This Website is owned, managed and published by The Newbie Guide to Sweden AB with company registration number: 556934–4905 (hereinafter referred to as “The Newbie Guide”, “we”, “us”, “our”).
We Process all Personal Data in accordance with the GDPR and any subordinate legislation and regulation implementing the GDPR and/or SCC which may apply (the “Data Protection Requirements”) (in accordance with the principle of accountability).
GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
SCC: Commission implementing decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of Personal Data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council, or later updated version.
E-learning platform: https://www.thenewbieguide.se/learn/
- PERSONAL DATA CONTROLLER
We are the Controller regarding all Processing of Personal Data that is performed by us or on our behalf, insofar as we determine the means and purpose of the Processing (according to the principle of accountability). Unless otherwise stated in this Privacy Notice, we are the Controller for the Processing described.
- HOW WE RECEIVE PERSONAL DATA
The most common ways we receive Personal Data are as follows:
- when a person:
- contacts us,
- visits our Website and/or E-learning platform,
- makes a comment on the Website or our social media, or
- registers to receive newsletters from us.
- when we enter into an agreement with a natural or legal person (purchase-, cooperation-, or employment agreement etc.),
- in connection with fulfilling contractual obligations due to an agreement that we have entered into,
- when other people, companies, public records or other sources provide Personal Data to us.
We may also receive Personal Data from, if applicable, approved resellers of our services/products and/or other partners which we have entered into a cooperation agreement with regarding the provision of our services/products.
- CATEGORIES OF PERSONAL DATA THAT WE PROCESS
In accordance with the principle of data minimization, we only process Personal Data in our capacity as a Controller that is adequate, necessary and relevant to fulfill the purposes for which it was collected.
We mainly Process the categories of Personal Data listed below:
- Identification information: name, profile picture, social security number.
- Contact information: email address, phone number, address, employer.
- User information: User-ID, IP-address.
- Other Personal Data: any other Personal Data that is provided to us, such as those that are registered in the E-learning platform by the user or any Personal Data that is included in any message that is sent to us.
- WHY WE PROCESS PERSONAL DATA
In accordance with the principle of purpose limitation, we only Process Personal Data for special, explicitly stated and justified purposes. This means that we do not Process more Personal Data than what is necessary. The main purposes of our Processing of Personal Data are to:
- be able to provide our services, the Website and the e-learning platform,
- be able to improve and market our services, the Website and the e-learning platform,
- fulfill our obligations under agreements, and
- fulfill our legal obligations under the law.
7. INFORMATION ABOUT THE PROCESSING OF PERSONAL DATA AND THE LEGAL BASIS OF THE PROCESSING
All Processing of Personal Data that we perform is supported by a legal basis (according to the principle of legality, correctness and transparency). We Process Personal Data primarily with the support of one of the following legal basis:
- Legitimate interest,
- Legal obligation.
In some cases, it is optional for you to provide your Personal Data to us. However, if, for example, you do not submit your Personal Data, we may not be able to provide the requested support or handle the matter.
You may also need to share your Personal Data in order to be able to enter into an agreement with us or for us to be able to fulfill legal or contractual obligations. However, you will not suffer any negative legal consequences if you do not share your Personal Data with us, unless otherwise expressly stated.
When a Processing of your Personal Data is based on your consent, you have the right to withdraw the consent at any time, without this affecting the legality of the Processing based on the consent before this was withdrawn.
When we Process Personal Data with the support of our legitimate interest as the legal basis, our assessment is that the Processing does not constitute an infringement of your right to privacy and integrity. We have come to this conclusion, after having made a balance between, on the one hand, what the Processing in question means for your interests and right to privacy, and on the other hand, our legitimate interest in the Processing in question. We never Process sensitive Personal Data with the support of Legitimate interests as the legal basis.
Below you can read about our Processing of Personal Data and the legal basis for such Processing.
