To whom does this privacy notice apply?

In this privacy notice we have gathered information on how we process personal data regarding customers and previous customers, prospects, end users of our websites, apps and services, company representatives and participants at events and educations.

Titles and brands

Please note that we have separate privacy notices for DN Skola, NOA Gallery and our Tailsweep blogs.  We also have a separate privacy notice for end users of Kamratposten’s website kpwebben.se which you can find here.

Data controller

Bonnier News AB (reg. no. 559080-0917) is the data controller for the processing of your personal data.

Categories of personal data

Name and contact details: First name and surname, email address, postal address, telephone number, delivery address, invoice address and other similar contact details.

Personal identification number: Personal identification number (Sw: “personnummer”)

Authentication details: Username and password

Settings: Information that you add to your account.

Customer profile data: Age and gender as well as statistics about the area where you live, e.g. information on whether the area is populated by many families with children or retired persons, or if residents generally rent or own their house or apartment. Information about whether your household owns a car or not. Customer ID. User-ID that we create when you activate an account. If you have approved this in your cookie settings; a “PPID” which is a pseudonymized version of the user ID used for advertising purposes.

Payment information: May include means of payment number (for example, credit card number) and associated security code or bank account number.

Purchase history: Information about your purchases, subscriptions, amounts, time of purchase and offers which you take up.

Unit data: Data about your unit, e.g. information whether you surf on a phone or computer and which browser you use. This may include information about IP addresses, cookie ID and other online identifiers, and settings (e.g. language settings) and software configurations.

User data: Data on how you use our digital services, e.g. information about the functions you use, how you navigate our websites, which articles you read and podcasts you listen to, which ads you have clicked on in our newsletters, which parts of our websites you have visited including our social media pages such as our Facebook Pages, your location, your favourites among the news articles you store on your profile on your user account and subjects/writers that you follow, and which shares you monitor through a financial app and similar information, information about your fictitious stock exchange app.

Correspondence: Information that you write in messages which you send to us, such as feedback and reviews you write, or questions and information you submit in customer service matters. When you contact us, e.g. for customer support by telephone or chat sessions with our representatives, or when we contact you in connection to telemarketing, the conversations may be monitored and recorded and stored for a certain period of time.

Food preferences/allergies: Information about food preferences and/or allergies may be processed if you participate in an event or course. 

Log data: Information about the product you logged in to, date and time, IP address and error messages. 

Work related information: Title/role, company and specialization/industry. This data is only collected if we have a relationship with you in your professional capacity.

Information about political parties: If we have a relationship with you in your public, political capacity, we may process personal data that reveals which political party you represent. This information may be used to send you marketing, for example for conferences directed towards members of City Council or other political representatives. 

Miscellaneous

The data we compile may vary and may among other things depend on which services you use, your settings on your device and which functions you use in our services.

Data that you provide

Some of the data is provided by you directly, for example when you order a subscription or when you create and use an account in an app or on our websites, when you apply to attend an event, register for a newsletter, buy a product from an online store or contact us for support. We may also collect your data through a form on Facebook, for example when you sign up for a free article.

Gifts

If you receive a subscription as a gift we will collect your personal data from your giver.

Employer

If you receive a subscription through your employer we may collect your personal data from your employer. 

Use of services

We obtain some of the data by registering how you interact with our services and products, for example through use of technology such as cookies on our websites and through information to which we obtain access via the unit (such as mobile telephone, computer or tablet) you use when you obtain our Services, such as IP address, language settings and push settings. In some cases, we may collect and use your data cross-devices for the purpose of achieving relevant content and advertisements on our websites.

External sources

We can also obtain data from external companies or authorities, referred to as third-party sources. Such third-party sources may vary over time but have previously included:

• We collect certain data through our data processor InsightOne Nordic AB, namely contact details and personal identification numbers from iDM (idm-adress.se), information about car ownership from Transportstyrelsen (transportstyrelsen.se) and demographic data for different living areas from SCB (scb.se) or CreditSafe (creditsafe.com). We use this data to verify and complete our customers’ contact details (name, address, telephone number) and to add statistics for our customers’ living areas, household-ID and information on whether the household owns a car or not. We also add personal identification numbers in order to verify whether the customer is registered with the NIX register for telemarketing and to verify deceased customers. 

• We use Bisnode to verify and add contact details and demographic data such as statistics for a certain residential area.

• In some cases we collect data from our payment service providers, such as Klarna. In conjunction with the use of a service which requires payment, we compile the name, personal identificationID number, address details and means of payment from payment service providers such as Klarna in order to confirm your identity and address details.

• Social networks where you afford a service access to your data in one or more networks, for example if you have chosen to identify yourself via Facebook or LinkedIn we compile data from your public Facebook or LinkedIn profile.

• Suppliers that help us determine geographical locations based on IP address.

• Partners with whom we collaborate in order to offer services or to participate in joint marketing activities; we can, for example, obtain data from our event partners (such as a co-organiser) if you apply to participate at any of our events through our event partner.

• Publicly available sources, for example open public authority databases or other data sources which are availableis available to the general public, such as SPAR (The State’s Personal Address Register).

• When we arrange an event directed towards companies and/or individuals in their professional capacity we collect contact details from our partners, for example Bisnode, or from publicly available sources, for example websites and social media such as LinkedIn. The data is used to contact potential customers to market our services and products. We may also collect information about your title, specialization, workplace and industry. This data may be collected from you or from publicly available sources in order to personalize marketing to you in your professional capacity and to be able to deliver products to your workplace. 

