Privacy Policy

Last updated: 12 October 2022

Why and for whom?

At Adpin AB org.nr (559218-4930) ("Adpin", "we", "us", "our") we care about personal privacy. This means that we respect and protect your privacy and the right to control and transparency when processing your Personal Data.

Adpin is the Personal Data Controller in relation to the Processing of Personal Data listed in this Privacy Policy (the "Policy"). The policy describes the purposes for which we need your Personal Data, the legal basis we rely on and the measures we take to protect personal data. We also inform you of how you can exercise the rights you have linked to our processing of your Personal Data.

We will also list our Personal Data Processors so that you can feel 100% sure where your Personal Data is stored and Processed.

The policy informs about our handling of Personal Data in cases where you communicate with us, use the Service or visit our website www.adpin.se (together "Functions").

This policy is aimed at:

Users of the Service

Employees of potential customers

Employees of existing customers

Visitors to our website

Definitions

"Processing" of Personal Data is anything that can be done with Personal Data, e.g. storage, modification, reading, transmission, etc.

"Governing law" is the legislation applicable to the processing of Personal Data including the General Data Protection Regulation (GDPR), supplementary national legislation, as well as practice, guidance and recommendations issued by a national or European supervisory authority.

"Personal data" is any kind of information that can be linked to an identifiable, living person.

"Personal data controller" is the company/organization that decides for which purposes and in what way the Personal Data is to be processed and is thus also responsible for Personal Data being processed in accordance with Applicable Law.

"Personal data assistant" is the company/organization that processes Personal Data on behalf of the Personal Data Controller and may therefore only Process the Personal Data in accordance with the Personal Data Controller's instructions and current legislation.

"Registered" means the living, natural person whose Personal Data is processed.

The "service" Adpin simplifies the search and purchase of advertisements in newspapers and magazines, both in print and digital format, through an intuitive and educational app and web service.

Adpin's personal data responsibility

The information in this Policy covers the Processing of Personal Data for which Adpin is the Personal Data Controller, i.e. the Treatments for which we determine the purpose of (why a treatment is done) and means for (in what way, which personal data, for how long, etc.). The policy does not describe how we process personal data in the role of Personal Data Officer - i.e. when we process personal data on behalf of our customers.

In order to provide a secure and high-quality marketplace for ad purchases in various publishers' newspapers and magazines, in print and digital format (mobile/web), representatives of the respective ad buyer and publisher (ad seller) need to register accounts in our web or app service. In these accounts, we need names, phone numbers, emails and in some cases employment numbers, to match against companies registered as ad buyers in the marketplace.

Adpin's processing of personal data

We have a responsibility to describe and show how we live up to the requirements placed on us when we process your Personal Data. This section aims to inform about:

Why the Personal Data Processing is necessary in relation to the purpose

What legal basis we have identified for the Processing

Legal grounds

Consent - Adpin processes your Personal Data after we have received your consent to the Processing. Information about the treatment is always provided in connection with asking for consent.

How long do we save your Personal Data?

We save your Personal Data for as long as is necessary with regard to the purpose for which it was collected. Depending on the legal basis on which we support the processing, this may a) result from an agreement, b) depend on a valid consent, c) appear from legislation or d) result from an internal assessment based on a balancing of interests. In the list below, we indicate (to the extent possible) the period the Personal Data will be stored or the criteria used to determine the period.

Treatments

Treatment and the purpose of the treatment: With the help of personal data, we ensure an actual relationship between the account holder and the business account intended for advertising purchases, alternatively advertising sales.

Adpin processes personal data in order to:

Register a user account to enable the customer to log in. Verify user credentials to increase security and prevent misuse. Identify through third parties, for example if login takes place via Google, Facebook or LinkedIn. Checks to ensure that you process correct and updated personal data. Analyze how the Service is used as a basis for improvement and development. Send requested information and answer questions to accommodate your customers and stakeholders. Invite people to relevant events or similar to network and build business relationships. Check that the Service is used in accordance with the applicable terms and conditions to reduce the risk of abuse. Communicate in order to effectively and quickly help your customers with any problems. Inform and market your business with the aim of arousing the interest of potential customers.

Personal data: Name, email, telephone number, possible employment number and profile picture.

Source: Directly generated internally and/or from the data subject, and/or from the data subject's employer and/or from their third party suppliers.

Legal basis: Consent

Period of storage: As long as there is a valid consent. Information on how long the consent is valid is provided in connection with obtaining the consent.

Your rights

You are the one who decides on your Personal Data. We always strive to ensure that you can exercise your rights as efficiently and smoothly as possible.

Access - You always have the right to receive information about the Personal Data processing that concerns you. We only release information if we have been able to ensure that it is actually you who is asking for the information.

Correction - If you discover that the Personal Data we process about you is incorrect, let us know and we will fix it!

Deletion - Do you want us to forget you completely? You have the right to request the deletion of your Personal Data when they are no longer necessary for the purpose for which they were collected. If we are required to retain your data by law or an agreement we have entered into with you, we will ensure that it is only processed for the specific purpose stated in the law or agreement; after that, we will ensure that the data is deleted as soon as possible.

Objection - Do you not agree with us that our interest in processing your Personal Data outweighs your interest in protecting personal integrity? No problem - in that case we will review our balance of interests and check that it still holds. We will of course take your objection into account when we make a new assessment to evaluate whether we can still justify our Processing of your Personal Data. If you object to direct marketing, we will delete your Personal Data at once without reviewing our assessment.

Restriction - You can also ask us to restrict our Processing of your data:

During the time we are handling a request from you about any of your other rights

If, instead of requesting deletion, you want us to mark that the data should not be processed for a certain purpose. If you e.g. do not want us to send you advertising in the future, we still need to save your name to know that we should not contact you. In cases where we no longer need the data for the purpose for which it was collected; provided that you do not have an interest in us retaining the data in order to assert a legal claim.

Data portability - We can provide you with the information you have provided to us yourself or that we have received from you in connection with entering into an agreement with you. You receive your data in a commonly used and machine-readable format, which you can then take with you to another Personal Data Controller.

Withdraw consent - If you have consented to one or more specific processing(s) of your Personal Data, you have the right to withdraw your consent at any time and thus ask us to cease the Processing immediately. Please note that you can only withdraw your consent for future Processing(s) of Personal Data and not for any Processing that has already taken place.

How you use your rights

"Through your user account, you can request register extracts, get information about what you have agreed to and delete your personal data." You can always contact admin@adpin.se for help regarding the use of your rights.

Transfer of Personal Data

In order to run our business, we may need the help of others who process Personal Data on our behalf, so-called Personal Data Processors.

In the cases where our Personal Data Assistants transfer the Personal Data to a country outside the EU/EEA, we have ensured that the Processing is legal according to applicable law in that one of the following requirements is met:

there is a decision from the European Commission that the country ensures an adequate level of protection;

application of the European Commission's standard contractual clauses for third country transfers; or

other appropriate protective measures that comply with applicable law.

We have entered into personal data processor agreements (PUB agreements) with all of our Personal Data Processors. The PUB agreement regulates how the Personal Data Processor may process the Personal Data and which security measures are required for the processing of personal data.

We may also need to provide your Personal Data to certain designated authorities in order to fulfill obligations according to law or authority decisions.

Our personal

assistant: Salesforce Advendio

Personal data processed: Name, phone number, email and possibly employment ID and profile picture, as well as user behavior and IP number.