- When you visit our Website and/or the E-learning platform
- When you make a comment on the Website
You provide your name and e-mail address in connection with your comment being published on the Website. Your name and the content of the comment will be visible to the public upon publication, but not the email address that you have registered in connection with publication of the comment. If you wish to delete a comment that you have published, please contact us by email and provide the same email address that you provided when you published the comment.
- When you become a “Blogger“ on the Website
Categories of Personal Data: Identification information: We store your name, e-mail and profile picture when we create a user account for you as a blogger on the Website. We also store the agreement that you have entered into with us, including your name, address etc. that is stated in the agreement.
The information registered in the blogger-account is stored as long as you are a blogger and six (6) months after the termination of the agreement. Thereafter, the blogger-account is permanently deleted. The blog posts that you have written will be transferred to one of our accounts, but your name will remain on the blog posts that you have written. If you wish, you may request that your name shall be removed. We store your e-mail and the agreement for as long as any blog post that you have written is published on the Website, in order to be able to contact you in matters relating to the blog posts you have written. Legal basis for the above-mentioned Processing of Personal Data: Contract.
- When a Blogger posts pictures in the blog posts
If you upload images to the Website, you should avoid uploading images with embedded location data, since it might be possible to download and extract any location data from images on the Website.
Categories of Personal Data: Identification information. Pictures of children in the blog post, require the guardian’s written approval before publication. The blogger is solely responsible for obtaining such consent for publication. Pictures of other people in the blog post, require the prior approval of all people participating in the picture, before publication of the picture on the Website. The blogger is solely responsible for obtaining such consent for publication. Legal basis for the above-mentioned Processing of Personal Data: Consent.
- When you make a purchase from the E-learning platform
When you purchase digital courses, e-books, workshops and other digital products. from our E-learning platform, we get access to your Personal Data. You can buy products that we have produced, but also products that are provided by our partners (hereinafter referred to as “Producers”). We are the “seller” of all digital products that can be purchased through the E-learning platform. Payment is made through the payment solutions that are integrated in the E-learning platform. More information about the terms and conditions regarding purchases from our E-learning platform can be read at learn.thenewbieguide.se/terms-of-purchase.
Categories of Personal Data:
Order information: Order-ID, invoices, order history, canceled orders, completed orders. This information is Processed by us every time you place an order. We also Process the data to improve our services. Legal basis for the above-mentioned Processing of Personal Data: Legitimate interest.
Payment information: Payment method, pseudonymised credit / debit card information, delivery address (e-mail). We need to Process this information in order to be able to track the payments you have made and link them with the orders you have made in order to enable delivery of the order. Legal basis for the above-mentioned Processing of Personal Data: Contract.
Payment information: We process and store invoices, receipts and other materials that are subject to accounting, according to the applicable accounting laws, such as the Swedish Accounting Act (1999:1078) (sw: Bokföringslagen) for at least seven years or as long as the law requires. Legal basis for the above-mentioned Processing of Personal Data: Legal obligation.
- When we register you or your company as a “Producer“ on the E-learning platform
A “Producer” is a company or an individual that creates products, which we sell through our E-learning platform.
Categories of Personal Data: Producer information: We receive information about the Producer’s user account, such as company name, organization number, sales statistics, payment information, contact information etc. We also get access to personal information that belongs to at least one contact person for the Producer, such as the contact person’s name, e-mail and telephone number. Legal basis for the above-mentioned Processing of Personal Data: Contract.
When a buyer purchases a product through the E-learning platform which the Producer is responsible for, the Producer will get access to the buyers Personal Data, only if the buyer has bought a “Workshop” or if the buyer has a complaint regarding the purchased product or wants more information, have any questions etc. The Produces is in this case regarded as Controller for its Processing of the buyers Personal Data.
Categories of Personal Data: Buyer information: Name, e-mail and order-ID. We may share this information with the Produces, so that they can deliver the Workshop to the buyer or handle any complaints, questions etc. regarding the purchase of the Producers products. Legal basis for the above-mentioned Processing of Personal Data: Contract.
