Privacy Policy

Version: 1.0
Last update: 2022-09-01

Report on the processing of personal data pursuant to the EU’s General Data Protection Regulation (2016/679) (GDPR).

Definitions

For the purposes of this policy:

Company (referred to as either “the Company”, “we”, “us” or “our” in this Agreement) refers to
Bimify AB
Business ID: 559369-7898
Address: Jakobsbergsgatan 16, c/o Convendum, 111 43 Stockholm, Sweden.
Email address: info@bimify.com

You (even referred to as either “you”, “yours” or “the data subject”) means the individual accessing or using our website, or the company, or other legal entity on behalf of which such individual is accessing or using our website, as applicable.

Processor means a natural or legal person who processes personal data on behalf of the company.

Personal Data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing means any operation or set of operations relating to personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Third-party means a natural or legal person, other than you, the Company, processor, or persons who under the direction of the Company or processor are authorized to process personal data.

Communication regarding privacy matters

For all questions related to the processing of personal data and situations related to the exercise of your rights, your should contact us in writing by sending an email to info@bimify.com.

Basis and purpose of processing personal data

The legal basis for the processing of personal data is:

a. The consent to the processing of personal data provided by you
b. The contractual relationship between you and us

Use of your personal data

a. To attend and manage your requests to us
b. To contact you by email, telephone calls, SMS, or other equivalent forms of electronic communication
c. For the development, compliance and undertaking of the purchase contract for the services you have purchased or of any other contract with us
d. To provide you with news and special offers
e. We may use your information for other purposes, such as data analysis and to evaluate and improve our products, services and your experience

Regular data sources

The personal data to be processed is regularly received from the following sources:

a. You
b. The Swedish Companies Registration Office
c. the Tax Agency

Personal data being processed

We only collect your personal data that is essential and relevant for the purposes explained in this privacy statement.

The following data is being processed:

a. First and last name
b. Email address
c. Phone number
d. Other

Disclosure of personal data

We do not sell, trade, or otherwise transfer the collected data to outside parties. This does not include website hosting partners and other parties who assist us in operating our website, conducting our business, or serving our users.

Data may also be disclosed to the authorities due to legal requirements.

Transfers of personal data to third countries

As a rule, personal data will not be transferred outside of the EU or the European Economic Area.

If this is exceptionally done (due to reasons related to data technology or engagement of suppliers in third countries for example), the company ensures an adequate level of protection for personal data as expressly provided for in the data protection legislation. The primary solution is that the company draws up an agreement pursuant to the European Commission’s standard contractual clauses on the processing of personal data with a processor located outside of the EU. The agreement creates the framework for high-quality data protection also outside of the European Union or the European Economic Area.

Retention period for personal data

We will process the personal data for as long as necessary to fulfil the purposes for which it was collected. At the end of this period, we will delete or anonymize the data.

The company may have an obligation to process some personal data belonging to the filing system for longer than stated above in order to comply with the legislation or authority requirements.

Rights of the data subject

Right to request access to personal data

You have the right to receive confirmation regarding whether personal data concerning you is being processed and, if it is, the right to receive a copy of your personal data.

Right to rectification

You have the right to request that inaccurate and erroneous personal data concerning you becomes rectified. You also have the right to supplement incomplete personal data by submitting the required additional information.

Right to erasure

You have the right to request the erasure of personal data concerning you if
a. the personal data is no longer required for the purposes for which it was collected;
b. you withdraw your consent on which the processing of personal data was based, and no other legal basis exists for the processing; or
c. personal data has been unlawfully processed.

Right to restriction of processing

You have the right to restrict the processing of personal data concerning you if
a. you contest the accuracy of your personal data;
b. the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead; or
c. the Company no longer needs the personal data for the purposes of the processing, but it is required by you for the establishment, exercise or defence of legal claims.

Right to withdraw consent

You have the right to withdraw the consent you have provided for the processing, without affecting the lawfulness of processing based on consent before its withdrawal.

Right to data portability

You have the right to receive the personal data concerning yourself, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit this data to another company.

Right to lodge a complaint with a supervisory authority

The office of the Authority for Privacy Protection is the national supervisory authority for personal data matters. You have the right to bring your case to the supervisory authority if you consider that the processing of personal data concerning you is in violation of applicable law.

Amending the privacy policies

We reserve the right to update and amend this Policy. If we do, we correct the date and the version at the top of this Policy. In case of significant changes, we will provide notification in the form of a visible notice, for example on our website or by direct message.