Try it for free

Try it now

Privacy Policy

It is important to us, Klash AB, company registration number 556829-7245, to protect all personal data that we process. This Privacy Policy includes information on how we process your personal data, and it applies in relation to all processing activities that we conduct in the capacity of data controller. Of course, we only process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (the ”GDPR”) and other applicable laws.

1. Introduction and Important Terms

For this Privacy Policy to become easier to read, some of the terms used herein are described below:

The term ”personal data” (or sometimes just ”data” or ”information”) refers to any and all information about you or someone else (i.e., to any identifiable, natural person), even if linking the information to you or someone else would require some effort. This could for instance be information about your phone number or your workplace.

The term ”processing” refers to any action taken, such as use or collection, in relation to personal data. The processing can either be automatic or manual.

The term ”data controller” refers to the person who is responsible for certain processing of personal data, and therefore determines the purpose and means of the processing. We, Klash AB, are the data controller in relation to the processing of personal data which we conduct on our own behalf, and such processing is covered by this Privacy Policy. You find our contact details further down in this policy.

The term ”you”, when used herein, refers to a person whose personal data we process in the capacity of data controller. Depending on your relationship with us or actions taken by you, i.e., which type of data subject you are (see the left column below in Section 2), the information in Section 2 below may be applicable to you. The different kind of data subjects whose personal data we process in accordance with this Privacy Policy are the following:

1. Persons representing our company customers (including as internal users within the company’s account in the service)

2. Individuals who use our service for private purposes

3. Persons representing our potential customers

4. Persons who have been invited to our service by any of our current customers and who use our service without a user account

5. Persons representing (or who are themselves) a supplier, partner, or another person within our network

6. Persons who appear in our own content in our service

7. Persons who apply for a job or internship with us or who are otherwise subject to a recruitment process of ours

8. Website visitors (including all users of our service)

9. Any other persons who contact us

2. Processing of Personal Data

Below you will find information on how, for how long, and based on what legal ground we process your personal data as well as what kind of personal data we process.

Data Subject

Persons representing our company customers (including as internal users within the company’s account in the service)

Processing and purpose of processing: We use your personal data to be able to provide the service to your employer/principal, customize the user interface, present relevant features and content, and to administrate the relationship between the customer and us, for instance for payment and communication purposes and for setting up and maintaining user accounts. We collect the data, compile the data in our systems, we communicate with you by email, phone (by talking, texting or otherwise), and take other actions necessary for the stated purposes.

Type of personal data: Contact details such as name, phone number, email address, profile picture, work title, information about your use of the service, conversation data and, should the customer be a sole trader, information about your account in our service/ your order(s) within the service, payment preferences, other information about current and previous agreements, your personal identification number, and payment data.

Legal ground for processing: It is necessary for us to process the data in order to fulfil the stated purpose, and we therefore, after having carefully assessed the matter, consider that we have a legitimate interest in processing the personal data. In some cases, our processing is based on the agreement between your employer/principal and us or, as applicable, you and us.

How we received the personal data: Most of the personal data that we process about you, we have received directly from you. For instance, it might be that you provide us with information when your employer/principal, through you, engage with us for the provision of the service, or when you send emails to us. It might also be that your employer/principal or one of your colleagues provides us with information about you.

Processing and purpose of processing: To be able to conduct troubleshooting and for security reasons, we collect the data and use it as necessary for the stated purpose.

Type of personal data: Name, email address and IP address, and information about what company you are representing.

How we received the personal data: As regards your name and email address, we receive the data directly from you (this will be requested for you to be able to use our service). Your IP address will be collected automatically when submitting your name and email address in the service, and when logging in. Information about what company you are representing is linked to the user account from which you use the service.

Processing and purpose of processing: To be able to, for marketing or information purposes, inform about us and our services and products, including, provide your employer/principal with customized offers, we compile the information in our system and use it to send news and information emails and similar. Should you no longer wish to receive such information, we also compile and use such information to ensure that no more emails are sent to you.

