website.
13. QUESTIONS OR COMPLAINTS
If you have any questions about the content of this Privacy Notice or our Processing of Personal Data, or if you are dissatisfied with our Processing of your Personal Data, you are always welcome to contact us at the following contact details:
Our company and contact information
Company name: Prouder AB
Reg.no.: 559450-4887
Email: info@prouder.se
Postal address: Fröjel Alstäde 525, 623 55 Klintehamn
If you are not satisfied with how we Process your Personal Data, you also have the right to lodge a complaint with the relevant Supervisory Authority. Our Supervisory Authority is the Swedish Authority for Privacy Protection:
Name: Swedish Authority for Privacy Protection (IMY).
Telephone: 08-657 61 00.
Email: imy@imy.se.
Postal address: Integritetsskyddsmyndigheten, Box 8114, 104 20 Stockholm, Sweden.
Please note that depending on your country of residence, there are different Supervisory Authorities that you can contact regarding questions or complaints about the Processing of your Personal Data. You can find the different EU Member States' Supervisory Authorities through the following link: