Privacy policy

Introduction and data controller

1.1 AB Leverache (“ABL”, “we”, “us”, “our”), a company incorporated under the laws of Sweden, provides the Inex One Platform (the “Platform”), a software as a service (SaaS) platform for procurement and administration of expert calls and related services. We also provide a website, https://inex.one, hereinafter referred to as the “Site” (collectively, the “Services”).

1.2 When accessing and using the Services, you entrust us with your personal data. We are committed to keeping that trust. That starts with helping you understand our privacy practices. This privacy policy explains how we collect and use your personal data and cookies. It also describes your rights towards us and how you can exercise them. We will only use the personal data you provide in accordance with this privacy policy and the General Data Protection Regulation (EU 2016/679), whichever is applicable.

1.3 A separate agreement governs delivery, access and use of the Platform (the “Agreement”), including the processing of any data and other information that our clients (“Customers” and “Suppliers”), including individuals granted access to the Platform by Customers or Suppliers (“Users”), submit to and store within the Platform in connection with the use of the Platform (“Service Data”).

1.4 In general, the Customer and/or the Supplier is the controller of Service Data. We are the data processor of Service Data and will only process it in accordance with the data controller’s written instructions, the relevant data processing agreement and applicable law.

1.5 In general, ABL is the controller of the personal data processed by us as set forth under Section 2 below.

2. Purpose, legal basis for processing and duration of storage

The personal data we process, our processing and the purpose and legal basis thereof as well as the storage period for such personal data that are processed under this Privacy Policy are set forth below, sorted under the categories of data subjects. In addition to the categories and purposes below, we will of course process all personal data submitted to us and in the event such personal data does not fall under any of the categories of data subjects as set forth below, we will process them in accordance with applicable laws.

2.1 Client related data

2.1.1 Existing clients

Purpose: to manage and develop our relationship with existing clients.

Processing: communication through Services, e-mail and telephone regarding contractual matters. Marketing communications regarding our Services and related matters.

Categories of personal data: Name, e-mail address, phone number, employer, job title, location, device type, how you interact with our Services, other communication between us and the registered person, order history, technical information on how you have communicated with us and information whether you have opted in or out of our newsletters and other marketing communication.

Legal basis for processing: Legitimate interest – the processing is deemed necessary for us to retain and develop our business relationship.

Storage period: During the term of the agreement between us and the client or as long as the business relationship otherwise lasts. However, data may be erased when we receive such request or we become aware of the data being incorrect.

2.1.2 Potential clients

Purpose: To engage potential new clients.

Processing: Gather contact information, e.g. through social media or from third parties. Communication regarding, and marketing of, our Services by phone or e-mail . Storage and analysis.

Categories of personal data: Name, e-mail address, phone number, employer, job title, other communication between us and the registered person, order history, technical information on how you have communicated with us and information whether you have opted in or out of our newsletters and other marketing communication.

Legal basis for processing: Legitimate interest - the processing is deemed necessary for us to be able to create business opportunities.

Storage period: Until the data is not needed for the purpose or if we are not engaged by the potential new client within 18 months from initial contact.

2.1.3 Users of the Platform

Purpose: Be able to provide and manage the Services.

Processing: creating a user account for the Platform, communication through Services, e-mail and telephone regarding contractual matters. Marketing communications regarding our Services and related matters. Managing support matters regarding the Services. Storage and analysis.

Categories of personal data: Name, e-mail address, phone number, employer, job title, location, device type, how you interact with our Services other communication between us and the registered person, location, business unit, LinkedIn profile, technical information on how you have communicated with us and information whether you have opted in or out of our newsletters and other marketing communication.

Legal basis for processing: Legitimate interest and consent - the processing is deemed necessary for us to be able to provide the Platform as agreed.

Storage period: Until the data is not needed for the purpose.

2.2 Recruitment

2.2.1 Job applicants

Purpose: Managing job application

Processing: Registration and handling the application, taking references and communications regarding the recruitment process.

Categories of personal data: Name, e-mail address, phone number, address, gender, date of birth, image, references, social media links (such as LinkedIn), employer, job title, other communication between us and the registered person, technical information on how you have communicated with us and information whether you have opted in or out of our newsletters and other marketing communication.

Legal basis for processing: Legitimate interest and consent - the processing is deemed necessary for us to be able to manage our need for recruitment and legitimate selection in our recruitment process. By submitting an application and your information to us, you also consent to us processing the personal data submitted.

Storage period: 12 months.

2.2.2 Other potential candidates

Purpose: To contact relevant candidates for open job positions.

Processing: Collection of personal data regarding potential candidates e.g. through social media or from third parties and communications regarding the recruitment process.

Categories of personal data: Name, e-mail address, phone number, address, gender, date of birth, image, references, social media links (such as LinkedIn), employer, job title, other communication between us and the registered person, technical information on how you have communicated with us and information whether you have opted in or out of our newsletters and other marketing communication

Legal basis for processing: Legitimate interest and consent - the processing is deemed necessary for us to be able to manage our need for recruitment and legitimate selection in our recruitment process. The collection of data is typically in the potential candidate’s interest as it can lead to an interesting job and career opportunity. In the event there is mutual interest in proceeding in the recruitment process, the processing of personal data would instead be in accordance with clause 2.2.1.