Type of personal data: Email address and name as well as information about your use of the service, i.e., user data.

Legal ground for processing: We have a legitimate interest in being able to market ourselves and provide information about us, that is the legal ground for our processing. We are obliged to not continue to send newsletters to you should you not wish to receive them anymore, which is why we base the relevant processing on our legitimate interest in complying with applicable law and respecting your wishes.

How we received the personal data: It varies; for instance, we might receive it directly from you when contacting us, or by collecting it ourselves from the internet, including from social media (such as LinkedIn), another third party or from your employer’s or principal’s website.

Processing and purpose of processing: Sometimes, we might publish commercials of our customers and cases in the service/on our website. The purpose of this is to improve/promote the service and improve the user experience. We take all actions necessary for the stated purpose, such as storing and posting the content.

Type of personal data: It depends on the nature of the content as from time to time. Normally the content will include one or several pictures and/or videos, but may also include name, work title, employer/principal.

Legal ground for processing: In most cases, our processing is based on the agreement between you and us, or your employer/principal and us.

How we received the personal data: In most cases, the content will be created and provided to us by you (or a third party acting on behalf of you/our customer) when you use the service.

Individuals who use our service for private purposes

Processing and purpose of processing: We use your personal data to be able to provide the service to you, customize the user interface, present relevant features and content, and to administrate the relationship between you and us, for instance for payment and communication purposes and for setting up and maintaining user accounts. We collect the data, compile the data in our systems, we communicate with you by email, phone (by talking, texting or otherwise), and take other actions necessary for the stated purposes.

Type of personal data: Contact details such as name, phone number, email address, profile picture, work title, information about your use of the service, conversation data and information about your account in our service/ your order(s) within the service, payment preferences, other information about current and previous agreements, your personal identification number, and payment data.

Processing and purpose of processing: To be able to conduct troubleshooting and for security reasons, we collect the data and use it as necessary for the stated purpose.

Type of personal data: Name, email address and IP address.

Processing and purpose of processing: To be able to, for marketing or information purposes, inform about us and our services and products, including, provide you with customized offers, we compile the information in our system and use it to send news and information emails and similar. Should you no longer wish to receive such information, we also compile and use such information to ensure that no more emails are sent to you.

Type of personal data: Email address and name as well as information about your use of the service, i.e., user data.

Persons representing our potential customers

Processing and purpose of processing: To be able to create business relationships with new customers, we collect the data, compile the data in our system for any future contact with you, use it to enter into an agreement with you/your employer/principal, and we communicate with you by email, phone (by talking, texting or otherwise) and/or in another way.

Type of personal data: Contact details such as name, phone number, email address, and as applicable, information about your work title and employer/principal.

How we received the personal data: It varies; for instance, we might receive it directly from you when contacting us, for instance by using the contact form on the website, or by collecting it ourselves from the internet, including from social media (such as LinkedIn), another third party or from your employer’s or principal’s website.

Persons who have been invited to our service by any of our current customers and who use our service without a user account

Processing and purpose of processing: To enable access to the service, and to let you use certain parts of it when you have been invited by any of our customers, we collect the data, compile the data in our system and take other actions which are necessary for the stated purpose.

Type of personal data: Email address, communication data such as comments regarding certain content, the username chosen by you, as well as information about what customer you have been invited by.

How we received the personal data: Your email address will be received by a customer of ours (who has guaranteed that he/she/it has the right to share such data). In relation to other data, we will, normally, receive it directly from you.

Processing and purpose of processing: To be able to conduct troubleshooting and for security reasons, we collect the data and use it as necessary for the stated purpose.

Type of personal data: Username, email address and IP address, and information about what user you have been invited by.

How we received the personal data: Your email address will be received by a customer of ours and in connection therewith, we will receive information about what user you have been invited by. Your IP address will be collected automatically when submitting your username (which you will provide us with as set forth above).

