To whom does this privacy notice apply?

In this privacy notice we have gathered information on how we process personal data within the business area Bonnier News Business regarding customers and previous customers, company representatives, participants at events and educations, prospects and end users of websites and apps. The following brands are included in Bonnier News Business:

• Dagens industri 

• Aktuell Hållbarhet, Apoteksmarknaden, Dagens Media, Dagens Medicin, Digital Hälsa, Energimarknaden, Fond & Bank, Kommunal Hälsa, Läkemedelsmarknaden, Pensioner & Förmåner, Resumé, Risk & Försäkring

• Fastighetsnytt, Business Arena, Byggindustrin and Construction Summit.

• Dagens Samhälle

• Dagligvarunytt and Market

If you are a customer to DN, Expressen, any of our Lifestyle magazines or local newspapers, please note that they have a separate privacy notice which you can find here.

If you are a customer to NOA Gallery, you can find their privacy notice here.

Data controller

This privacy notice comprises the following companies, jointly referred to as “Di-gruppen”. Until January 31, 2023, each company is the data controller for the data processing regarding its customers, prospects and end users.

• Dagens Industri Aktiebolag (reg no: 556221-8494) ("Di").

• Bonnier Business Media Sweden AB (reg no: 556468-8892) ("BBM"). BBM includes a number of brands: Aktuell Hållbarhet, Apoteksmarknaden, Dagens Media, Dagens Medicin, Digital Hälsa, Energimarknaden, Fond & Bank, Kommunal Hälsa, Läkemedelsmarknaden, Pensioner & Förmåner, Resumé och Risk & Försäkring.

• Fastighetsnytt Förlags AB (reg no: 556326-8837) (”Fastighetsnytt”). Fastighetsnytt includes the brand Business Arena and Byggindustrin.

• Dagens Samhälle AB (reg no 556176-4613) (”Dagens Samhälle”). 

• Hakon Media AB (reg no 556923-9519) (”Hakon Media”). Hakon Media includes the brands Dagligvarunytt and Market.

Please note that on February 1, 2023, the group company Bonnier News AB (reg. no. 559080-0917) takes over the customer relationship and the controllership from the companies mentioned above. Your personal data will be processed the same way as before in accordance with this privacy notice, but the data controller will be Bonnier News AB.

Joint controllers

Di-gruppen is part of the larger media group Bonnier News. The group company Bonnier News AB (reg no 559080-0917) provides certain central functions that Di-gruppen uses. Furthermore, the companies within Di-gruppen have various collaborations with each other and with the group companies Dagens Samhälle Insikt AB (reg no 559122-5486), Bonnier Healthcare Sweden AB (reg no 556615-8472), Medibas AB (org nr 556617-5518) and Bonnier News AB. In these cases the companies have a joint controllership for the personal data that they process. Please find more information under the section “Joint intra-group processing”.

If you have questions regarding the joint processing or if you want to exercise your rights, you can always contact the company that you have a customer relationship with or that you have received communication from or otherwise been in contact with. You are also welcome to contact our privacy team by sending an email to dataskydd@bonniernews.se. 

Categories of personal data

Name and contact details: First name and surname, email address, postal address, telephone number, delivery address, invoice address and other similar contact details.

Personal identification number: Personal identification number (Sw: “personnummer”)

Authentication details: Username and password

Settings: Information that you add to your account.

Customer profile data: Age and gender as well as statistics about the area where you live, e.g. information on whether the area is populated by many families with children or retired persons, or if residents generally rent or own their house or apartment. Information about whether your household owns a car or not. Customer ID.

Work related information: Title/role, company and specialization/industry. This data is only collected if we have a relationship with you in your professional capacity. 

Payment information: May include means of payment number (for example, credit card number) and associated security code or bank account number.

Purchase history: Information about your purchases, subscriptions, amounts, time of purchase and offers which you take up.

Unit data: Data about your unit, e.g. information whether you surf on a phone or computer and which browser you use. This may include information about IP addresses, cookie ID and other online identifiers, and settings (e.g. language settings) and software configurations.

User data: Data on how you use our digital services, e.g. information about the functions you use, how you navigate our websites, which articles you read and podcasts you listen to, which ads you have clicked on in our newsletters, which parts of our websites you have visited including our social media pages such as our Facebook Pages, your location, your favourites among the news articles you store on your profile on your user account and subjects/writers that you follow, and which shares you monitor through a financial app and similar information.

Correspondence: Information that you write in messages which you send to us, such as feedback and reviews you write, or questions and information you submit in customer service matters. When you contact us, e.g. for customer support by telephone or chat sessions with our representatives, or when we contact you in connection to telemarketing, the conversations may be monitored and recorded and stored for a certain period of time.

Food preferences/allergies: Information about food preferences and/or allergies may be processed if you participate in an event or course. 

Log data: Information about the product you logged in to, date and time, IP address and error messages. 

Information about political parties: If we have a relationship with you in your public, political capacity, we may process personal data that reveals which political party you represent. This information may be used to send you marketing, for example for conferences directed towards members of City Council or other political representatives. 

Miscellaneous

The data we compile may vary and may among other things depend on which services you use, your settings on your device and which functions you use in our services.

Introduction

In this chapter we describe the purposes for which we process personal data, which data is used for the different purposes and which legal basis we use. We primarily process your personal data on the legal basis that our processing is necessary for the performance of a contract to which you are a party (“Performance of a Contract”), or that the processing is necessary for the purposes of the legitimate interests pursued by us or a third party (“Legitimate Interest”). In some cases our processing is based on your consent (“Consent”) or that the processing is necessary for compliance with a legal obligation (“Legal Obligation”).

