Privacy Policy

1. INTRODUCTION

Mips AB (publ) (“Mips”, “we”, “us” or “our”) is processing your personal data when you interact with us in various contexts.
We respect your privacy and duly protect the personal data we process about you. All processing of personal data is carried out in accordance with the requirements set out in the general data protection regulation (“GDPR”) and other applicable personal data protection legislation supplementing the GDPR.


We may at our own discretion update this privacy policy at any given time (see at the bottom of this page the date this policy was last updated). If material changes are made, we will provide notice on our website prior to the change becoming effective.


Throughout this privacy policy the term “processing” is used to cover all activities involving your personal data, including e.g. collecting, handling, storing, sharing, accessing, using, transferring and disposing of your personal data. The term “personal data” refers to any information relating to an identified or identifiable natural person.


Depending on in which capacity you are reading this policy, the processing of your personal data may differ. You may read this policy in the capacity as a (i) website visitor, (ii) supplier representative, (iii) customer representative, and (iv) job candidate. To make this notice more relevant to your particular situation, the notice is divided into sections with specific information related to the various roles that you may have when we are processing your personal data.

2. WEBSITE VISITORS OR VISITORS ON OUR DIGITAL CHANNELS

2.1 How do we collect your personal data?

We collect the data directly from you or data that is generated by you, including your devices, when visiting our website or our digital channels.

2.2 Purpose of the processing of your personal data

2.2.1 Track your use of our website and our digital channels

When you are browsing our website or our digital channels, we will process your IP address and browser user agent string to track your activity. Your personal data is processed for this purpose to administrate and improve this website, for our internal records, and for statistical analysis.

Categories of personal dataLegal basis
IP address
Device type
User generated information
Website (page viewed, content consumed, etc).
Consent. We only process your personal data using tracking features (cookies) if you have given us your consent to such processing.
Retention period: The retention period is dependent on the type of cookie, as described in Mips’ cookie policy.

2.2.2 Communicate with you and respond to your questions or feedback, including press contacts
Where we offer you the possibility to communicate with us by asking questions or providing feedback regarding our services and our business, we will process your personal data when you submit a question, comment, feedback, or any other message, including press contacts. The purpose of the processing is to be able to communicate with you and to handle press contacts.

Categories of personal dataLegal basis
IP address
Device type
User generated information
Website (page viewed, content consumed, etc).
Consent. We only process your personal data using tracking features (cookies) if you have given us your consent to such processing.
Retention period: The retention period is dependent on the type of cookie, as described in Mips’ cookie policy.

2.2.3 Arrange competitions and contests

We are processing your personal data when we are arranging competitions and contests. This includes carrying out the competition, reviewing responses from participants, announcing and contacting the winner on our social media platforms.

Categories of personal dataLegal basis
Identity data
Contact data (only to the winner)
Your communication
Instagram-ID
Rationale behind why the winner was chosen
Legitimate interest. The processing is necessary in order to fulfill our legitimate interest in being able to carry out competitions and strengthen our brand and presence.
Retention period: During the competition and for a period of three (3) months thereafter.

2.2.4 Visitor administration (at our premises)

We are processing your personal data when we administrate e.g. events and meetings at our premises, including keeping participation lists and ensuring that your food preferences are respected.

Categories of personal dataLegal basis
Identity data
Contact data
Food preferences
Legitimate interest. The processing is necessary in order to fulfillour legitimate interest in being able to arrange events and meetings at our premises.

To the extent your food preferences reveal information about your health, e.g. if it reveals an allergy, we will ask for your consent before such information is processed by us.
Retention period: During the event and/or meeting and for a maximum period of three (3) months thereafter (for evaluation purposes).

2.3 With whom do we share your personal data?

2.3.1 General

Where necessary in order to achieve the purposes set out in section 2.2, we share your personal data with other entities, authorities, or actors. Please note however that we, regardless of the recipients’ capacity, only will share your personal data with entrusted actors and only to the extent necessary.

2.3.2 Data processors acting on Behalf of Us

In order to fulfill the purposes of the processing of your personal data and to be able to run our business, we transfer personal data to external parties such as third-party service providers that we have engaged, as well as other partners.

These external parties will act as our data processors and may only process your personal data in accordance with our instructions and not for their own purposes. We are the data controller for the processing of personal data that these external parties carry out on our behalf. The purposes of the processing activities carried out by us are outlined in section 2.2.

