Privacy Policy
1. General
1.1 We at Citea labs AB ("Citea", "We") care about your personal integrity and want you to feel safe when you provide us with your personal data. This privacy policy applies to everyone who in any way uses Citea's websites, services and applications and/or otherwise has contact with us. The purpose of this privacy policy is for you to know how we process your personal data, what we use it for, who can access it, under what conditions and what rights you have under applicable personal data legislation. It is important to us that you read and understand this privacy policy and that you feel safe with how we process your personal data.
1.2 You are always welcome to contact us if you have any questions regarding this privacy policy or for other data protection issues. Contact details for us can be found at the end of this privacy policy.
2. Data controller
2.1 Unless otherwise specifically stated, it is Citea, org.nr. 559527-3888, Föreningsgatan 1 a Lgh 1601, 411 27 Gothenburg, Sweden, which is responsible for the processing of your personal data and is responsible for ensuring that such processing takes place in accordance with applicable legislation.
3. What is personal data?
3.1 Personal data is any information that can be directly or indirectly attributed to a physically living person. Examples of this are everything from social security numbers to email addresses, but encrypted data can also constitute personal data if it can be linked to physically living persons.
4. What is the "processing" of personal data?
4.1 The concept of "processing" is broad and encompasses most of what can be done with personal data. Everything from collection and storage to modification, use or deletion constitutes "processing".
5. What personal data do we process about you?
5.1 We collect and process personal data that you provide to us, e.g. in connection with visiting our websites, purchasing a certain product or service, signing up for our newsletter, contacting us or using our digital channels.
5.2 When you use our services, we record information about your use. This information includes the services you use, the pages you visit and how you behave on our websites. We collect data in order for our services to work efficiently and provide you with the best possible experience/results. You provide certain information directly, for example when you create an account on one of our websites or in an application, administer your user account for a service, purchase legal services or other products from us, register for an event, download an app and register as a user, sign up for a newsletter, or contact our support. We obtain some of this information by recording how you interact with our services and products, for example through the use of technologies such as cookies on our websites and receiving usage data from software running on your device. The data collected for this purpose is directly de-identified so that we do not process any personal data about you. The legal basis for this collection is our legitimate interest in improving our websites and compiling statistics on how our websites are used.
5.3 If you choose not to provide information that is necessary to access a product, service, or feature, you may not be able to use that specific product or service/feature.
5.4 In some cases, we may also obtain information from other sources, such as partners and other suppliers. We also collect and update your data based on publicly available sources, such as open government databases or other publicly available data.
6. Why do we process your personal data?
6.1 In order for you to visit our websites and for us to provide (including improve and personalise) the services and products we offer, to send communications (including promotions to our users), to market services and sign up for our newsletter, or to contact us for service or information, we need to collect and process personal data about you.
6.2 We process your personal data primarily to fulfil our obligations to you under the services and products we provide or otherwise fulfil the purpose of the information collection. Our starting point is not to process more personal data than is necessary for the purpose of the processing, and always strive to use the least privacy-sensitive data. We process your data mainly to:
- Administer and provide our products and services
- Handle customer service and other inquiries
- Provide information and promote products and services that you may be interested in
- Improve our services and products, for example by researching and evaluating customer satisfaction or the market.
- See further under section 10.
7. How to access and control your personal data
7.1 Once you have created a user on one of our websites, you can log in and change your name and email. If you wish to request a complete summary of your personal data at Citea or close your account, you are welcome to contact us: see contact details at the end of this privacy policy.
8. What is the legal basis for processing your personal data?
8.1 In order to process personal data, there must be a legal basis for this. Citea processes personal data on the following grounds;
- When the personal data processing is necessary for us to be able to fulfil an agreement we have with you – e.g. to provide or administer a product or service you have purchased.
- When the processing of personal data is necessary to fulfil a legal obligation, e.g. an accounting obligation.
- When we have a legitimate interest in processing your personal data, e.g. to be able to respond to inquiries about products/services or to communicate with you about similar products/services that you have previously purchased.
- When the processing of personal data is permitted because you have given your consent to it.
- See further under section 10.
9. How long do we store information about you?
9.1 Your data is only stored for as long as there is a need to save it in order to fulfil the purposes for which the data is collected. We retain personal information for as long as necessary to provide the products and services, fulfill the transactions requested and authorized by you, or for other necessary purposes, such as complying with our legal obligations, resolving disputes, and enforcing our agreements. We may also store the data for longer if required by law or to safeguard our legal interests, e.g. if there is an ongoing legal process. Because these needs can vary for different types of data and for different types of products, services, and contexts, actual retention periods can vary.
9.2 Your personal data will be deleted or anonymised when it is no longer relevant for the purposes for which it was collected. See further under section 10.