- When you register for any newsletter from us
You can consent to receive newsletters from us by providing your active consent for us to process your email address in order to send you newsletters. Providing your email address to us for this purpose is voluntary, which means that it is not a legal or contractual requirement or a requirement necessary to enter into a contract with us, and you are under no obligation to provide your email mailing address, but the possible consequences of not providing your email address to us is that we will not send you our newsletters.
You can cancel your subscription at any time by clicking on the unsubscribe link in the newsletter or email us at firstname.lastname@example.org. If you withdraw your consent, we will not continue to send you newsletters.
Legal basis for the above-mentioned Processing of Personal Data: Consent.
Those who revoke their consent are removed from the mailing list of recipients of the newsletters, but the e-mail address will remain in the database, with a block for sending newsletters. The purpose of this is to ensure that you do not receive any more newsletters from us. In our assessment, both we and you have a legitimate interest in the Personal Data being Processed for this purpose. The Processing is necessary for a purpose related to a legitimate interest, and that your interest in the protection of your Personal Data is not outweighed. Our assessment is that the Processing in question does not infringe your fundamental rights and freedoms.
Legal basis for the above-mentioned Processing of Personal Data: Legitimate interest.
If you want your e-mail address to be deleted from the block-list as well, you can contact us and request it by e-mail. However, if you request that we delete your e-mail address from the block-list, you may receive newsletters from us if you or someone else registers your e-mail address to receive the newsletters from us again.
- When you contact us
We Process your Personal Data when you contact us by email, phone or social media, so that we can know who we are talking to and to be able to help you in the matter.
Categories of Personal Data: Identification information: name, address, telephone number, e-mail, ID from social media (if applicable), message content.
Legal basis for the Processing of Personal Data: Legitimate interest.
- When we enter into an agreement
When we enter into an agreement with a natural or legal person, we Process the Personal Data that is provided to us in connection with the conclusion of the agreement as well as those that are provided to us within the agreement period.
For example, information about the contracting party and Personal Data belonging to any contact persons and, if applicable, company signatories, such as name, e-mail address and telephone number.
If a cooperation/reseller agreement is entered into between us and a partner to us, which states that the partner has the right to resell our services/products, we may get access to and Process Personal Data that belongs to the customers that purchases our services/products from the partner. In such cases, our Processing of the customers Personal Data is made in order to fulfill the agreement, such as providing the agreed services/products and fulfilling other contractual obligations.
The provision of the Personal Data specified above is necessary for us to enter into an agreement with the contracting party in question and/ or to fulfill the contractual obligations. The possible consequences of such information not being provided to us is that we cannot enter into the contract or fulfill our contractual obligations.
Legal basis for the Processing of Personal Data: Contract.
We may also provide our cooperation partner with our customer’s name and email address, and the customers purchase history regarding our services/products, in order for the partner to, among other thigs, be able to contact the customers in an effort to sell our services/products to them.
In such case, each Party of the cooperation agreement (The Newbie Guide to Sweden AB and the Partner in question) shall be individually and separately responsible for complying with the obligations that apply to it as a Controller under any applicable data protection laws, including the GDPR, in relation to the Personal Data Processed under the cooperation agreement. Each Party is a Controller of the Personal Data it discloses or makes available to the other Party and will process that Personal Data as separate and independent Controllers for the agreed purposes. The Parties Process the Personal Data as Controllers in common, and not jointly as joint Data Controllers.
According to our assessment, we have a legitimate interest in the Personal Data specified above being disclosed to the Partner, in order for the Partner to market our business and/or to sell our services/products to the customers. The Processing is necessary for a purpose related to our legitimate interest, and the Data Subject’s interest in the protection of his Personal Data does not outweigh our legitimate interest. Our assessment is that the Processing in question does not infringe the Data Subject’s fundamental rights and freedoms.
