We at Kid Collective know how important privacy is for our customers, suppliers, partners and site visitors, and our goal with this policy is to clearly and transparently describe how we collect, use, display, transfer and store your information so that you are confident that your personal information is in safe storage. Kid’s processing of personal data is governed by the General Data Protection Regulation (2016/679) – more known as the “GDPR”. You can read more about how Kid complies with the GDPR and your rights as a registered person in this policy.We may update this policy from time to time. You can always access the latest version at our website.
Who is the controller of personal data?
The controller of personal data is Kid Collective AB, Östgötagatan 11, 116 25 Stockholm Sweden (phone +46 8 678 59 00, email info@kidcollective.se).
What data do we process and why?
Personal data is any information that directly or indirectly can be linked to a living natural person. Kid processes personal data in several ways, but primarily by means of personal contact with you. Our processing in typical situations is further explained below along with the lawful basis for the processing.
General inquiries
We process personal data from you when you contact us, for example via the reception, by e-mail, telephone, or in other ways. First of all, we process such information needed to answer your inquiry and thereby fulfill the contract between you and Kid. We may also reconnect with you after a made inquiry. Such processing is based on our legitimate interests.
When accessing our website
When accessing our website, your IP-number may be processed. This is necessary for accessing the website and the processing is based on the lawful basis contract. If you consent to cookies (you can find more information about our use of cookies here: https://kidcollective.se/cookie-policy/), we collect information about your use of our website. Some of the collected information may contain personal data. We also collect information about how you navigate the website and what information you are interested in. The lawful basis for the processing is your given consent.
Contact with our customers and business partners
Kid processes personal data in order to answer and manage contacts and requests from customers, applicants, suppliers, and business partners in order to deliver and follow up on the services ordered from us and to perform in accordance with the contract between Kid and you/your company. Our lawful basis for processing personal data is partly to perform in accordance with contract – if you choose not to provide your personal information, we may in some cases not be able perform in accordance with our obligations to you. Certain processing also takes place in order to comply with our legal obligations, such as Kid’s legal obligation pertaining to accounting. If you have no contractual relationship with Kid, we may process your personal data on basis of our legitimate interests by following up with you or by taking direct marketing measures. In such cases, personal data will be processed with consideration to your interests regarding privacy and with consideration of your fundamental rights and freedoms. In this regard, we specifically acknowledge that you have the right to reject further direct marketing at your own discretion.
When you participate in our projects
If you participate in the marketing that we produce, such participation will be regulated by certain agreements with us (as a rule by a standardised participation agreement). There will in those instances be additional information available covering our processing of personal data along with the agreement specifically for such project(s).
When you choose to interact with us on social media
We are present on Facebook, Instagram, LinkedIn and occasionally also on other forms of social media. If you interact with us, your personal data will be shared with the company behind the social media platform. In this regard, we process the information that you submit to us by interacting with us. The purpose of our presence on social media is to spread information about our activities and conduct marketing. The processing of personal data is in this regard based on our legitimate interests. For more information regarding the processing of personal data on social media, we refer to each privacy policy covering each social media platform. You can retrieve such documents on each platform and also by accessing the links provided in the paragraph below.
Do we share your personal data?
To the extent necessary for us to provide our services to you, we hire external suppliers, such as cloud service providers for word processing, mail, Office products, storage and system services. Moreover, personal data may be processed by our IT providers in the area of operations, support, and maintenance of our IT environment. We enter into data processing agreements with such providers in order to secure that the processing of your personal data is conducted in accordance with applicable data protection law.We may also share personal data with other controllers of personal data. This may be the situation when we are obligated by law to share certain information with authorities (in particular the Swedish Tax Agency). In social media, personal data is always shared with the company behind the platform. You can read more about the processing of personal data in relation to our social media accounts below.
Facebook and Instagram:
Your personal data is processed by the company Meta Platforms Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) when using the services. You can read more about the processing of personal data here: https://www.facebook.com/policy.php The use of Facebook and Instagram entails a transfer of personal data to the United States of America (a so-called third country outside the EU/EEA where the GDPR does not apply). This means that you do not have equal rights and protection as the GDPR otherwise guarantees. The transfers are subject to the European Commission’s standard contractual clauses in order to protect your personal data. This means that the recipient of your personal data guarantees that the protection ensured by the GDPR also applies to the processing in the third country. To read more about the services’ third country transfers and to access the standard contractual clauses, you can read more at: https://www.facebook.com/help/566994660333381?ref=dp
LinkedIn:
Your personal data is processed by the company LinkedIn Ireland Unlimited Company (Wilton Plaza, Wilton Place, Dublin 2, Ireland) by using the service. You can read more about the processing of personal data here: https://www.linkedin.com/legal/privacy-policy The use of Linkedin entails a transfer of personal data to the United States of America (a so-called third country outside the EU/EEA where the GDPR does not apply). This means that you do not have equal rights and protection as the GDPR otherwise guarantees. The transfers are subject to the European Commission’s standard contractual clauses in order to protect your personal data. This means that the recipient of your personal data guarantees that the protection ensured by the GDPR also applies to the processing in the third country. To read more about Linkedin’s third country transfers and to access the standard contractual clauses, you can read more at https://www.linkedin.com/help/linkedin/answer/62533 If you visit our website and consent to cookies, personal data will be shared with the companies listed below through the analytic tools implemented on our site (depending on which cookies you have consented to). You can read more about our use of cookies here: https://kidcollective.se/cookie-policy/
Google Analytics:
Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland
You can read more about the processing of personal data here: https://policies.google.com/privacy?hl=en
Where is the processing conducted?