We have made the assessment that we have a Legitimate Interest to process personal data in those cases where the processing is necessary to meet our users’ and customers’ wishes and requests, to evaluate, develop and improve our content and the services and to be able to market our services and products and be relevant in our offerings and advertising. Finally, we have a legitimate interest to protect our business operations. 

Providing services and products and administer our customer relation to you or the company that you represent 

We process your personal data to provide you with the services and products ordered by you or the company that you represent. This comprises various processing activities which we have summarized below. 

• To provide you or the company that you represent with the services and products that your/the company has ordered, for example delivering a newspaper to your address, delivering your digital subscription, to make our podcasts available to you sending newsletters that you have subscribed for, and to administer your participation in , courses, conferences, industry networking events and other events.

• To create and provide access to a user account.

• To customize content and give you a more personalized experience of our services that can be based on your activities on our websites, interests and favorites etc. 

• If you are a member of one of our networks we may share information about you and your company to other members of the network on the network platform and in marketing for the network. Please read more under “How and why we share personal data”.

• If you are a participant, speaker or jury member at an event, or if your represent a company that participates in an event, we may process your personal data to administer your/your company’s participation. You can find more information about personal data processing under “Specifically about events”.

Categories of personal data:

Name and contact details, authentication details, unit data and settings (if you have a user account), personal identification number (if you make a purchase as a consumer and we need to verify whether your are entitled to a certain offering), work related information (if you purchase a product/service in your professional capacity). In order to be able to customize content and provide a more personalized experience of our services we may process unit and user data, purchase history, customer profile data and work related information (if applicable).

Legal basis:

If you are the buyer of the product/service: Performance of Contract for all processing necessary to carry out our contractual obligations to you, including customizing our services. This includes e g delivery of your newspaper or facilitating logging in to your account. Sometimes we need to process personal identification numbers to be able to provide access to an offering that is only available for some customers. 

If your company is the buyer of the product/service: Legitimate Interest.

Some event processing activities may be based on Performance of Contract, Legitimate Interest or Consent. Please find more information under “Specifically about events”.

Payment and invoicing 

Description of data processing

We process your data to process payments, send invoices and if needed to verify your identity (e.g. when payment is made by invoice). If you participate at an event as a member of the jury we process your invoice details to facilitate payment. 

Categories of data

Name and contact details, payment information, personal identification number in connection to payments by invoice/autogiro.

Laglig basis

Performance of Contract.

Communication about your service/product

Description of data processing

We may contact you by email, telephone, push-function or otherwise to provide you with information relevant for your subscription, purchase or use of our services. We may for example inform you when a subscription is about to expire or when we update our terms and conditions; notify you when security updates are available;  remind you that you still have products in your shopping cart or inform you that you need to take measures to keep your account active.

Categories of data

Name and contact details. 

Legal basis

The legal basis applicable depends on our relationship with you and what the communication concerns.

• If the communication concerns information that we are contractually obliged to communicate to you: Performance of Contract.

• If the communication concerns information that we are obliged by law to communicate to you: Legal Obligation. 

• If the communication concerns information that we are not obliged to communicate to you but we believe that it may be useful for you when you use our services: Legitimate Interest.

• If we have an agreement with the company that you represent and we are contractually obliged to communicate certain information: Legitimate Interest. 

Specifically about events

In addition to what is stated elsewhere in this privacy notice, we may process certain personal data in connection to our events. 

• We may process and publish pictures and recorded material from the event in order to provide information about upcoming events. The legal basis is Legitimate Interest.

• If you are a speaker or participant we may process your name and picture for marketing purposes if you have agreed to this separately in accordance with the Swedish  act “Lagen om namn och bild i reklam (1978:800)”. The legal basis is Performance of Contract. 

• We may collect information about allergies and food preferences to us or our partner so that we can provide food/snacks at the event. The legal basis is Consent.

• We may publish lists of event participants (name, company, title) and provide you with a name tag at the event. We may also provide a certain event app to, among other things, provide information about the event. The legal basis is Legitimate Interest.

• If you participate as a member of the jury we will process your contact details and work related information to administer your participation. The legal basis is Legitimate Interest. 

If you participate at an event your contact details may be shared with our event partner, please read more under “How and why we share personal data”.

Customer service, phone recordings etc

Description of data processing

We may process your personal data to provide you with customer service and to administer complaints regarding your purchase or subscription, event, course or other service or product. We will also process your personal data if you contact our privacy team or data protection officer. 

If you contact our customer service by phone our conversation may be recorded for your and our safety and/or for quality and educational purposes.

Categories of personal data

Name and contact details, correspondence 

Legal basis

Performance of Contract or Legitimate Interest, depending on the matter. Recordings of conversations is done based on Legitimate Interest.

Customer and market surveys

Description of data processing

We may send out customer surveys via email and ask you to evaluate an event that you participated in or a service that you have used. We may also send you an inquiry to participate in one of our panels. Prior to upcoming events we may contact our professional contacts to make research regarding topics of interests and trends.  

Categories of personal data

Name and contact details, work related information, correspondence.

Legal basis: Legitimate Interest.

Administration of competitions and votings

Description of data processing

If you participate in a competition or voting that we arrange we may process your data in order to administer your participation, which includes collecting your contribution/answers and to appoint and communicate a winner. 

Categories of personal data

Name and contact details, the contents of your contribution/answer to us. 

Legal basis

Legitimate Interest.