Legal basis for the Processing of Personal Data: Legitimate interest.
Other reasons for the Processing of Personal Data
Legal obligation: If we are obliged by law, court or authority decision to Process certain Personal Data, the Processing takes place with the support of this legal basis. In such cases, the processing takes place only to the extent necessary for us to fulfill our legal obligations. For example, we need to process and store Personal Data in accordance with the Accounting Act (1999:1078) in order to comply with the provisions of the Accounting Act regarding invoicing, accounting records, etc. In such cases, we process and store only necessary Personal Data, as long as the law requires it (in accordance with the principle of storage limitation).
Fulfillment of contractual obligations: We have the right to Process Personal Data on the legal basis of “Contract”, in order to fulfill our obligations under a contract with the Data Subject.
Legitimate interests: Based on our legitimate interest, we may Process Personal Data to:
- improve and develop our Website and the E-learning platform, by analyzing how they are used, for example times of use, most used functions, least used functions, etc.
- carry out direct marketing of our services by sending e-mails to Data subjects’ e-mail addresses that have been provided to us.
- ensure the technical functionality of the platforms, by employing developers or special programs to test the security of the platforms.
- protect us and others against abuse, crime, fraud, intrusion or other damage to our property, by reporting such events and providing the necessary information to the relevant authorities.
8. DATA RETENTION
Storage location: We strive to store and Process all Personal Data within the EU/EEA-area and in accordance with the principle of integrity and confidentiality. If we store Personal Data in a country outside of the EU/EEA-area, the storage location must comply with the provisions of the Data Protection Requirements. We shall in such cases also enter into a data processing agreement that is compliant with the regulations stated in the Data Protection Requirements.
Storage duration: We store Personal Data as long as it’s needed and necessary to fulfill the purposes for which the Personal Data was collected. If it is necessary for us to comply with applicable legislation, we may store Personal Data for a longer period for that purpose.
Invoices, receipts and other accounting documents that we Process, are stored for up to seven (7) years after payment has been made for the Service. They may contain identification information and contact information. These are stored in order for us to be able to handle any complaint matters and to be able to match a payment against an invoice while we are obliged to store such accounting documentation in accordance with current legislation.
If a claim can be made against our company, we can store the relevant Personal Data until the statutory limitation period has expired. In the event of an existing dispute, relevant Personal Data is stored until the dispute has been settled.
Erasure of Personal Data: Personal Data that is no longer needed, will be erased (deleted) (according to the principle of storage limitation). The Website and the E-learning platform undergoes a daily backup storage. Personal Data connected to a comment on the Website, or a user account to either the Website or the E-learning platform, will be stored for as long as the comment is published, or the user account is active. Any deleted content / Personal Data may be stored in the systems backup files for up to three (3) months.
9. TRANSFER OF PERSONAL DATA
We may disclose Personal Data to relevant authorities in response to legal inquiries or if necessary, to prevent, detect or investigate criminal activity and to protect and safeguard our interests and rights. We may also disclose Personal Data that we Process if we are obliged to do so by law or authority decision.
We may also disclose Personal Data that we Process to our cooperation partners or engaged service providers, for example in order to:
– sell and market our services/products,
– safeguard our legal interests,
– fulfill our contractual and legal obligations,
– detect and prevent technical, operational or security issues with the Website or the e-learning platform, and/or
– provide, improve and maintain the platforms.
Examples of service providers that we hire in their capacity as our Processors are: web developer, email provider, hosting provider, business system, billing system, consultants etc. Before we transfer any Personal Data to a Processor, we enter into a data processing agreement with the Processor in accordance with the provisions of the GDPR (alternatively SCC if the Processor is located in a country outside the EU/EEA-area). This is made to ensure a secure and correct Processing of the Personal Data.
We may transfer Personal Data to regulatory authorities, other public entities, legal advisors, external consultants and partners, in accordance with applicable Data Protection Requirements, if it is made in order for us to comply with legal obligations or in order to fulfill our legitimate interest.
