1.3. Set forth below is a description of how we process your personal data, and if you wish to receive additional information on the processing of your personal data, you are welcome to contact us at: firstname.lastname@example.org.
2. PERSONAL DATA WE PROCESS
2.1. Personal data refers to information which, directly or indirectly, may be associated with a living natural person, such as name, personal identity number, IP address, payment details, photos, e-mail addresses, phone number and other contact details etc.
2.2. We process personal data about persons who:
2.2.1. are a customer of CREED;
2.2.2. are a talent engaged by CREED;
2.2.3. are a representative and/or employee of a customer, business partner, potential customer, potential business partner or talent;
2.2.4 applies for a job at CREED or enter a business or legal relationship with CREED;
2.2.5. are an employee at CREED;
2.2.6. are otherwise affected by our services; or
2.2.7. receives our newsletters, other communication and/or attend our events.
2.3. We process personal data for the purposes of administrating and performing our services, managing customer and talent relationships, fulfilling our legal obligations, recruiting staff, entering business or legal relationships, improving and marketing our services and sending newsletters.
2.4. The personal data that CREED processes is either provided by you, the company which you represent or by a company which you have engaged, and which uses our services. We may also collect personal data from private and public registers as well as from public authorities.
2.5. We may also collect personal data from private and public registers, publicly accessible sources as well as from public authorities.
3. LEGAL BASIS
3.1. We process personal data when necessary to (i) provide our services and fulfill our obligations towards you in accordance with agreements and terms entered into, (ii) communicate with you, (iii) send out newsletters and/or offers about our services, (iv) direct market our services to potential company customers or business partners for which you act as a representative, (v) when we have your consent to process your personal data or (vi) when there is another legitimate interest for us to process your personal data. If we process your personal data for any specific purpose which requires your consent under the GDPR, or any other data protection legislation, we will obtain your consent in advance.
3.2. In order for us to provide direct marketing to a potential customer or business partner, pursuant to item (iv) in section 3.1 above, we may process personal data of representatives of such businesses, which we may collect from publicly accessible sources. Our legal ground for such processing is legitimate interest, pursuant to article 6.1 (f) of the GDPR, to market our services to such businesses. Before collecting the personal data for direct marketing purposes, we always and in each individual case conduct an assessment of interests pursuant to article 6.1 (f) of the GDPR, in order to for example evaluate whether our interest is overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. We only collect personal data if we, based on each such assessment of interests, make the assessment that our legal interest is not overridden by the interests and rights of the relevant data subject. You as a data subject have the right at any time to object to such processing in accordance with section 5.2.8 below.
3.3. Personal data will always be processed confidentially and protected by appropriate security measures. CREED ensures that companies that process and/or manage personal data on our behalf, uses a high level of security measures in order to protect your personal data.
3.4. We may disclose your personal data to external parties with whom we collaborate e.g. licensors, marketing agencies, e-mail service providers and database and website service controller; and providers etc. We may also disclose your personal data when we have a legal obligation to do so, e.g. due to anti-money laundering legislation, tax legislation, court orders or requests from government authorities.
3.5. We may transfer and store personal data in countries outside the EU/EEA in order to perform our services. When CREED transfers personal data to such countries, we will ensure that your personal data is adequately protected through the use of relevant safeguards.
4. STORAGE AND DELETION OF PERSONAL DATA
4.1. Personal data will only be stored for as long as it is necessary in order for us to fulfil the purposes of the processing, or for as long as we are required to store the information according to applicable legislation and relevant guidelines. The personal data is thereafter erased in accordance with our erasure procedure.
4.2. If we have collected your data for direct marketing purposes with legitimate interest as legal ground in accordance with section 3.2 above, we will not store your personal data for longer than one month before informing you about our processing of your data. You as a data subject have the right at any time to object to such processing in accordance with section 5.2.8 below.
4.3. You may unsubscribe from our newsletters or similar communication at any time. In such event we will no longer store or process your personal data for such purposes.
5. YOUR RIGHTS AS A DATA SUBJECT
5.1. CREED is the controller for the processing of your personal data, and as a data subject you have certain rights as regards your personal data. The rights are however not absolute, meaning that there are exceptions to some of the rights where we cannot proceed and fulfill your request.
5.2. As a data subject, you have the following rights:
5.2.1. Right to withdraw your consent – meaning that you have the right to withdraw your consent where CREED process your personal data based on consent;
5.2.2. Right to access – meaning that you have the right to request a confirmation of our processing of your personal data, to receive information about the processing, access the personal data in question, and the right to obtain a copy of your personal data;
5.2.3. Right to rectification – meaning that you have the right to have any incorrect personal data about you as a data subject corrected by us;
5.2.4. Right to erasure – meaning that you have the right to have your personal data erased under certain circumstances. This right is limited, and we may be obligated to save your personal data in accordance with applicable law;
5.2.5. Right to object – meaning that you have the right to object to CREED’S processing of your personal data under certain circumstances;
5.2.6. Right to restricted processing – meaning that you have the right to have CREED restrict the processing of your personal data, but not delete it; and
5.2.7. Right to data portability – meaning that you may request CREED to transfer your personal data to another data controller.
5.3. If you feel that our processing of your personal data does not comply with applicable data protection legislation, you are entitled to lodge a complaint with the Swedish Data Protection Authority (Sw. Datainspektionen).
6. LINKS TO THIRD PARTY SITES
7. AMENDMENTS AND ADDITIONS