PRIVACY NOTICE ANKOR
This privacy notice sets out how Magic Ankor Technology AB, incorporated in Sweden with company number […] (“Ankor”), collects and otherwise processes your personal data.
If you have any questions about this notice or how we process your data, or want to exercise your rights, please contact us on [email].
1.
Data controller
Riddle is the data controller responsible for the processing of your personal data under EU Regulation 2016/679 (the “GDPR”).
Please note that we are a data processor for any personal data uploaded by you to our platform, meaning that such uploaded data is not covered by this notice.
2.
Personal data we collect
We collect and process the following types of personal data:
Contact information: Name, email address, postal address, phone number, etc.
Usage data: Username, password, account and content preferences, how you navigate in our services, which functions you use, etc.
Transaction and payment Information: Information about your payments to us, such as invoicing information and other payment information.
Technical data and device information: IP address, browser type, device information, errors, response time, etc.
3.
How we use your personal data
In this section you can read about for which purposes we use your data, which types we use for each purpose, based on which so-called “legal basis”, and how long we perform the purpose.
To carry out the agreement with you, and manage our customer relationship.
Contact information (from you)
Usage data (from our services)
Transaction and payment Information (from you and payment partners)
Technical data and device information (from our services and your device)
This processing is necessary for Riddle to deliver our services to you (Article 6(1)(b) GDPR).
When you or we terminate the agreement with you.
To ensure network security, and to keep our services safe and secure.
All types listed in section 2.
The processing is based on a legitimate interest of Riddle, after balancing against your interest (Article 6(1)(f) GDPR). We have determined this is a legitimate interest, and ensure our processing is necessary to achieve this purpose.
As long as you use our services.
To verify your identity and prevent fraud in our services.
All types listed in section 2.
The processing is based on a legitimate interest of Riddle, after balancing against your interest (Article 6(1)(f) GDPR). We have determined this is a legitimate interest, and ensure our processing is necessary to achieve this purpose.
As long as you use our services.
To calculate payments.
Contact information (from you)
Usage data (from our services)
Transaction and payment Information (from you and payment partners)
All types listed in section 2.
The processing is based on a legitimate interest of Riddle, after balancing against your interest (Article 6(1)(f) GDPR). We have determined this is a legitimate interest, and ensure our processing is necessary to achieve this purpose.
Until payments have been made.
Perform analytics, service improvement analysis and analyze usage behavior.
If possible, we anonymise your personal data before using it for these purposes.
All types listed in section 2.
The processing is based on a legitimate interest of Riddle, after balancing against your interest (Article 6(1)(f) GDPR). We have determined this is a legitimate interest, and ensure our processing is necessary to achieve this purpose.
As long as you use our services, and thereafter as long as we have data in our systems if we have identified you pose a risk of fraud.
Share your data with the recipients set out in Section 4.
All types listed in section 2.
Depends on the recipient.
As long as we have data in our systems.
To send marketing.
You can turn this off by clicking on the link in the email, or by contacting us.
Contact information (from you)
The processing is based on a legitimate interest of Riddle, after balancing against your interest (Article 6(1)(f) GDPR). We have determined this is a legitimate interest, and ensure our processing is necessary to achieve this purpose.
You might also have provided consent to this (Article 6(1)(a) GDPR).
As long as you use our services, or until you object.
To comply with laws, such as bookkeeping and accounting laws in Sweden.
Contact information (from you)
Usage data (from our services)
Transaction and payment Information (from you and payment partners)
To comply with law (Article 6(1)(c) GDPR)
Seven years after the year during which a transaction has been made.
To protect Riddle from legal claims.
All types listed in section 2.
The processing is based on a legitimate interest of Riddle, after balancing against your interest (Article 6(1)(f) GDPR). We have determined this is a legitimate interest, and ensure our processing is necessary to achieve this purpose.
Up to ten years after our services have been used.
4.
Data recipients
We may share your personal data with the following data recipients.
Suppliers such as IT providers or consultants
These companies provide functionality which Riddle needs to provide its services.
The processing is based on a legitimate interest of Riddle, after balancing against your interest (Article 6(1)(f) GDPR).
Payment partners
Riddle uses payment partners to offer payments in its services. Such partners will independently own and use the information they receive.
This processing is necessary for Riddle to deliver our services to you (Article 6(1)(b) GDPR).
Authorities
Riddle might share personal data with authorities such as the police to keep its services secure.
The processing is based on a legitimate interest of Riddle, after balancing against your interest (Article 6(1)(f) GDPR). Riddle might also have to share personal data to comply with law (Article 6(1)(c) GDPR).
Divestment or selling of assets.
Riddle might divest part or whole of its business, or be acquired, meaning that your personal data will be shared with the buyer.
The processing is based on a legitimate interest of Riddle, after balancing against your interest (Article 6(1)(f) GDPR).
Social media
If you interact with us on social media, your information will be shared with such social media company
The processing is based on a legitimate interest of Riddle, after balancing against your interest (Article 6(1)(f) GDPR). This processing might also be necessary for Riddle to deliver our services to you (Article 6(1)(b) GDPR).
4.
Data recipients
We may share your personal data with the following data recipients.
5.
Data Retention
We will retain your personal data only for as long as necessary to fulfill the purposes outlined in this notice unless a longer retention period is required or permitted by law. Especially the Swedish bookkeeping law requires accounting data to be kept for seven years after the year a transaction was made.
Swedish statutory limitation law also prescribes that Riddle need to keep personal data necessary to protect it from claims for ten years after our service was used.
6.
Your Rights
You have the following rights regarding your personal data. You can exercise them by contacting us through the email address listed on the top of this notice.
The right to access and receive a copy of your personal data, as well as receive specific information on how we have processed it.
The right to rectify any inaccurate or incomplete personal data.
The right to erase your personal data (“right to be forgotten”), unless Riddle is unable to do this based on legal obligation or due to compelling legitimate grounds.
Right to object to the processing of your personal data. You have the right to object to processing of your personal data which is based on our legitimate interest (Article 6(1)(f) GDPR), by referencing your specific circumstances. You can always object to our use of your personal data for marketing purposes.
The right to restrict the processing of your personal data. You can request this for example while we administrate you exercising your right to object, or your right to data deletion.
The right to data portability, ie. to receive your personal data in an electronic/machine readable format.
Right to withdraw your consent. This means that we will stop processing your data for purposes on which we rely on your consent.
To submit a complaint to the Swedish Data Protection Authority, Integritetsskyddsmyndigheten.
7.
When we can transfer your personal data outside of the EEA, and how we protect it
We always strive to process your personal data within the European Economic Area (“EEA”). However, sometimes we might need to transfer your data also outside this region.
When we do this, we make sure the data is kept equally secure as in the EEA, and that protective measures are implemented as required. Such measures might be technical in nature such as encryption or pseudonymisation, but we might also rely on the following administrative security measures, as allowed by the GDPR:
If the European Commission has decided that the country outside of the UK/EEA to which your personal data are transferred has an adequate level of protection, which corresponds to the level of protection afforded by the GDPR, or
The European Commission’s standard clauses have been entered into between Riddle and the recipient of the personal data outside the EEA. In these cases, we also assess whether there are laws in the recipient country that affects the protection of your personal data, or
That the transfer is covered by the EU-US Data Privacy Framework.
If you want a copy on any of these instruments you can contact us and request them.
8.
Changes to this privacy notice
We reserve the right to update or modify this privacy notice at any time. You should therefore consult this notice regularly when you use our services.
