In use from 2020-06-12
How Spotlight Group processes personal data
When we develop Spotlight Group’s services, these are preceded by technical, physical and organizational measures to ensure both privacy and accessibility of personal data and other information we handle. As personal data controller, Spotlight Group is constantly working to ensure that our services and internal processes meet the requirements that are set when processing personal data.
The Policy describes the categories of personal data that Spotlight Group processes and the reasons for this processing. Furthermore, information is also given about where we collect your personal data, who we share your information with and how long we store the collected data. The policy also describes how you can access your personal data, make comments about the treatment or how to contact us with questions about our personal data processing.
Personal data that may be collected by Spotlight Group
Spotlight Group processes different categories of personal data. We have therefore divided personal data into different categories. For example, the following personal data may be processed:
- Identification and contact information such as name, social security number or national identification number, address, telephone number, e-mail address.
- Tasks related to the performance of assignments such as account numbers and authorizations with associated personal data.
- Information for communication in cases and other matters based on your relationship with Spotlight Group through employment, assignments, agreements or similar, both for physical communication and electronic communication.
Purpose and legal basis for processing
Your personal information is primarily used to fulfill agreements that Spotlight Group has or is about to enter into and to enable Spotlight Group to fulfill the legal obligations that are imposed on us. Below is a description of the purposes that Spotlight Group has for processing personal data, what the intent is for the purpose and legal basis for each purpose.
Fulfilling of agreement
Spotlight Group collects, processes and stores your personal information in order to prepare, provide and administer Spotlight Group’s services to you – electronically, physically or over the phone.
Spotlight Group is obliged to comply with securities law and other applicable legislation for our operations, as well as regulatory regulations applicable at all times. In the context of this, we handle your personal data in order to, for example:
- Establish and maintain insider lists, as well
- Report to competent authorities such as the Swedish Tax Agency and the Swedish Financial Supervisory Authority.
Spotlight Group offers services with the goal of creating long and good relationships with our customers. The legal basis for our treatment is the intended and later (if applicable) contractual relationship between the customer and the Spotlight Group. Therefore, we need to process your personal information for the following purposes:
- Fulfill our obligations to you in accordance with quotation, agreement or similar obligation.
- Conduct marketing activities where we identify and suggest services that may be relevant to you. However, you always have the opportunity to choose to unsubscribe from news releases and offers by contacting us.
Where we collect your personal data
Spotlight Group may collect your personal data directly from you, for example when using Services at Spotlight Group. We may also obtain information from public and other registers, such as Bisnode, the Swedish Companies Registration Office and government agencies.
Who we share your personal data with
By law, Spotlight Group may not disclose information about you unless there is clear support in connection with the fulfillment of the terms of an agreement with you or for a legal purpose that requires or permits, such as reporting to authorities.
In order to fulfill the terms of our customer agreements and other commitments, we may share information about you internally within Spotlight Group and sometimes even with external companies that provide contracted services to Spotlight Group and our customers. This may include, for example, financial infrastructure partners, suppliers, actors acting on behalf of clients or other parties to the customer agreement. In all of these cases, Spotlight Group, in the role of personal data controller, is responsible for ensuring that your personal data is processed exclusively for purposes that are compatible with the purposes for which we have collected the information.
Spotlight Group may employ personal data processors for all or part of the processing. Written agreements are established with each such personal data processor and it is the responsibility of Spotlight Group to carry out the ongoing monitoring of personal data processors as required by law and regulations to ensure that the processing is done in a secure and satisfactory manner and to terminate cooperation with personal data processor who cannot provide sufficient guarantees. adequate level of protection.
Situations when we may share your personal information outside the organization are:
- To approved credit reporting agencies for credit reporting in connection with entering into an agreement with us,
- To various external actors to fulfill our contractual obligations, as well as
- To various authorities for the purpose of complying with laws and other regulations concerning, for example, taxes and money laundering or terrorist financing.
Transfer to third countries
Processing of personal data takes place within the EU / EEA and Spotlight Group does not transfer any personal data processed outside the said area. In rare cases, however, personal data may be transferred to and processed in countries outside the EU / EEA (so-called third countries). Before such a transfer occurs, Spotlight Group ensures that the transfer is performed only on condition that appropriate safeguards have been taken and undertaken in accordance with the regulations in force for such transfer at any time. Privacy Shield and standard contract clauses approved by the European Commission.
Spotlight Group only stores your personal data as long as we need to be able to provide contracted services or as long as we have your consent to the processing and the legal basis for such processing exists. We also store personal information in order to fulfill our legal obligations, e.g. securities law and accounting law obligations, and when there is an obligation as a result of law or authority decisions.
If you terminate any service provided by Spotlight Group, we might need to save some of your personal data that is linked to the relevant service for some time, due to obligations that follow from law. For example, the Swedish Tax Agency requires that we retain certain personal data for seven (7) years in order for us to fulfill our reporting obligation.
- When your personal data is processed by Spotlight Group, you have the following rights:
- You have the right to access the personal data we process about you. The information is provided in the form of a copy (through a register extract). Requests for registry extracts are usually free of charge;
- If the information we have about you is incorrect or incomplete, you can request that we correct or supplement it;
- You have the right, under certain conditions, to request that the processing of your personal data be restricted for certain stated purposes;
- You have the right to object to a processing of your personal data that is carried out with a balance of interest;
- You have the right to be deleted under certain conditions (“right to be forgotten”), i.e. to have the personal data we hold about you permanently deleted. However, we have the right to refuse deletion in certain situations, e.g. if we are required by law to save the data;
- If you do not wish to receive direct marketing from the Spotlight Group, you can contact us at any time;
- You have the right to data portability, which means that, under certain conditions, you have the right to have your personal data transferred in a structured, commonly used and machine-readable format to another personal data controller.
You are normally entitled to exercise the above rights free of charge. Spotlight Group will respond to the request without undue delay and usually within one (1) month after receiving the request. However, if the request is unreasonable or unfounded, Spotlight Group has the right not to comply with your request. In addition, Spotlight Group may request additional information to verify your identity.
Spotlight Group has taken appropriate technical, administrative and organizational security measures to ensure that your personal data is only processed by authorized personnel and to prevent any personal data incidents from occurring. We also continuously review and evaluate the need for improvements in these measures.
Spotlight Group may make changes to this Policy if this is required by law, regulation, government regulation or if it is deemed otherwise necessary for Spotlight Group to maintain a satisfactory level of protection. The latest version of the Policy is always available on our website, https://spotlightgroup.se/.
If you have any questions or comments regarding how we process your personal data, you are welcome to contact Spotlight Group via firstname.lastname@example.org or at the following postal address:
Spotlight Group AB
211 22 Malmö, Sweden
You can also contact The Swedish Data Protection Authority (Datainspektionen) with any complaints regarding the processing of your personal data.