Analytics and product improvement/development

Description of data processing

We use personal data to analyse and improve our existing services and products, among other things by updating functions and obtaining an increased understanding as to how we can improve your user experience. For example, we use error reports in order to improve security functions, user behavior such as which articles have been read and which podcasts have been listened to, search questions and clicks on our websites to improve the relevance of search results, to determine which new functions should be prioritized, what content to be published on our websites and placement of relevant content. We use various analytic tools such as Google Analytics to collect data about how our websites are used in order to develop analyses based on such data. The data may for example present the most visited pages on the website, how the visitors navigate through the website and from which pages the visitors exit the website. Website analytics may also provide insight in how often visitors return to our websites and what content is viewed the longest. Sometimes we conduct surveys where we ask questions to our visitors in order to evaluate our services and products. This analysis may be used for, inter alia, product improvement.

We also develop statistics and aggregated analyses regarding our business. We use this information to make well informed decisions and to plan for future strategies for our business operations.

Categories of personal data

Unit and user data, age, gender, demographic data and household information, work related information and purchase history.

Legal basis: Legitimate Interest.

Direct marketing and telemarketing, including profiling

Description of data processing

We use different channels for marketing, e.g. postal, telephone, email, SMS and our websites and other digital channels. The marketing may, depending on channel, include our own products and services as well as other companies’ products and services. 

Our marketing may be based on how you have used our services, such as reading and purchase history, as well as age, gender and demographic data. If we have a relationship with you in your professional capacity we may also direct our marketing based on your title and company. We may for example choose to direct our marketing to a certain target audience, such as “women in Stockholm aged 30-35 who have read many articles on finance” or “IT managers within the healthcare sector”.

If we have a relationship with you in your public, political capacity, we may process personal data that reveals which political party you represent. This information may be used to send you marketing, for example for conferences directed towards members of City Council or other political representatives. 

If we contact you by telephone to market our services or products to the company that you represent, we may record the part of the conversation where we come to an agreement, to be used as proof of contract. 

You always have the right to object to our direct marketing and telephone marketing. Please contact customer service with your request in this regard. You can find contact details to us under “Contact us”.

Categories of personal data

Name and contact details, unit and user data, purchase history, customer profile data, work related information (only used for marketing directed towards professionals). Information about political parties (only if we have a relationship with you in your public, political capacity). 

Legal basis: Legitimate Interest. Information that reveals which party you represent may only be processed if we have a relationship with you in your public, political capacity, provided that the information has manifestly been made public by yourself in accordance with Article 9.2 e) GDPR.

Display, measure and personalize ads on our platforms

Description of data processing

We process certain data to be able to display and measure ads. The advertisement that you see on our websites and other digital channels may be based on how you have used our services, such as your reading and purchase history, as well as age, gender and demographic data. We may for example choose to display an ad to a certain target group such as “women in the Stockholm area aged 30-35 who have read many articles on finance”. If you are a corporate customer representative we may use your title and company as a basis for the profiling of ads. Some of our profiling is done using machine learning. That means that we use AI to understand which products a reader will be most interested in based on previous reading history on our websites. 

You can also receive customized advertising when we match the email address of our customer register with the email address of our advertisers' customer register and in such a way include you in a certain target group. The matching is made by us and the advertiser by uploading our respective registers with our customers' email addresses in a so-called hash format (which makes it impossible to read the email address itself) to a platform that automatically matches the hashed email addresses. If you are a customer of both us and the advertiser, there will be a match and you will be divided into a certain target group by us, which controls which advertisements you will receive from the advertiser. In order for you to receive this type of advertising it is required, in addition to your consent to our use of cookies for advertising purposes, that you continuously log in to our sites.

For the matching itself, we and the respective advertiser are joint controllers for personal data, which means that you can contact both us and the advertiser for questions about the matching and how your email address is processed because of it. You will find a list of current advertisers here.

By changing your cookie settings for the purposes “Annonsrelaterade ändamål - i samarbete med annonspartners” and “Cookies för profilering samt anpassning av innehåll, erbjudanden och annonser på våra sajter/appar” you can limit the personalisation of ads and content on our websites and apps. Please read more in our Cooke Policy.

Categories of personal data

Unit data, user data, purchase history, customer profile data, contact details namely email address, and work related data (if you have a relationship with us in your professional capacity).

Legal basis: Legitimate Interest.

Custom audience advertising on other platforms

Description of data processing

We may use custom audience advertising on other platforms, including Facebook, Twitter and Google. If you are or have been a customer to us, we may use your email address in order to be able to show you advertisements of our services and products on the other platform, or to exclude you from seeing our advertisement. You are entitled to object to this processing by contacting our customer service. Some websites use the Facebook pixel if you have consented to this. The pixel is used to show you better ads on the Facebook platform, and means that some data is shared with Facebook. Please read more under “How and why we share personal data". You can limit our ability to show you ads on Facebook by adjusting your settings on your personal Facebook account. Go to Settings on your account. Click on Ads in the menu, thereafter Ad Settings. Change the setting from “Allow” to “Not allow” for “Ads based on data from partners” and “Ads based on your activity on Facebook Company Products that you see elsewhere”. Direct link to your advertising settings. Please read Facebook’s data policy for users here.

Categories of personal data

Email address. IP address and other user and unit data may be collected and processed by the other platform. 

Legal basis

For custom audience advertising using Email addresses we use Legitimate Interest as legal basis. For the Facebook pixel we use consent.

Security

Description of data processing

We use information in order to protect our products, services and customers’ security and to discover and prevent fraud (for example double take up of offers). When you log into your user account, we create a registration of the login, in order to be able to search for errors and to prevent and investigate IT attacks and other security threats.

