PRIVACY POLICY

Sublyfe AB (“Sublyfe” or “we”/”us”/”our”) process personal data in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, General Data Protection Regulation (“GDPR”) and any other Swedish laws and regulations applicable in the field of data protection. This Privacy Policy explains how we use the personal data that we collect from you (“Customer” or “you”) when you use our Services as stated in our Terms of Use [https://sublyfe.com/terms]. It also describes your rights toward us and how you can exercise your rights. Capitalized terms used herein without definition shall have the meanings assigned to them in the Terms of Use.

Sublyfe will only process personal data to the extent necessary to fulfil the Services under the Terms of Use and for purposes which are compatible with providing the Services. In this regard, Sublyfe is the controller of your personal data. Sublyfe may act as a data processor when a Customer would be considered data controller for purposes of GDPR in connection with its use of Sublyfe’s Services and/or payment providers.

1. ON WHAT LEGAL GROUNDS DO WE PROCESS YOUR PERSONAL DATA?
   1. “Personal data” means any information relating to an identified or identifiable natural person that, directly or indirectly in combination with other information, can be linked to a living, natural person. Personal data is a very broad term, and it includes the name, contact details and IP addresses of such person.
   2. “Processing” of personal data means, including but not limited to, collecting, registering, organizing, structuring, and storing. Processing also means alteration, production, reading, listing, using, and disclosing personal data by transfer, disseminating, changing, removing as well as deletion of the personal data.
   3. “Data subject” means an identified or identifiable person to whom personal data relates.
   4. Sublyfe will only process personal data if we have a lawful basis for doing so. Lawful bases for processing include consent, contractual necessity and our “legitimate interests” or the legitimate interest of others. Sublyfe may process personal data based on the following legal grounds in GDPR;
   1. In the event Sublyfe foresees the need to process your personal data for a purpose which, pursuant to applicable laws and regulations, should be based on your consent (on grounds of Art. 6(1)(a) GDPR), we will contact you in advance, to inform you about the processing for which your consent is required before the consent is collected and ask for your consent.
   2. To fulfil an agreement with you or to respond to your request for customer service. The legal ground for this is that the processing is necessary for the performance of an agreement or contract to which the data subject is party or to take steps at the request of the data subject prior to entering into an agreement or contract (Art. 6(1)(b) GDPR).
   3. To comply with legal obligations to report to authorities and third parties. The legal ground is that processing is necessary for compliance with a legal obligation to which the data controller is subject (Art. 6(1)(c) GDPR).
   4. To satisfy a legitimate and justified interest of Sublyfe in processing your personal data, such as marketing our Services by contacting potential and existing customers via e-mail, newsletters, or letters, in order to inform you about our Services, offers and events. The legal ground for this is that the processing is necessary and that Sublyfe has a legitimate interest (Art. 6(1)(f) GDPR) that is not overridden by the fundamental interests and freedoms of the data subjects.
   5. We base our use of cookie files, which are not necessary but can be classified as analytical, to provide the Services, on your explicit consent, cf. (Art. 6(1)(a) GPDR).
   6. We base our use of functional and necessary cookie files on your explicit consent, cf. (Art. 6(1)(a) GDPR).
2. WHAT INFORMATION DO WE COLLECT?
   1. When you visit one of our digital channels (for example our website, social media), as well as when you contact us via e-mail, we may collect information about you, such as your name, adress, e-mail, phone number, identification data and information regarding your use of our Services. In some cases, we may process your personal identity number. Personal data that may be collected and processed by Sublyfe could include:
      1. your name, e-mail, address, telephone number, banking information and payment details, IP address, personal settings;
      2. cookie files stored on your computer or your telephone (or other digital device which you may use to visit our digital channels) for the purpose of identifying your browser and to recognize your search history, settings and preferences. You will have the right to refuse Sublyfe’s processing of personal data using cookie files; and
      3. other information regarding your use of our Services, which we may collect from our surveys and other means of communication with Sublyfe.
   2. Please note that when you enter your personal data in connection with using the Services of our payment providers, you must read and accept the payment provider’s terms and conditions, which can be found here: https://stripe.com/se/privacy
3. HOW DO WE PROCESS YOUR PERSONAL DATA?
   1. The Customer has through this Privacy Policy been informed about the fact, that when it processes its own personal data, the Customer acts as the data controller. It is therefore important for the data subject to protect and update login information, protect devices such as telephones and computers against viruses, etc., and comply with applicable law and data protection legislations. When entering free text responses, caution must be taken to avoid entering any integrity, sensitive or unnecessary personal data. When the Customer processes its own personal data Sublyfe shall act as a data processor. The data controller is in such case solely responsible for the accuracy, quality, and legality of (i) the personal data provided to Sublyfe by or on behalf of the Customer, (ii) the means by which the Customer acquired any such personal data, and (iii) the instructions it provides to Sublyfe regarding the processing of such personal data. The Customer shall not provide or make available to Sublyfe any personal data in violation of this Privacy Policy or otherwise inappropriate for the nature of the Services.
