Personal Data and Integrity Policy

1. Introduction

We care about your integrity and are committed to comply with the General Data Protection Regulation (the “GDPR”) to secure your personal data. Crunchfish AB (SE-556804-6493) collects and uses personal data from our customers, partners and persons who show interest in our products or services. Personal data is information from which a living individual can be directly or indirectly identified as a physical person. Crunchfish is responsible for the processing of the personal data that you provide us. If you have any questions in relation to this policy and cannot find answers herein, please get in touch with us. You will find information about how to contact us at the end of this Personal Data and Integrity Policy (the “Policy”).

When you approve this Policy, you approve our use and processing of your Personal Data (as defined below) in accordance with the description provided in this Policy.

This Policy is the foundation of how we collect and use personal data. In the event we need to amend this Policy, we will give notice and will provide information regarding the content of the new terms and conditions for your approval.

2. Personal data which is being processed

Personal data means all types of information which can, directly or indirectly, be associated with a living physical person, such as names, telephone numbers, addresses, postal codes, e-mail addresses, purchase history and other non-sensitive information that you provide us in your dialogue with us (hereinafter collectively referred to as “Personal Data”).

We will not collect or process any Personal Data which falls within the special categories of personal data set out in article 9 of the GDPR.

3. Legal basis for processing and use of Personal Data

We collect and process information about you only where we have legal bases for doing so under applicable EU laws. This means we collect and use your information only where: (i) it is necessary in order to provide you with Crunchfish products and services, including to provide customer support and to protect the safety and security of our products and services; (ii) it satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote our products and services and to protect our legal rights and interests; (iii) you give us consent to do so for a specific purpose; or (iv) it is needed to comply with a legal obligation.

You can request that we stop using your Personal Data for marketing purposes at any time.

4. Information to other parties and third countries

Other than as provided in this Policy, we will not share the Personal Data which you provide with any third party. An individual or legal entity who directly or indirectly controls, is controlled by, or is otherwise under the same control as the identified controller of personal data (hereinafter a “Group Company”) is not regarded as a third party. A relevant Group Company which receives Personal Data may process such data from time to time in accordance with the provisions of this Policy. We will not communicate your Personal Data to any third party (excluding Group Companies) for commercial use.

We may retain independent suppliers for services in connection with our products and services. These suppliers may process Personal Data and sometimes require limited access to Personal Data which we have collected. We will always endeavour to limit such access to Personal Data and only share such information as is reasonably necessary to enable the suppliers to do their work or provide their services. We will also require these suppliers to (i) protect your Personal Data in accordance with this Policy and (ii) refrain from using or disclosing your Personal Data for any purpose other than providing us with the agreed product or services.

We will not transfer Personal Data to any third country (i.e. a country outside of the EU/EEA).

5. Retention of data

We will retain your Personal Data as long as it is needed to fulfil the purposes specified above, unless a longer retention period is required or permitted by law (such as tax, accounting or other legal requirements). When we have no ongoing legitimate business need to process your personal data, we will either delete or anonymize it as soon as it is technically possible. If your personal data is held by us on behalf of your company, we will retain such personal data in accordance with the terms and conditions of our data processing agreement with them, subject to applicable law.

6. Security

We take all appropriate technical and organisational security measures which are necessary to the safeguard the Personal Data against unauthorised access, modification, or destruction. However, providing Personal Data over digital channels always entails a risk since it is not possible to completely protect technical systems from unauthorised access.

7. Right to request information

You are entitled, once each year and free of charge, to request information regarding the Personal Data, if any, about you which we process and to have any erroneous information corrected. If you would like to know how we process Personal Data about you, you can send a written, signed request to us.

8. Contact information

Please let us know if you have any questions or comments about how we handle your personal data or about this Policy. The address is:

Crunchfish AB (reg. no. 556804-6493)
Stora Varvsgatan 6A
+46 40 626 77 00

Alf Riple
Västra Hamnen Corporate Finance AB