If the ownership of our business changes, we may transfer Personal Data to the new owners.
In the event of a merger or acquisition of our company, Personal Data may also be transferred to third parties involved in the merger or acquisition.
We have concluded that we have a legitimate interest in the Personal Data being Processed for the purposes stated above, and that our legitimate interest does not constitute an infringement of the Data subjects right to privacy and integrity.
Legal basis for the above-mentioned Processing of Personal Data: Legitimate interest.
10. YOUR RIGHTS ACCORDING TO THE GDPR
If we Process your Personal Data in the capacity of Controller, you have the following rights according to the GDPR regarding our Processing of your Personal Data:
Right of access: You have the right to information about whether we Process your Personal Data or not, as well as the right to access your Personal Data that we Process and information about how the Personal Data is used. In the event that we Process your Personal Data, you have the right to receive a copy of the Processed Personal Data in the form of a compilation of the Personal Data that we Process about you. You also have the right to receive information about, among other things: which categories of Personal Data we Process, the purpose of the Processing, the duration of the Processing, how we have collected the Personal Data, who has received the Personal Data, etc. The purpose of the compilation is for you to be able to check the legality and accuracy of the information. However, this does not mean that you have the right to obtain the actual documents that contain the Processed Personal Data.
Exemption from the right of access: There may be situations where the disclosure of certain information would entail disadvantages for other persons, that other legislation or other exceptions prevent the disclosure of certain information or extract from the records of Processing activities. In such situations, we may not disclose the information in question and there may therefore be Personal Data and/or other information about you that you do not have the right to access.
Right to rectification: We are responsible for ensuring that Personal Data that we Process is accurate and updated over time. However, Personal Data may be incorrect or incomplete. If we were to process Personal Data about you that is incorrect or incomplete, you have the right to contact us to have your Personal Data rectified. After we have corrected the information, we will notify you of this, provided that it is not proved to be impossible or would involve excessive effort.
Right to erasure: We will erase your Personal Data at your request, if the data is no longer needed for the purposes for which it was collected. This is also called the “right to be forgotten”. In addition, there are more occasions when we erase your Personal Data that we Process. For example, when the legal basis is consent and you revoke the consent, in your objection to direct marketing, if the Processing is not legal, etc. When we erase the Personal Data at your request, we will inform you after the deletion has been performed, provided that it is not proved to be impossible or would involve excessive effort.
Exemption from the right to erasure: We also have the right to continue to Process your Personal Data, and thus not delete the Personal Data despite your request thereof, if the Processing is necessary to: a) satisfy the right to freedom of expression and freedom of information, b) to fulfill a legal obligation, c) to perform a task carried out in the public interest or in the exercise of official authority, d) to defend, establish or assert legal claims, e) archiving purposes of public interest or statistical, historical or scientific purposes, or f) for reasons of public interest in the field of public health.
Right to limitation of Processing: In some cases, you have the right to demand that our Processing of your Personal Data shall be limited. This means that the Personal Data may only be Processed in the future for certain limited purposes. An example of when this right is applicable to you is if your Personal Data that we Process is incorrect and you ask us to rectify it, you may request that our Processing of the Personal Data in question shall be limited until the accuracy of the data has been investigated.
Right to transfer your Personal Data: In some cases, you might have the right to request that we transfer your Personal Data that we Process to you or any other third party. This right is also called the right to “data portability”. You are hereby informed that this right only applies if the Processing of Personal Data is performed automatically, and only if our Processing takes place to implement an agreement in which you are a party to the contract or based on your consent. Also, the transfer of Personal Data to another company only takes place if it is technically possible. If you have the right to data portability, we will at your request to move your Personal Data, and/or provide your Personal Data in a structured, commonly used, machine-readable format.
