Personal data policy

BLING (hereinafter “BLING” or “we”)

Purpose

We care about your privacy. We want you to feel safe when you entrust us with your personal data. This is why we have drawn up this policy. It is based on current data protection legislation and clarifies how we work to safeguard your rights and your privacy.

The purpose of this policy is to let you know how we process your personal data, what we use it for, who can access it and under what conditions, and how you can exercise your rights.

Background information

We process your personal data primarily to fulfill our obligations to you as a visitor/customer/partner, but also to authorities and funders. Our starting point is not to process more personal data than is necessary for the purposes, and we always strive to use the least privacy-sensitive data.

When we collect personal data about you for the first time, we will provide you with more information about this and our purpose for collecting it.

Guidelines

What personal data do we process?

We only process personal data when we have a legal basis. BLING processes personal data in order to provide or administer services to you and to fulfill legal obligations, such as accounting obligations. Processing for marketing and statistical purposes is based on our legitimate interest in being able to market our services and to be able to develop and improve our business and offer statistics to our financiers and stakeholders. In some cases, processing may also take place after you have given your consent to the processing, e.g. in recruitment procedures.

Here is a summary of the personal data we process:

Event/Community

  • Name
  • E-mail address
  • Photographs, mingle pictures
  • Data that you register voluntarily and provide voluntarily
  • Content that you publish yourself, so-called user-generated content
  • Dietary requirements, allergies

Customer

  • Name
  • Address
  • Telephone number
  • E-mail address
  • Social security number/date of birth
  • Gender
  • Foreign origin (born abroad or born in Sweden with two foreign-born parents)
  • Photographs, mingle pictures
  • Data that you register voluntarily and provide voluntarily
  • Content that you publish yourself, so-called user-generated content

Partner/Supplier

  • Name
  • Address
  • Telephone number
  • E-mail address
  • Photographs, mingle pictures
  • Data that you register voluntarily and provide voluntarily
  • Content that you publish yourself, so-called user-generated content

Candidates/job seekers

  • Name
  • Address
  • E-mail address
  • Telephone number
  • photo
  • Data that you register voluntarily and provide voluntarily

How do we get access to your personal data?

We collect your personal data on a lawful basis before we start processing your personal data. We do this, for example, by having you fill in your details before you enter any of our business processes.

You have the right to withdraw your personal data at any time. We will then no longer process your personal data or collect new ones, provided that it is not necessary to fulfill our contractual or legal obligations.

We may also access your personal data in the following ways:

  • Data that you provide us directly
  • Data recorded when you visit our website according to our cookie policy
  • Data we receive from public registers
  • Information we receive when you hire one of our employees
  • Information we receive when you register for our events or programs
  • Information we receive when you sign up for newsletters and other mailings
  • Data we receive when you respond to post-event questionnaires and surveys
  • Data we receive when you contact us, apply for employment with us or visit us

What information do we provide to you?

When we collect your personal data for the first time, we will inform you how we obtained the personal data, what we will use it for, what your rights are under data protection law and how you can exercise them. You will also be informed about who is responsible for the processing of your personal data and how you can contact us if you have any questions or need to make a request or inquiry relating to your personal data and/or rights.

Is your personal data processed in a secure way?

We develop procedures and practices to ensure that your personal data is handled securely. The starting point is that only employees and other persons within the organization who need the personal data to perform their tasks should have access to it.

We have an IT security policy to ensure that your personal data is processed securely.

We do not transfer personal data in cases other than those explicitly stated in this policy.

When do we disclose your personal data?

Our starting point is not to disclose your personal data to third parties unless you have consented to it or unless it is necessary to fulfill our obligations under contract or law. In cases where we disclose personal data to third parties, we normally draw up confidentiality agreements and ensure that the personal data is processed in a satisfactory manner.

Deletion of personal data

The basic principles for the deletion of personal data are to never process or store data longer than necessary. When no longer needed for the purpose for which they were originally collected, they should be deleted or anonymized. A deletion procedure for the various personal data processed should be in place within the company. IT systems must be adapted so that it is technically possible to carry out the deletion of personal data. The deletion procedure presupposes that the personal data being processed is done so on a legal basis. Processing without a legal basis must cease immediately and the personal data must be deleted, provided that the data is not otherwise processed on a proper basis and must therefore be retained.

The company continuously reviews and evaluates whether personal data processed should be deleted or anonymized in order to process as little data as possible and no more than the company absolutely needs.

Incident management

All security incidents shall be documented in an incident management log, including the circumstances of the personal data breach, its effects and the corrective actions taken. A security incident means an event leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed. Where required by law, incidents must also be reported to the DPA and the data subject respectively.

Education and training

Our employees receive relevant information and training on the processing of personal data in accordance with a separate annual training plan. Where necessary, in-depth or targeted training is provided to those who handle sensitive data. Participation in training shall be documented.

Responsibility

The non-profit organization BLING is the data controller, which means that we are responsible for how your personal data is processed and that your rights are safeguarded.

If you have any questions regarding our processing of personal data or wish to exercise any of your rights regarding the data we hold about you, e.g. request a register extract, rectification or deletion, you can send your request to hello@blingstartup.se.

If you consider that your personal data is being processed in breach of the applicable legislation, you also have the right to lodge a complaint with the supervisory authority. See www.datainspektionen.se for more information and contact details.

Kista, June 2018

Adnan Yousuf

Friends of BLING

Do you also want to contribute to more innovation, entrepreneurship and inclusion? Contact us.