for people we don’t do business with (yet)

Dear Sir or Madam, 

You are a very interesting person. That’s why we try to get in touch with you. In order to do so, we have obtained your contact information. This means that we are processing your personal data. In this privacy policy we describe how we comply with the General Data Protection Regulation (GDPR) when we process personal data of our potential business partners and their representatives.  With this term we mean people we would like to do business with, both if they work as sole traders, or are employed by or otherwise work for a company which we would like to do business with.

If you do not belong to this category, you will find the relevant information concerning your case in connection to where this privacy policy is available.

‍

Data Controller

We operate all over the world, but we are domiciled in Sweden. Our name, corporate ID-number, physical address and email is: Bambuser AB (org. nr 556731 - 3126) Regeringsgatan 55, 111 56 Stockholm, Sweden. 

e-mail: info@bambuser.com 

For the sake of clarity, the terms “we, us, our” etc. in this privacy policy always refer to this company.

‍

Data Protection Officer

Of course we have a DPO. To get in touch, send an email to: dpo@bambuser.com or write a letter to the address stated above.

‍

Purpose and legal ground for processing

Our purpose for processing your personal data is because we want to offer you a business opportunity.  

The legal ground for processing your personal data is our legitimate interest to look for business partners. The data we process for this purpose, as specified below, is the kind of data that business people tend to be open about in order to be able to be found by potential partners. That’s why the balancing test, which we carried out to check our interest of processing the data against your interest of keeping it secret, clearly came out in favour of our right to process it. 

‍

Categories and sources of personal data 

The categories of personal data we process in order to fulfill our purpose is your name, contact information, professional role at what company, and maybe some piece of information that tells a relevant story about something that you have previously said or done in your line of business. 

The sources of the data are either directly from you, or because you published it somewhere on a homepage, a social media account or you were mentioned in business news media or so and we directly or indirectly found it there.

Exactly what data is processed in your case and the source depends on your professional function.

‍

Camera surveillance at our Swedish office

If you visit us in Stockholm, we want you to know that our entrance doors are under camera surveillance. 

The reason for this processing is to prevent and investigate crime and unauthorized access. The legal ground is our legitimate interest in keeping our office safe from undesired visits. Since the scope of processing is very narrow and you would be an invited and desired guest if you should visit us, the balancing test shows that the processing does not violate your fundamental rights and freedoms and that our legitimate interest carries more weight. Thus, the indicators are in favour of the processing. The video is deleted after 12 months, unless it is part of an ongoing investigation. 

We present this as a separate point, because it concerns a completely different subject matter compared to all other processing in our relation.

‍

We only share your data with those we have to

We do not sell your personal data, nor do we give it to any third parties. We only share it with our processors. They are necessary to keep the technique rolling, which we absolutely need in order to keep our business rolling. Our processors do not use your personal data for any purpose of their own. This is governed by the data protection agreement. If governmental or other authorities ask for your data, we only share it if there is a legal obligation to do so.

‍

Retention period

We will only store your data for as long as we consider it reasonable and relevant to try to reach you and establish contact. Once that period has expired, we will delete your data on our own initiative.

A few examples to illustrate: if you are a marketing executive and we have contacted you several times but not being able to establish a connection. Well, then we believe it’s because you are not interested, which makes it neither reasonable nor relevant that we keep your personal data. So, we will delete it. Or, you may have a track record as a great influencer, but for one reason or another you haven’t posted anything for a long period of time, and when we try to make contact you won’t answer. In that case too, it would neither be reasonable nor relevant to keep your personal data. The probability that we could establish a business relation would be too low.

These examples illustrate how we apply the criteria reasonable and relevant, they don’t define the criteria. 

‍

Transfers to third countries

We keep the maximum of our personal data processing within the EU/EES, but this is not always possible. If we transfer your personal data to a third country, it is either because you yourself are in a third country, or because the service that we need and use is based in a third country. Evidently, it would be impossible to contact you if we could not send you a message to where you happen to be and equally impossible to use a service that we need if we could not use it where it is located. The legal basis for such a transfer is article 49.1 subparagraph 2.

‍

Your rights

You are always free to get in touch with us and ask what personal data we have about you. You may ask for their rectification or erasure, that the processing should be restricted or ceased and that your data should be transferred to somebody else. We will do what you ask us to do, provided that no other laws or rules prevent us. In any case, we will get back to you and reply to your demand and we will tell you what measures we have taken and on what grounds. We use automatic reply functions, but no automated decisions and no profiling. 

‍

About changes to this privacy policy

This privacy policy is a dynamic document, which means that it will change if the way we do business changes. Should this happen, then the new privacy policy will replace the old one with immediate effect. Since it can neither be considered to be a legal obligation nor meaningful in any other way, we will not communicate such a change of privacy policy in any other way than to publish the new privacy policy here. 

‍

The right to lodge a complaint

We believe that the way we process personal data complies with the GDPR. Should you be of another opinion, we would appreciate it if you tell us what you believe is wrong. You are also free to lodge a complaint with the Swedish supervisory authority, Integritetsskyddsmyndigheten, IMY. If it is more convenient to you, you may lodge your complaint with another supervisory authority. 

‍

This privacy policy was last updated on the 5th of October, 2022.