Privacy Policy
1. Preliminary provisions
This privacy policy applies to Sharpfin AB, corporate identity number 556927-9309 (the “Company”). The Company is the data controller and is responsible for ensuring that the processing of personal data is carried out in accordance with the General Data Protection Regulation (GDPR) and other relevant legislation.
This privacy policy clarifies the purposes and contexts in which the Company may collect personal data and the types of information that may be collected. The purpose of the policy is to describe clearly and transparently how the Company collects, uses, transfers, and stores information.
This privacy policy encompasses all processes where personal data is handled, covering both structured and unstructured data.
2. Legal grounds for processing
The Company values personal integrity and does not collect more personal data than necessary. The processing of personal data by the Company may only occur if it is under one of the following legal grounds:
- If the processing is necessary to fulfil a contract in which a user is a party or to take steps at the request of such a user before entering into such a contract.
If a user has given the Company consent to process personal data for certain purposes. In such a case, a user has the right to withdraw consent at any time.
If the processing is necessary for purposes relating to the legitimate interests of the Company or a third party, provided that the user’s privacy is adequately protected.
Processing aimed at preventing fraud, for direct marketing, maintaining and developing security within the Company’s systems, or when necessary for cooperation with the Company’s partners. The Company shall cease direct marketing if a user objects to the processing.
If the processing is necessary to protect interests that are of fundamental importance to a user or another natural person.
If the processing is necessary to establish, exercise, or defend legal claims.
If the processing is necessary to fulfil a legal obligation to which the Company is subject.
3. How the company may collect information
The Company may only collect personal data in the following ways: directly from users or through the use of the Company’s website and information published on social media.
3.1 Directly from users
The Company may collect information from users when they interact with the Company via various communication channels (e.g., via the Company’s website or social media) and show interest in the Company’s services and/or products. To offer the best user experience, the Company processes both the information the Customer provides when creating an account and information gathered through the use of the service. Examples of personal data the Company may collect include names, email addresses, phone numbers, IP addresses, domicile, the time of acceptance of the Company’s legal terms and agreements, and necessary information for the customer identification process.
3.2 Use of the company’s website and information published on social media
The Company may collect personal data using digital cookies, web server logs, web beacons, or other electronic tools to gather information about the user. The collected information may include IP addresses, browser types, languages, operating systems, or geographical locations.
4. How the company may use personal data
The Company may only use personal data for one of the following reasons:
- Within the company: To compile and disclose personal data within the Company.
- Managing the company’s relationships: To identify users, communicate with them via the Company’s channels, and provide relevant information to them.
- Business development: The Company may use personal data, such as recorded phone calls, voice recordings, images, and video recordings, to develop its business, products, and services and conduct market research and other analyses.
- Marketing: If the user does not object, the Company may collect and analyse personal data, such as behaviour on the Company’s website (including geobased information), to send offers and other useful information tailored to its users.
- Regulatory reporting: The Company may use personal data to fulfil its obligations under applicable law and respond to requests from authorities when they have the right to access information by law.
- Preparation of statistics: The Company may use personal data to compile statistical data for its risk assessments and services and/or products.
5.Storage, security, and deletion
The Company values personal integrity. The Company has established internal guidelines and processes to ensure that personal data is protected against destruction, unauthorised disclosure, unauthorised access, loss, or alteration.
The Company retains personal data only as long as necessary concerning the purpose of the data processing. This means that if data processing is based on a contract, the personal data is retained as long as the contractual relationship exists. If processing is based on consent, the data can be stored until the user withdraws consent. The personal data shall be deleted when there is no longer a reason for data processing.
All sensitive personal data should be encrypted as far as possible. The Company shall only retain personal data as long as necessary to fulfil the purpose for which the Company is storing it or the longer period that may be required by applicable law.
The Company shall always implement appropriate technical, legal, and organisational security measures to protect the user’s privacy. Potential incidents regarding personal data processed by the Company shall be reported to the Data Protection Authority without undue delay and no later than 48 hours and take necessary measures concerning the incident.
6. Rights
GDPR provides the user with several rights regarding the processing of personal data. A user can contact the Company to access personal data and information about, among other things, which personal data the Company has collected, the purposes of the data processing, to whom personal data has been or will be disclosed, and, if possible, the period for which the personal data will be stored. The information shall be provided in a machine-readable format. Requesting information is free of charge unless the request is manifestly unfounded.
A user can object to the processing of personal data based on the Company’s legitimate interest or withdraw their consent to the processing of personal data. The user can also object to a legitimate interest. If a user submits a request for objection or deletion of personal data, this shall be handled with utmost urgency.
A user also has the right to transfer the personal data that the Company has collected to another data controller, if this is possible.
A user always has the right to lodge a complaint with the Data Protection Authority or the corresponding supervisory authority if there are any complaints about the Company’s processing of personal data.
7. Contact
For questions regarding the Company’s handling of personal data or the use of the rights above, contact the Company here.
8. Updating the privacy policy
The Company may make changes to this policy. If the Company makes changes, the user will be informed of this the next time they visit the website.
9. Definitions
The following terms shall have the meanings set out below.
GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons concerning the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.