PRIVACY POLICY – NAOM Stockholm AB
THE PURPOSE OF THIS PRIVACY POLICY
The purpose of this privacy policy (hereinafter “Privacy Policy”) is to inform you of how NAOM Stockholm AB (hereinafter “NAOM Stockholm”, “we”, or “us”) process and protect your personal data, including your rights in relation to our processing of your personal data when we provide our services to you, when you visit us, or when you otherwise interact with us (hereinafter collectively “Services”). This Privacy Policy will provide information on what personal data is collected, why the personal data is collected, how the collected personal data is used and your options and rights regarding the processing of your personal data.
NAOM Stockholm is the data controller for the processing of personal data set out in this Privacy Policy. All personal data is processed in accordance with this Privacy Policy and applicable data protection law, for example the General Data Protection Regulation.
WHAT IS PERSONAL DATA AND PROCESSING OF DATA
The term “personal data” as used in this Privacy Policy is any piece of information that, either on its own or together with any other pieces of information, can be traced back to a living individual, and any other data that qualifies as personal data in accordance with applicable data protection legislation.
This Policy covers all personal data that is in any form considered processed under the relevant law in relation to you, including personal data that is kept, stored, collected, transferred, disclosed, or otherwise handled by us.
WHAT KIND OF PERSONAL DATA WE PROCESS AND FOR WHAT PURPOSES
NAOM Stockholm will only collect and process the personal data about you as explained in this Privacy Policy.
In summary, we primarily process contact details (i.e., first name, last name, telephone number and e-mail address) of our customers to enable us to market and provide our Services and to comply with applicable law.
For contact persons at suppliers, customers and partners, we primarily process your contact details (i.e., first name, last name, business telephone number, title and e-mail address) for our legitimate interest to be able to administer the contract between us and the organization that you represent, and to fulfill our contractual obligations therein, during the term of the agreement or otherwise for as long as a claim can be raised against us.
Further details as to why we use personal data and the legal basis that we rely on are set out in the below table.
Personal data type and source
Purpose
Legal ground
Retention time or criteria
Identification details – i.e. first name and last name
Source: Directly from you
To enable NAOM Stockholm to provide the Services, for example maintain and administer a membership account, to collect information for events, including enforcing applicable terms and conditions.
Performance of a contract
[Please fill out how long the personal data will be retained/processed.] Information may otherwise be kept for as long as a claim can be raised against NAOM Stockholm.
To enable NAOM Stockholm to provide customer service.
To enable NAOM Stockholm to improve its services.
Legitimate interest
To enable NAOM Stockholm to provide customized marketing to you.
To enable NAOM Stockholm to comply with legal obligations e.g. responding to requests from authorities to access personal data.
Legal obligation
Contact information – i.e. address, e-mail address, telephone number.
Source: Directly from you
To enable NAOM Stockholm to deliver the Service, e.g., to administer and maintain a membership account, to send marketing and promotional material regarding the service and other offerings, collect information for events, provide notification or information via SMS/MMS to users that have signed up for the service, and to administer and maintain bookings.
Performance of a contract
[Please fill out how long the personal data will be processed.] Information may otherwise be kept for as long as a claim can be raised against NAOM Stockholm.
To enable NAOM Stockholm to send the user relevant information in relation to the membership or purchase, e.g. welcome e-mail, service updates and similar.
To enable NAOM Stockholm to comply with applicable legal obligations applicable, including responding to requests from authorities to access personal data.
Legal obligation
To enable NAOM Stockholm to provide customized marketing or user surveys to you, which are voluntary to participate in.
Legitimate interest
[Please fill out how long the personal data will be processed], or until you requested to not receive such marketing or surveys.
Financial information – i.e. debit card and credit card information, and payment history
Source: Directly from you
To enable NAOM Stockholm to charge for our Services, e.g., membership or tickets, purchases at events or at our restaurant, bookings in our facilities and other services.
Performance of a contract
[Please fill out how long the personal data will be processed] and for as long as it is required under applicable bookkeeping regulations. Information may otherwise be kept for as long as a claim can be raised against NAOM Stockholm.
To enable NAOM Stockholm to provide customer service to users upon request.
To enable NAOM Stockholm to prevent, and defend NAOM Stockholm from, fraudulent claims in relation to payments.
Legitimate interest
To enable NAOM Stockholm to able to comply with applicable legal obligations e.g., bookkeeping regulations.
Legal obligation
Survey responses – i.e. your responses to surveys, which may include personal data
Source: Directly from you
To enable NAOM Stockholm to improve its services and offering.
Legitimate interest
[Please fill out how long the personal data will be processed]
Information provided to customer service – i.e. information that you provide to customer service, recordings of inbound call to customer service, transcripts of e-mail or chat correspondence
Source: Directly from you
To enable NAOM Stockholm to provide customer service to the users upon request, improve the quality of the customer service and for us be able to refute claims.
Legitimate interest
[Please fill out how long the personal data will be processed]
HOW YOUR PERSONAL DATA IS STORED
NAOM Stockholm will only process personal data for the purposes for which it was collected and as set out in the table above. We have engaged an external server provider to store the personal data on our behalf. The server provider has implemented appropriate technical and organizational measures such as [firewalls, encryption technologies, passwords and anti-virus programs] for the protection of personal data, to ensure that only authorized persons are given access to personal data and to prevent and avoid unauthorized use. In addition, personal data will only be available to authorized employees holding a position that requires them to process personal data to perform their work. These employees will only be given access in accordance with the principle of “least privilege”, meaning that they will only have access to personal data that is strictly necessary for the purpose of the processing to perform their work.