Persons representing (or who are themselves) a supplier, partner, investor, or another person within our network

Processing and purpose of processing: To be able to conduct, develop, improve our business, and otherwise to meet a need of ours, we sometimes need to purchase certain services/products, cooperate with others, engage with investors and similar. If we have entered into an agreement with a supplier, partner, investor or other third party, the purpose of the processing is dependent on what has been agreed with you/the company that you represent and us, or the relevant need of ours. In general, in such cases, processing takes place to meet the need of ours, which may include the performance and administration of what has been agreed to, and to take advantage of our rights as set forth in the relevant agreement.

Type of personal data: It depends on the relevant situation or agreement. In most cases, only contact details such as name, phone number, email address, communication data and, as applicable, information about who is your employer/principal, you work title, and, should you be a sole trader, in some cases, your bank account/invoicing information and personal identification number. If you provide us with other personal data, we will also process such data. We might also request that you provide us with additional data as depending on the type of agreement to be or which has been entered into.

How we received the personal data: Most of the personal data that we process, we have received directly from you or anyone else representing the supplier/partner/investor/third party. It might also be that the company that you represent or one of your colleagues provides us with information about you. Further, we might also, where needed, collect it ourselves from the internet.

Persons who appear in our own content in our service

Processing and purpose of processing: To improve/promote the service and improve the user experience, we sometimes publish pictures and videos on our website. We take all actions necessary for the stated purpose, such as storing and posting the content.

Type of personal data: It depends on the nature of the content as from time to time. Normally the content will include one or several pictures and/or videos.

Legal ground for processing: In most cases, our processing is based on the agreement between you and us, or your employer/principal and us.

How we received the personal data: In most cases, the content will be created by us. It might also be that we purchase the content from you or your employer/principal.

Persons who apply for a job or internship with us or who are otherwise subject to a recruitment process of ours

Processing and purpose of processing: For us to be able to find suitable persons to hire for employment and finding suitable persons for internships, we compile the data in our system for any future contact with you, we communicate with you by email, phone (by talking, texting or otherwise) and/or in another way, and use the data in connection with eventual job interviews, in connection with taking of references and to be able to enter into an agreement with you.

Type of personal data: Contact details such as name, phone number and email address, information included in your CV and other parts of your application, communication data, as well as notes from eventual job interviews and our taking of references.

Legal ground for processing: If you submit an application to us, this means that you give your consent to our processing of your information. If we, as a result of our own searching activities, find that you are a potential candidate and therefore process your data, we do so because it is necessary for us in order to fulfil the stated purpose, and we therefore, after having carefully assessed the matter, consider that we have a legitimate interest in processing the personal data.

How we received the personal data: If you submit an application to us, the data is thus collected directly from you. We may also collect the data ourselves from the internet, including from social media (such as LinkedIn), or another third party (such as from someone telling us about you). Personal data may also be collected directly from you in connection with job interviews and in connection with taking of references.

Website visitors (including all users of our service)

Processing and purpose of processing: To be able to improve/market our business, in particular optimizing our website/our service, we collect the data, compile it within our system, and evaluate it.

Type of personal data: Data regarding demography and website behaviour, as well as information about your geographical location.

Legal ground for processing: In relation to strictly necessary cookies, we have a legitimate interest in being able to develop our business and that is the legal ground for such processing. As regards other types of cookies, our processing will be subject to your consent (which may be withdrawn).

How we received the personal data: The information will be collected by us when you visit the website.

Any other persons who contact us

Processing and purpose of processing: To be able to answer any request received from you, we need to process personal data to communicate with you and, as applicable, take any actions as a result thereof.

Type of personal data: This depends on what information you provide us with. In most cases, your name and other contact details will be processed, as well as communication data.

Legal ground for processing: It is necessary for us to process the data in order to fulfil the stated purpose, and we therefore, after having carefully assessed the matter, consider that we have a legitimate interest in processing the personal data. However, the processing may instead, depending on your inquiry, be based on your consent, an agreement, or other legal ground.