Categories of personal data

Log data. We may also process names, email addresses and personal identification numbers to prevent double take up of offers.  

Legal basis

Legitimate Interest or Legal obligation (if we are legally obligated to protect certain information assets).

Disputes and enforcement of agreements

Description of data processing

We may use information to resolve disputes and enforce our agreements.

Categories of personal data

Depends on the situation.

Legal basis

Depends on the situation, normally Legitimate Interest, Legal Obligation or Performance of a Contract.

Disputes and enforcement of agreements

We may use information to resolve disputes and enforce our agreements.

Categories of personal data: Depends on the situation Legal basis: Depends on the situation, normally Legitimate interest, Legal obligation or Performance of a Contract

Compliance

Description of data processing

We use information in order to comply with applicable legislation such as the Swedish Accounting Act (Sw: bokföringslagen) and the GDPR. We may also have to process personal data to comply with other legal obligations, court orders or authority decisions.

Categories of personal data: 

Accounting Act: Information about your purchases; normally information included in an invoice such as name, address and purchased product and price. 

GDPR and the Marketing Act: We may have to process name, address and sometimes personal identification number in order to comply with the NIX register. If you have requested that we do not contact you by email, post or telephone, we may retain a copy of the relevant contact information in our distribution blocked list to ensure that you do not receive undesired direct marketing in the future. 

Administration of data subject rights under the GDPR, including right to access and deletion: The personal data that we have registered and that we are obligated to process due to your request. 

Other: Depends on the situation. 

Legal basis: Legal Obligation.

Miscellaneous 

If we plan to use personal data for a new purpose, other than as described in this policy, you will be informed of such use before, or in connection with, compilation of the personal data. If legally required we will request your permission.

Generally about cookies 

Cookies and similar tracking technologies are, among other things, used in order for us to improve functionality on our websites, to direct relevant content, offerings and advertisements to you and to ensure that the services are working correctly. We use both first-party cookies and third-party cookies (e.g. for advertisement). You will find more information on what cookies we use and how to manage your cookie settings in our Cookie Policy. On our FAQ site you will find more information on how we work with advertising.

Advertising cookies

Some advertising cookies and technologies are so called third party cookies/technologies. Advertisers, media agencies and other partners use these cookies and technologies to deliver ads on our websites and to measure how many users have seen the ad, and to personalize the ads. Information about which data our partners process and how this data is processed as well as their legal basis can be found in their privacy notices. 

Retargeting is a form of interest-based advertising which allows us and several of our advertisers to display advertising for our advertisers’ products and services. The advertisement is based on your reader and click patterns on a website which is not controlled by us. For example, if you visit an online clothing store, and if you have consented to the clothing store’s cookies, this may allow the clothing store to direct advertising to you on our websites. 

Data that you provide

Some of the data is provided by you directly, for example when you order a subscription or when you create and use an account in an app or on our websites, when you apply to attend an event, register for a newsletter, buy a product from an online store or contact us for support. We may also collect your data through a form on Facebook, for example when you sign up for a free article.

Gifts

If you receive a subscription as a gift we will collect your personal data from your giver.

Employer

If you receive a subscription through your employer we may collect your personal data from your employer. 

Use of services

We obtain some of the data by registering how you interact with our services and products, for example through use of technology such as cookies on our websites and through information to which we obtain access via the unit (such as mobile telephone, computer or tablet) you use when you obtain our Services, such as IP address, language settings and push settings. In some cases, we may collect and use your data cross-devices for the purpose of achieving relevant content and advertisements on our websites.

External sources

We can also obtain data from external companies or authorities, referred to as third-party sources. Such third-party sources may vary over time but have previously included:

• We use Bisnode to verify and add contact details and demographic data such as statistics for a certain residential area.

• In conjunction with the use of a service which requires payment, we compile the name, personal ID number, address details and means of payment from payment service providers such as Klarna in order to confirm your identity and address details.

• Social networks where you afford a service access to your data in one or more networks, for example if you have chosen to identify yourself via Facebook or LinkedIn we compile data from your public Facebook or LinkedIn profile.

• Suppliers that help us determine geographical locations based on IP address.

• Partners with whom we collaborate in order to offer services or to participate in joint marketing activities; we can, for example, obtain data from our event partners (such as a co-organiser) if you apply to participate at any of our events through our event partner.

• Publicly available sources, for example open public authority databases or other data sources which is available to the general public, such as SPAR (The State’s Personal Address Register).

If you do not provide data which is necessary to gain access to the services or a particular function, there is a risk that you will be unable to use the specific service or function.

Suppliers that are data processors

We engage suppliers that provide services on our behalf, for example customer relationship management systems and case management systems, analytics tools, communication systems such as email and chatt, customer service support, marketing and traffic measurement, development services and for assistance in protecting, supporting and maintaining our systems and services. These suppliers may require access to personal data, and may have to process data, in order to provide such services. These suppliers are bound by so called data processing agreements and are not allowed to process the data for its own purposes.

Our networks

If you are a member of any of our networks, e.g. one of our CEO networks, information about you and the company/organization that you represent may be visible for other members of the network through the network platform. The information that may be visible is your name, company, industry, turnover, telephone, email address and link to your LinkedIn profile. You can also update your profile with more information about yourself that you want to share with other members. We may ask for your permission to publish a photograph. You can also choose to make your information non-visible to other members.

Information about your role and the company/organization that you represent may also be used in marketing of the network that you participate in. You always have the right to object to the use of your personal data in such marketing.