• Companies that sell lists with contact details to companies and/or individuals in their professional capacity. 

Other 

If you do not provide data which is necessary to gain access to the services or a particular function, there is a risk that you will be unable to use the specific service or function.

Providing services and products and administer our customer relation to you or the company that you represent .

Description of data processing

We process your personal data to provide you or the company that you represent with the services and products ordered by you or the company that you represent, for example delivering a newspaper to your address, delivering your digital subscription, to make our podcasts available to you sending newsletters that you have subscribed for, and to administer your participation in  courses, conferences and industry networking events that you have signed up for. We may also have to verify your identity or age in order to ensure that you are entitled to a certain offering.

If a digital account is part of the service we process personal data to create and give you access to the account.We also process personal data to customize content and give you a more personalized experience of our services that can be based on your activities on our websites, interests and favorites etc. 

If you are a member of one of our networks we may share information about you and your company to other members of the network on the network platform and in marketing for the network. Please read more under “How and why we share personal data”.

If you are a participant, speaker or jury member at an event, or if your represent a company that participates in an event, we may process your personal data to administer your/your company’s participation. You can find more information about personal data processing under “Specifically about events”.

Categories of personal data:

Name and contact details, authentication details, unit data and settings (if you have a user account), personal identification number (if you make a purchase as a consumer and we need to verify whether your are entitled to a certain offering), work related information (if you purchase a product/service in your professional capacity). In order to be able to customize content and provide a more personalized experience of our services we may process unit and user data, purchase history, customer profile data and work related information (if we have a relationship with you in your professional capacity).

Legal basis:

If you are the buyer of the product/service: Performance of Contract for all processing necessary to carry out our contractual obligations to you, including customizing our services. This includes e g delivery of your newspaper or facilitating logging in to your account. Sometimes we need to process personal identification numbers to be able to provide access to an offering that is only available for some customers. 

If your company is the buyer of the product/service: Legitimate Interest.

Some event processing activities may be based on Performance of Contract, Legitimate Interest or Consent. Please find more information under “Specifically about events”.

Payment and invoicing 

Description of data processing

We process your data to process payments, send invoices and if needed to verify your identity (e.g. when payment is made by invoice). If you participate at an event as a member of the jury we process your invoice details to facilitate payment. 

Categories of data

Name and contact details, payment information, personal identification number in connection to payments by invoice/autogiro.

Laglig basis

Performance of Contract. Performance of Contract. Processing of personal identification numbers may be necessary to ensure correct payment.

Communication about your service/product

Description of data processing

We may contact you by email, telephone, push-function or otherwise to provide you with information relevant for your subscription, purchase or use of our services. We may for example inform you when a subscription is about to expire or when we update our terms and conditions; notify you when security updates are available;  remind you that you still have products in your shopping cart or inform you that you need to take measures to keep your account active.

Categories of data

Name and contact details. 

Legal basis

The legal basis applicable depends on our relationship with you and what the communication concerns.

• If the communication concerns information that we are contractually obliged to communicate to you: Performance of Contract.

• If the communication concerns information that we are obliged by law to communicate to you: Legal Obligation. 

• If the communication concerns information that we are not obliged to communicate to you but we believe that it may be useful for you when you use our services: Legitimate Interest.

• If we have an agreement with the company that you represent and we are contractually obliged to communicate certain information: Legitimate Interest. 

Specifically about events

In addition to what is stated elsewhere in this privacy notice, we may process certain personal data in connection to our events. 

• We may process and publish pictures and recorded material from the event in order to provide information about upcoming events. The legal basis is Legitimate Interest.

• If you are a speaker or participant we may process your name and picture for marketing purposes if you have agreed to this separately in accordance with the Swedish  act “Lagen om namn och bild i reklam (1978:800)”. The legal basis is Performance of Contract. 

• We may collect information about allergies and food preferences to us or our partner so that we can provide food/snacks at the event. The legal basis is Consent.

• We may publish lists of event participants (name, company, title) and provide you with a name tag at the event. We may also provide a certain event app to, among other things, provide information about the event. The legal basis is Legitimate Interest.

• If you participate as a member of the jury we will process your contact details and work related information to administer your participation. The legal basis is Legitimate Interest. 

If you participate at an event your contact details may be shared with our event partner, please read more under “How and why we share personal data”.

Customer service, phone recordings etc

Description of data processing

We may process your personal data to provide you with customer service and to administer complaints regarding your purchase or subscription, event, course or other service or product. We will also process your personal data if you contact our privacy team or data protection officer. 

If you contact our customer service by phone our conversation may be recorded for your and our safety and/or for quality and educational purposes.

Categories of personal data

Name and contact details, correspondence 

Legal basis

Usually Performance of Contract or Legitimate Interest, depending on the matter. Recordings of conversations is done based on Legitimate Interest.

Customer and market surveys

Description of data processing

We may send out customer surveys via email and ask you to evaluate an event that you participated in or a service that you have used. We may also send you an inquiry to participate in one of our panels. Prior to upcoming events we may contact our professional contacts to make research regarding topics of interests and trends.  

Categories of personal data

Name and contact details, work related information (if we have a relationship with you in your professional capacity), correspondence (the answers that you provide).

Legal basis: Legitimate Interest.

Administration of competitions and votings

Description of data processing

If you participate in a competition or voting that we arrange we may process your data in order to administer your participation, which includes collecting your contribution/answers and to appoint and communicate a winner. 

