Nordic Morning logo

Privacy Policy

Last updated: 18/10/2021

Nordic Morning Sweden AB, corp. reg. no. 556667-3074 ("Nordic Morning" or "we" in any form) is committed to protect the personal data and safeguard the privacy of our website visitors and contact persons representing our customers, suppliers and other business partners. For more information about us, see Section 6.

This Privacy Policy describes how Nordic Morning, in its capacity as a data controller, processes personal data in accordance with the General Data Protection Regulation (EU Regulation 2016/679) (hereinafter referred to as the "GDPR").

Soon we will tell you why we process your personal data, what kind of data it is and if we share the data with anyone. You can also read more about your rights and where to turn if you have questions or if you want to use your rights.

Section 1 is processing of personal data connected to our business partners whereas section 2 is relating to prospects and potential business partners.

Sections 3-7 are common for both business- and non-business partners and covers sharing of personal data, where the data is stored, the rights of the data subjects, our contact details and finally changes to this privacy policy.

1. For our business partners

Those whom we enter into contract or fulfil contractual agreements with.

If you represent an organization that we do business with, we process personal data in order to facilitate our business relationship with the organization which you represent, including communicating with you as a representative about products and services. We process personal data for this purpose as we have a legitimate interest to conduct business including to fulfil our contracts towards our customers and suppliers. The legal basis for this purpose is the performance of a contract.

We will process your personal data for example your first and last name, contact details, position, onboarding information for the customer's appointed users, IT management details such as details of equipment data to be used with the services comprising of the business in which we engage in for you, and may include using your user name (location on a country level), technical events related to the services provided, technical identifiers, system and application logs, meta data, email correspondence and communication data.

The data is provided by you or your company.

We will retain the personal data for as long as we have a business relationship and up to three (3) years to facilitate and improve your experience, should the organization that you represent wish to return as a customer within the aforementioned time period.

Please note that some data is stored for a longer time due to legal obligations (the purpose of fulfilling legal obligations).

Customer support

In order to provide customer support, we process personal data such as name, company/organization affiliation, e-mail, information about the case, time, phone number, job role, picture, and support data. The correspondence data may be processed for the purposes of communicating with you and for record-keeping.

Our legal basis for processing personal data is our legitimate interests to develop and conduct our business and communication with the person that has reached out to our customer support as well as maintain documentation of handled support matters.

The data is provided by you or your company.

We will retain the personal data for as long as we have a business relationship and up to three (3) years to facilitate and improve your experience, should the organization that you represent wish to return as a customer within the aforementioned time period.

Marketing

Like other companies, we have an interest in marketing ourselves and our products to companies who are, or want to become, customers with us. If you represent an organization that we do, or consider doing, business with, we process personal data to communicate with your company. The personal data used in the preparations for, and in the marketing itself, is ordinary data which is not sensitive and generally collected directly from you or your company. We may also collect personal data from public sources such as The Swedish Tax Agency and from data providers.

We will communicate with you in different medias, for example via emails, text-messages (SMS), in social media like for example LinkedIn.

Our legal basis for doing so is our legitimate interests to market and inform about our products and services to conduct our business.

We would also like to inform you that we process personal data of our website visitors for analytics purposes to better understand how you are using our website. We will do this by inter alia collect user generated data and associated metadata and site activity information (using cookies), which includes information about the websites or products that you have visited, which websites or key words that referred you to the website and information on how you interact with the website.

For the purpose of marketing, we will collect and process voluntarily provided details for example preferences, education and training details, device data, IP address and surfing data. This data is used primarily to communication of greater interest to you. It’s not used for automatic decision making and you may reject to the profiling at any time by simply contacting us.

We will process the personal data for the aforementioned purposes until the receiver decides to unsubscribe or otherwise up to one (1) year after the latest activity.

Fulfilment of legal obligations

We will process personal data for the purposes of fulfilling legal obligations within the area of e.g. book-keeping, accounting and requirements under applicable data protection laws, where the latter may include the processing of personal data to ensure the identity of the data subject associated with a request.

Our legal bases for processing personal data are our legal obligations to handle the above-mentioned requirements and our legitimate interests to maintain documentation of handled requests.

We will retain your personal data for the time stipulated by law but we will not use the data for any other purpose.

Establishing, exercising and defending legal claims

For the purposes of establishing, exercising and defending legal claims, e.g. in connection with a dispute or legal process, we may process your personal data as necessary. For this purpose, the data may be stored for a period of up to 10 years but no longer than necessary.

Our legal basis for processing personal data is our legitimate interests to establish, exercise or defend the legal claim.