2.3.3 Recipients that Act as data controllers

The personal data processed by Mips when you visit our website will not be shared with any third party that will process the personal data in the capacity as a data controller.

3. CORPORATE CONTACTS

3.1 Purposes of the processing of your personal data

3.1.1 Administration of contractual relationship
Your personal data will be processed because we have a legitimate interest in administering the relationship with our customers, suppliers, and partners, and to be able to manage the overall cooperation and day-to-day activities. This also includes processing within the scope of the execution of our commercial agreements.

Categories of personal dataLegal basis
Contact information
Identity data
Legitimate interest. The processing of your personal data is necessary in order to satisfy our legitimate interest in being able to administer our business contact relationships and facilitate e.g. day-to-day communications.
Retention period: Your personal data will be processed until the commercial relationship ceases, or until you cease to be a contact person.

3.1.2 Respond to questions and requests

For the purpose of responding to questions or requests sent to us, e.g. via e-mail or phone.

Categories of personal dataLegal basis
Identity data
Contact data
Your communication
Incident data
Legitimate interest. The processing is necessary in order to fulfill our legitimate interest in responding to questions and requests sent to us, e.g. via e-mail or phone.
Retention period: Personal data will be stored for a period of up to ten (10) years, for the purpose of exercising, establishing, or defending legal claims.

3.1.3 Invoicing administration

We will process your contact information for reference purposes when we are either issuing invoices to or receiving invoices from the company that you represent.

Categories of personal dataLegal basis
Identity data
Contact data
Legitimate interest. The processing is necessary in order to fulfil our legitimate interest to have a reference person on the invoices we issue and to process such information that appears on invoices we receive.
Retention period: During the commercial relationship, after which the information will be stored for an additional period in order to comply with legal obligations as set out in section 3.1.4 below.

3.1.4 Collaboration administration (only applicable to influencers and similar collaboration partners)

If you are an influencer of other collaboration partners to Mips, we will process your personal data for the purposes of managing our relationship, e.g. by posting on social media, using content for marketing purposes, campaigns, and following up on the result of various marketing activities.

Categories of personal dataLegal basis
Identity data
Contact data
Your communication
Video recordings and pictures
Legitimate interest. The processing is necessary in order to fulfil our legitimate interest to be able to manage our collaborations, e.g. by posting on social media, marketing, etc.
Retention period: During the commercial relationship. Video recordings and pictures can be stored on our digital channels until further notice.

3.1.5 Fulfil legal obligations

We will process your personal data where necessary in order to comply with legal obligations, e.g. accounting obligations.

Categories of personal dataLegal basis
All information mentioned above.Legal obligation. The processing is necessary in order to with our legal obligations.
Retention period: At least seven (7) years as from the end of the calendar year during which the accounting year ended.

3.1.6 Establish, exercise, and defend legal claims

For the purposes of establishing, exercising, and defending legal claims (for example in connection with a dispute or legal process) we may process your personal data.

Categories of personal dataLegal basis
All information mentioned above.Legitimate interest. The processing is necessary in order to fulfilll our legitimate interest to establish, exercise or defend the legal claim, for example in connection with a dispute or legal process.
Retention period: As long as necessary to establish, exercise or defend the legal claim.

3.2 With whom do we share your personal information?

3.2.1 General

Where necessary in order to achieve the purposes set out in this section 3, we share your personal data with other entities, authorities, or actors. Please note however that we, regardless of the recipients’ capacity, only will share your personal data with entrusted actors and only to the extent necessary.

3.2.2 Data processors acting on Behalf of Us

In order to fulfill the purposes of the processing of your personal data and to be able to run our business, we transfer personal data to external parties such as third-party service providers that we have engaged, as well as other partners. These external parties will act as our data processors and may only process your personal data in accordance with our instructions and not for their own purposes. We are the data controller for the processing of personal data that these external parties carry out on our behalf. The purposes of the processing activities carried out by us are outlined in section 3.

3.2.3 Recipients that Act as data controllers

The categories of recipients mentioned in the table below will process personal data in the capacity as data controllers, i.e. these recipients will determine the purposes and means of the processing without our involvement.

