Privacy Policy
This Privacy Policy contains information on how PLAYipp AB with company registration number 556712-3012 (hereinafter referred to as ”we” or ”us”) collects and Processes Personal data and information about Data subjects’ rights according to the General Data Protection Regulation (“GDPR”). References to ”you” and ”your” refer to the Data subject whose Personal Data we Process.
The Privacy Policy covers all Processing of Personal data, in both structured and unstructured data.
Definitions
The following terms used in this Privacy Policy shall have the meanings set forth below, both when expressed in the plural and the singular:
Media Player(s): refers to the Supplier’s media player or media player software.
PLAYipp Digital Signage: refers to the Service called PLAYipp Digital Signage.
Subscription: refers to the right to connect a Media Player with the Service and provides access to the software, update and support for the Service.
Service: refers to the software and cloud solution provided by us, PLAYipp Digital Signage, to which the User has access through one or more Subscriptions.
Customer: refers to the entity that has entered into a Service Agreement with the Supplier regarding the Service.
User: refers to the individual that is using the Service on behalf of the Customer.
Account: refers to the User’s or Customer’s user account to the Service.
GDPR: refers to regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the Processing of Personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
Personal data: any information relating to an identified or identifiable natural person (“Data subject”’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing: any operation or set of operations which is performed on Personal data or on sets of Personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Controller: refers to the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal data.
Processor: refers to a natural or legal person, public authority, agency or other body which Processes Personal data on behalf of the Controller.
Personal data breach: refers to a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal data transmitted, stored or otherwise Processed.
Third party: refers to someone other than the Controller (and the persons who are authorised to Process the Personal Data), the Data subject or the Processor (and the persons who are authorised to Process the Personal Data). A Third party may be a legal person or a natural person, institution, authority or other body.
SCC: refers to the Commission implementing decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of Personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council, or the Standard Contractual Clauses for the transfer of Personal Data to Processors established in third countries, set forth in the European Commission Decision of 5 February 2010, or any other such updated version. Other terms and expressions used in this Privacy Policy, but not defined herein, shall be defined in accordance with the definitions stated in “PLAYipp’s Terms of Use”.
Controller and Processor
We act in the capacity of a Controller and are responsible for the Processing of Personal data performed by us or on our behalf, when we determine the means and purpose of the Processing (according to the principle of liability). For example, we act in the capacity of a Controller when we register the Customer as a customer of ours in the systems we use within the business or when we Process the Customer’s data including any Personal Data to perform invoicing for the Service etc.
In some cases, we act in the capacity as Processor for the Customer, who is the Controller. For example, we Process Personal data on behalf of the Customer and in accordance with the Customer’s instructions, when a Customer and its Users registers information in our Service. The Processing of Personal Data that we perform in the capacity as Processor is regulated in more detail in a Data Processing Agreement that has been entered into with the Customer.
How we collect Personal data
We collect your Personal data:
When we engage in a business relationship.
Through your use of our Service, website or app.
Through email correspondence.
When you provide us with data through meetings, social media or events.
What data we collect
We try to work primarily through the principle of data minimization regarding the storage of Personal data, by only Processing Personal data that is necessary, adequate and relevant for each individual purpose (according to the principle of purpose limitation and data minimization).
We mainly Process the categories of Personal Data listed below, which we can access when you contact us, enter into an agreement with us or otherwise in connection with the performance of our Services:
- Basic information such as your name, workplace and title.
- Contact details such as address, email address and telephone number.
- Information you provide in connection with meetings or events, such as requirements in respect of availability of premises or food and beverage preferences.
- Information about how you use our website or Service.
- Technical data, which may include your URL, IP address, unique device ID, network and computer performance, browser type, language and identifying information, general geographical location and operating system.
- Email correspondence.
- Information (recorded by audio or/and video, or by different means of transcription) provided in customer meetings and interviews.