2. For our potential business partners and prospects

Marketing

Like other companies, we have an interest in marketing ourselves and our products to companies who are or want to become customers with us. If you represent an organization that we consider doing business with, we process personal data to communicate with your company. The personal data used in the preparations for, and in the marketing itself, is ordinary data which is not sensitive and generally collected directly from you or your company. We may also collect personal data from public sources such as The Swedish Tax Agency and from data providers.

We will communicate with you in different medias, for example via emails, text-messages (SMS), in social media like for example LinkedIn.

Our legal basis for doing so is our legitimate interests to market and inform about our products and services to conduct our business.

We would also like to inform you that we process personal data of our website visitors for analytics purposes to better understand how you are using our website. We will do this by inter alia collect user generated data and associated metadata and site activity information (using cookies), which includes information about the websites or products that you have visited, which websites or key words that referred you to the website and information on how you interact with the website.

For the purpose of marketing, we will collect and process voluntarily provided details for example preferences, education and training details, device data, IP address and surfing data. This data is used primarily to communication of greater interest to you. It’s not used for automatic decision making and you may reject to the profiling at any time by simply contacting us.

We will retain the data for as long as it may be relevant and up to one (1) year following our latest contact.

Where the contacts have led to a business relationship, the personal data will be processed as described in the section “Business partners”.

Establishing, exercising and defending legal claims

For the purposes of establishing, exercising and defending legal claims, e.g. in connection with a dispute or legal process, we may process your personal data as necessary. For this purpose, the data may be stored for a period of up to 10 years but no longer than necessary.

Our legal basis for processing personal data is our legitimate interests to establish, exercise or defend the legal claim.

3. Who do we share your personal data with?

Data processors acting on behalf of Nordic Morning

Nordic Morning may engage external service providers, who act as data processors of Nordic Morning, to provide certain services to Nordic Morning, such as website service providers, marketing service providers or IT support service providers. When providing such services, the external service providers may have access to and/or may process your personal data. We request those external service providers to implement and apply security safeguards to ensure the privacy and security of your personal data.

External parties acting as independent data controllers

Where necessary, we will share your personal data with the following external parties which will act as independent data controllers for their own processing of your personal data.

External parties acting as independent data controllers

4. Where do we store your personal data

We aim to store your personal data within the EU/EES-area.

Personal Data may however be transferred to and processed by recipients which are located inside or outside the European Economic Area ("EEA"). The countries include those listed at the European Commission website which provide an adequate level of data protection from a European data protection law perspective. Other recipients might be located in other countries which do not adduce an adequate level of protection from a European data protection law perspective. Nordic Morning will take all necessary measures to ensure that transfers out of the EEA are adequately protected as required by applicable data protection law. With respect to transfers to countries not providing an adequate level of data protection, we base the transfer on appropriate safeguards, such as standard contractual clauses adopted by the European Commission or by a supervisory authority, approved code of conducts together with binding and enforceable commitments of the recipient, or approved certification mechanisms together with binding and enforceable commitments of the recipient. You can ask for a copy of such appropriate safeguards by contacting us as set out below in Section 6.

5. Data subject rights

You have a number of rights in connection with the processing of your personal data, subject to certain conditions set out in the GDPR and local data protection laws, including the rights to:

(i) Request access to your personal data ("data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

(ii) Request the rectification of the personal data that we process about you. This enables you to have incomplete or inaccurate data we hold about you corrected.

(iii) Request the deletion of your personal data. This enables you to ask us to delete or remove personal data where there is no overriding reason for us to retain it.

(iv) Ask us to stop processing personal data where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground.

(v) Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.

(vi) Request the transfer of your personal data to another party. If you have given your consent for processing of your personal data and that consent has served as a legal basis for processing, you can withdraw this consent at any time with future effect by contacting us as stated in section 6.

To exercise your rights please contact us as stated below in Section 6.

In case of complaints, you may contact us as set out in Section 6 and you also have the right to lodge a complaint with the competent data protection supervisory authority in particular in the EU Member State of your habitual residence, place of work or of an alleged breach of the GDPR. In Sweden, this is Integritetsskyddsmyndigheten (www.imy.se).

6. Contact information

Nordic Morning Sweden AB is registered in Sweden under corp. reg. no. 556667-3074, and our registered office is at Gävlegatan 22, 113 30 Stockholm, Sweden.

If you have concerns or questions regarding this Privacy Policy, please contact us by email on info@nordicmorning.com.

You are always welcome to contact our Data Protection Officer (DPO) on dpo@nordicmorning.com.

7. Changes to the Privacy Policy

Nordic Morning reserves the right to change this Privacy Policy at any time. We will give you reasonable notice of any changes to the Privacy Policy, where appropriate. If so, we will notify you by a message or by email. You will also find the date of the latest change to the Privacy Policy on this website.