RecipientsPurposeLegal basis
Courts
External advisers
Establish, exercise or defend a legal claim.Legitimate interest in being able to establish, exercise or defend legal claims.
Group companiesEstablish, exercise, or defend a legal claim.Legitimate interest in being able to manage our collaborations with influencers and collaboration partners.
Social media platformsManaging collaborations with influencers or collaboration partners.Legitimate interest in being able manage our collaborations with influencers and collaboration partners.

4. JOB CANDIDATES

4.1 How do we collect your data?

We collect your personal data from:

4.2 Purposes of the processing of your personal data

4.2.1 Managing the recruitment process

Your personal data will be processed by us within the scope of the general management of the recruitment process. Processing activities included in this process are e.g. collection of your personal data, review of CVs and cover letters, conducting interviews, evaluating you as a candidate, and communicating with you within the scope of the recruitment process.

Categories of personal dataLegal basis
Identity data (including personal id. no.)
Contact data
CV
Cover letter
Audio and video material
Location data
Feedback data
Demographic data
Skills data
Legitimate interest. The processing of your personal data is necessary in order to satisfy our legitimate interest in carrying out the recruitment process to ensure that we employ the most suitable candidates.
Retention period: Your personal data will only be processed for this purpose during the recruitment process and until (i) you either have been employed by us or (ii) your application has been rejected.
If your application has been rejected, we will still process your personal data for the purposes outlined in purposes 4.2.5 and 4.2.6.


4.2.2 Review and assessment of personality and abilities

Conduct personality and ability tests (for certain positions) to assess and evaluate job candidates’ suitability for applied positions.

Categories of personal dataLegal basis
Identity data (including personal id. no.)
Test data
Legitimate interest. The processing is necessary in order to fulfil our legitimate purpose to assess and evaluate a job candidate’s suitability for applied position.
Retention period: During the recruitment process (unless the data is necessary for other purposes).

4.2.3 Concluding the employment agreement

We will process your personal data in conjunction with the conclusion of the employment agreement with you e.g., when collecting references. Your personal data will also be processed in the employment agreement that we conclude and upon the initiation of the onboarding process.

Categories of personal dataLegal basis
Contact information
Social security number
Organizational information, such as employer company, employment status, operational department, geographical placement, cost center, organisation, place of employment
Salary
Benefits data
References
Agreement. The processing of your personal data is necessary in order for us to take measures prior to entering into an agreement (the employment agreement) with you.
Retention period: Your personal data will be processed momentarily during the conclusion of the employment agreement and will not be stored for this purpose.

4.2.4 Evaluate and follow-up the recruitment process

Create reports and statistics of e.g. the number of applications per position.

Categories of personal dataLegal basis
Identity data (including personal id. no.)
Location data
Skills data
Feedback data
Demographic data
Legitimate interest. The processing is necessary in order to fulfill our legitimate purpose to evaluate and follow up on the recruitment process.
Retention period: Reports and statistics on an aggregated level which do not contain personal data are retained until further notice.

4.2.5 Establish, exercise and defend legal claims

For the purposes of establishing, exercising and defending legal claims (for example in connection with a dispute or legal process) we may process your personal data.

Categories of personal dataLegal basis
All information mentioned above.Retention period: Reports and statistics on an aggregated level that do not contain personal data are retained until further notice.
Retention period: Reports and statistics on an aggregated level which do not contain personal data are retained until further notice.

4.2.6 Fulfil legal obligations

Besides legal obligations within the field of employment, we will process your personal data for the purposes of fulfilling legal obligations related to work permit checks, including storage of related documentation.

Categories of personal dataLegal basis
Identity data
Social security number
Work permit documentation
Legal obligation. The processing is necessary to fulfill our legal obligations.
Retention period: For unsuccessful job candidates, personal data will only be stored during the recruitment process and not subject to any further retention. For successful job candidates, the documentation will be stored for at least twelve (12) months from the date of the end of the employment.

4.3 With whom do we share your personal data?

4.3.1 General

Where necessary in order to achieve the purposes set out in this section 4, we share your personal data with other entities, authorities, or actors. The categories of recipients mentioned in section 4.3.2 will process personal data on our behalf of us in the capacity of data processors (i.e. such actors will only process your personal data in accordance with our instructions). The categories of recipients mentioned in section 4.3.3 will process personal data in the capacity of data controllers, i.e. these recipients will determine the purposes and means of the processing without our involvement. Please note however that we, regardless of the recipients’ capacity, only will share your personal data with entrusted actors and only to the extent necessary.