As a member of Di Nätverk Exklusiv you will be asked to answer questions about your experience, role and challenges in your professional role. This information will be used by Di for the purpose of optimizing our network groups and to better understand ou network groups and their needs in order to optimize our content for the meetings as possible. This information will be deleted when there is no longer any purpose for keeping the data or when your membership is terminated. 

Speakers

If you are a speaker at one of our events we may share your contact information with the moderator of the event for the purpose of administering the event and your participation. Please let us know if you do not wish for us to share your data with the moderator.

Employer

If you receive your subscription through your employer we may share information about your name and email address with your employer so that the employer can keep its company subscription updated. 

Payment service providers

The payment information which you provide to carry out a purchase is shared by us with banks and other institutions that process payment transactions or deliver other financial services, and to prevent fraud and reduce credit card risks.

Invoice in the Kivra app

If you have a digital mailbox in Kivra you may receive your invoice in the Kivra app when purchasing some of our products and services. We share your personal identification number and content in your invoice with Kivra in order to provide your invoice in the Kivra app. We share this information on the legal basis Performance of Contract. Kivra Sverige AB is an independent controller of the personal data it processes from when your invoice has been made available in your digital mailbox.

Distribution partners

We share personal data with our distribution partners, e.g. Postnord (Tidningstjänst AB) or Nim Distribution I Skåne AB. Each distribution company is an independent controller of the personal data that they process in relation to deliveries.

Advertising  -Third party cookies and matching

Third party advertising cookies etc

In connection to advertising third party advertisers and other partners may collect unit- and user data via cookies/technologies on our websites/apps for the purpose of delivering ads, for measuring how many visitors have viewed the ad or to personalize ads. These partners are controllers for their own processing of that data. The partners that use cookies and collect data on our websites and apps are required to collect consent through our consent management platform (CMP) which you usually find under “Cookie-inställningar”, “Anpassa cookies”, “Integritetsinställningar” or similar. There you will also find more information about each partner and for what purposes they use cookies and personal data. This information is gathered in the CMP under the subject line “Annonsrelaterade ändamål - i samarbete med annonspartners”. You can also reject partners using cookies and personal data by visiting the CMP. 

In addition to advertising partners other third parties may use cookies and similar technologies when we use their technique/tools or display content from their platforms etc. These partners may also collect certain data such as IP addresses and other unit and user data which they process as controllers. More information is available in the website’s/app’s CMP. There you can also reject some cookies and data processing by these third parties.

Matching

You can also receive customized advertising when we match the email address of our customer register with the email address of our advertisers' customer register and in such a way include you in a certain target group. The matching is made by us and the advertiser by uploading our respective registers with our customers' email addresses in a so-called hash format (which makes it impossible to read the email address itself) to a platform that automatically matches the hashed email addresses. If you are a customer of both us and the advertiser, there will be a match and you will be divided into a certain target group by us, which controls which advertisements you will receive from the advertiser. In order for you to receive this type of advertising it is required, in addition to your consent to our use of cookies for advertising purposes, that you continuously log in to our sites.

For the matching itself, we and the respective advertiser are joint controllers for personal data, which means that you can contact both us and the advertiser for questions about the matching and how your email address is processed because of it. You will find a list of current advertisers here.

Event partners

When participating at a conference in your professional capacity, your personal data may be shared with our partners who participate at the conference (co-organisers, sponsors and exhibitors) in order for them to be able to market their services to you which may be of interest in your professional capacity. The event partners process personal data as independent controllers. We share your personal data based on our Legitimate Interest to, among other things, increase the opportunities for networking within the business community as between participants and our event partners. You have the right to object to our sharing of your personal data to event partners by contacting us, see the chapter “Contact us”.

Social media / plug-ins

When you use our services you can choose to share articles via social media via a social plug-in (for example, a share button). When you share information via a social plug-in, your browser will transfer unit data to the social medium, such as date and time of the sharing, the type of unit you use, your operating system and IP address, URL for the visit, as well as information regarding the article you share. For more information about how relevant social media process the information you provide via social plug-ins, we encourage you to read the respective social medium’s terms and personal data policies.

Facebook and similar services

Some of our websites use a tool called the Facebook pixel that shares data with Facebook. This tool is only used if you have provided your consent. The Facebook pixel makes it possible for us to display better ads for you on Facebook based on your behaviour on our website. You can withdraw your consent at any time by changing your cookie settings on the website where you provided your consent. 

We may also use audience-based advertising on other platforms including Facebook, Twitter and Google. We may share a list with email addresses of existing or former customers with Facebook, Google or Twitter, in order to show, or exclude the users from seeing, our advertisements on their platform. 

We also use social media pages, such as Facebook Pages. When you visit such pages, both Facebook and we may process data on how you have used the social media page in order to show you relevant ads on the social media platform. 

You can adjust your settings on your personal Facebook account. Go to Settings on your account. Click on Ads in the menu, thereafter Ad Settings. Change the setting from “Allow” to “Not allow” for “Ads based on data from partners” and “Ads based on your activity on Facebook Company Products that you see elsewhere”. Direct link to your advertising settings. The Facebook pixel shares data regarding your behaviour on our website (which URL that you visit), IP-adress and certain technical information. Facebook and we as advertisers on Facebook may use target audiences for our respective advertisements. In addition to the pixel data, other data about your activities on Facebook may be used by Facebook. Please read Facebook’s data policy for users here.

