RESEARCH TITLED REGULATING EMERGING TECHNOLOGIES - Privacy Policy
We are very keen on being compliant with the European data protection rules and principles to protect you and your personal data. We at KassaiLaw will always go the extra mile to protect your privacy data and never sell it any third parties. This Privacy Policy contains all information related to the data processing in relation to our research titled Regulating emerging technologies, concerning the collection, use, storage, disclosure and erasure of data. Please, revise this Privacy Policy carefully before you disclose any of your personal data to us.
1. Preamble
1.1 KassaiLaw AB, as data controller (“KassaiLaw”) is a virtual advisory firm. KassaiLaw organises and runs the research titled Regulating emerging technologies (“Research”). If you, are the participant of the Research (“Participant” or “Data Subject”), you may disclose certain personal data to us.
1.2 For the purposes of this Privacy Policy, the terms ‘we’ or ‘our’ etc. shall mean the KassaiLaw and ‘you’ or ‘your’ etc. shall mean the Participant.
1.3 This Privacy Policy requires the expressed consent hereto by you which you can withdraw anytime. Your consent shall be voluntarily, specific and based on the related information we provide to you. We also need you to keep in mind, that in some cases there may be further grounds to our data processing, other than your consent, such as fulfilling our legal obligations. In these cases, withdrawal of consent does not necessarily mean that we cease to process your personal data. You can see further details of the legal grounds in Section 4.
1.4 KassaiLaw may amend this Privacy Policy unilaterally, at any time as the business processes and the relevant legal requirements develop. This Policy comes into effect upon its publication.
1.5 KassaiLaw handles your personal data confidentially and is committed to take all the safety, technical and organizational measures that guarantees the security of your data.
1.6 KassaiLaw is also committed to process your personal data lawfully, fairly and in a transparent manner; we only collect and process data that are suitable and relevant for the purposes of data processing, and are necessary to achieve such purpose.
1.7 KassaiLaw attempts to ensure the accuracy and up-to-date nature of the personal data; therefore, we take all necessary measures for the immediate erasure or rectification of inaccurate data.
1.8 Your personal data is only yours, therefore you can request the restriction of data processing, to rectification or erasure of you data and you can object at any time, free of charge via e-mail: at office@kassailaw.com. We respond to You without undue delay, but latest within 30 days from the receipt of the request. If we have to reject to perform your request, we will provide a proper justification of rejection. In justified cases, depending on the complexity and number of requests) we can extend the deadline by two further months and we will inform you about that within one month of receipt of the request, together with the reasons for the delay.
2. Service provider’s data
Name of Controller | KassaiLaw AB |
Registered seat of Controller | 115 48 Stockholm, Labradorgatan 30. |
Electronic mailing address used for regular communication | |
Phone number | +46 76 324 4410 |
Website |
3. Applicable laws
KassaiLaw hereby declares to process your personal data in compliance with the prevailing laws and regulations, with special regard to the following:
- The related EU regulation: the General Data Protection Regulation of the European Union (Regulation 2016/679 (EU), the ‘GDPR’);
- Swedish Law (2018: 218) with supplementary provisions to the EU Data Protection Regulation [Lag (2018:218) med kompletterande bestämmelser till EU:s dataskyddsförordning]).
4. Possible legal Grounds
4.1 The legal ground for personal data processing is one or more of the followings:
a) Your voluntary consent (Article 6 (1) (a) of GDPR);
b) Contract concluded by and between KassaiLaw and the Participant for contractual performance (Article 6(1) (b) of GDPR);
c) The processing of the personal data is necessary for the performance of KassaiLaw’s legal obligations, such as auditing and accounting liabilities, or anti-money laundering and counter-terrorist financing purposes (Article 6(1) (c) of GDPR);
d) For the enforcement of the legitimate interest of KassaiLaw or a third party (Article 6(1) (f) of GDPR).