Categories of personal data

Name and contact details, the contents of your contribution/answer to us.

Legal basis

Legitimate Interest.

Analytics and product improvement/development

Description of data processing

We use personal data to analyse and improve our existing services and products, among other things by updating functions and obtaining an increased understanding as to how we can improve your user experience. For example, we use error reports in order to improve security functions, user behavior such as which articles have been read and which podcasts have been listened to, search questions and clicks on our websites to improve the relevance of search results, to determine which new functions should be prioritized, what content to be published on our websites and placement of relevant content. We use various analytic tools such as Google Analytics to collect data about how our websites are used in order to develop analyses based on such data. The data may for example present the most visited pages on the website, how the visitors navigate through the website and from which pages the visitors exit the website. Website analytics may also provide insight in how often visitors return to our websites and what content is viewed the longest. Sometimes we conduct surveys where we ask questions to our visitors in order to evaluate our services and products. This analysis may be used for, inter alia, product improvement.

We also develop statistics and aggregated analyses regarding our business. We use this information to make well informed decisions and to plan for future strategies for our business operations.

Categories of personal data

Unit and user data, age, gender, demographic data and household information, work related information (if we have a relationship with you in your professional capacity) and purchase history.

Legal basis: Legitimate Interest.

Direct marketing and telemarketing, including profiling

Description of data processing

We use different channels for marketing, e.g. postal, telephone, email, SMS and our websites and other digital channels. The marketing may, depending on channel, include our own products and services as well as other companies’ products and services. 

Our marketing may be based on how you have used our services, such as reading and purchase history, as well as age, gender and demographic data. If we have a relationship with you in your professional capacity we may also direct our marketing based on your title and company. We may for example choose to direct our marketing to a certain target audience, such as “women in Stockholm aged 30-35 who have read many articles on finance” or “IT managers within the healthcare sector”. Part of our profiling is conducted through so called machine learning (“Artificial Intelligence or “AI”). Through AI we try to understand which products that a user may be most interested in based on what the user previously consumed on our websites. 

If we contact you by telephone to market our services or products to the company that you represent, we may record the part of the conversation where we come to an agreement, to be used as proof of contract. 

If we have a relationship with you in your public, political capacity, we may process personal data that reveals which political party you represent. This information may be used to send you marketing, for example for conferences directed towards members of City Council or other political representatives. 

You always have the right to object to our direct marketing and telephone marketing, including profiling for these purposes. Please read more under “Your individual rights” and “How you to access and check your personal data”.

Categories of personal data

Name and contact details, unit and user data, purchase history, customer profile data, work related information (only used for marketing directed towards professionals). Information about political parties (only if we have a relationship with you in your public, political capacity). 

Legal basis: Legitimate Interest. Information that reveals which party you represent may only be processed if we have a relationship with you in your public, political capacity, provided that the information has manifestly been made public by yourself in accordance with Article 9.2 e) GDPR.

Display, measure and personalize ads on our platforms

Description of data processing

We process certain data to be able to display and measure ads. The advertisement that you see on our websites and other digital channels may be based on how you have used our services, such as your reading and purchase history, as well as age, gender and demographic data. We may for example choose to display an ad to a certain target group such as “men aged 50-55 that consumed material on gardening”. If you are a corporate customer representative we may use your title and company as a basis for the profiling of ads. 

Some of our profiling is done using machine learning (“Artificial Intelligence” or “AI”). Through AI we try to understand which products a reader will be most interested in based on previous reading history on our websites. 

Most of the data processing described above is conducted using cookies and similar techniques. If you are a customer with a user account we may also use certain ID:s, so called “Publisher Provided Identifier” (PPPID) that is created using your user ID and which is shared in a pseudonymized form with our partner Google within our advertising cooperation. When you are logged in on your account we may use these PPIDs to limit the number of times that you are exposed to a certain ad (so called frequency capping) and to display ads in a certain order (so called ad rotation) on our websites. Like cookies, our processing of PPIDs is only conducted if you have consented to this on our cookie consent platform. 

You can also receive customized advertising when we match the email address of our customer register with the email address of our advertisers' customer register and in such a way include you in a certain target group. The matching is made by us and the advertiser by uploading our respective registers with our customers' email addresses in a so-called hash format (which makes it impossible to read the email address itself) to a platform that automatically matches the hashed email addresses. If you are a customer of both us and the advertiser, there will be a match and you will be divided into a certain target group by us, which controls which advertisements you will receive from the advertiser. In order for you to receive this type of advertising it is required, in addition to your consent to our use of cookies for advertising purposes, that you continuously log in to our sites.

For the matching itself, we and the respective advertiser are joint controllers for personal data, which means that you can contact both us and the advertiser for questions about the matching and how your email address is processed because of it. You will find a list of current advertisers here.

By changing your cookie settings for the purposes “Annonsrelaterade ändamål - i samarbete med annonspartners” and “Cookies för profilering samt anpassning av innehåll, erbjudanden och annonser på våra sajter/appar” you can limit the personalisation of ads and content on our websites and apps. Please read more in our Cooke Policy.

Categories of personal data

Unit data, user data, purchase history, customer profile data, contact details namely email address, and work related data (if you have a relationship with us in your professional capacity).

Legal basis: Legitimate Interest.

Custom audience advertising on other platforms

Description of data processing

We may use custom audience advertising in various ways on other platforms, including Facebook, Twitter and Google. 