Why we Process your data
We only collect Personal data for specific, explicitly stated and legitimate purposes according to GDPR and the principle of purpose limitation. Each individual Processing of Personal data requires a so-called “legal basis” in order to be legal (according to the principle of lawfulness, fairness and transparency).
According to GDPR, Personal data shall not be stored for longer than what is necessary to fulfil the purposes for which they were collected. If it is necessary for us to comply with a legal obligation, we may store Personal data for a longer period for that purpose. Personal data that can no longer be stored will be erased (deleted) (according to the principle of storage limitation).
Below you can read more about the purpose, legal basis and storage period of the Processing of your Personal data.
1) When you visit our website and/or use the Service:
Our website and the Service uses cookies. The use of non-essential cookies takes place only if you give your consent to it. You can revoke a given consent at any time (without this affecting the legality of the Processing performed with the support of the consent before it was revoked). In addition, you can manage the storage of cookies through your browser settings. Legal basis for the Processing: Consent.
You can read more information about how we use cookies in our cookie policy.
2) When we get in touch through email, telephone, social media or contact form:
You can contact us through email, telephone or social media and in such cases, we obtain access to your Personal data that appears in connection with such contact. For example, we may have access to the following Personal data: name, telephone number, IP-address, e-mail address, user ID from social media (if applicable) and other information that you provide to us. This information is Processed by us so that we can know who we are talking to and to keep in touch in the matter. Legal basis for the Processing: Legitimate interest.
You can also contact us by sending a message to us through the contact form on the website. We may obtain the following Personal data that belongs to you: name, employer, telephone number, IP-address, e-mail address, and the information that you include in the message. This information is Processed by us so that we can know who we are talking to and to contact you. Before sending the message to us, you give your active consent to our Processing of your Personal data taking place in accordance with this Privacy Policy, by ticking a checkbox for approval. Legal basis for the Processing: Consent.
When the User contacts us, the User’s messages are saved in order to help the end User with a problem or provide information about our Services, whether immediately or at a later time. The Processing is performed as long as we have a business relationship with the company you represent, and up to 180 days thereafter (backup storage). Legal basis for the Processing: Contract.
3) When a Customer enters into a service agreement with us:
We Process Personal data that belongs to the Customer’s contact person and/or company signatory in order to fulfil the agreement regarding our Services. Personal data that we Process belonging to the Customer’s contact person and/or company signatory refers to, among other things: first name, last name, telephone number, e-mail address, employer. Legal basis for the Processing: Contract.
The service agreement that is entered into with us may contain Personal data belonging to the Customers contact person and/or company signatory and is stored as long as we are obliged to keep an accounting record of the invoices made to the Customer regarding the Services provided to the Customer.
4) To help Users in support matters:
We Process Personal data that are provided to us in connection with support matters related to our Services. Phone calls to our support are recorded and can be used to get background information to help resolve or deal with a support request. The legal basis for the Processing of Personal data in connection to support matters are performed on the basis of a Contract. We shall help to resolve or deal with a support request. The Processing is performed for 36 months after the support ticket is marked as solved.
5) To manage our business relationships:
We may contact you by using your contact details that you have provided to us, in order to manage our business relationship with you. If there is a contract between you and us (or the company that you represent), the Processing is made on the basis of performance of a Contract. This type of Processing may be conducted by us as long as we have a business relationship with you or the company you represent.
If you have not entered into an agreement with us, the Processing is made on the basis of Legitimate interest instead, since we have a legitimate interest in managing potential business relationships. This type of Processing may be conducted by us as long as we deem our Services to be interesting to you or the company you represent, or until you request that we shall stop our processing of your personal data for this purpose.
6) When you receive newsletters from us:
You may receive newsletters from us, in order for us to inform you about for example new features and/or changes in the Service, new services provided by us or similar. You can choose to unsubscribe from the newsletters at any time by clicking on the unsubscribe link in the newsletter or email your request to unsubscribe to us. Legal basis for the Processing: Legitimate interest.