4.2 You can grant and withdraw your consent to the use of your personal data for advertisement purposes.
5. Data controlled by KassaiLaw
5.1 We may collect personal information from you in the course of the Research. If you reject to comply with our request to provide personal data, KassaiLaw is entitled to lawfully reject the provision of Research, so you may be unable to participate.
5.2 Within the scope of data controlling, we can in particular pursue the following activities: to collect, record, register, systematize, store and use the personal data for the purposes of data processing, to query, block, erase and destruct your data and to prevent the further use thereof. In lack of a related legal obligation, we never publish, align or coordinate your personal data with each other.
5.3 To undertake these goals we may controll the following data provided by you. The disclosure of these data is necessary for the provision of the Research:
Data Subject | Legal grounds | Data category | Purpose of Data Controlling |
Participant of the Research | 4.1. a) | E-mail address | Advertising, marketing activity; Maintenance and development of service; Identification of the Participant and ensuring the communication; Establishment and maintenance of a reliable and safe environment, enforcement of claims and rights, prevention and handling of fraud; Compliance with legal obligations relating to our Participants (e.g. informing necessary authorities). |
Compliant, requestor | 4.1. a), c) | Name (first and last name) | Conducting the complaint management process, carrying out a request; Identification of the person and ensuring the communication. |
E-mail address | |||
Phone number | |||
Address |
6. data transfers
6.1 To be able to provide you with undisturbed Research, for quality assurance purposes, as well as to enable the investigation of customer claims and complaints, we might have to transfer your data to third parties. By accepting this Privacy Policy you give your expressed consent to these data transfers.
Recipient of data transfer | Scope of data that may be transferred |
Transfer of data to contributors | To the personal data processed by KassaiLaw shall have access; the personal data shall also be made available to the contributors, as data processors of KassaiLaw, but only if their access to and processing of personal data is required for the purposes of data processing related to the given data category. |
Publicly displayable information | KassaiLaw may only display publicly those information with respect to which the Data Subject has granted its consent to the disclosure thereof on the social/public surfaces of the KassaiLaw’s partners. |
Compliance with Laws | Except for the cases defined in this section 6 and the case if KassaiLaw is instructed by the court to transfer data upon provisions prescribing mandatory data transfer to a specific authority, state or administrative organ and such instruction cannot be lawfully rejected, KassaiLaw may not transfer the personal data provided to it to third parties. |
6.2 To be able to provide you the Research, we use the contribution of the following third-party service providers:
Hosting service provider, or a company providing system operation services to KassaiLaw upon contractual relationship (Data Processor) | Name: Google Ireland Limited The address of the hosting service provider: Gordon House, Barrow Street, Dublin 4, Ireland Company reg. no.: 368047 Telephone number of the hosting service provider: 353-1-436-1000 Contact page of the hosting service provider: https://about.google/contact-google/ The website of the hosting service provider: https://google.com/ |
6.3 The Data Processor assists KassaiLaw in the smooth operation of the IT infrastructure that facilitates the storage of personal data provided to KassaiLaw, Data Processor has no direct access to personal data. We expressly declare that we have no direct or indirect liability with respect to the data processing activity of the Data Processor and the security of personal data in the course thereof; in this regard, the privacy policies and regulations of the Data Processor shall apply.
6.4 If we need to involve further data processors, we will notify you about that by the modification of our Privacy Policy.
7. Data collected from third parties
7.1 We only collect your personal data collected by third parties if you have given your explicit consent to the data transfer directly to those third parties which is your responsibility to arrange. We do not supervise that your consent is properly given, we trust both you and those third parties who shall also be compliant with the data protection rules. Therefore, we are not liable for the collection and processing of such data by third parties.
7.2 If you use the services of a third-party service provider (like Facebook, Instagram, etc.) to contact us, then we can request those data of yours from the concerned third party that are essential to the provision of the services. To the provision or change of such data, the privacy policies of the concerned third-party service provider shall apply.