• Some of our websites/apps use tools to display better ads for you on other platforms, e g the Facebook pixel. These tools are only used if you have consented to this in our cookie consent platform (CMP). Please note that when we use these tools the other platform may collect certain data about your behavior on our website/app (which URL you have visited), IP address and technical information. 

• If you visit our social media pages, e g our Facebook pages, both we and the social media platform may adapt ads displayed to you on the social media platforms using user data from your activities on our social media page, depending on your settings on the platform. 

If you are or have been a customer to us, we may use your email address in order to be able to show you advertisements of our services and products on the other platform, or to exclude you from seeing our advertisement. Direct link to your advertising settings. Please read Facebook’s data policy for users here.

Categories of personal data

User and unit data, email address. 

Legal basis

For custom audience advertising using Email addresses we use Legitimate Interest as legal basis. For the Facebook pixel we use consent (collected through the cookie consent platform on each website/app).

How can I control custom audience advertising on other platforms? 

The Facebook pixel and similar tools are only used if you have consented to this in our CMP. You may withdraw your consent at any time. Please go to “Cookie settings” or similar on our website/app if you want to change your settings. 

You can also change your settings on the social media platform. If you for example have an account on Facebook, you can change your settings here: Direct link to your advertising settings. Please read Facebook’s data policy for users here.

If you want to object to us using your email address for custom audience advertising on other platforms, please contact our Privacy Team.

Security

Description of data processing

We use information in order to protect our products, services and customers’ security and to discover and prevent fraud (for example double take up of offers). When you log into your user account, we create a registration of the login, in order to be able to search for errors and to prevent and investigate IT attacks and other security threats.

Categories of personal data

Log data. We may also process names, email addresses and personal identification numbers to prevent double take up of offers.  

Legal basis

Legitimate Interest or Legal obligation (if we are legally obligated to protect certain information assets).

Disputes and enforcement of agreements

Description of data processing

We may use information to resolve disputes and enforce our agreements.

Categories of personal data

Depends on the situation.

Legal basis

Depends on the situation, normally Legitimate Interest, Legal Obligation or Performance of a Contract.

Compliance

Description of data processing

We use information in order to comply with applicable legislation such as the Swedish Accounting Act (Sw: bokföringslagen) and the GDPR. We may also have to process personal data to comply with other legal obligations, court orders or authority decisions.

Categories of personal data: 

Accounting Act: Information about your purchases; normally information included in an invoice such as name, address and purchased product and price. 

GDPR and the Marketing Act: We may have to process name, address and sometimes personal identification number in order to comply with the NIX register. If you have requested that we do not contact you by email, post or telephone, we may retain a copy of the relevant contact information in our distribution blocked list to ensure that you do not receive undesired direct marketing in the future. 

Administration of data subject rights under the GDPR, including right to access and deletion: The personal data that we have registered and that we are obligated to process due to your request. 

Other: Depends on the situation. 

Legal basis: Legal Obligation.

About legal basis

We primarily process your personal data on the legal basis that our processing is necessary for the performance of a contract to which you are a party (“Performance of a Contract”), or that the processing is necessary for the purposes of the legitimate interests pursued by us or a third party (“Legitimate Interest”). In some cases our processing is based on your consent (“Consent”) or that the processing is necessary for compliance with a legal obligation (“Legal Obligation”).

We have made the assessment that we have a Legitimate Interest to process personal data in those cases where the processing is necessary to meet our users’ and customers’ wishes and requests, to evaluate, develop and improve our content and the services and to be able to market our services and products and be relevant in our offerings and advertising. Finally, we have a legitimate interest to protect our business operations.

Miscellaneous 

We have chosen to provide further information about some of our services under the headline “More information about some of our services” below. Here you will find further information about our personal data processing in connection to some of our services such as Kamratposten, some specific offerings and benefits, Bonshop, and Bontravel.

If we plan to use personal data for a new purpose, other than as described in this policy, you will be informed of such use before, or in connection with, compilation of the personal data. If legally required we will request your permission.

Cookies and similar techniques

Cookies and similar tracking technologies are, among other things, used in order for us to improve functionality on our websites, to direct relevant content, offerings and advertisements to you and to ensure that the services are working correctly. We use both first-party cookies and third-party cookies (e.g. for advertisement). 

Advertisers, media agencies and other partners use  cookies and technologies to deliver ads on our websites and to measure how many users have seen the ad, and to personalize the ads. In order for us to be able to use certain tools and display certain content from other platforms it may be necessary to allow our partners to use cookies and similar techniques on our websites. Retargeting is a form of interest-based advertising which allows our advertisers to display advertising based on your reader and click patterns on a website which is not controlled by us. For example, if you visit an online clothing store, and if you have consented to the clothing store’s cookies, this may allow the clothing store to direct advertising to you on our websites. 

You will find more information on what cookies we use and how to manage your cookie settings in our Cookie Policy. On our FAQ site you will find more information on how we work with advertising.

Suppliers that are data processors

We engage suppliers that provide services on our behalf, for example customer relationship management systems and case management systems, analytics tools, communication systems such as email and chatt, customer service support, marketing and traffic measurement, development services and for assistance in protecting, supporting and maintaining our systems and services. These suppliers may require access to personal data, and may have to process data, in order to provide such services. These suppliers are bound by so called data processing agreements and are not allowed to process the data for its own purposes.

Payment service providers

The payment information which you provide to carry out a purchase is shared by us with banks and other institutions that process payment transactions or deliver other financial services, and to prevent fraud and reduce credit card risks.

