Privacy Policy
→ Introduction
The purpose of this policy is to set out guidelines for our internal work and to show our stakeholders in a transparent way how we process personal data. Ultimately, it is about protecting personal data from unauthorised access and making it easier for data subjects to find out what data we process about them and to be able to easily erase it at the request of the data subject if and when the law so permits.
Our Privacy Policy governs your visit to https://www.sinkorswim.se/ and explains how we collect, safeguard, and disclose information that results from your use of our Service.
→ Legal compliance
The European General Data Protection Regulation (GDPR) entered into force on 25 May 2018. Its interpretation in practice may change over time.
→ Sink or Swim Innovation AB
Sink or Swim Innovation AB is a consulting company that helps early-stage impact startup companies in Sweden apply for grants from Swedish and EU funding institutions. We process personal data both on our own behalf and on behalf of our clients.
Sink or Swim Innovation AB is the Data Controller. We process the personal data of our employees, contact persons, customers, and potential customers. This policy covers how we will process personal data in this role.
→ Reasons to process personal data
We only process personal data that is strictly necessary to fulfill the purpose of the business or obligations under legal requirements or contractual commitments with customers. We never keep personal data longer than established under contract and law. We never process personal data that the GDPR classifies as sensitive personal data. Thus, we do not foresee any situation where we will need explicit consent for processing your personal data.
→ Types of personal data we process
Below are examples of the personal data we normally process for legal and contractual reasons. We may process other personal data in addition to those listed below on a case-by-case basis:
- Tittle
- Name
- Address
- E-mail address
- Phone number
- Username and password to funding portals
→ We process personal data of the stakeholders below
Customers
We process personal data within the contracts with existing customers. This personal data is never processed in any other way than what can be justified by the ongoing customer relationship and is stored for a maximum of two years after the end of the contract.
Potential customers
We process personal data within the contracts with existing customers. This personal data is never processed in any other way than what can be justified by the ongoing customer relationship and is stored for a maximum of two years after the end of the contract.
→ How we process your data
Below you can read our guidelines on how we process personal data in different steps:
- Collect and record: We only collect data that is considered essential to fulfill our existing contractual obligations to our customers and employees as our business stands today. Once collected, personal data is stored in a cloud storage system as soon as we receive it. Therefore, personal data never remains stored in emails, web forms, or physical paper.
- Use: We only use personal data for its primary purpose, meaning in accordance with the purposes and reasons for which it was originally collected or transferred to us. The only exception is using personal data to contact C-level executives for sales and marketing purposes.
- Store and protect: We store personal data in third-party cloud storage only. We never store physical data. We never store data in our own servers. Digital cloud storage is protected by the safety guarantee of paid cloud providers (e.g. Google). An antivirus software is installed on our servers and is automatically updated daily. Access to data is protected by internal login and passwords, which are regularly changed in accordance with high-security recommendations.
- Transfer: We never disclose or transfer personal data to third parties, except for what we are required by law to report to authorities. We avoid emailing personal data.
- Delete: We must always delete personal data when it is no longer needed for the purposes for which it was collected and used. Personal data is stored for a maximum of two years after the latest contractual obligation with the customer has ended. Upon direct request from the Data Controller or the data owner, personal data related to such data owner must be deleted as fast as possible and within a month. We don't normally process any sensitive data, but if we do, it gets deleted as soon as possible.
→ Your rights to your personal data
Below are the rights that are most relevant to our business and the personal data we process:
- Right to information: Right to 1) obtain information about which personal data we process, a so-called register extract, 2) rectification or amendment, 3) request the rectification of inaccurate data or the amendment of personal data provided.
- Right to withdraw consent: We never process data that requires consent. When we do, you have the right to withdraw your consent and we'll delete the data.
- Right to erasure: You can ask we delete your data for certain reasons outlined in the law.
→ Contact form
When you use any form of contact form on our website, we assume that you agree to us collecting and storing the information you give us.