   2. The personal data will be, dependent on the purpose for which it is collected, archived, confidentially erased, or anonymized in accordance with the rules of archiving when it is no longer necessary. Personal data will be stored during the time it is necessary for Sublyfe to fulfil its obligations and for the purposes set out above. Sublyfe will implement measures to provide the personal data with protection against unauthorized access and loss thereof.
   3. In the event a personal data incident incurs, Sublyfe shall notify the Customer as soon as possible and in any event within 72 hours of becoming aware of the incident. A personal data incident means a security incident that leads to an accidental or unlawful destruction, loss or alteration, unauthorized disclosure or unauthorized access to the personal data transferred, stored, or otherwise processed. As personal data will be transferred over the internet, it is important for data subjects to be aware of the associated risks.
   4. If the personal data incident leads to a high risk to the rights and freedom of a data subject, such data subject must also be contacted without delay.
   5. Subject to applicable data protection legislation, Sublyfe shall not be liable for any damages arising from the processing of personal data. In any event, Sublyfe shall not be liable for indirect damages. Notwithstanding anything said in this clause 3.5, Sublyfe is not seeking to exclude liability for gross negligence and wilful misconduct nor any other mandatory terms and conditions stipulated by Swedish and European law.
4. WILL YOUR INFORMATION BE SHARED WITH OTHERS?
   1. The Customer has through this Privacy Policy been informed about the fact that personal data will be stored in a database for the purposes described above. If Sublyfe engages co-operation partners, Sublyfe shall ensure that any personal data is afforded equivalent protection as prescribed in this Privacy Policy and in accordance with the GDPR. Sublyfe may also transfer personal data to others within Sublyfe’s business operation, coordinators, co-operation partners and providers, as well as third parties, including but not limited to suppliers, cloud service providers, consultants, and authorities. Sublyfe shall, however, only transfer personal data if Sublyfe has a legal ground under the GDPR to do so.
   2. Sublyfe may also transfer personal data to a third country, i.e., a country outside the EU/EEA, or to international organizations according to applicable laws and data regulations. Sublyfe and third parties may be based anywhere in the world, which could include countries that may not offer the same legal protections for personal data as the data subject’s country of residence. Sublyfe will follow local data protection requirements and its internal global privacy standards and Sublyfe will apply the necessary safeguards under the applicable law of the country transferring the data for such transfers. The Customer is encouraged to get further information about the legal aspects of third-party transfers: www.imy.se.
5. WHAT ARE YOUR DATA PROTECTION RIGHTS?
   1. Data subjects have the right to object to Sublyfe’s processing of the personal data such as, for example, when processed in connection with direct marketing. Data subjects also have the right to request deletion, restriction, and rectification of the personal data. If consent is withdrawn, or if the stored personal data is incorrect or irrelevant, Sublyfe must delete, restrict, or correct such personal data. If Sublyfe is the processor of your personal data, i.e., not the controller, for purposes of GDPR, please contact the controller of your personal data in the first instance to address your rights with respect to such data.
   2. Data subjects have the right to request information about Sublyfe’s processing of personal data. If a request is made electronically, Sublyfe shall provide the information in an electronically readable form which is structured and commonly used. Any request from data subjects shall be answered within a reasonable period by Sublyfe.
   3. Sublyfe shall, upon request, provide information about the purpose of the processing, what personal data is being processed, recipients of the personal data and, if possible, for how long the personal data will be stored. Upon request, Sublyfe shall also provide information about the possibility to request deletion, rectification, or alteration of the personal data, as well as how to lodge a complaint to Sublyfe or the competent supervisory authority. Furthermore, Sublyfe shall upon request provide information about the origin of the personal data, the existence of profiling and automatic decision-making, and any transfers to third countries. If requested, Sublyfe shall also provide the data subjects with a copy of the processed personal data.
   4. Data subjects have the right to transfer the personal data to another data controller (data portability), as well as to lodge a complaint regarding Sublyfe’s processing of personal data. Complaints shall be submitted to support@sublyfe.com and/or the competent supervisory authority according to the contact details in clause 7 below.
   5. This Privacy Policy may be updated at any time and the latest updated version may always be found on Sublyfe website: https://sublyfe.com/terms
6. DO WE USE COOKIES?
   1. We store cookie files on your computer, telephone (or other digital device which you may use to visit our digital channels) for the purpose of identifying your browser and to recognize your search history, settings and preferences. You will have the right to refuse Sublyfe’s processing of personal data using cookie files.
   2. A cookie file is a small data file that a web server (the visited website) saves in a user’s web browser. By sending the content of the cookie file back with each request to the website, the web server can keep track of the user’s identity or preferences. The cookie file can have several purposes, e.g., storing information about the users and their use of a website, users’ buying patterns, or enabling direct individualized advertising to the user.
   3. We will always obtain consent from you for all cookie files that are not considered necessary.
   4. WHICH TYPES OF COOKIES DO WE USE?
      