Invoice in the Kivra app

If you have a digital mailbox in Kivra you may receive your invoice in the Kivra app when purchasing some of our products and services. We share your personal identification number and content in your invoice with Kivra in order to provide your invoice in the Kivra app. We share this information on the legal basis Performance of Contract. Kivra Sverige AB is an independent controller of the personal data it processes from when your invoice has been made available in your digital mailbox.

Distribution partners

We share personal data (name and address) with our distribution partners to deliver a product that you have purchased, e.g. Postnord (Tidningstjänst AB) or Nim Distribution I Skåne AB. Each distribution company is an independent controller of the personal data that they process in relation to deliveries.

Our networks

If you are a member of any of our networks, e.g. one of our CEO networks, information about you and the company/organization that you represent may be visible for other members of the network through the network platform. The information that may be visible is your name, company, industry, turnover, telephone, email address and link to your LinkedIn profile. You can also update your profile with more information about yourself that you want to share with other members. We may ask for your permission to publish a photograph. You can also choose to make your information non-visible to other members.

Information about your role and the company/organization that you represent may also be used in marketing of the network that you participate in. You always have the right to object to the use of your personal data in such marketing.

As a member of Di Nätverk Exklusiv you will be asked to answer questions about your experience, role and challenges in your professional role. This information will be used by Di for the purpose of optimizing our network groups and to better understand ou network groups and their needs in order to optimize our content for the meetings as possible. This information will be deleted when there is no longer any purpose for keeping the data or when your membership is terminated. 

Speakers

If you are a speaker at one of our events we may share your contact information with the moderator of the event for the purpose of administering the event and your participation. Please let us know if you do not wish for us to share your data with the moderator.

Company customers

If you receive your subscription through your employer we may share information about your name and email address with your employer so that the employer can keep its company subscription updated. 

Advertising  -Third party cookies and matching

Third party advertising cookies etc

In connection to advertising certain unit- and user data may be collected by advertisers and other advertising partners via cookies/technologies on our websites/apps. We may also share certain ID:s, so called Publisher Provided Identifiers (PPID), with Google for the purpose of limiting the number of times an ad is displayed to you and to determine in which turn we display different ads to you. PPID is only used for customers with digital accounts.  related to customers with digital user accounts. 

Our  advertising partners are controllers for their own processing of personal data, and they are required to collect consent for their processing through our consent management platform (CMP) which you usually find under “Cookie-inställningar”, “Anpassa cookies”, “Integritetsinställningar” or similar. There you will also find more information about each partner and for what purposes they use cookies and personal data. This information is gathered in the CMP under the subject line “Annonsrelaterade ändamål - i samarbete med annonspartners”. You can also reject partners using cookies and personal data by visiting the CMP. 

In addition to advertising partners other third parties may use cookies and similar technologies when we use their technique/tools or display content from their platforms etc. These partners may also collect certain data such as IP addresses and other unit and user data which they process as controllers. More information is available in the website’s/app’s CMP. There you can also reject some cookies and data processing by these third parties.

You can find more information about cookies and how you can manage your cookie settings in our Cookie policy.

Matching

You can also receive customized advertising when we match the email address of our customer register with the email address of our advertisers' customer register and in such a way include you in a certain target group. The matching is made by us and the advertiser by uploading our respective registers with our customers' email addresses in a so-called hash format (which makes it impossible to read the email address itself) to a platform that automatically matches the hashed email addresses. If you are a customer of both us and the advertiser, there will be a match and you will be divided into a certain target group by us, which controls which advertisements you will receive from the advertiser. In order for you to receive this type of advertising it is required, in addition to your consent to our use of cookies for advertising purposes, that you continuously log in to our sites.

For the matching itself, we and the respective advertiser are joint controllers for personal data, which means that you can contact both us and the advertiser for questions about the matching and how your email address is processed because of it. You will find a list of current advertisers here.

Event partners

When participating at a conference in your professional capacity, your personal data may be shared with our partners who participate at the conference (co-organisers, sponsors and exhibitors) in order for them to be able to market their services to you which may be of interest in your professional capacity. The event partners process personal data as independent controllers. We share your personal data based on our Legitimate Interest to, among other things, increase the opportunities for networking within the business community as between participants and our event partners. You have the right to object to our sharing of your personal data to event partners by contacting us, see the chapter “Contact us”.

Social media / plug-ins

When you use our services you can choose to share articles via social media via a social plug-in (for example, a share button). When you share information via a social plug-in, your browser will transfer unit data to the social medium, such as date and time of the sharing, the type of unit you use, your operating system and IP address, URL for the visit, as well as information regarding the article you share. For more information about how relevant social media process the information you provide via social plug-ins, we encourage you to read the respective social medium’s terms and personal data policies.

Facebook and similar services

When we use certain tools and functions for custom audience advertising on other platforms, such as Facebook, the social media platform may collect certain data. Please read more under “How and why we process personal data”, sub-headline “Custom audience advertising on other platforms”.