10. Summary of our personal data processing
| For what purposes do we process your personal data? | What legal basis do we have for the processing? | What categories of personal data are processed? | How long is your data stored? |
|---|---|---|---|
| Handle requests, such as questions about our services/products | Legitimate interest. | Identification data, such as name Contact information such as address, telephone number and e-mail. Customer interactions, such as call recordings, journal entries, and mailings. | As long as it is necessary to handle your request. |
| Manage the customer relationship, e.g. register your information in our customer register, send notifications, communicate with you about the customer relationship, etc. | Performance of a contract and, in some cases, a balancing of interests if the agreement to provide you with a service has been entered into with a legal person. | Identity data, such as name. Title and authorization rights. Contact information such as address, telephone number and e-mail. Customer interactions, such as call recordings, journal entries, and mailings. Details of your purchases. | As long as you have a customer relationship with us and two years thereafter. |
| To administer and deliver our products and services. | Performance of contracts. In cases where sensitive personal data is processed, this is done on the basis of your explicit consent and only when it is necessary to provide services that you have requested. | Identification data, such as name. Title and authorization rights. Contact information, such as address, telephone number and e-mail. Sensitive personal data such as food allergies in case you attend events where food is served. | As long as you have a customer relationship with us and two years thereafter. |
| Manage payments for services and products that you purchased. | Performance of contracts and to the extent that it follows from a legal obligation, for example, the Accounting Act. | Identification data, such as name. Contact information, such as address, telephone number and e-mail. Invoice information. Payment information. Customer engagement, e.g. what service/product you have purchased. | As long as you have a customer relationship with us and two years thereafter. |
| Establishing, exercising and exercising/defending legal claims | Legitimate interest. | Identification data, such as name. Contact information, such as address, telephone number and e-mail. Invoice information | For as long as it is necessary to satisfy our interest in establishing, exercising and exercising legal claims, e.g. under statutory limitation periods. |
| To market our products and services and those of our partners in order to provide relevant information and offers | Legitimate interest. | Identity data, such as name. Contact information, such as address, telephone number and e-mail. Customer segments, e.g. information about which customer segment you belong to Geographic information IP address, device information, log information. | Two years after you were last active with us, e.g. by purchasing a service/product or contacting our customer service. |
| Follow-up and evaluation regarding the use of our services and products. | Legitimate interest in improving your user experience. | Identification data, such as name. Title and right of attestation Contact information, such as address, telephone number and e-mail. Customer engagement, e.g. what service/product you purchased. User-generated data, such as your interactions on our websites. | As long as it is necessary to carry out follow-up and evaluation. |
| Conducting market/customer surveys for the purpose of evaluating our products and services. The processing is necessary to satisfy our legitimate interest in obtaining information about your and other customers' perceptions of, for example, our products and services. | Legitimate interest. | Identity data, such as name Title and right of attestation Contact information, such as address, telephone number and e-mail.Response results Customer segment Geographic information | The data is only stored for as long as it is necessary to send out the surveys. The responses to the surveys are anonymous and therefore the data does not constitute personal data. |
| Life cycle management, e.g. to troubleshoot, log, develop, test and improve our systems and services. | Legitimate interest. | User-generated data, such as information about your interactions on our systems and services.IP address, device information, log information. | Stored only for as long as necessary for the purpose. |
| Mingle photos from events for the purpose of documenting company history and for use for editorial purposes and for marketing similar events. | Legitimate interest. | Where applicable; name, title and company.Image | As long as it is justified from a business history perspective and as long as the images are relevant for use in order to market similar events. |
| To administer your account holdings. | Performance of an agreement with you or a balancing of interests if the agreement to provide you with an account has been entered into with a legal entity. | Name, address, telephone number, and e-mail. IP address, device information, log information. Information about whether you use our website, about which of our offers you have been interested in, which of our newsletters you have interacted with and which of our events you have signed up for. Information about your account holdings. | As long as you have an account with us and one year thereafter. |
| Carry out and manage recruitment processes and incoming job applications. | Legitimate interest in managing the recruitment process. | Name, address, telephone number and e-mail. Other information you provide in your application, e.g. title, experience, etc. | As long as the recruitment process for the position you applied for is ongoing and as long as required by the applicable limitation requirements in the Discrimination Act. In the event that we want to save your data for future recruitments, we will ask for your consent. |
| Carry out and manage the recruitment process. | Performance of Contract with You. | Identity, Contact, Other information you provide in your application, e.g. title, experience, etc. | As long as the recruitment process for the position you applied for is ongoing and as long as required by the applicable limitation requirements in the Discrimination Act. |
11. Profiling
11.1 If you are a customer of ours, we look at how you use our websites, which of our products, services and offers you have been interested in, which of our newsletters you have interacted with and which of our events you have signed up for, details of your purchases and information about your account holdings. We do this in order to provide you with offers and invitations to events that we think you would be interested in.
11.2 You can object to the processing of personal data through profiling at any time. You can do this by contacting us at info@citea.ai
12. Who may we share your data with?
12.1 We share your personal data with companies and suppliers who provide services for us, e.g. to manage mailings, communicate offers, provide IT systems and conduct customer analyses. These companies may only process your personal data according to our instructions and may not use your personal data for their own purposes.