Our ambition is to process all personal data within the EU/EEA. Nevertheless, some of the processing of personal data may involve transfers outside the EU/EES (so-called “third countries”). Additionally, our aim is to provide extensive information on how personal data is transferred to third countries, the risk such transfers entail, and how your rights are secured in this regard. You can read more on the subject here below and you are also welcome to get in touch with us in case of any additional questions – in particular if you wish to access the standard data protection clauses used in specific cases. If personal data is transferred to third countries, it is foremost done so to countries subject to adequacy decisions and within the framework of a data processing agreement in order to guarantee the level of protection of personal data. In third countries not subject to any adequacy decision, the level of protection of personal data is not equivalent to the level existing in the EU/EEA. The consequence thereof is primarily that authorities in third countries may access the personal data and the possibility to exercise your privacy rights may be limited. In order to protect the personal data, we adapt appropriate safeguards by ensuring that the transfers are governed by data protection clauses adopted by the European Commission. Your personal data will be transferred to a third country (specifically the United States of America) if you interact with us using social media platforms. Such transfers are necessary in order to use the social media at hand and in order for you to interact with us on social media. The processing is accordingly necessary for you to interact with us on the specific social media platform.The third country where transfers primarily will take place is – as mentioned – the United States of America. This can be the case for parts of our IT services. If you, when accessing our website, have consented to cookies, transfer of personal data will take place in this regard too. All transfers of personal data to the US is subject to data protection clauses and the transfers are also subject to additional protective measures.
For how long is the processing conducted?
Personal data used for the purposes of performance in accordance with the contract entered into with our customers is processed, as a rule, for the duration necessary for us to administrate the contractual relationship, exercise our rights, and perform in accordance with our obligations. Personal data within accounting records must be stored for seven years pursuant to law. If you receive our newsletter, your personal data will be processed until you choose to decline further marketing or until we discover that your contact details are inactive. Other types of personal data are subject to continuous limitation with the aim to only process the amount of personal data that is necessary.
What are my rights?
You are guaranteed certain rights under the GDPR. In the following section, you can read more about your rights and how to exercise them. The concerned rights can also be found in Articles 15-22 of the GDPR.
Right to access
You have the right to inquire if your personal data is being processed and, if so, to request access to your processed personal data. You have the right to receive a copy of the personal data processed. You may, free of charge, request information regarding what personal data is processed, the purposes of the processing, and the category of your personal data being processed.
Right to rectification
You have the right to request that, if any, wrong information regarding you is rectified and you also have the right to request that we limit our processing of your personal data when we handle your request. You also have the right to request that any incomplete information regarding you is supplemented.
Right to data portability
You have, in certain cases, the right to have your personal data transferred in a machine-readable format to another controller of personal data (so-called “data portability”). This right only applies if the transfer is technically feasible and can be conducted using automated means. The right to data portability only applies to data that you have provided to us which we process in order to fulfill a contract with your or or due to your provided consent.
Right to object to processing
You have the right to object to our processing of your personal data if such processing is based on our legitimate interests as a legal ground. A continued processing of your personal data in that case requires that we are able to demonstrate that we have a legitimate interest with the processing. If not, we may only process your personal data in order to ascertain, pursue, or defend a legal claim.
Right to delimitation of processing
You have the right to demand that the processing of your personal data is limited. If a delimitation is made, we may only, aside for storing the data, process your personal data in order to ascertain, pursue, or defend a legal claim or in order to protect a third-party’s rights. A delimitation can be made due to several reasons.
– In case you dispute that your processed personal data is correct, you may request a delimitation of our processing when we control whether or not your personal data is correct.
– If you have objected to our processing of your personal data based on our legitimate interests, you may request that our processing is limited when we balance our legitimate interests at hand against your interest of having your personal data deleted.
– If you request that we delete your processed personal data and if we cannot fulfill your request, you may request that our processing is limited instead.
Right to be forgotten
You have the right to request that your personal data is deleted under certain circumstances (also known as the “right to be forgotten”) such as those listed below.– You have decided to withdraw your provided consent and our processing has been based on your provided consent.
– Your personal data has been processed by us illegally.
– Your personal data is no longer necessary for the pursued purpose of our processing.
– You have objected to our processing of your personal data based on our legitimate interests and our continued processing cannot be justified on the basis of our legitimate interests.We cannot accommodate a request to be forgotten under all circumstances. For instance, there may be legal obligations that prevent us from deleting your personal data or we may need to continue to process your personal data in order to fulfill a contract with you.
Contact and complaints
If you have any questions or concerns regarding our processing of personal data, please contact us at info@kidcollective.se or by telephone +46 8 678 59 00, or by mail to Kid Collective AB, Östgötagatan 11, 116 25 Stockholm.
Anyone who considers that a company violates privacy laws may contact the supervisory authority – Swedish Authority for Privacy Protection (IMY) and lodge a complaint. Contact details are the following:
Website: https://www.imy.se
Phone: (+46) 8-657 61 00
Email: imy@imy.se
Mail: Box 8114, SE-104 20 Stockholm