Introduction

Di-gruppen is part of the larger media group Bonnier News. The group company Bonnier News AB (reg.no. 559080-0917) provides certain central functions that Di-gruppen uses. Furthermore, the companies within Di-gruppen have various collaborations with each other and with the group companies Dagens Samhälle Insikt AB, Bonnier Healthcare Sweden AB, Medibas AB and Bonnier News AB. In these cases the companies may have a joint controllership for the personal data that they process. This section provides more information about our joint processing. If you have questions regarding the joint processing or if you want to exercise your rights, you can always contact the company that you have a customer relationship with or that you have received communication from or otherwise been in contact with. You are also welcome to contact our privacy team by sending an email to dataskydd@bonniernews.se  

Joint intra-group database B2B

The group companies Bonnier News AB,  Bonnier Healthcare Sweden AB and Medibas AB have a joint database within their B2B business that contains information about professionals, representatives of existing or potential corporate customers as well as participants at conferences, educations and other events. The categories of data included are mainly name and contact details, work related information, user data and purchase history. The companies may share this data for marketing purposes via email, sms and telephone towards professionals, provided that the marketing is deemed to be relevant for the receiver in his/her professional capacity. The participating companies may also use the joint database for creating segments to use for targeted advertising on their websites/apps, to target marketing on Facebook and for analytics purposes, e g for analyzing the effect of a campaign or to obtain aggregated statistics. Such analyzes may be used for product improvements.

The legal basis for the joint processing is our legitimate interest of being able to market our products and services towards professionals in an efficient manner, and to achieve relevance in our marketing activities. We also have a legitimate interest in offering attractive advertising space on our websites/apps, and to be able to analyze our business to better understand and improve our services.  The companies are joint controllers for the data processing in the joint database. If you want to object to all direct marketing and/or telemarketing from the participating companies you can send an email with your request to dataskydd@bonniernews.se. 

 Bonnier Healthcare and Medibas provide the services Medibas, NetdoktorPro, Pharma Insights and Bonnier Academy.

Miscellaneous

We may disclose personal data as part of a joint transaction, for example a merger or sale of assets. Finally, we may need to disclose or store your data when we believe that doing so is necessary to:

1. Comply with laws or legal processes and to disclose information to the police and other competent authorities;

2. Protect our customers, for example to prevent junk mail or attempted fraud;

3. Manage and maintain the security of our products, including preventing or stopping an attack on our systems or networks;

4. Protect rights or property belonging to us, including performance of the terms which determine your use of the services. When necessary, we refer the matter to the police for further action.

Note that some of our websites contain links to external companies, for example to offers regarding products and services, whose personal data policies differ from ours. If you provide personal data in any of these products, your personal data is processed in accordance with their respective personal data policy; we recommend that you read such policy before disclosing data to an external company. We are not responsible for the use of your personal data by such external companies.

Privacy Portal

We have gathered information on how to access and control your personal data on our privacy portal (www.privacy.bonniernews.se) under the section “Hantera personuppgifter”.You are also always welcome to contact our Privacy Team.

User account

You can control certain data through your user account. 

Unsubscribe from direct marketing

If you receive advertising messages from us by email or text message and wish to unsubscribe from them, you can do so by following the instructions in the message, or by contacting our Privacy Team. Please see contact details under “Contact us” below. You can also unsubscribe from newsletters and direct marketing emails via our Privacy Portal at www.privacy.bonniernews.se. Note that such subscription cancellation does not apply to other communication which is required to enable us to provide the Services, such as communication regarding changes or updates to user terms.

Cookies

You can find information on how to adjust your cookie settings here. 

If you would like to contact any of our advertising partners that use cookies and collect data on our websites/apps and who process such data as data controllers, please go to ”Cookie-inställningar”, “Anpassa cookies” or similar cookie setting link on the relevant website/app and click on “våra partners” to find the privacy notice including contact information to each partner.

Introduction

We have gathered information on how to access and control your personal data on our privacy portal (www.privacy.bonniernews.se) under the section “Hantera personuppgifter”. You are also welcome to contact customer service. Contact information about whom to contact to protect any of your rights is available under "Contact us".

You have the following rights:

Consent

If processing of personal data is based on your consent, you are entitled at any time whatsoever to withdraw your consent to future processing of your personal data. If you have consented to cookies and similar technologies on a website/app, you can withdraw your consent via “Cookie-inställningar”, “Anpassa cookies” or similar on the relevant website/app.

Register extract and right to information about our data processing

You have the right to know

• the purposes of the processing and the categories of personal data processed,

• which recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in countries outside the EU/EEA or international organizations,

• where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period,

• information about the existence of your right to request rectification or erasure of personal data or restriction of your personal data or to object to such processing, and to lodge a complaint with the supervisory authority,

• where the data is not collected from you, any available information as to the source,

• the existence of automated decision-making referred to in Article 22.1 and 22.4 GDPR, i e if you are subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. In such a case, we shall also provide information about the significance and the envisaged consequences of such processing for you. 

You can find more information at the Swedish Authority for Privacy Protection’s website.

Deletion

You are, under certain circumstances, entitled to request that your personal data is deleted. The right to have your personal data deleted generally applies if: 

• the personal data are no longer necessary in relation to the purposes for which they were collected, 

• you withdraw the consent that the processing was based on,

• the personal data was used for direct marketing or telemarketing and you object to the processing,

• you object to other processing performed with the legal basis legitimate interest and we have no overriding legitimate grounds for the processing, 

• the personal data have been unlawfully processed, 

• the personal data have to be erased for compliance with a legal obligation, or

• the personal data has been collected in relation to the offer of information society services directly to a child.

If the conditions above are not fulfilled we may deny your request for deletion, for example if the personal data are still necessary to process in relation to the purpose for which they were collected. There are also some exemptions from the right to have your personal data deleted. This is the case when the processing is necessary 

• for exercising the right of freedom of expression and information,

• to comply with a legal obligation such as the Swedish Accounting Act (Sw: bokföringslagen) that require us to store certain transaction data for 7 years, or

• for the establishment, exercise or defense of legal claims, for example if we are in a legal dispute with you.

