Welcome to our Privacy Notice

This is where we explain how we process your personal data and what we do to respect your integrity!
– All the best from Captain Compliance

Thanks for using our websites and services! Like our customers, we believe personal integrity is important and we take your privacy seriously.

After having read this Privacy Notice, we hope you feel confident that we work hard to live up to your expectations.

We’re a company that was founded to help with creating more trust between people who want to have more control over their data – like you – and companies that want to use this data in a respectful and transparent way to improve their services – like us.

 

Who should read this Privacy Notice?

This Privacy Notice is relevant for anyone visiting our websites, using our services or otherwise interacting with us.

Does this Privacy Notice cover all our processing activities?

No, it only concerns the processing of personal data for which we are the data controller – in other words, where we decide the purposes (why the data is processed) and the means (what data is processed, for how long it is stored, who will process it and how, etc.) of the processing.

So what does this Privacy Notice not cover? – It doesn’t cover any processing of personal data that we conduct as a data processor – meaning, where we process data on our customers’ behalf and following their instructions when users use our services. For those activities the DPOrganizer Data Processing Agreement applies that we enter into with our customers (which are the data controllers in this case).

How do we process your personal data?

Here you find out more details about the way we process your personal data, including what personal data we process about you, why we do it, where it came from, who is involved, how it is lawful for us to do it, and for how long we process your personal data.

Just select the data subject category you belong to and the Transparency Widget – one of DPOrganizer’s many awesome features – will help you find out everything you need to know!

Website visitors are people that merely browse our websites (incl. the Watercooler website).

People we communicate regarding our products/services and other activities are people who submit information through our website, participate in our events/webinars/surveys, or whom we contact to offer our products.

Customer representatives and DPOrganizer users are the representatives of our business customers and the people who use DPOrganizer (including demo and trial account users).

Watercooler users are people that have a profile on Watercooler, our online community created to bring privacy professionals together.

It is possible that you belong to more than one category, so make sure to read all that might be relevant for you.

We keep your personal data until it’s no longer needed to fulfil the purpose it was collected for. You can find all the relevant details in the Transparency Widget above!

In addition to that, we could be required to keep your data for longer to fulfil legal obligations, but in such a case we won’t use the data for anything else.

We won’t share your personal data with third parties in a way that allows them to use the personal data for their own marketing purposes.

In cases where we transfer personal data to a country outside the European Economic Area, we will either ask for your consent first, or make sure that the transfer is lawful and safe by taking other measures (e.g. Standard Contractual Clauses).

What say do you have in how we process your data (aka. your rights)?

We might be the ones in the driver’s seat on the processing of your personal data when you use our websites or services. But that doesn’t mean that you can’t do anything about it. You have rights and they are important to us!

We believe you have the right to have your data processed only in accordance with your expectations. But you also have rights laid down by applicable law, below you can read more about them, starting with the ones we believe might be most relevant for you.

You have the right to be informed about certain details on the processing of your data. We provide this information through our Transparency Widget above.

You have the right to receive a copy of the personal data we process about you. You can receive this data by reaching out to us.

You have the right to correct the personal data we process about you if you see that it is inaccurate.

You have the right to withdraw your consent that allows us to use cookies and similar technologies by changing your browser settings.

You have the right to erasure if:

  • the personal data is no longer necessary for the purposes it was collected for;
  • your particular situation gives you the right to object to processing on grounds of legitimate interest (see more below);
  • processing the personal data has been unlawful; or
  • there is a legal obligation under EU or Swedish law for us to erase the data.

You have the right to request us to restrict the processing of your data if:

  • the personal data we have about you is inaccurate;
  • The processing is unlawful and you ask us to restrict the use of the personal data instead of erasing it;
  • we no longer need the personal data for the purposes of the processing, but if we still need it for the establishment, exercise or defence of legal claims; or
  • you have objected to the processing claiming that the legal basis of legitimate interest is invalid and are waiting for the verification of this claim.

You have the right to object to the processing of your data if:

  • you can show that your interests, rights and freedoms regarding the personal data outweigh our interest to process your personal data; or
  • we process your personal data for direct marketing purposes.

You have the right to data portability:

  • for personal data that you provided to us; and
  • if the legal basis for the processing of the personal data is the fulfilment of contract or consent.

We will send a copy of your data in a commonly used and machine-readable format to you or a person/organisation appointed by you.

Fill in the below form and we will get back to you.

If you are unhappy with the way we process your personal data you can always lodge a complaint with the Swedish Authority for Privacy Protection (IMY) at imy@nullimy.se.

How can you contact us?

The legal entity behind DPOrganizer is DPOrganizer AB, which is also the data controller responsible for how your data is processed under this Privacy Notice. Our headquarter is in the heart of Stockholm at Grev Turegatan 3, 114 46 Stockholm, Sweden.

If you want to know more about our data processing activities, what we do to keep your data safe or to exercise one of your above described rights, feel free to send us an email at dataprotection@nulldporganizer.com.

Updates to this Privacy notice

23 August 2021

  • Removed Facebook as other recipient to the data subject category ‘Website visitors’

26 May 2021

  • Removed Gong.io as a processor to the data subject categories ‘Customer representatives and DPOrganizer users’ and ‘People we communicate with regarding our products/services and other activities’

22 February 2021

  • Added Facebook as other recipient to the data subject category ‘Website visitors’

26 January 2021

  • Added the data subject category ‘Watercooler users’

21 September 2020

  • Removed Zendesk and Gooddata as data processors to the ‘Customer representatives and DPOrganizer users’ data subject category. The support portal functionality is now handled in Salesforce
  • Removed G2 Crowd, Drift, Eventbrite and Airtable as data processors
  • Removed Facebook and Twitter as other recipients

5 February 2020

  • Changed the legal basis from legitimate interest to consent for the processing activities involving the ‘Website visitors’ data subject category

31 October 2019

  • Removed Delighted as a data processor to the ‘Customer representatives and DPOrganizer users’ data subject category

11 September 2019

  • Added Calendly as a data processor to the ‘Customer representatives and DPOrganizer users’ and ‘People we communicate with regarding our products/services and other activities’ data subject categories
  • Changed Facebook, LinkedIn and Twitter to be listed as other recipients (previously data processors) to reflect recent CJEU case law

4 June 2019

  • Added Delighted as a data processor to the Customer representatives and DPOrganizer users data subject category
  • Added Gong as a data processor to the People we communicate with regarding our products/services and other activities data subject category

3 May 2019

  • Added AppCues as a data processor to the Customer representatives and DPOrganizer users data subject category

6 February 2019

  • Clarified data subject categories
  • Specified data processors
  • Specified retention times