8. The method and term of the use of the data collected
We only process your personal data if it is essential, suitable for and limited to the extent and duration required to the achievement of the purposes set for processing.
Purpose of Data Processing | Justification of purpose | Duration of data processing |
Communication related to the Research | KassaiLaw may use your personal data in order to communicate with you in relation to the Research, such as sending you the final report prepared by KassaiLaw based on the results of the Research. | KassaiLaw shall control the personal data until the purpose of controlling has ceased, or erases them in case further controlling of such data is no longer necessary for the purpose of controlling. Participant may request for the erasure of his/her data in a letter sent to the office@kassailaw.com e-mail address. For the purposes of evidencing in the case of a dispute, the data of the concerned Participant shall be processed during the term of the general limitation period (5 years), and for five (5) years after the final and binding closure of the dispute. |
Advertising, marketing activity | KassaiLaw may use your personal data only in relation to the following advertising and marketing activities: promotional messages, advertisements, newsletters, sending other information promoting our services, via email. | |
Maintenance and development of service | KassaiLaw shall use the data collected by it or through third-party service provider for the following purposes of maintenance and development of the Research. KassaiLaw shall use the personal data of the Participant to enable the continuous development and improvement of the Research. | |
Ensuring the communication in general | KassaiLaw may use the Participant’s personal data to ensure effective communication with the Participant, in the course of which KassaiLaw contacts and identifies user through their contact data provided. | |
Establishment and maintenance of a reliable and safe environment, enforcement of claims and rights, prevention and handling of fraud | KassaiLaw may use the personal data of the Participant to secure the legitimate interests of Participants in the course of the Research. In the scope of the above, KassaiLaw shall be entitled to the following activities: the prevention and termination of fraud, spam, misuses and other harmful activities, to perform security investigations and risk analysis, to check and verify the data provided by the user. | |
Compliance with legal obligations relating to our Participants (e.g. informing necessary authorities) | Compliance with relevant informational, reporting obligations, authority administrations and obligations connected to taxation, contributions, etc. | |
Conducting the complaint management process, carrying out a request Identification of the user and ensuring the communication. | Compliance with relevant complaint management obligations. |
9. Rights and obligations of the Parties
9.1 Controlling of Participants’ data, rights of information
9.1.1 You can access your personal data which have been collected by us. Please, notify us of any change in your data, at office@kassailaw.com. You are responsible for ensuring the up-to-date status of the personal data. In order to protect you, in case of any requests coming concerning your data, we need to verify the person. We do not retain personal data for the sole purpose of being able to react to potential requests.
9.1.2 KassaiLaw shall take appropriate measures to provide you with all information concerning the processing of personal data, in a concise, transparent, comprehensible and easily accessible form, in a clear and comprehensible form. The information is mainly provided electronically on request at the e-mail address office@kassailaw.com. Proof of the identity of the Data Subject is always required for the information.
9.1.3 KassaiLaw shall, without undue delay, but in any case within one month from the receipt of the request, inform the Data Subject of the action taken following his / her request. If necessary, taking into account the complexity of the application and the number of applications, this time limit may be extended by a further two months. KassaiLaw shall inform the Data Subject of the extension of the deadline, indicating the reasons for the delay, within one month from the receipt of the request.
9.1.4 If KassaiLaw does not take action at the request of the Data Subject, it shall inform the Data Subject without delay, but no later than within one month from the receipt of the request, of the reasons for non-action and that the Data Subject may lodge a complaint with one of its supervisory authorities and may exercise its right of judicial review.
9.1.5 This right of the Data Subject shall be provided free of charge by KassaiLaw, however, if the request is unfounded or excessive, for example due to repetition, taking into account the administrative costs of providing the requested information or action or taking the requested action, KassaiLaw may refuse the action or charge a fee.