How we received the personal data: Normally, all personal data will be received directly from you.

All categories of data subjects

Processing and purpose of processing: We may need to process certain personal data in order to fulfil an obligation under law (for example, to fulfil our obligation to keep accounts). The types of processing that may occur is dependent on what legal obligations that we have from time to time. For example, we may use the information to share your data with authorities to the extent they require us to do so.

Type of personal data: All categories of personal data set forth herein may be processed in connection with the stated purpose.

Legal ground for processing: Such processing of personal data may take place on the basis that we have a legal obligation that requires the processing.

How we received the personal data: Since all personal data processed by us may be included, everything set forth in this column above and below regarding how we received the data apply.

Processing and purpose of processing: We may need to process certain personal data in order to safeguard our or someone else’s rights and/or interests in the event of a legal claim against us or someone else. The type of processing is depending on each situation. Normally, we may need to use the data in connection with court proceedings or when having a dialogue with a counterparty or counterparty counsel.

Type of personal data: All categories of personal data set forth herein may be processed in connection with the stated purpose.

Legal ground for processing: Should we need to process personal data for the stated purpose, we consider, after having carefully assessed the matter, that we have a legitimate interest in doing so.

How we received the personal data: Since all personal data processed by us may be included, everything set forth in this column above and below regarding how we received the data apply.

Processing and purpose of processing: To be able to reconstruct, such as divide into several businesses, or if someone wishes to invest in us, acquire us or a part of us, or any of our assets, we might have to disclose your personal data to such potential investor or purchaser (who is bound by a confidentiality obligation), for instance as part of a due diligence investigation, and take other measures within the scope of the above-mentioned purpose (such as discussing with a counterparty about their findings). For the avoidance of doubt, the processing of your personal data will continually be in accordance with this Privacy Policy, unless you are informed otherwise.

Type of personal data: All categories of personal data set forth herein may be processed in connection with the stated purpose.

Legal ground for processing: If we process data due to the stated purpose, such processing will be based on our legitimate interest, after having carefully assessed the matter, in being able to restructure ourselves, finance our business or as otherwise stated, and thereby process your personal data.

How we received the personal data: Since all personal data processed by us may be included, everything set forth in this column above and below regarding how we received the data apply.

Processing and purpose of processing: If you on your own initiative provide us with other personal data than the one that we it requested, we may process them by, for instance, compiling them in our systems and communicate with you about them by email, phone (by talking, texting or otherwise) and / or in another way.

Type of personal data: Since we cannot control what information you provide to us, any type of personal data may be processed in connection with the stated purpose.

Legal ground for processing: The legal ground for our processing is dependent on the type of data provided by you and the reason for it. The processing may thus be based on your consent, an agreement, our legitimate interest or other legal ground.

How we received the personal data: We receive the data directly from you, your employer/principal or another third party.

3. Storage Period

We process personal data only for as long as it is necessary to fulfil the purpose with the processing. When we no longer need certain personal data for the processing stated above, we delete it. Depending on the legal ground for the processing, the period during which we process the personal data may be governed by an agreement, be subject to a valid consent, be specified in legislation or be a result of our own assessment based on our legitimate interest. In relation to our customers (including the data of their representatives), their data is deleted within our year after the termination of the service agreement as entered into between us and them respectively.

4. Security

We have taken technical and organizational measures to ensure that your personal data is protected in the best possible way, such as:

i) Encryption

ii) Organizing information in four different security classes according to ISO 27001/20000

iii) Login with two-step verification and single sign-on (SSO)

iv) Great focus on security-related work and staff training

v) Information classification

vi) Continuously monitoring the access to information

vii) Subcontractors are chosen with great care

viii) Entering into confidentiality agreements

We ensure that your personal data is not disclosed other than when necessary, for instance by the establishment of routines and the measures set forth above (which varies depending on the type of personal data and the purpose of the processing), and otherwise ensure that it is protected from loss and unauthorized access.

