Privacy Policy Contentor AB
We value your privacy and follow strict guidelines to ensure the protection of your personal information. Please read our privacy policy to understand how we collect and use information to create a safe and secure experience for you.
Contentor AB, with registration number 559028–1902 and address Bredgatan 11, 252 25 Helsingborg (“we”, “us”, “Contentor”), is the data controller and is responsible for the personal data processed about you.
At Contentor, our customers' trust is of utmost importance. This trust forms the basis of our business. You should always feel confident when entrusting us with your personal data. To inform you about how we process personal data, we have established this Privacy Policy. The Privacy Policy is based on applicable law and clarifies how we work to safeguard your rights and protect your privacy. If you have any questions about the use of your personal data in accordance with this information, please contact us at gdpr@contentor.se.
Contentor collects information about you from the data you provide when you visit our website, apply for a job with us, enter into an agreement with us, use our services, request a quote, or otherwise communicate with us, as well as from information collected by third parties. Contentor collects information from third parties who have obtained your consent and who have a lawful basis to share the data with us. These third parties may vary over time.
We are constantly working to improve our business, and therefore the Privacy Policy may be amended from time to time. We may update the Privacy Policy due to changes in legal, technical or commercial developments. When we update the Privacy Policy, we will inform you. You can see when it was last updated by checking the date at the bottom of this Privacy Policy.
The purpose of this Privacy Policy is to let you know how we process your personal data, what we use it for, who has access to it and under what conditions, and how you can exercise your rights. We strive to be transparent about how we use your personal data.
This Privacy Policy is structured as follows:
- Personal data processed when you visit our website
- Personal data processed when you apply for a job with us
- Personal data processed when you enter into an agreement with us to use our services and are the contact person when we do business with the company you are employed by or request a quote
- Personal data we process after you have entered into an agreement with us
- Personal data processed for direct marketing
- Personal data processed due to legal obligation or to safeguard legal claims
- Who we share your personal data with
- Transfers outside the EU/EEA
- How we protect your personal data
- Your rights
The supervisory authority for data processing is the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY). If you wish to lodge a complaint regarding our processing of your personal data, you have the right to do so. Please see www.imy.se for more information.
1. Personal data processed when you visit our website
| Personal data processed | Purpose | Legal basis | Retention period |
|---|---|---|---|
| We process your IP address – when you enter a website address in your browser, a request is sent out on the Internet. The request passes through our routers on its way to our website. | We need to process your IP address so that you can browse our website. We store a text file (a cookie) in your browser to collect information about the use of our website during your visit (session cookie), including to show what is new since your last visit. | Our legitimate interest in allowing you and others interested in our services to browse our website and access our services. | Your IP address is processed during your visit (session cookies). Other cookies remain until you delete them from your browser. By deleting cookies or disabling them in your browser, you can ensure Contentor no longer processes this information. |
| Contentor uses Google Analytics. The tool places its own cookies to function and your usage data and IP address will be sent to and stored on Google's servers. You can read more about how Google processes your data at this link. | To measure what visitors do (click) when they visit our website. This information is used solely to evaluate website usage. | Based on your explicit consent. | Your IP address is stored for eighteen (18) months. |
| Contentor uses HubSpot analytics. The tool places its own cookies to function and your usage data and IP address will be sent to and stored on HubSpot's servers. | To measure what visitors do (click) when they visit our website. This information is used solely to evaluate website usage. | Based on your explicit consent. | Your IP address is stored for eighteen (18) months. |
2. Personal data processed when you apply for a job with us
| Personal data processed | Purpose | Legal basis | Retention period |
|---|---|---|---|
| Name, personal identity number, address, email address, telephone number and other information you provide when applying for a job. | To keep in touch with you and assess your application for the position you have applied for. We use your data to administer your application, review CV, cover letter, references, certificates and to communicate with you and for storage purposes. | Our legitimate interest in evaluating your qualifications, personal characteristics and background for recruitment/selection decisions. | Until the position is filled. |
| Same as above (for future recruitment). | To contact you early if a vacancy arises for which you are suited and of interest. | Our legitimate interest in retaining your application for a period after the position is filled. | One (1) year from filling the position. |
| Same as above (for legal claims). | To defend any claims that may arise in connection with the recruitment process. | Legal obligation. The statute of limitations for claims under the Discrimination Act is two (2) years. | Two (2) years from filling the position. |