9.1.6 If we process a large quantity of information concerning you, we may need you to specify the information or processing activities to which the request relates before the information is delivered.
9.2 Rectification and erasure: You can ask us to rectify your personal data if necessary or to delete them where the retention of such data infringes the provisions of the related laws and regulations or if they are no longer necessary in relation to the purposes for which they are originally processed.
9.3 Withdrawal of consent and restriction of processing: In case you withdraw your consent to out processing of your personal data, we might not do that if processing is necessary for the protection of exercising the right of freedom of expression and information, for compliance with a legal obligation, for the performance of a task carried out in the public interest etc. The processing of personal data is essential until the proper, contractual completion of the contract concluded by and between KassaiLaw and you.
9.4 Right to object: You still have the right object against the processing of your personal data considering your individual circumstances even if it is lawfully processed for the performance of a task carried out in the public interest or in the exercise of official authority vested in KassaiLaw, or on grounds of the legitimate interests of controller a or a third party.
9.5 Right to data portability: If you need it, we can provide you with a structured, commonly used and machine-readable format or all of your personal data processed by us and you can transmit those data to another controller.
9.6 The Obligation of the Participant
9.6.1 You are the only one who is responsible for the lawfulness, reality and accuracy (i.e. the quality) of your data under criminal liability. You should only provide your own data when participating in the Research. If the you provide another person’s data, the consent of the actual data subject shall be acquired by the you, as the data source.
9.6.2 KassaiLaw has no liability, either direct or indirect, for the legal consequences arising from the fact that the you provided another person’s data or provided false data.
9.7 Competent Supervisory Organ
The supervisory organ with regards to the data processing of KassaiLaw is the following authority:
Swedish Data Protection Authority, with regards to the owner of KassaiLaw | Name: Swedish Authority for Privacy Protection (IMY) Website: https://www.imy.se/ Address: Drottninggatan 29, plan 5, 10420 Stockholm Post address: Integritetsskyddsmyndigheten, Box 8114, 10420 Stockholm Phone: 08-657 61 00 Email: imy@imy.se |
10. Automated decision making, profiling
We do not apply decision-making procedures that are based solely on automated processing, including profiling, which would have legal effects on you. Should we introduce such procedures in the future, you will be properly notified about that and we will ask for your consent thereto.
11. Further important information
11.1 Data Protection Officer: in our standpoint, KassaiLaw is not obliged to appoint a data protection officer, as the main activities do not involve data processing operations that would allow a regular, systematic and high-scale follow-up monitoring of the Data Subjects; furthermore, KassaiLaw does not process any special categories of personal data or crime-related data which have relevance from criminal law aspect.
11.2 Supervisory organs and other authorities: the territorial scope of this Privacy Policy may cover also foreign authorities, if the Participant has a registered seat or business site out of KassaiLaw’s area of operation, in a foreign country.
11.3 Processing of sensitive data
We do not process personal data which are, by their nature, particularly sensitive in relation to fundamental rights and freedoms merit specific protection as the context of their processing could create significant risks to the fundamental rights and freedoms. If we decide to process such sensitive data, this activity shall be pursued with special care and diligence, having your expressed consent thereto, and only the extent it is required.
We do not process personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation or criminal data.
11.4 Processing children’s data
We do not knowingly collect personal information online from children under the age of 18.
12. Personal data breach
12.1 In case of personal data breach, where the incident is likely to pose a high risk to the rights and freedoms of those concerned, we submit the report towards the data protection supervisory authority required by the laws and regulations, without undue delay, but in any case, within 72 hours from getting aware of the incident. We have developed internal procedures in case of personal data breach, and personal data breaches are also recorded into a registry. If you are affected by such personal data breach will also be notified, if the prevailing laws and regulations require so.
12.2 If you detect a threat of personal data breach, we ask to report it immediately via email at office@kassailaw.com. Furthermore, in case of personal data breach, you may initiate a court case against KassaiLaw.