If you unsubscribe, you will be removed from the email list for recipients of the newsletters, but your email address will remain in the database with a block for receiving newsletters. The purpose of this is to ensure that you do not receive any newsletters from us. If you want your email address to be deleted from the list of blocked email addresses, you can contact us by email and request this. However, if you request that we remove your email address from the list of blocked email addresses, you will be able to receive newsletters from us if you or someone else registers your email address to receive newsletters again.
7) To comply with our legal obligations:
If we are obliged by for example law, a court decision or similar to Process certain Personal data, the Processing takes place on the basis of a Legal obligation as the legal basis. In such cases, the Processing takes place only to the extent that it is necessary for us to fulfil our legal obligations and then we only process the necessary Personal data, for as long as it is required (in accordance with the principle of storage limitation).
As an example, we Process and store invoices and other documentation that form our accounting basis that we are obliged to Process and store in accordance with current legislation, such as the Swedish Accounting Act (1999: 1078). Accounting documents and invoices may in some cases contain Personal data, such as contact information of the Customer’s contact person and/or signatory. Such is stored for as long as prescribed by law. Legal basis for the Processing: Legal obligation.
We may also Process relevant Personal data for the establishment, exercise or defence of legal claims. This is made based on our Legitimate interest in establishing, exercising or defending any legal claims. This also applies in order for us to protect our rights and property. Information that is relevant for any legal claim is kept for as long as such claim can be made in accordance with applicable legislation.
8) When we meet or interview you
To be able to understand customers and users and create a first class experience for them, we might set up interviews and meetings (remote or in person) with individuals. During these meetings and interviews we might take notes, record (by audio and/or video) or by different means transcribe the content of the meetings and interviews. Recordings or transcriptions will take place only if you give your consent to it. You can revoke a given consent at any time (without this affecting the legality of the Processing performed with the support of the consent before it was revoked).
Legal basis for the Processing: Consent.
9) When we compensate you To be able to compensate customers and users for meetings, interviews or other, we will ask for your consent to use personal data such as name, address, email address to order, register and/or send remunerations. You can revoke a given consent at any time (without this affecting the legality of the Processing performed with the support of the consent before it was revoked).
Legal basis for the Processing: Consent.
10) Other purposes for our Processing of Personal Data:
When a Processing of Personal data takes place on the basis of a Legitimate interest as a legal basis, our assessment is that the Processing does not constitute an infringement of your right to privacy and integrity. We have come to this conclusion, after having made a balance between on the one hand what the Processing in question means for your interests and the right to privacy, and on the other hand our legitimate interest in the Processing in question. However, we never Process sensitive Personal Data on the basis of this legal basis.
Based on our Legitimate Interest, we may process Personal data to:
- market our products and services through, for example, direct marketing, publications and events. We may process your email address to perform the direct marketing, and we may do this as long as we have a business relationship or until you opt out.
- ensure the technical functioning of our website and Service, to provide support for our Services and to analyse your use of the website and Services in order for us to develop and improve them. Your IP-address is stored when you sign into, and perform actions in the Service. This data is logged for 180 days. Session cookies are stored as long as the browser is open. Other cookies are stored for a maximum of 24 months. Other technical data is logged for 180 days.
Where Personal data is stored
We strive to Process all Personal data that we handle within the EU/EEA (according to the principle of integrity and confidentiality).
If we transfer your Personal data outside the EU/EEA, such transfer will be subject to appropriate safeguards in accordance with the GDPR and/or SCC.
Termination
Upon termination of the Customers Subscription, all Account information and data will be made inaccessible to the User. The data and logs of activity in the User’s account are stored for a maximum of 180 days, before being permanently deleted, unless there is a legal obligation to store the data for a longer period of time.