Introduction

Di-gruppen is part of the larger media group Bonnier News. The group company Bonnier News AB (reg.no. 559080-0917) provides certain central functions that Di-gruppen uses. Furthermore, the companies within Di-gruppen have various collaborations with each other and with the group companies Dagens Samhälle Insikt AB, Bonnier Healthcare Sweden AB, Medibas AB and Bonnier News AB. In these cases the companies may have a joint controllership for the personal data that they process. This section provides more information about our joint processing. If you have questions regarding the joint processing or if you want to exercise your rights, you can always contact the company that you have a customer relationship with or that you have received communication from or otherwise been in contact with. You are also welcome to contact our privacy team by sending an email to dataskydd@bonniernews.se  

Joint database for professionals  

The group companies Bonnier News AB,  Bonnier Healthcare Sweden AB and Medibas AB have a joint database within their B2B business that contains information about professionals, representatives of existing or potential corporate customers as well as participants at conferences, educations and other events. The categories of data included are mainly name and contact details, work related information, user data and purchase history. The companies may share this data for marketing purposes via email, sms and telephone towards professionals, provided that the marketing is deemed to be relevant for the receiver in his/her professional capacity. The participating companies may also use the joint database for creating segments to use for targeted advertising on their websites/apps, to target marketing on Facebook and for analytics purposes, e g for analyzing the effect of a campaign or to obtain aggregated statistics. Such analyzes may be used for product improvements. The legal basis for the joint processing is our legitimate interest of being able to market our products and services towards professionals in an efficient manner, and to achieve relevance in our marketing activities. We also have a legitimate interest in offering attractive advertising space on our websites/apps, and to be able to analyze our business to better understand and improve our services.  The companies are joint controllers for the data processing in the joint database. If you want to object to all direct marketing and/or telemarketing from the participating companies you can send an email with your request to dataskydd@bonniernews.se. 

 Bonnier Healthcare and Medibas provide the services Medibas, NetdoktorPro, Pharma Insights and Bonnier Academy.

Miscellaneous

We may disclose personal data as part of a joint transaction, for example a merger or sale of assets. Finally, we may need to disclose or store your data when we believe that doing so is necessary to:

1. Comply with laws or legal processes and to disclose information to the police and other competent authorities;

2. Protect our customers, for example to prevent junk mail or attempted fraud;

3. Manage and maintain the security of our products, including preventing or stopping an attack on our systems or networks;

4. Protect rights or property belonging to us, including performance of the terms which determine your use of the services. When necessary, we refer the matter to the police for further action.

Note that some of our websites contain links to external companies, for example to offers regarding products and services, whose personal data policies differ from ours. If you provide personal data in any of these products, your personal data is processed in accordance with their respective personal data policy; we recommend that you read such policy before disclosing data to an external company. We are not responsible for the use of your personal data by such external companies.

Privacy Portal

We have gathered information on how to access and control your personal data on our privacy portal (www.privacy.bonniernews.se) under the section “Hantera personuppgifter”.You are also always welcome to contact us via our customer service with any questions concerning the processing of your personal data. Read more about how to proceed under "Your individual rights" and "Contact us".

User account

You can control certain data through your user account. 

Unsubscribe from direct marketing

If you receive advertising messages from us by email or text message and wish to unsubscribe from them, you can do so by following the instructions in the message, or by contacting our Privacy Team. Please see contact details under “Contact us” below. You can also unsubscribe from newsletters and direct marketing emails via our Privacy Portal at www.privacy.bonniernews.se. Note that such subscription cancellation does not apply to other communication which is required to enable us to provide the Services, such as communication regarding changes or updates to user terms.

Cookies

You can find information on how to adjust your cookie settings here. 

If you would like to contact any of our advertising partners that use cookies and collect data on our websites/apps and who process such data as data controllers, please go to ”Cookie-inställningar”, “Anpassa cookies” or similar cookie setting link on the relevant website/app and click on “våra partners” to find the privacy notice including contact information to each partner.

Introduction

We have gathered information on how to access and control your personal data on our privacy portal (www.privacy.bonniernews.se) under the section “Hantera personuppgifter”. You are also welcome to contact customer service. Contact information about whom to contact to protect any of your rights is available under "Contact us".

You have the following rights:

Consent

If processing of personal data is based on your consent, you are entitled at any time whatsoever to withdraw your consent to future processing of your personal data. If you have consented to cookies and similar technologies on a website/app, you can withdraw your consent via “Cookie-inställningar”, “Anpassa cookies” or similar on the relevant website/app.

Register extract and right to information about our data processing

You have the right to know

• the purposes of the processing and the categories of personal data processed,

• which recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in countries outside the EU/EEA or international organizations,

• where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period,

• information about the existence of your right to request rectification or erasure of personal data or restriction of your personal data or to object to such processing, and to lodge a complaint with the supervisory authority,

• where the data is not collected from you, any available information as to the source,

• the existence of automated decision-making referred to in Article 22.1 and 22.4 GDPR, i e if you are subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. In such a case, we shall also provide information about the significance and the envisaged consequences of such processing for you. 

You can find more information at the Swedish Authority for Privacy Protection’s website.

Deletion

You are, under certain circumstances, entitled to request that your personal data is deleted. The right to have your personal data deleted generally applies if: 

• the personal data are no longer necessary in relation to the purposes for which they were collected, 

• you withdraw the consent that the processing was based on,

• the personal data was used for direct marketing or telemarketing and you object to the processing,

• you object to other processing performed with the legal basis legitimate interest and we have no overriding legitimate grounds for the processing, 

• the personal data have been unlawfully processed, 

• the personal data have to be erased for compliance with a legal obligation, or

• the personal data has been collected in relation to the offer of information society services directly to a child.