There are a number of other exemptions under the GDPR; if the processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, for reasons of public interest in the area of public health, or for the performance of a task carried out in the public interest or in the exercise of official authority. These exemptions are however rarely or never applicable in our line of business. 

Examples

• Active subscriber: If you have an ongoing subscription on a newspaper and request deletion, we cannot delete the personal data necessary for us to deliver the newspaper, administer payments and similar actions. However, you are entitled to object to us using your contact details for direct marketing a telemarketing. We will then keep your contact details to be able to deliver the service and communicate about changed terms and conditions and similar, but we will not use your contact details for marketing purposes. 

• Former subscriber: If you previously had a subscription with us we can usually delete most of your personal data, however we need to keep certain information about your transactions for 7 years in order to comply with the Swedish Accounting Act. This usually comprises invoice information. 

• Newsletter recipients: If you are not a current or former customer, but you have subscribed to a cost-free newsletter, and thereafter request deletion, we will normally delete all personal data that we have about you.

You can find more information at the Swedish Authority for Privacy Protection’s website.

Rectification

You are entitled to request rectification of incorrect or incomplete information about you. 

You can find more information at the Swedish Authority for Privacy Protection’s website.

Limitation

You are entitled to demand that we limit the processing of your personal data, for example if you think that the personal data we have are incorrect, that our processing is unlawful or that we do not need the personal data for a specific purpose. You may also request that we do not process your personal data during the time that we investigate your claims or objections. 

You can find more information at the Swedish Authority for Privacy Protection’s website.

Data portability

In certain cases you are entitled to data portability, i.e. to receive personal data which has been provided by you, in a structured, generally usable and mechanically readable format and to be able to transfer such to another controller of personal data in those cases where our entitlement to process your personal data is based either on your consent or on performance of an agreement with you.

You can find more information at the Swedish Authority for Privacy Protection’s website.

Objection 

You are entitled, at any time whatsoever, to object to direct marketing via email, mail, sms and telephone (including profiling for this purpose), with the consequence that we may no longer continue to use the data for this purpose. 

You are also entitled to object to other personal data processing based on the legal ground legitimate interest (Article 6(1)(f) GDPR)).

 We must possibly cease the processing unless we can show compelling justifiable reasons which outweigh the interest in not processing the personal data, or if the processing is necessary for the establishment, exercise or defense of legal claims. 

You can find more information at the Swedish Authority for Privacy Protection’s website. 

Complaint to the Swedish Authority for Privacy Protection

You are entitled to complain to a data protection authority. The Swedish Authority for Privacy Protection (Sw: Integritetsskyddsmyndigheten) is the authority in Sweden which exercises supervision over the manner in which we, as a company, comply with legislation. You can find the authority’s website here: www.imy.se.

Miscellaneous 

It costs nothing to exercise your rights. We answer requests about your rights and enquiries about access to or deletion of your personal data within, as a starting point, one month. The time to get back to you may be elongated by two additional months if the matters is particularly complex or when we receive a large amount of requests. We reserve the right to charge a reasonable fee or decline to take any measure in the event of an unreasonable or manifestly unfounded objection or request.

Information regarding editorial content

Editorial content such as our articles, pictures and TV programs are not subject to the provisions of the GDPR. This means that you cannot request removal of an article based on the provisions of the GDPR. If you discover any errors in published material please contact editor-in-chief. 

Security for your personal data

We employ a number of security methods to protect your personal data from unwanted access, use and disclosure. For example, personal data which you state on a computer system to which there is restricted access is stored in protected premises. In conjunction with the transfer of extremely sensitive data (for example, credit card numbers and passwords) via the Internet, we provide protection of such data through encryption. In those cases where our providers use subcontractors, we conduct regular audits of such subcontractors to ensure that processing takes place in accordance with this policy and our security routines. When analysing customer views, product development, personalisation, trends, statistics and for similar purposes, we primarily use anonymous data which does not consist of personal data; alternatively, we use pseudonymised data which cannot be linked to a specific individual without supplementary information being used.

Where we process personal data

We process data primarily within the EU/EEA, however in certain cases we use suppliers who are established in the US or in other countries outside the EU/EEA, such as for distributing newsletters, for development and maintenance of our systems and for web analytics. Countries outside the EU/EEA do not always ensure a level of protection for personal data equivalent to that guaranteed within the EU/EEA. It may therefore be necessary to implement supplementary measures when personal data is processed outside the EU/EEA. In those cases where we use suppliers who are processing personal data outside the EU/EEA, we have ensured that there is a legal basis for such processing for example by entering into standardised contractual clauses with the recipient of the personal data, that are approved by the EU Commission.

It has so far been issued three sets of standard contractual clauses for personal data transfers.  These are accessible on the EU Commission’s website: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en.

Specifically about Google Analytics

We specifically want to inform that we use the analytics tool Google Analytics (read more about how and why we you the tool under ”How we use personal data” and ”Cookies and similar tracking technologies”). Google Analytics stores data on our behalf in several countries, including the USA. You find more information about Google’s data center locations here: https://www.google.com/about/datacenters/locations/. Google has engaged sub-processors who process data in different countries. You find more information about Google’s sub-processors and their locations here: https://privacy.google.com/businesses/subprocessors/.