| Name, personal identity number, address, email address, telephone number and other information provided in an unsolicited application. | For future recruitment and to contact you early if a suitable vacancy arises. | Our and your legitimate interest in retaining your application for a period. | One (1) year from receipt of the unsolicited application. |
3. Personal data processed when you enter into an agreement with us or request a quote
| Personal data processed | Purpose | Legal basis | Retention period |
|---|---|---|---|
| Name, personal identity number (if sole proprietor), address, email address, telephone number. | To prepare a quote. | Our legitimate interest in entering into a contract with your employer. | Up to one (1) year; deleted if not accepted. |
| Same as above (contract relationship). | To enter into and manage the contractual relationship. Use your data as the contact person for your company. | Contract performance. | Three (3) years from service termination or as required by nature of service. |
| Same as above + purchased services. | To perform the service you ordered, communicate with you and store correspondence. | Contract performance. | Three (3) years from service termination or as required by nature of service. |
4. Personal data we process after you have entered into an agreement with us
| Personal data processed | Purpose | Legal basis | Retention period |
|---|---|---|---|
| Name, personal identity number (if sole proprietor), address, email address, telephone number and purchased services. | To bookkeep, invoice and account for our financial transactions. | Legal obligation under accounting regulations. | Seven (7) years from booking date, per Accounting Act. |
5. Personal data processed for direct marketing
| Personal data processed | Purpose | Legal basis | Retention period |
|---|---|---|---|
| Name, personal identity number (if sole proprietor), address, email address, telephone number. | Direct marketing, newsletters and information about planned events and selected partner services. | Your explicit consent. | One (1) year from service termination or as required by nature of service. |
6. Personal data processed due to legal obligation or to safeguard legal claims
| Personal data processed | Purpose | Legal basis | Retention period |
|---|---|---|---|
| Personal data processed when you entered into an agreement with us. | To comply with legal obligations under law, regulation, authority instructions and guidelines. | Legal obligation. | Three (3) years from service termination or as required by the legal obligation. |
| Personal data processed when you have used our services/products. | To investigate, defend or establish legal claims or disputes related to your use of our service or our contractual relationship. | Our legitimate interest in safeguarding our rights. | Three (3) years from service termination or until the legal claim is resolved and any judgment is final. |
7. Who we share your personal data with
We share your personal data only when necessary for our operations. We share data with our partners such as Wordbee SA (VAT LU22550164), HubSpot Ireland Limited (VAT IE9849471F), Google Ireland Limited (VAT IE6388047V), Google Cloud EMEA Limited (VAT IE3668997OH), Verified Global AB (556883-1233), Teamtailor AB (556936-6668), our auditor Kim Lavin at Baker Tilly Helsingborg AB (559053–9655), payroll provider Edacta AB (559245-1123), IT provider Future IT Partner Skåne AB (556884-2859) and web host ODERLAND Webbhotell AB (556680-8746).
Accounting service providers – external providers necessary for invoicing and bookkeeping.
Authorities and the judiciary – we may share your data in good faith when necessary to comply with legal obligations or respond to legal claims.
We may also disclose data for national security, police or intelligence activities, or to prevent loss of life or injury, provided such interests do not override your rights and freedoms.
We may disclose data as specially agreed with you, when necessary to safeguard your or our rights under a specific assignment, or to comply with statutory duties or court orders.
8. Transfers outside the EU/EEA
We strive to process your data within the EU/EEA, but transfers to countries outside the EU/EEA may occur. In such cases, we will take all reasonable legal, technical and organizational measures (e.g. standard contractual clauses or obtaining your explicit consent) to ensure an adequate level of protection comparable to that within the EU/EEA.
9. How we protect your personal data
Your security is important to us. We have implemented appropriate technical, organizational and administrative measures to protect your personal data from loss, misuse, disclosure, alteration, destruction, unauthorized access and other unlawful processing. We regularly review these measures to ensure maximum protection. Contentor employees, contractors and suppliers are required to follow Contentor’s policies, this Privacy Policy and other internal guidelines governing data processing.
10. Your rights
You are not obliged to provide personal data, but where processing is necessary for contract performance, we require your data to fulfill our obligations. Without it, we may not be able to provide certain services.
We may request your consent for certain processing. You can withdraw your consent at any time by contacting us. Withdrawal does not affect processing carried out before withdrawal.
As a data subject, you have the following rights. To exercise any of these, contact us at gdpr@contentor.se:
- Right to information
- Right of access
- Right to rectification
- Right to erasure (“right to be forgotten”)
- Right to restriction of processing
- Right to object
- Right to data portability
- Right to withdraw consent
- Right to lodge a complaint with IMY
This Privacy Policy was last updated on 23 April 2024.