Right to object: You have the right to object when your Personal Data is Processed to perform a task of public interest, as part of the exercise of authority or when it is Processed after a balancing of interest has been made. If you object to our Processing according to this right, we will cease the Processing, unless our interest outweighs your interests, rights and freedoms. If this is the case, we will inform you about the balance of interests we have made and our interests. However, if we Process Your Personal Data for the purpose of performing direct marketing on the legal basis of legitimate interest, you have an absolute right to request that we discontinue the Processing of your Personal Data for that purpose. In such cases, we will also inform you when we have deleted the Personal Data, if you request it.
Rights regarding automated decision-making, including profiling: In short, automated decisions are about Processing that is automatic, for example through algorithms, where Personal Data is Processed to assess and analyze a person’s personal characteristics. Automated decisions can have legal consequences for the Data subject or affect the Data subject in other significant ways, and if this happens, the Data subject has the right not to be the subject of the automated decision. If an automated decision has been made, with or without profiling, you have the right to have the automated decision reviewed or to challenge it.
11. HOW TO EXERCISE THE RIGHTS
You are welcome to contact us through our contact information stated below, if you would like to invoke any of the above rights in your capacity of a Data subject, regarding your Personal Data that we Process as Controller.
Exercising the rights is free of charge, provided that your requests are not exaggerated, repeated or unfounded. In such cases, we have the right to charge a reasonable fee to process your request or the right to refuse the execution of your request.
Before we process or respond to your request, we may request additional information from you if it is necessary to enable us to verify your identity.
We will inform you of our processing of your request without delay, and no later than within one (1) month after we receive the request. If the request is complex or if, for example, we have received a large number of requests, this time period can be extended by another two (2) months. In such cases, we will notify you of the extension within the first month after we receive your request.
If we are unable to comply with your request due to applicable law or other exceptions, we will notify you and inform you of the reasons why we are unable to comply with your request with the limitations imposed by law.
12. SECURITY MEASURES
We implement technical and organizational security measures with a focus on the integrity of the Data subjects. The measures are intended to protect against intrusion, abuse, loss, destruction and other changes that may pose a risk to privacy (according to the principle of privacy and confidentiality). Below are examples of some security measures we implement:
We work according to the data protection principles (Article 5 GDPR) and ensure that our team-members are aware of the principles. All our activities and security measures are conducted in a manner that ensures compliance with the provisions and requirements of the GDPR regarding adequate protection of Personal Data Processing (according to the principle of integrity and confidentiality).
We have granted access to the Personal Data only to authorized team-members, partners or Sub-processors with a direct need for access to the Personal Data in order to perform their tasks according to their agreement with us.
All our internal registers and systems that contain Personal Data are password protected.
We have also developed internal routines for our team-members with access to Personal Data, in order to protect the Personal Data from unauthorized use.
13. PERSONAL DATA BREACH
We follow the provisions of the GDPR regarding the handling, reporting and documentation of Personal Data breaches. When it is required by the GDPR, we will report Personal Data breaches to the Swedish Authority for Privacy Protection within 72 hours after having become aware of it. When the Personal Data Breach is likely to result in a high risk to the rights and freedoms of natural persons, we shall communicate the Personal Data Breach to the Data Subject without undue delay.
14. CONTACT DETAILS
If you have any questions, concerns or if you are dissatisfied with our Processing of your Personal Data, you are always welcomed to contact us. Below are our company and contact information:
Company: The Newbie Guide to Sweden AB
Reg. no: 556934–4905
Address: Ballonggatan 5, 16971 Solna
You also have the right to contact the Swedish Authority for Privacy Protection to submit a complaint regarding our Processing of your Personal Data.
Name: Integritetsskyddsmyndigheten (IMY).
Phone: 08-657 61 00.
Postal address: Integritetsskyddsmyndigheten, Box 8114
Depending on your country of residence, you may contact different supervisory authorities regarding concerns or complaints about our Processing of your Personal Data. You can find the different EU Member States’ Supervisory Authorities through the following link: https://edpb.europa.eu/about-edpb/about-edpb/members_en