1. HANDLING OF PERSONAL DATA
Tendelin respects your integrity and ensures that your personal data is processed with the confidentiality and respect that is required. This policy concerns any person engaged in a relationship with by our business or representing an organisation (existing, previous or potential client, supplier, or partner) who has attended an event, has visited our website or in other ways has been in contact with us, e.g. as an employee at an authority. Further information on how we process personal data is found below.
2. PERSONAL DATA CONTROLLER
Tendelin AB, holding the Swedish organisation number 559243-6926 with the legal address Tegeluddsvägen 80, 115 28 Stockholm, is the controller for the personal data that is processed in accordance with this policy.
3. TO WHOM DO YOU DIRECT YOUR QUESTIONS?
If you have any questions regarding how we process your personal data, please contact us through the following contact form.
4. DATA PROTECTION OFFICER
The data protection officer’s role is to monitor that we are compliant with current data protection legislation by, for example, collecting information about how Tendelin AB processes personal data, performing controls, providing information and advice, and issuing recommendations. You can contact our data protection officer by submitting a contact request here with the title "Data Protection Officer" or by mail: Data protection officer, Tendelin AB, Frihamnsgatan 30, 115 56, Stockholm.
5. PERSONAL DATA COLLECTED
We collect and process all personal data that you share with us, for example when you send us an e-mail or sign up for an event. The sources from which we collect personal data are stated in section 6.
Personal data that we process:
Basic information, such as your name and the organisation you represent;
Contact information, such as address, email address and phone number;
Payment information, if payments are made;
Technical information, such as information about your visit on our website or behavioural data relating to digital activity;
Information that you share relating to meetings or events, such as availability and meeting participant information;
Identity documentation or background information that we have received from you or collected as a part of our client intake;
Personal data that has been provided to us from our clients, on behalf of our clients, or that has been prepared as a part of an assignment process or through other communication;
Pictures and videos taken at our events or submitted through our website or through other electronic communication.
6. PERSONAL DATA SOURCES
We process personal data regarding and in connection to assignments that we perform on behalf of our clients. We process identity documentation and background information as a part of our client intake process, administration and marketing. Such processing includes taking measures to prevent money laundering, avoid conflicts of interest, vendor vetting, proposal vetting and process credit data. We also process personal data that is shared with us by our clients and partners throughout their bilateral business relationship. Furthermore, personal data is shared with third parties to the extent such sharing is necessary for the performance of our assignments. We collect personal data about you and others:
When we initiate a business relationship or when we handle matters on behalf of our clients or partners;
Through cookies and other tracking services on our website;
Via e-mail and other electronic messages sent to and from Tendelin AB;
When you share information with us by contact with us at meetings, conversations, social media, events or by filling in online forms.
We might also collect or receive information about you from other sources, such as (but not limited to):
Publicly available databases.
7. PURPOSES OF PERSONAL DATA COLLECTION
We process your personal data for the following purposes:
Website usage analysis. Processing is necessary for the purpose of Tendelin AB's legitimate interests in understanding how our website is used, which information is in demand, how usability is perceived by users and how it can be improved to provide our users with the best experience.
To be able to provide personal data at your request. Processing is necessary for the purpose of your and Tendelin AB's legitimate interests in being able to accommodate your request of information regarding your activity and usage of our service.
Marketing of our services e.g. by newsletters, social media, publications and events. Processing is necessary for the purpose of Tendelin AB's legitimate interests in the marketing of our services.
To manage our relationship with you and our clients, and maintaining our contact lists. Processing is necessary for the purpose of Tendelin AB's legitimate interests in managing our relationship with you or the organisation that you represent.
To comply with legal obligations. Processing is necessary for compliance with legal obligations, including our legal agreements with your organisation, as well as our responsibilities in accordance with national and international law.
To determine, claim or defend legal demands. Processing is necessary for the purpose of Tendelin AB's legitimate interests in the establishment, exercise or defense of legal claims.
8. PERSONAL DATA STORAGE
Data processed as part of our performance of a client assignment is stored for ten years or for such longer period required by Swedish law with regards to the nature of the matter. We store your personal data to contact you for marketing purposes during a year from the date we collected your data or the date when we last used your data to contact you.