If the conditions above are not fulfilled we may deny your request for deletion, for example if the personal data are still necessary to process in relation to the purpose for which they were collected. There are also some exemptions from the right to have your personal data deleted. This is the case when the processing is necessary 

• for exercising the right of freedom of expression and information,

• to comply with a legal obligation such as the Swedish Accounting Act (Sw: bokföringslagen) that require us to store certain transaction data for 7 years, or

• for the establishment, exercise or defense of legal claims, for example if we are in a legal dispute with you.

There are a number of other exemptions under the GDPR; if the processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, for reasons of public interest in the area of public health, or for the performance of a task carried out in the public interest or in the exercise of official authority. These exemptions are however rarely or never applicable in our line of business. 

Examples

• Active subscriber: If you have an ongoing subscription on a newspaper and request deletion, we cannot delete the personal data necessary for us to deliver the newspaper, administer payments and similar actions. However, you are entitled to object to us using your contact details for direct marketing a telemarketing. We will then keep your contact details to be able to deliver the service and communicate about changed terms and conditions and similar, but we will not use your contact details for marketing purposes. 

• Former subscriber: If you previously had a subscription with us we can usually delete most of your personal data, however we need to keep certain information about your transactions for 7 years in order to comply with the Swedish Accounting Act. This usually comprises invoice information. 

• Newsletter recipients: If you are not a current or former customer, but you have subscribed to a cost-free newsletter, and thereafter request deletion, we will normally delete all personal data that we have about you.

You can find more information at the Swedish Authority for Privacy Protection’s website.

Rectification

You are entitled to request rectification of incorrect or incomplete information about you. 

You can find more information at the Swedish Authority for Privacy Protection’s website.

Limitation

You are entitled to demand that we limit the processing of your personal data, for example if you think that the personal data we have are incorrect, that our processing is unlawful or that we do not need the personal data for a specific purpose. You may also request that we do not process your personal data during the time that we investigate your claims or objections. 

You can find more information at the Swedish Authority for Privacy Protection’s website.

Data portability

In certain cases you are entitled to data portability, i.e. to receive personal data which has been provided by you, in a structured, generally usable and mechanically readable format and to be able to transfer such to another controller of personal data in those cases where our entitlement to process your personal data is based either on your consent or on performance of an agreement with you.

You can find more information at the Swedish Authority for Privacy Protection’s website.

Objection 

You are entitled, at any time whatsoever, to object to direct marketing via email, mail, sms and telephone (including profiling for this purpose), with the consequence that we may no longer continue to use the data for this purpose. 

You are also entitled to object to other personal data processing based on the legal ground legitimate interest (Article 6(1)(f) GDPR)).

 We must possibly cease the processing unless we can show compelling justifiable reasons which outweigh the interest in not processing the personal data, or if the processing is necessary for the establishment, exercise or defense of legal claims. 

You can find more information at the Swedish Authority for Privacy Protection’s website. 

Complaint to the Swedish Authority for Privacy Protection

You are entitled to complain to a data protection authority. The Swedish Authority for Privacy Protection (Sw: Integritetsskyddsmyndigheten) is the authority in Sweden which exercises supervision over the manner in which we, as a company, comply with legislation. You can find the authority’s website here: www.imy.se.

Miscellaneous 

It costs nothing to exercise your rights. We answer requests about your rights and enquiries about access to or deletion of your personal data within, as a starting point, one month. The time to get back to you may be elongated by two additional months if the matters is particularly complex or when we receive a large amount of requests. We reserve the right to charge a reasonable fee or decline to take any measure in the event of an unreasonable or manifestly unfounded objection or request.

Information regarding editorial content

Editorial content such as our articles, pictures and TV programs are not subject to the provisions of the GDPR. This means that you cannot request removal of an article based on the provisions of the GDPR. If you discover any errors in published material please contact editor-in-chief. 

Security for your personal data

We employ a number of security methods to protect your personal data from unwanted access, use and disclosure. For example, personal data which you state on a computer system to which there is restricted access is stored in protected premises. In conjunction with the transfer of extremely sensitive data (for example, credit card numbers and passwords) via the Internet, we provide protection of such data through encryption. In those cases where our providers use subcontractors, we conduct regular audits of such subcontractors to ensure that processing takes place in accordance with this policy and our security routines. When analysing customer views, product development, personalisation, trends, statistics and for similar purposes, we primarily use anonymous data which does not consist of personal data; alternatively, we use pseudonymised data which cannot be linked to a specific individual without supplementary information being used.

Where we process personal data

We process data primarily within the EU/EEA, however in certain cases we use suppliers who are established in the US or in other countries outside the EU/EEA, such as for distributing newsletters, for development and maintenance of our systems and for web analytics. Countries outside the EU/EEA do not always ensure a level of protection for personal data equivalent to that guaranteed within the EU/EEA. It may therefore be necessary to implement supplementary measures when personal data is processed outside the EU/EEA. In those cases where we use suppliers who are processing personal data outside the EU/EEA, we have ensured that there is a legal basis for such processing for example by entering into standardised contractual clauses with the recipient of the personal data, that are approved by the EU Commission.

It has so far been issued three sets of standard contractual clauses for personal data transfers.  These are accessible on the EU Commission’s website: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en.

Specifically about Google Analytics

We specifically want to inform that we use the analytics tool Google Analytics (read more about how and why we you the tool under ”How we use personal data” and ”Cookies and similar tracking technologies”). Google Analytics stores data on our behalf in several countries, including the USA. You find more information about Google’s data center locations here: https://www.google.com/about/datacenters/locations/. Google has engaged sub-processors who process data in different countries. You find more information about Google’s sub-processors and their locations here: https://privacy.google.com/businesses/subprocessors/.