How we share your data
We do not sell your data to any Third party for marketing purposes. However, we may share Personal data that we Process with our subcontractors when they perform services on our behalf, for example when we engage subcontractors to maintain and support our IT systems, to help us fulfil our legal obligations under contracts, applicable legislation, to safeguard our legal interest, to improve our services/products, or to prevent and detect technical or security issues with our services and/or software. When we engage a subcontractor to Process Personal data on our behalf, they become our sub-processors.
With regards to EU Personal Data, we and the sub-processor will comply with each of our respective obligations under the GDPR and any subordinate legislation and regulation implementing the GDPR and/or SCC which may apply. The sub-processors may only Process the Personal data in accordance with the instructions stated in a Data Processing Agreement and/or SCC entered into between us and the sub-processors.
We may also disclose or share Personal data with:
– Subsidiaries or other group companies.
– Auditors and other professional advisors.
– A Third party involved in organising an event, e.g. hotels, event organiser or speaker.
– A Third party when it is necessary in order to provide services to you or comply with a legal obligation.
– Social media such as Instagram, Facebook, LinkedIn or Twitter when you contact us through such services. If you use these services, we refer to the respective service’s privacy policy for information on how they Process Personal data.
How we protect your data
We implement security measures to protect your Personal data. All our Services and software use encryption to ensure security when data is sent over the Internet. Only employees who need information owned by the Users in order to help the Users may access such information. The servers used to store Personal data or other information owned by the User are kept in a secure environment.
We use a range of technical and organisational measures to protect your Personal data from unauthorised access, use, loss, change or deletion in accordance with the GDPR (according to the principle of integrity and confidentiality). Such actions include, but are not limited to, physical controls, encryption, eligibility restrictions, policies, etc. All our internal registers and systems are password protected. There are also instructions for staff-members with access to our databases containing Personal data, to protect the information. We also work according to the data protection principles (Article 5 GDPR) and ensure that all staff-members are aware of the principles.
Your rights
If we Process your Personal Data, you have different rights under GDPR regarding our Processing of your Personal Data. Under certain conditions, you have the right to:
- be informed about the collection and the use of your Personal data,
- access your Personal data and supplementary information,
- have your inaccurate Personal data rectified or completed if it is incomplete,
- have your Personal data erased (to be forgotten) in certain circumstances,
- restrict Processing of your Personal data in certain circumstances,
- data portability, which allows you to obtain and reuse your Personal data for your own purposes across different services,
- object to Processing in certain circumstances,
- rights in relation to automated decision making and profiling,
- withdraw your consent at any time (where relevant),
- complain to the Supervisory authority regarding our Processing of Personal data, and
- be informed about any Personal data breach concerning your Personal data in certain circumstances.
We hereby inform you that some of the rights only apply in certain situations and only if it is legal and possible for us to implement your request. You are welcome to contact us if you would like to invoke any of the above rights regarding your Personal data that we Process.
Personal data breach and complaints
If you have any complaints about our Processing of Personal data, the complaint can be made to us, or to the Swedish Authority for Privacy Protection: Integritetskyddsmyndigheten (IMY), Box 8114, SE-104 20 Stockholm, Sweden or your local national data protection authority, and the contact details for local national data protection authorities can be found at the European Commission’s web page.
A data breach or other incident which means that our control over Processed Personal data is lost, is regarded as a Personal data breach according to GDPR. All Personal data breaches will be documented internally and will also be reported to the Swedish Authority for Privacy Protection within 72 hours, when GDPR requires it.
Changes to this privacy policy
This Privacy Policy is reviewed annually and updated as needed, without prior notice. For example, if it is necessary to clarify something or if our Processing of Personal data changes. The latest version of the Privacy Policy is always publicly available through this website. You are responsible for reading the contents of this Privacy Policy and keeping up to date on any changes.
How to contact us
Do not hesitate to contact us if you have any questions about this Privacy Policy or regarding our Processing of your Personal data or if you would like to exercise any of your rights under the GDPR. You can contact us.
Updated as of March 23d, 2022.