GDPR & Privacy Policy

Updated: 20230401

1. Introduction

This General Data Protection Regulation (GDPR) Data Protection and Privacy Policy ("Policy") outlines the principles and procedures followed by CellSwap AB ("the Company") regarding the collection, processing, and sharing of personal data and behavioral data in compliance with the European Union's General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Definitions

  • Personal Data: Any information relating to an identified or identifiable natural person.

  • Behavioral Data: Data collected on the behavior, preferences, and interactions of individuals with our products, services, or platforms.

  • Anonymized Data: Data that cannot be linked to an individual without the use of additional information and is used to ensure the protection of privacy.

  • Processing: Any operation or set of operations performed on personal data, whether by automated means or not.

  • Data Subject: The individual to whom the personal data relates.

  • Controller: The entity that determines the purposes and means of processing personal data.

  • Processor: The entity that processes personal data on behalf of the controller.

  • Data Protection Officer (DPO): The person responsible for ensuring GDPR compliance within the Company.

3. Data Collection and Processing

3.1 Lawful Basis for Processing

The Company will only collect and process personal data and behavioral data when there is a lawful basis for doing so, including:

Consent: When the data subject has given explicit consent for the processing.

Contractual Obligations: To fulfill contractual obligations with the data subject.

Legal Obligations: To comply with legal requirements.

Legitimate Interests: When processing is necessary for the legitimate interests pursued by the Company or a third party.

3.2 Types of Data Collected

The Company may collect and process the following types of data:

Personal data such as:

• Contact information: Name, address, phone number, email address, etc.

• Identification data: Passport number, ID number, Driver’s license, etc.

• Financial information: Bank account details, payment card information, etc.

• Demographic information: Age, gender, nationality, etc.

• Other data voluntarily provided by data subjects.

Behavioral data such as: 

  • Website usage

  • Interactions with our products and services

  • Other behavioral information collected through cookies

  • Analytics tools, or other tracking mechanisms.

3.3 Data Use and Purpose

The Company will process personal data and behavioral data for the following purposes:

  • To provide and fulfill services or contracts with data subjects.

  • To comply with legal obligations.

  • To communicate with data subjects.

  • To improve and personalize user experiences and content.

  • To protect the security and integrity of personal data.

  • To improve our operations, products, and services.

4. Data Security and Retention

The Company is committed to maintaining the security and confidentiality of personal data and behavioral data. Appropriate security measures will be in place to prevent unauthorized access, disclosure, alteration, or destruction of data.

Data will be retained for no longer than necessary for the purposes for which it was collected. When data is no longer needed, it will be securely deleted or anonymized.

5. Data Sharing and Sale

The Company may share personal data and behavioral data with third parties for the purposes of improving our operations and providing personalized experiences. The Company may also sell anonymized data to third parties for analytical and research purposes, ensuring that the data is no longer identifiable.

6. Third-Party Data Processing

6.1 Selection of Third-Party Processors

The Company may engage third-party processors to handle personal and behavioral data on our behalf. All third-party processors must comply with GDPR and have adequate data protection measures in place.

6.2 Data Processing Agreement

The Company will ensure that a Data Processing Agreement (DPA) is in place with any third-party processor. The DPA will specify:

• The scope and purpose of data processing.

• The technical and organizational measures to protect personal data.

• The rights and responsibilities of both parties regarding data protection.

• The process for reporting and handling data breaches.

7. Data Subject Rights

Data subjects have the following rights:

• Right to access their personal data.

• Right to rectify inaccuracies in their data.

• Right to erasure (right to be forgotten).

• Right to restrict processing.

• Right to data portability.

• Right to object to processing.

• Right not to be subject to automated decision-making.

8. Data Protection Officer (DPO)

The Company has appointed a Data Protection Officer who can be reached at contact@gociklo.com for any questions or concerns regarding data protection and privacy.

9. Policy Updates

This Policy may be updated to reflect changes in data protection laws or our data processing practices. Data subjects will be informed of any material changes.

10. Contact Information

For questions or concerns regarding this Policy or data protection, please contact:

CellSwap AB

Författarvägen 23

167 71 Bromma

Sweden

contact@gociklo.com

11. Compliance and Accountability

The Company is committed to complying with the GDPR and other applicable data protection laws. Our data protection practices will be regularly reviewed and audited to ensure compliance.

12. Conclusion

This GDPR Data Protection and Privacy Policy outlines our commitment to protecting personal data and behavioral data while using it to improve our operations. We will always strive to uphold the highest standards of data protection and privacy in compliance with applicable laws.

By using our services, data subjects acknowledge and agree to the terms outlined in this Policy.