FOR HOW LONG WILL WE PROCESS YOUR PERSONAL DATA
NAOM Stockholm will not store or process personal data for a period longer than necessary to fulfill the purposes in the table under Section 3 or to comply with applicable law. Accordingly, when the purpose has been fulfilled in relation to a specific type of personal data, we will stop using the personal data for that purpose and, if the same data is not relevant for any other purpose, delete the relevant personal data as soon as reasonably possible.
DISCLOSURE OF YOUR PERSONAL DATA TO THIRD PARTIES, INCLUDING TRANSFER OUTSIDE THE EU/EEA
Your personal data may be transferred to and processed by third party providers and suppliers that perform services for us (data processors) to enable these companies to perform the requested services, including [financial services companies, business partners, co-sponsors, event hosts, analytics services, email service providers, event management software, point of sale management software, customer relationship management software, and cloud service providers]. The personal data will only be processed within the EU/EEA. Only personal data that is necessary to fulfill the purposes stated in the table above will be provided to these companies. All third party providers and suppliers must, when acting as data processors, follow our instructions and the applicable written data processor agreement and any other agreements that are in place between NAOM Stockholm and its third party providers, and must implement suitable technical and organizational measures for the protection of the personal data. [Your personal data may also be provided to NAOM Stockholm’s affiliated companies for administrative purposes.]
NAOM Stockholm may need to provide personal data to certain authorities (e.g. the police, social security agencies and the tax authority) in accordance with mandatory law and in order to fulfill requests from authorities, legal obligations, or to establish, exercise or defend legal claims. Authorities process your personal data as independent controllers.
We may also disclose contact details of representatives for suppliers, customers and other business partners to potential investors and their representatives in connection with third parties acquiring or making investments in NAOM Stockholm, based on our legitimate interest to allow such parties to perform a due diligence on NAOM Stockholm.
YOUR RIGHTS WITH REGARD TO YOUR PERSONAL DATA
RIGHT TO ACCESS AND RECTIFICATION
You have the right to request access to the personal data that is processed by us, including what personal data NAOM Stockholm is processing in relation to you, the source of the personal data, for what purposes the data has been processed, and the identity of the parties that data has been provided to. You also have the right to, at any time, request that any inaccurate or incomplete personal data is corrected.
RIGHT TO BE ERASED
You have the right to request that your personal data is erased in certain instances e.g. if the personal data is no longer necessary in relation to the purposes for which it was collected, if there is no lawful reason for us to continue processing the personal data, the processing is unlawful, or the personal data has to be erased to comply with a legal obligation. There are other instances where your personal data can be erased; please contact NAOM Stockholm if you would like to find out if your personal data can be erased as set out in Section 10.
RIGHT TO OBJECT
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data relating to you where the processing is based on the legal basis of data processing in the public interest or when we base the processing on a legitimate interest. You also have the right to object to processing for direct marketing purposes, including profiling.
If you lodge and objection, we will no longer process the personal data related to you that we process based on legitimate interest unless we can demonstrate compelling and legitimate reasons for such processing that overrides your privacy interest or if we need to establish, exercise or defend legal claims. Moreover, even if you object to certain processing, we may still continue such processing if permitted or obliged to do so under applicable legislation, for example to be able to fulfill legal requirements or to fulfill contractual obligations in relation to a data subject. However, we will always stop processing your personal data for marketing purposes if you require us to do so.
RIGHT TO RESTRICTION
You are entitled to request us to restrict the processing of your personal data, if (i) you contest the accuracy of the personal data, and we must restrict the processing for a certain period to enable us to verify the accuracy of relevant personal data, (ii) the processing is unlawful and you oppose the erasure of the personal data but instead request restriction of the use, (iii) we no longer need the personal data for the purposes of the processing as stipulated under Section 3 in this Privacy Policy, but the personal data is required by you for the establishment, exercise or defense of a legal claim, or (iv) you have objected to processing pursuant to what is set our under the Section “Right to object” above, and our verification of the legitimate grounds are pending.
RIGHT TO WITHDRAW CONSENT
For processing for which NAOM Stockholm explicitly states to rely on your consent, you can withdraw your consent to NAOM Stockholm’s processing of such Personal Data at any time. NAOM Stockholm may continue processing personal data, even if you have withdrawn your consent, if we are allowed or obligated to do so under applicable legislation, e.g. to fulfill a legal requirement or to fulfill obligations in relation to you.
RIGHT TO DATA PORTABILITY
You have the right to request your personal data to be provided in a structured, commonly used, and machine-readable format, if you have provided the personal data to us and the personal data is processed automatically with your consent or in accordance with a contract between you and NAOM Stockholm. You may also request that the personal data is transmitted to another controller, if this is technically feasible.
HOW TO MAKE USE OF YOUR RIGHTS AND HOW TO ACT IF YOU HAVE A COMPLAINT
If you should have any requests in relation to the processing of your personal data, please see who you can contact in Section 10 below. Please note that we may contact you and ask you to confirm your identity to ensure that we do not disclose your personal data to any unauthorized person, and that we may ask you to specify your request before we take any actions.
You always have the right to lodge a complaint with the relevant authority if you are not satisfied with how we process your personal data. The relevant data protection authority in Sweden is the Swedish Authority for Privacy Protection (www.imy.se).
UPDATES TO THIS PRIVACY POLICY
In order to ensure that we comply with data protection law, this Privacy Policy may be updated by NAOM Stockholm from time to time. We will inform you of any material changes made.
CONTACT DETAILS
NAOM Stockholm AB
Reg. no. 559160-0035
Munkbron 11, 111 28 Stockholm
[insert contact details for privacy related requests]
__________________
Latest update on [dd] [month] 2024.