You find the standard contractual clauses applicable to our use of Google’s services here: https://privacy.google.com/businesses/processorterms/mccs/  

Introduction

We store personal data for the time necessary for the reasons for which they are used, e.g. for such time as required to enable us to provide the services; to maintain and improve the performance of existing services; to distribute necessary communication and market communication; to engage in development of our services; and to perform our statutory obligations. Since needs can vary as regards different types of data and with respect to different types of services, products and contexts, the period in which we store the information may vary.

Customers and users 

We keep your personal data during the time we have a user or customer relationship and for a certain period of time after our user or customer relationship has ended. Below is a specification of our retention times. 

• We will keep your personal data for 24 months after termination of your subscription or other service, or after your purchase of a product. Your data will be used, among other things, for sending newsletters, interest based email direct marketing and telemarketing. Please read more about our purposes under “How we use personal data”.

• We may keep your personal data for a longer period of time than 24 months if you, after terminating your subscription or service, continue to use your digital user account as a free service. In order to make it possible for you to continue to use our service we will keep your personal data as long as you continue to use our service. We may also, among other things, use your data to send you newsletters and interest based direct marketing emails and telemarketing. If you do not use your free digital account for a time period of 6 months the user account and personal data relating to it will be deleted. 

• If you have registered a free digital user account, the account and personal data relating to the account will be kept for an initial time period of 24 months, regardless of whether you are using the account or not. If you do not use your account for a period of 6 months after the initial 24 month period, we will delete your account and the personal data relating to it. 

We will store information relating to your purchases/transactions for 7 years for accounting purposes under the Accounting Act (Sw: bokföringslagen).

Company contact details

If your contact details are connected to a company that you represent, for example in conjunction with an event, your contact details may be stored to direct marketing to you for up to 36 months after the concluded event. 

Prospects

We may collect contact details for potential customer representatives for marketing purposes by telephone or email We normally store these contact details for 12 months from the date the contact details were collected by us.

Individuals who have reported interest in our services

If you have signed up to report your interest in one of our services we will keep your personal data for 24 months after the date of collection.

If you have provided your personal data to get access to one of our news articles on Facebook we will keep your personal data for 13 months after the date of collection.

Recording of telephone conversations

We store telephone conversations for 3 months.

Deletion requests

If you request that we delete your personal data we will document the request and keep the document for 6 months, in order for us to be able to show that we have handled your request. 

Personal data processed by our data protection officer

If you contact our Data Protection Officer (DPO) with a question, complaint or similar we will normally keep the information in the matter for 6 months after the date when the matter is closed. 

Miscellaneous

Your personal data is deleted or anonymized when it is no longer relevant for the purposes for which it has been compiled. In conjunction with analyses of customer views, trends, etc. we use anonymous data which does not comprise personal data, alternatively pseudonymised data which cannot be attributed to a particular individual without additional data which requires specific measures. 

Your personal data may be stored for longer than stated above in those cases where we are obliged to do so pursuant to any law, ordinance or public authority decision or to retain data which must be retained in order to resolve a dispute or if you have consented thereto. 

Privacy Portal

We have gathered information on how to access and control your personal data on our privacy portal (www.privacy.bonniernews.se) under the section “Hantera personuppgifter”.

Privacy Team 

If you have questions about our data processing or a complaint you are welcome to contact our privacy team by sending an email to: dataskydd@bonniernews.se 

Data Protection Officer

Our data protection officer (“DPO”) supports and monitors our organisation’s GDPR compliance. You are welcome to contact our DPO if you have a complaint or questions about our processing of your personal data. Please send an email to dpo@bonniernews.se. Please note that if you want to exercise your rights, for example to have access to your data or to have your data deleted, it is better to first contact our Privacy Team.

Dagens Industri Customer Service

Website: https://pren.di.se/pren/min-sida/ 

Email: kundservice@di.se 

Telephone: 08-573 651 00

Bonnier Business Media Customer Service

Website: http://bbm.bonnier.se/kontakt/ 

Email: kundservice@bbm.bonnier.se

Telephone: 08-409 320 10

Fastighetsnytt Customer Service

Website: https://www.fastighetsnytt.se 

Email: kundservice@fastighetsnytt.se 

Telephone: 08-409 320 02

Dagens Media Customer Service

Website: www.dagensmedia.se 

Email: kundservice@dagensmedia.se  

Telephone: 08-409 320 05

Byggindustrin Customer Service

Website: www.byggindustrin.se 

Email: kundservice@byggindustrin.se  

Telephone: 08-409 320 12

Dagens Samhälle Customer Service

Website: www.dagenssamhalle.se  

E-post: kundservice@dagenssamhalle.se   

Telephone: 09-409 320 10

Hakon Media Customer Service

Website: https://hakonmedia.se/kontakta-oss/  

Email: kundtjanst@hakonmedia.se  

Telephone: 08-409 320 10

Generally

We will update our privacy notice as needed to reflect customer feedback and changes to our services or if we consider that we can clarify and improve the information. When the notice is updated, the date of the latest update is changed at the bottom of the notice. In the event of major changes to the notice or in the way we use your personal data, where so required by law you will be notified via an announcement on the website or by email before the changes enter into force. Please read this personal data policy from time to time to stay updated as to how we at Bonnier News process your personal data. 

Latest version

This privacy notice was updated on: February 1, 2023