      We use the following cookies:
      Strictly necessary cookies – These cookies are strictly necessary in order to enable you to move around the website and use its features. The Website cannot function without these cookies. Strictly necessary cookies do not require your consent as they enable services you have specifically asked for and which cannot be provided otherwise.
      
      Functionality cookies – These cookies enable the Website to save details that you have provided in order to offer a better experience, such as, e.g. allow the Website to remember choices you make such as your username, language or the region you are in. Some parts of the Website may not function properly without these cookies.
      
      Performance cookies – These cookies are used in order for us to analyse the performance and design of the Website and to detect errors. These cookies also enable us to recognise that you have visited the Website before, which sites on the Website that visitors visit most frequently and how much time visitors spend on the Website. The purpose of these cookies is solely to improve the performance of the website and your experience.
      
      Advertising cookies – These cookies are used to track your visit across websites to display ads that are relevant and engaging for you as a user. These cookies may be automatically enabled and can be managed to your preferences through your browser settings.
7. HOW CAN YOU CONTACT US ABOUT THIS POLICY?
   1. Sublyfe’s contact details are as follows: Sublyfe AB, with address Regeringsgatan 70 A, 111 39 Stockholm. Sublyfe can also be reached by e-mail, support@sublyfe.se
   2. The contact details of the competent supervisory authority in Sweden are as follows: The Swedish Authority for Privacy Protection (Sw. ‘Integritetsskyddsmyndigheten’), org. no. 202100-0050, with address Box 8114, SE-104 20 Stockholm, Sweden. The Swedish Authority for Privacy Protection can also be contacted by telephone, +46 (0)8-657 61 00, or by e-mail, imy@imy.se. For more information about the Swedish Authority for Privacy Protection, please visit: www.imy.se.