4.3.2 Data processors acting on Behalf of Us

In order to fulfill the purposes of the processing of your personal data and to be able to run our business, we transfer personal data to external parties such as third-party service providers that we have engaged, as well as other partners. These external parties will act as our data processors and may only process your personal data in accordance with our instructions and not for their own purposes. We are the data controller for the processing of personal data that these external parties carry out on our behalf. The purposes of the processing activities carried out by us are outlined in this section 4.

4.3.3 Recipients that Act as data controllers

RecipientsPurposeLegal basis
Courts
External advisers
Establish, exercise or defend a legal claim.Legitimate interest in being able to establish, exercise or defend legal claims.
External recruitersFacilitating the recruitment processLegitimate interest in being able to carry out an efficient recruitment process and ensuring that the best available candidates are employed by Mips.
Reference personsTaking references before deciding to conclude an employment agreement.Legitimate interest in being able to verify your competence and the information you have provided during the interview.

5. APPROPRIATE SAFEGUARDS FOR TRANSFERS OF PERSONAL DATA OUTSIDE OF THE EU/EEA

We may transfer or disclose personal data to recipients located outside the EU/EEA (third country), mainly in situations where we are using third-party data processors that will process data in a third country, or if we share personal data with a group company located outside the EU/EEA.
When we transfer or disclose your personal data to a recipient in a country outside of the EU/EEA, we will always ensure that appropriate safeguards have been taken (such as the EU Commission’s standard contract clauses, including other supplementary safeguards as necessary in each case) to protect the personal data. Further, we are regularly carrying out risk assessments to assess what supplementary measures that need to be taken to protect the personal data subject to the transfer or disclosure.
You are entitled to request to receive a copy of any documentation demonstrating that appropriate safeguards have been taken in order to protect your personal data during a transfer to a third country.
If you would like further details about the processing of your personal data and whether your personal data is transferred to a third country, please contact us on the contact details as set out below under section 7.

6. YOUR RIGHTS

Access
You may request confirmation whether or not personal data is processed and, if that is the case, access your personal data and additional information such as the purposes of the processing. You are also entitled to receive a copy of the personal data undergoing processing. If the request is made by electronic means the information will be provided in a commonly used electronic format if you do not request otherwise.


Object to certain processing
You have the right to object to the processing of your personal data based on a legitimate interest for reasons which concern your particular situation. In such a situation, we will stop using your personal data where the processing is based on a legitimate interest, unless we can show that the interest overrides your privacy interest or that the use of your personal data is necessary in order to manage or defend legal claims.


Rectification
You have at any time the right to have inaccurate personal data rectified, as well as, taking into account the purposes of the processing, the right to have incomplete personal data completed which relates to you.


Erasure
You may have your personal data erased under certain circumstances, such as when your personal data is no longer needed for the purposes for which it was collected. However, we cannot delete your personal data if we e.g. are obligated under the law to keep the data.


Restriction of processing
You may ask us to restrict the processing of your personal data to only comprise storage of your personal data under certain circumstances, such as when the processing is unlawful, but you do not want your personal data erased. If the processing of your personal data has been restricted we may only, besides storing the data, process your personal data with your consent, or in order to establish, exercise or defend legal claims or to defend the rights of others.


Withdrawal of consent
You have the right to at any time withdraw your consent to the processing of personal data to the extent the processing is based on your consent.


Data portability
You may ask to receive a machine-readable copy of the personal data processed on the basis of your consent or on the basis that the processing is necessary in order to perform an agreement with you, and which personal data have been provided to us by you (data portability) and ask for the information to be transferred to another data controller (where possible).


Complaints to the supervisory authority
You acknowledge that you always have the right to lodge complaints pertaining to the processing of your personal data to the Swedish Authority for Privacy Protection (IMY) or any other relevant authority.

7. CONTACT INFORMATION

If you have any questions or concerns regarding the processing of your personal data, please contact us on the contact details set forth below.
The data controller for your personal data is:
Mips AB (publ), reg. no. 556609-0162
Kemistvägen 1B
18379 Täby
Email: privacy@mipsprotection.com