Privacy policy

What is the purpose of this privacy policy?

The purpose of this privacy policy (hereinafter "Privacy Policy") is to inform you of how Chromafora AB (hereinafter "Chromafora", "we", or "us") process and protect your personal data, including your rights in relation to our processing of your personal data when you visit or interact with us. This Privacy Policy will provide information on what personal data is collected, why the personal data is collected, how the collected personal data is used and your options and rights regarding the processing of your personal data. 

Chromafora is the data controller for the processing of personal data set out in this Privacy Policy.

You have certain rights in relation to how we process your personal data. Your rights include:

• the right to object to the processing of personal data;
• access and rectification of your personal data;
• the right to request erasure of your personal data;
• the right to restrict the processing of personal data; and
• the right to data portability.

You also always have a right to lodge a complaint with a data protection authority if you are dissatisfied with how we process your personal data. 

Your rights are described in more detail below. 

We will transfer your personal data to third parties under certain lawful circumstances, as stated in this notice, and in some instances to a different country to the country in which you live or work. Such countries may be located outside the EEA.

What is "personal data" and "processing of personal data"? 

The term "personal data" as used in this Privacy Policy is any piece of information that, either on its own or together with any other pieces of information, can be traced back to a living individual, and any other data that qualifies as personal data in accordance with the law applicable to Chromafora. 

This Privacy Policy covers all personal data that is in any form considered processed under the relevant law, including personal data that is kept, stored, collected, transferred, disclosed or otherwise processed. 

What kind of personal data will we process and how?

Customers, suppliers, business partners and leads

In relation to contact persons at current or potential customers, suppliers and partners, we may process your contact details (such as first name, last name, business telephone number and e-mail address) for our legitimate interest to be able to contact you, administer the contract between us and the organization you represent, and to fulfill our contractual obligations therein, during the term of the agreement or engagement, as required by applicable legislation or otherwise for as long as a claim can be raised against us. 

For sending news, reports and other information about Chromafora's products and services 

If you sign up for receiving news, reports or other information about Chromafora's products and services, Chromafora will process your contact details (such as first name, last name, telephone number and e-mail address) to be able to provide you with such news, reports or other information about Chromafora's products and services based on your consent. You may withdraw your consent at any time. If you withdraw your consent, we will no longer process your personal data for sending news, reports and other information about Chromafora's products and services. For contact details to withdraw your consent, please see Section 11. 

Claims and legal obligations

In addition to the above, personal data may also be stored based on our legitimate interest to defend ourselves against claims for as long a claim can be invoked against us. Personal data may also be stored based on a legal obligation to enable us to comply with legal obligations, including responding to requests from authorities to access personal data, for as long as required to respond to such request or otherwise fulfill the legal obligation.

To what categories of third parties will my personal data be disclosed?

Authorities

We may need to provide personal data to certain authorities (e.g. the police and tax authority) in accordance with mandatory law and in order to fulfill legal obligations, or to establish, exercise or defend legal claims. 

Group companies

Your personal data may need to be transferred to affiliates and/or subsidiaries of Chromafora for internal administrative purposes, based on our legitimate interest in handling administrative processes. 

Companies engaged by us

Your personal data may be transferred to and processed by third party providers and suppliers which perform services for us (data processors), to enable these companies to perform the services requested by us. Services which may be requested include the provision of [financial services companies, business partners, analytics services, email service providers, customer relationship management software, and cloud service providers]. Only personal data that is necessary to fulfil the purposes with the relevant processing will be provided to these companies. All third party providers and suppliers must, when acting as data processors, follow our instructions and the applicable written data processing agreement and any other agreement that are in place between Chromafora and its third party providers, and must implement suitable technical and organizational measures for the protection of the personal data.  

Corporate transactions

Your personal data may also be disclosed to a third party based on our legitimate interest as part of a merger or transfer, acquisition or sale of Chromafora.

To what countries will my personal data be transferred?