5. Disclosure

The personal data that we process is available to persons within our organisation who need it in order to carry out their work duties only (which varies depending on the type of personal data and the purpose of the processing) who are employees or consultants. We also share personal data with our subcontractors and, where applicable, to potential investors and purchasers according to Section 2 above, to the extent necessary for us to be able to achieve the purpose of the personal data processing. We might also share personal data with authorities to the extent we are required to do so.

We never share more information than necessary given the purpose of the sharing. We choose our subcontractors with great care and enter into data processing agreements with all of them, meaning that they may only process personal data in accordance with applicable law and our instructions. We use or may use, as from time to time, subcontractors/third-party tools for the following purposes:

i) Cloud storage

ii) Media processing

iii) Streaming services

iv) Speech-to-text

v) Two-factor authentication

vi) Analytics

vii) Online payments

viii) Error handling and debugging

ix) Email

We strive for your personal data to be processed within the EU/EEA. However, some of our subcontractors are domiciled outside the EU/EEA, and therefore personal data may sometimes be transferred and processed outside the EU/EEA where other rules on personal data processing apply. However, we will always take all necessary measures to ensure that your personal data is processed with appropriate safeguards in accordance with the GDPR and other applicable laws (such as standard contractual clauses).

6. Your Rights

Due to our processing of your personal data, you have the following rights:

i) You have the right to

a. access the personal data which concerns you and which is processed by us, and

b. should it or parts of it be inaccurate and/or incomplete, have it rectified or completed.

ii) You have the right to demand

a. that we erase the personal data which concerns you and which is processed by us,

b. that we restrict our processing of your personal data, and/or

c. that we completely discontinue our processing of your personal data.

iii) You have the right to exercise your right to data portability (i.e., the right to receive the personal data concerning you in a structured, commonly used, and machine-readable format which may be transmitted to another controller).

iv) Should our processing of your personal data be based on your consent, you have the right to withdraw such consent (in relation to future processing).

If you wish to exercise one or several of your rights, you are welcome to contact us via the contact details provided in Section 7 below. If you exercise your rights as described above, we may not be able to cooperate or have continued contact with you (or the company that you represent), provide our services to you (or the company that you represent), include you in a recruitment process etc.

Please note that you in some cases do not have all the rights listed above. This applies, for example, if we have to process your personal data i) for the purpose which it was collected, ii) according to our conclusion after having carefully weighed interests, or iii) otherwise according to EU law or the national law of an EU country. The rights set forth above are not absolute, and you only have the right to exercise them to the extent it would be in accordance with the GDPR and other applicable law, and where we otherwise have the legal/contractual right to comply with them (for instance by disclosing information to you). Further, please note that the rights set forth above apply subject to the duty of confidentiality which we might have in relation to third parties. Such duty of confidentiality may imply that we cannot disclose certain data that we have received.

Further, you have the right to make complaints about how we process your personal data if you believe that this is not done in accordance with applicable laws. You may do this by contacting the Swedish Authority for Privacy Protection (Swedish: Integritetsskyddsmyndigheten), for instance by using the email address imy@imy.se. Other contact information for the Authority for Privacy Protection can be found here: https://www.imy.se/kontakta-oss/.

7. Contact and Questions

If you have any questions about our personal data processing or want to exercise your rights as set out above, you are welcome to contact us. The easiest way to reach us is to send an email to privacy@klash.studio. Also, you are always welcome to send us a letter. Our address is:

Klash AB

Högalidsgatan 42

117 30 Stockholm, Sweden

8. Privacy Policy Updates

We may make changes to this Privacy Policy. The latest version of it is always available upon request. Before any material amendments to this Privacy Policy enter into force, we will inform you about them (for instance through a notice on your website or an email) before continuing the processing of your personal data.

Navigation

Company

Social