You find the standard contractual clauses applicable to our use of Google’s services here: https://privacy.google.com/businesses/processorterms/mccs/  

Introduction

We store personal data for the time necessary for the reasons for which they are used, e.g. for such time as required to enable us to provide the services; to maintain and improve the performance of existing services; to distribute necessary communication and market communication; to engage in development of our services; and to perform our statutory obligations. Since needs can vary as regards different types of data and with respect to different types of services, products and contexts, the period in which we store the information may vary.

Customers and users 

We keep your personal data during the time we have a user or customer relationship and for a certain period of time after our user or customer relationship has ended. Below is a specification of our retention times. 

• We will keep your personal data for 24 months after termination of your subscription,digital account or other service, or after your purchase of a product. Your data will be used, among other things, for sending newsletters, interest based email direct marketing and telemarketing. Please read more about our purposes under “How we use personal data”.

• Please note that if you terminate your payment subscription but continue to use your digital user account as a free service we will keep your data for as long as you actively use the service. If you do not use your digital account for a certain amount of time (max 24 months), the account and your personal data relating to the account will be deleted. 

• If you have registered a free digital user account, the account and personal data relating to the account will be kept for an initial time period of 24 months, regardless of whether you are using the account or not. If you do not use your account for a certain period of time (max 24 months) after the initial time period, we will delete your account and the personal data relating to it. 

We will store information relating to your purchases/transactions for 7 years for accounting purposes under the Accounting Act (Sw: bokföringslagen).

Company contact details

If your contact details are connected to a company that you represent, for example in conjunction with an event, your contact details may be stored to direct marketing to you for up to 36 months after the concluded event. 

Prospects

We may collect contact details for potential customer representatives for marketing purposes by telephone or email We normally store these contact details for 12 months from the date the contact details were collected by us.

Individuals who have reported interest in our services

If you have signed up to report your interest in one of our services we will keep your personal data for 24 months after the date of collection.

If you have provided your personal data to get access to one of our news articles on Facebook we will keep your personal data for 13 months after the date of collection.

Recording of telephone conversations

We store telephone conversations for 3 months.

Personal data processed by our data protection officer

If you contact our Data Protection Officer (DPO) with a question, complaint or similar we will normally keep the information in the matter for 6 months after the date when the matter is closed. 

Miscellaneous

Your personal data is deleted or anonymized when it is no longer relevant for the purposes for which it has been compiled. In conjunction with analyses of customer views, trends, etc. we use anonymous data which does not comprise personal data, alternatively pseudonymised data which cannot be attributed to a particular individual without additional data which requires specific measures. 

Your personal data may be stored for longer than stated above in those cases where we are obliged to do so pursuant to any law, ordinance or public authority decision or to retain data which must be retained in order to resolve a dispute or if you have consented thereto. 

Kamratposten

When you purchase a subscription on Kamratposten we collect your personal data. You must be at least 18 years old to be able to purchase Kamratposten. If the buyer informs us that a child should be the recipient of the magazine we will register the child’s name and address. This data will only be used to send the magazine to the child. We will thus not use the child’s data for any marketing, advertising or similar purposes. 

Offerings and benefits

We provide certain offerings and benefits to customers and end users on specific platforms such as upptack.dn.se. We may inform you about our offerings and benefits through newsletters. To be able to get access to the offerings you may be required to go to websites belonging to third parties, i e the companies that provide the products or services which the offerings relate to. Please note that we are not responsible for these companies’ use of your personal data. 

Bonshop.se

Bonshop.se provides subscribers with a broad range of beneficial offerings to popular lifestyle brands and a variety of courses created with regards to our readers’ interests. If you subscribe to a course that we arrange together with a partner your personal data may be shared and processed by our partner in accordance with the terms applicable for the course. 

Bontravel

Bontravel provides subscribers with a broad range of experiences, exclusively created for the subscriber group. We cooperate with experts and experienced partners within different areas also outside of Bonnier News, including arranging trips, courses and events such as boot camps, writing courses, fashion trips, trend nights and ski weekends. If you sign up for an experience that we arrange together with one of our partners, your personal data may be shared and processed by our partner in accordance with the applicable terms, presented to you when you sign up. 

Please note that when you book a trip you may have to provide sensitive information such as food preferences on flights/hotels and allergies to us and our partners. We will process such data only if we get your consent which you may provide when you sign up.

Privacy Portal

We have gathered information on how to access and control your personal data on our privacy portal (www.privacy.bonniernews.se) under the section “Hantera personuppgifter”.

Privacy Team 

If you have questions about our data processing or a complaint you are welcome to contact our privacy team by sending an email to: dataskydd@bonniernews.se 

Data Protection Officer

Our data protection officer (“DPO”) supports and monitors our organizationorganisation’s GDPR compliance. You are welcome to contact our DPO if you have a complaint or questions about our processing of your personal data. Please send an email to dpo@bonniernews.se. Please note that if you want to exercise your rights, for example to have access to your data or to have your data deleted, it is better to first contact our Privacy Team.

Customer Service

If you want to get in contact with customer services, please find our contact details here.

Generally

We will update our privacy notice as needed to reflect customer feedback and changes to our services or if we consider that we can clarify and improve the information. When the notice is updated, the date of the latest update is changed at the bottom of the notice. In the event of major changes to the notice or in the way we use your personal data, where so required by law you will be notified via an announcement on the website or by email before the changes enter into force. Please read this personal data policy from time to time to stay updated as to how we at Bonnier News process your personal data. 

Latest version

This privacy notice was updated on: April 28, 2023