Storage period: 12 months.

2.2.3 References

Purpose: to contact personal references in a recruitment process to make thorough assessments of candidates.

Processing: Communication by phone or e-mail.

Categories of personal data: Name, e-mail address, phone number, employer, job title, other communication between us and the registered person.

Legal basis for processing: Legitimate interest - the processing is deemed necessary for us to be able to manage our need for recruitment and legitimate selection in our recruitment process.

Storage period: 12 months.

3. Data processors

3.1 Sometimes we will need to share personal data outside our organization, such as with our consultants, suppliers, authorities, potential purchasers and investors and, where applicable, their respective employees, consultants and advisors. We never share more personal data than required considering the purpose of the processing or as required for such third party to fulfil its obligations towards us and in line with the purposes for which we collected the information. We may disclose necessary personal data to authorities such as the police, tax agencies or other authorities if we are required by law or you have agreed to it. An example of legally required sharing is for the purposes of anti-money laundering and counter-terrorist financing.

3.2  We choose our contractors with great care and enter into data processing agreements with all of them (in addition to service agreements), meaning that they may only process personal data in accordance with applicable laws and our instructions.

3.3 We strive for your personal data to be processed within the EU / EEA. However, some of our subcontractors are domiciled outside the EU / EEA, and therefore personal data may sometimes be transferred and processed outside the EU / EEA where other rules on personal data processing apply. However, we will always take all necessary measures to ensure that your personal data is processed with appropriate safeguards in accordance with the GDPR (such as standard contractual clauses).

4. Your rights and complaints

4.1 Due to our processing of your personal data, you have the following rights (as described in detail in the GDPR):

• You have the following rights regarding your personal data (as described in detail in the GDPR): access the personal data processed about you. Therefore, you may request a transcript of records if you would like to know and verify your personal data stored and processed by us. The request must be made in writing, including a verification of you, and sent to the address listed in section 8.

• Have any incorrect or incomplete personal data rectified or completed. We take all reasonable steps to ensure that your personal data is correct and up-to-date. You have the right to correct inaccurate or incomplete information about yourself. If you believe that your personal data stored by us is incorrect, please notify us and provide us with the correct data.

• Object to the processing of your personal data. You have the right to object to our processing of your personal data. The effect may be that you are no longer able to use the Platform. If you object, we will stop the processing of your personal data.

• Require that we erase or restrict the personal data processed about you. You have the right to request the erasure of your personal data insofar as this personal data is no longer necessary for the purpose it was collected (“right to be forgotten”). However, certain legal obligations prevent us from immediately deleting all your data, such as obligations in accounting laws, tax laws and anti-money laundering laws. Data that must be preserved for legal reasons will be blocked from use for any other purposes than meeting such legal requirement.

• Exercise the right to data portability. In case you want to utilize such right, please contact us by using the information below.

4.2 If you wish to exercise any of your rights, you are welcome to contact us via the address listed in section 8. Please note that the rights listed above are subject to certain restrictions under the GDPR. For example, you may not use all of your rights set forth above if we have to process your personal data i) in accordance with EU law or the national law of an EU country, or ii) in order to perform a task in the public interest.

4.3 Further, you have the right to make complaints about how we process your personal data if you believe that this is not done in accordance with applicable laws. You may do this by contacting the Swedish Authority for Privacy Protection (Swedish: Integritetsskyddsmyndigheten) using the email address [email protected]. Other contact information for the Authority for Privacy Protection can be found here: https://www.imy.se/kontakta-oss/.

5. How we protect your personal data

We use adequate technical and organizational security measures to ensure that your personal data is not misused, lost, or unlawfully accessed. We only give access to your personal data to those employees who require it to provide our services, including the Platform.

6. Cookies

6.1 We use cookies when providing the Services, to enhance and facilitate your experience, and to create statistics regarding your use of the Services. A cookie is a small text file that contains text information which is saved on your device. We use two types of cookies, session cookies that expire when you close the browser, and permanent cookies which are stored until they expire.

6.2 If you do not want to accept cookies, you may adjust your web browser settings either to not accept cookies or to indicate when a cookie is used. Please note, by disabling cookies some features in the Platform or on the Site might not work as intended.

6.3 To disable cookies, please follow the relevant instructions depending on your browser:

If you use Internet Explorer.

If you use Firefox.

If you use Safari.

If you use Google Chrome.

7. Updates to the Privacy Policy

We may occasionally update this privacy policy. If we make significant changes, we will notify you of the changes through the Platform or through other means, such as email. To the extent permitted under applicable law, by using the Platform after such notice, you accept the updates. We encourage you to periodically review this privacy policy for the latest information on our privacy practices.

8. Contact information

If you have any questions regarding our processing of your personal data, or any question, complaint, or claim, please contact us at: [email protected] or AB Leverache, Frejgatan 32, 113 45 Stockholm, Sweden.