GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
SCC: Commission implementing decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council, or the Standard Contractual Clauses for the transfer of Personal Data to processors established in third countries, set forth in the European Commission Decision of 5 February 2010.
How we collect data
We collect your personal data:
When we engage in a business relationship.
Through our website or app.
Through email correspondence.
When you provide us with data through meetings, social media or events.
What data we collect
We try to work primarily through the principle of data minimization regarding the storage of personal data, by only processing personal data that is necessary, adequate and relevant for each individual purpose (according to the principle of purpose limitation and data minimization).
Personal data we process:
Basic information such as your name, workplace and title.
Contact details such as address, email address and telephone number.
Information you provide in connection with meetings or events, such as requirements in respect of availability of premises or food and beverage preferences.
Information about how you use our website.
Technical data, which may include your URL, IP address, unique device ID, network and computer performance, browser type, language and identifying information, general geographical location and operating system.
Why we process your data
Personal Data Controllers may only collect personal data for specific, explicitly stated and legitimate purposes according to GDPR and the principle of purpose limitation. Each individual processing of personal data requires a so-called “legal basis” in order to be legal (according to the principle of lawfulness, fairness and transparency).
According to GDPR, personal data shall not be stored for longer than what is necessary to fulfill the purposes for which they were collected. If it is necessary for us to comply with applicable legislation, we may store personal data for a longer period for that purpose. Personal data that can no longer be stored will be erased (deleted) (according to the principle of storage limitation).
Please find below a chart describing the purpose, legal basis and storage period of the processing of your personal data.
To market our products and services through, for example, newsletters, publications and events.
PLAYipp’s legitimate interest in marketing its products and services.
As long as we have a business relationship or until you opt out.
To manage our business relationship with you.
Performance of a contract
If there’s a contract between you and PLAYipp.
PLAYipp’s legitimate interest in maintaining and managing its business relationships.
As long as we have a business relationship with you or the company you represent.
To comply with legal obligations.
Comply with a legal obligation
For example, PLAYipp’s legal obligations due to applicable accounting and taxation legislation.
As long as prescribed by law.
For the establishment, exercise or defence of legal claims.
PLAYipp’s legitimate interest in establishing, exercising or defending any legal claims.
Information that is relevant for any legal claim is kept for as long as such claim can be made in accordance with applicable legislation.
In order to ensure the technical functioning of our website and applications; to provide support for our applications; and to analyse your use of the website and applications in order for us to develop and improve them.
PLAYipp’s legitimate interest in ensuring the technical functioning of the website and application.
PLAYipp’s legitimate interest in developing and improving the website and improving your experience of the website.
Your IP-address is stored when you sign into, and perform actions in PLAYipp Manager or Connect. This data is logged as long as we have a business relationship with the company you represent.
Session cookies are stored as long as the browser is open. Other cookies are stored for a maximum of 24 months.
Other technical data is logged as long as we have a business relationship with the company you represent.
Where personal data is stored
We strive to process all personal data that we handle within the EU/EEA (according to the principle of integrity and confidentiality). However, some of PLAYipp’s IT providers operate in the United States and/or the United Kingdom. When personal data is shared with these providers, PLAYipp has ensured that the level of protection is equivalent to that applicable in the EU/EEA. If we transfer your personal data outside the EU/EEA, such transfer will be subject to appropriate safeguards in accordance with applicable data protection legislation.
How we share your data
We do not sell your data to any third party for marketing purposes. However, as mentioned above, we may share personal data that we process with our subcontractors when they perform services on our behalf, for example when we engage subcontractors to maintain and support our IT systems, to help us fulfill our legal obligations under contracts, applicable legislation, legal obligations, to safeguard our legal interest, to improve our services/products, or to prevent and detect technical or security issues with our services and/or software. When personal data is shared with these subcontractors, they become our sub-processors.
With regards to EU Personal Data, PLAYipp and the sub-processor will comply with each of their respective obligations under the GDPR and any subordinate legislation and regulation implementing the GDPR and/or SCC which may apply (collectively, with Privacy Laws, the “Applicable Data Protection Legislation”). The sub-processors may only process the personal data in accordance with PLAYipps instructions which are stated in a Data Processing Agreement and/or SCC entered into between PLAYipp and the sub-processors
The data subjects are entitled to request a complete overview and more detailed information on which subcontractors that are involved in the processing of the data subjects personal data in order to enable the delivery of our services and/or products.
We may also disclose or share your data with:
– Subsidiaries or other group companies.
– Auditors and other professional advisors.
– A third party involved in organizing an event, e.g. hotels, event organizer or speaker.
– A third party when it is necessary in order to provide services to you or comply with a legal obligation.
How we protect your data
We implement security measures to protect your information. All our services and Software use encryption to ensure security when data is sent over the Internet. Only employees who need information owned by the users in order to help the users, may access such information. The servers used to store personal data or other information owned by the user are kept in a secure environment.
We use a range of technical and organizational measures to protect your data from unauthorized access, use, loss, change or deletion in accordance with applicable data protection legislation (according to the principle of integrity and confidentiality). Such actions include, but are not limited to, physical controls, encryption, eligibility restrictions, policies, etc. All our internal registers and systems are password protected. There are also instructions for staff-members with access to our databases containing personal data, to protect the information. We also work according to the data protection principles (Article 5 GDPR) and ensure that all staff-members are aware of the principles.
In accordance with applicable data protection legislation, you have a right to request access to, rectification or erasure of your personal data or restriction of the processing. You also have a right to object to processing as well as the right to data portability, and also the right to get information about any data breach and personal data incident concerning your data that is being processed by us. You have a right to lodge a complaint regarding our processing of your data with the Swedish Authority for Privacy Protection, Box 8114, SE-104 20 Stockholm, Sweden or your local national data protection authority, and the contact details for local national data protection authorities can be found at the European Commission’s web page.
Upon termination of PLAYipp Software or service, all account information and data will be made inaccessible to the User and PLAYipp staff as soon as possible. The virtual data and logs of activity in the User’s account are stored for a maximum of 180 days, provided that there is a legal ground to such storing, before being permanently deleted, unless there is a legal obligation to store the data for a longer period of time.
Personal data breach and complaints
If a data subject has any complaints about our processing of personal data, the complaint can be made to PLAYipp through the following e-mail: firstname.lastname@example.org, or to the Swedish Authority for Privacy Protection, which is the supervisory authority.
A data breach or other incident which means that the control over processed personal data is lost, is regarded as a personal data incident according to GDPR. All personal data incidents will be documented internally and will also be reported to the Swedish Authority for Privacy Protection within 72 hours, when GDPR requires it.
How to contact us
Updated as of July 5, 2021.