When we process personal data in other situations than the ones mentioned above, we store your personal data for as long as is necessary with regards to the context. For example, it can be situations when we are in contact with you via e-mail, when you participate in an event, when we provide information at your demand, when we process information from cookies, or due to a legal obligation.
9. DISCLOSURE OF PERSONAL DATA
We might share your personal data with trusted recipients with whom we have an agreement ensuring that your personal data is processed in accordance with this policy. Personal data is shared with the following parties:
Tendelin’s offices at their respective locations for exchange of information and knowledge, resource allocation and the purposes that are stated in this policy;
Suppliers of services, such as support, word processing, translation or documentation;
IT solution suppliers;
Third parties, as part of our ongoing assignments, such as; clients, vendors, partners, authorities or suppliers of data rooms;
Third parties involved in the organisation of events, such as hotels, organisers or lecturers;
Third parties, when necessary due to a legal obligation. If we are obliged to disclose your personal data because of an injunction or such, we will inform you to the extent that we are not legally prevented from doing;
Social media, such as Instagram, Facebook, LinkedIn and Youtube. We kindly refer you to the policy of each provider for information on how they process personal data;
We do not transfer your personal data by selling your personal data or else make your personal data available for commercial purposes without your consent.
10. PERSONAL DATA PROTECTION
We take several technical and organisational measures to protect your personal data from unauthorized access, use, disclosure, change or erasure in accordance with the applicable data protection legislation. Such measures include, but are not limited to, shell protection, encryption, eligibility restrictions, policies, etc.
11. COUNTRIES TO WHICH PERSONAL DATA IS TRANSFERRED
With the exception of what is explicitly stated below, we only process your personal data within the EU/EEA. Some of Tendelin's IT service suppliers have their place of business in the USA. When personal data is shared with these suppliers, Tendelin AB has ensured that the level of protection is equivalent to that applicable within the EU/EEA by the suppliers’ adherence to the framework EU-U.S. Privacy Shield, in accordance with article 45 in the GDPR.
As part of our handling of assignments between buyers and vendors, we may in individual cases need to transfer personal data to third countries. If we engage in such transfer, we ensure that the level of protection is equivalent to that applicable within the EU/EEA, either by ensuring that the country has an adequate level of protection, that we have taken adequate protective measures, that you have given your consent or that the transfer was necessary with regards to the purposes set out in article 49 in the GDPR.
12. YOUR RIGHTS REGARDING YOUR PERSONAL DATA
12.1 You have the right to withdraw your consent at any time. Upon such withdrawal, we will cease such processing of your personal data. Please contact us at firstname.lastname@example.org you want to withdraw your consent.
12.2 You have the right to receive a confirmation as to if your personal data are being processed, and, where that is the case, the right to access such personal data. You will then receive inter alia the following information: the purposes for our processing, the categories of personal data, the categories of receivers, the storage times and the sources of the information.
12.3 You have the right to request that inaccurate personal data are corrected without undue delay. You also have the right to, when appropriate, complete incomplete personal data.
12.4 Under certain circumstances you have the right to obtain the erasure of your personal data (if: the processing is no longer necessary, you withdraw your consent and there is no other legal ground for the processing, there is a lack of legitimate grounds after your objection, the processing is executed illegally or erasure is demanded by a legal obligation).
12.5 If your personal data is processed based on general or legitimate interests, you have the right to object to the processing. For example, you have the right to object to processing for marketing purposes. If you object to the processing, we will cease the processing if we cannot either demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.
12.6 You have the right to obtain the restriction of the processing of your personal data (if: you object to the accuracy of the personal data, the processing is illegal and you request a restriction instead of erasure, you need the data for legal claims or you have objected to the processing and await verification).
You have the right to receive personal data that you have submitted to us in a machine-readable format. The right regards such data that is processed automatically and based on an agreement (with you) or your consent. You also have the right to demand that this data is transmitted directly to another personal data controller, where technically feasible.
12.7 If you are not satisfied with our processing of your personal data, you have the right to file a complaint with the Swedish Data Protection Authority, which is the Swedish supervisory authority. You also have the right to turn to the supervisory authority in the country where you reside or work.