A legal entity that receives personal data may be located in a country that offers a lower level of protection for personal data than the country in which you are domiciled. All personal data transferred to a country that offers a lower level of protection for personal data will be transferred in accordance with our current policies regarding transfer of personal data, as applicable from time to time, to ensure that the transfer of personal data complies with the law. If your personal data is transferred to a country that offers a lower level of protection for personal data, we will take appropriate measures in accordance with applicable law to ensure that your personal data remains protected. [Such measures include the use of the European Commission's standard contractual clauses (art. 46.2(c) GDPR) to protect the transfer of your personal data. The standard contractual clauses are available here. Transfers to the U.S. can also be carried out to third parties that are part of the EU-US Data Privacy Framework (art. 45 GDPR), certifying that they have committed to comply with a detailed set of privacy obligations to ensure an adequate level of protection for the personal data transferred.] 

For how long will my personal data be processed?

We will not store or process personal data for a period longer than necessary to fulfil the purposes in Section 3 or to comply with applicable law. Accordingly, when the purpose has been fulfilled in relation to a specific type of personal data, we will stop using the personal data for that purpose and, if the same data is not relevant for any other purpose, delete the relevant personal data as soon as reasonably possible.

What are my rights with regards to my personal data?

You have several rights when it comes to our use of your personal data. A description of these rights is set out below. 

If you want to make use of your rights you can do so by contacting us, please see Section 11 for further information.

Right to access and rectification

You have the right to request access to the personal data that is processed by us, including what personal data Chromafora is processing in relation to you, the source of the personal data, for what purposes the data has been processed, and the identity of the parties that data has been provided to. You also have the right to, at any time, request that any inaccurate or incomplete personal data is corrected.

Right to erasure

You may also request that your personal data should be erased if e.g.:

• the personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
• you object to the processing of your personal data, in accordance with your right to object as set out above and we do not have an overriding legitimate interest;
• the processing is unlawful; or
• the personal data has to be erased to enable us to comply with a legal requirement.

Please note that we may reject your request if the processing is permitted or required according to law or any other relevant legal ground, or if we need to establish, exercise or defend legal claims. If you have any questions about your right to erasure, please contact the responsible contact person stated in Section 11 below.

Right to restriction

You are also entitled to request us to restrict the processing of your personal data, if:

• you contest the accuracy of the personal data, and we must restrict the processing for a certain period to enable us to verify the accuracy of relevant data; 
• the processing is unlawful and you oppose the erasure of the personal data but instead request restriction of the use; 
• We no longer need the personal data for the purposes of the processing as stipulated under Section 3 in this Privacy Policy, but the personal data is required by you for the establishment, exercise or defense of a legal claim; or
• you have objected to processing pursuant to what is set out under the section "right to object" above, and our verification of the legitimate grounds is pending.

Right to data portability

If you request access to personal data about you that you yourself have provided and if the personal data is being processed automatically with your consent and/or in accordance with a contract between you and Chromafora, you may request that the data is provided in a structured, commonly-used and machine-readable format and you may also request that the personal data is transmitted to another controller, if this is technically feasible. 

How do I make use of my rights and what should I do if I have any complaints?

Please see who you can contact under Section 11 below should you have any requests in relation to the processing of your personal data, or if you want to withdraw any consent provided. Please note that we may contact you and ask you to confirm your identity to ensure that we do not disclose your personal data to any unauthorized person, and that we may ask you to specify your request before we perform any actions. 

You always have the right to lodge a complaint with the relevant supervisory authority if you are dissatisfied with how we process your personal data, which in Sweden is the Swedish Authority for Privacy Protection (www.imy.se).

How will we act when receiving a request?

Once we have confirmed your identity, we will handle your request in accordance with applicable law. Please note that even if you object to certain processing of personal data, we may still continue this processing if permitted or required to do so by law, for example to enable us to fulfil legal requirements, fulfil legal obligations or fulfil obligations under a contract with you.  

Updates to the Privacy Policy 

In order to ensure that we comply with data protection law, this Privacy Notice may be changed by us at any time. 

Contact information 

Chromafora AB (reg. no. 556803-2568)
Banvaktsvägen 22, 171 48 Solna, Sweden
Phone: +46 8 23 53 50
Email: info@chromafora.com

__________________

Latest update on October 14, 2024