12.2 We may share your personal data with selected partners for the purpose of communication and making offers about our own and our selected partners' goods and services. In order to be able to send you relevant offers, the receiving company may also process your data. The company that receives the data is the data controller for the processing of your personal data it carries out for these purposes.
12.3 We may also share the personal data necessary to establish, exercise and exercise Citea's legal interests.
12.4 We may also share your personal data if it follows from law or government regulations, e.g. if we are forced to disclose information to the Swedish Tax Agency for accounting reasons.
13. Security of your personal data
13.1 We use a range of security technologies and methods to protect your personal data from unwanted access, use and disclosure. For example, your personal data that you provide is stored on computer systems that have limited access and are located in protected premises.
14. Where is your data processed?
14.1 As a general rule, your personal data is processed within the EU. In the event that we use service providers that transfer your personal data to countries outside the EU and EEA, we will take measures to protect your personal data in accordance with applicable legal requirements, e.g. by requiring guarantees that the provider protects the data in accordance with applicable data protection rules. If you would like to receive a copy of the safeguards that have been put in place or to obtain more information about where your data is available, you are always welcome to contact us: see contact details at the end of this Privacy Policy.
15. Your rights
15.1 Citea is responsible for ensuring that your personal data is processed in accordance with applicable legislation.
15.2 Citea will, at your request and/or on its own initiative, correct, de-identify, delete or supplement information that is found to be incorrect, incomplete or misleading.
15.3 You have the right to request:
- Access to your personal data – This means that you have the right to request a register extract of the processing that we carry out in relation to your personal data. You also have the right to receive a copy of the personal data that is processed. Once per calendar year, you have the right to receive, free of charge, a written signed application from the register extract from which personal data is registered about you, the purposes of the processing and the recipients to whom the data has been or is to be disclosed. You also have the right to receive information in the register extract about where the data has been retrieved from if the personal data has not been collected from you, the existence of automated decision-making (including profiling) and the foreseeable period during which the data will be stored or the criteria used to determine this period. You also have the right to receive information in the register extract about your other rights as set out in this section.
- Rectification of your personal data – We will, at your request, correct the incorrect or incomplete data we process about you as quickly as possible.
- Deletion of your personal data – This means that you have the right to request that your personal data be deleted if it is no longer necessary for the purpose for which it was collected. However, there may be legal requirements that we may not immediately delete your personal data in, for example, accounting and tax legislation. We will then terminate the processing that is done for purposes other than complying with the legislation.
- Restriction of processing – This means that your personal data is marked so that it may only be processed for certain limited purposes. You can, among other things, request restriction when you believe that your data is incorrect and you have requested correction in accordance with section (ii). While the accuracy of the data is being investigated, the processing of the data will be restricted.
- Withdrawal of consent – If processing is based on consent, you have the right to withdraw your consent at any time.
- You have the right to data portability – This means a right, under certain conditions, to receive and transfer your personal data in a structured, commonly used and machine-readable format to another data controller.
- You have the right to object – to personal data processing that is carried out on the basis of a balancing of interests. If you object to such processing, we will only continue the processing if there are legitimate grounds for the processing that outweigh your interests. You can unsubscribe from advertising and communication mailings at any time. You can unsubscribe by clicking on a link in the relevant mailing or contacting us (see contact details below). If you do not want your personal data to be processed for other direct marketing purposes, you always have the right to object to such processing by contacting us (see contact details below). Once we have received your objection, we will cease to process the personal data for such marketing purposes.
- You have the right to lodge a complaint – regarding the processing of your personal data with the Swedish Data Protection Authority. Should you be dissatisfied with the way we process your personal data, please contact us in the first instance: see our contact details at the end of this privacy policy.
16. Cookies
16.1 Cookies are small text files consisting of letters and numbers that are sent from our web server and stored on your browser or device. We do not use cookies on our websites.
17. Confidentiality
17.1 We may process personal data that is covered by confidentiality or that we have legitimate grounds to keep secret in relation to the data subject. This information is then covered by statutory confidentiality and is not disclosed at the request of the data subject. For example, it may be information collected before a court process. Disclosure of the information may put Citea's client in a worse position and/or may result in a breach of confidentiality by the disclosure.
18. Complaints regarding the processing of your personal data
18.1 Should you be dissatisfied with the way we process your personal data, please contact us in the first instance at info@citea.ai
18.2 If you are not satisfied with the way we handle your complaint, you can submit your complaint to the competent supervisory authority, currently the Swedish Authority for Privacy (IMY).
19. Contact information for the data controller
19.1 Citea labs AB, org.nr. 559527-3888, Föreningsgatan 1 a Lgh 1601, 411 27 Gothenburg, Sweden, is the data controller and is therefore responsible for Citea labs AB's processing of your personal data.
19.2 If you have any questions about data protection or if you wish to exercise your rights as set out above, the easiest way to reach us is at info@citea.ai
20. Changes to the privacy policy
20.1 We reserve the right to make changes to our privacy policy. You can always find the latest version on the website. In the event of updates that are of crucial importance to our processing of personal data (e.g. changes to specified purposes), this will be communicated to you.