We, Convendum Corporation AB (publ.), 559020-5182, with affiliated subsidiaries (hereinafter “CONVENDUM”, “we”, “us”) have created this Privacy Policy (hereinafter the “Policy”) to inform you of how we process your personal data. The Policy covers our processing of personal data related to members’ (or potential members) contact persons, users, suppliers (or potential suppliers’) conference guests, and visitors. Please review this Policy carefully for information about the processing of your personal data.

CONVENDUM Corporation AB is the data controller
CONVENDUM is the data controller in relation to the processing of your personal data. You can contact us as follows:
CONVENDUM Corporation AB
Box 3359
Regeringsgatan 48
103 67 Stockholm
Sweden
info@convendum.se | +46 (0)10 510 08 88

Definitions used in this Policy
Visitor: a living person who enters our premises.
User: a living person who is employed by, or in other ways engaged by with a member of ours.
Member: an entity (or a sole proprietor, as applicable) who is in a contractual relationship with us regarding our co
working services.
Conference guest: a living person who have booked, or is a participant in, a meeting or conference held in our premises.
Services: any services we provide.
Partner Representative: a living person who is a representative of our business partners (other than Members) such as suppliers.

Our processing of your personal data
In accordance with EU data protection legislation, we are responsible for the personal data processed when we provide our Services, and we are responsible for ensuring that we process your personal data in accordance such legislation.

You can visit our website without providing your personal data. However, depending on what service you want us to provide (e.g. book a view of our facilities or sign up for a membership, private office or renting a conference room) we will need to collect and process some of your personal data. The information is needed in order to fulfil our commitments to you, whether you are a User, a Visitor, a Conference guest or a Partner Representative.

What personal data do we process?
We may process the following personal data:
– Name and contact information, such as email address, address and phone number.
– Business-related information, such as which company you work for and other business-related information that may be relevant for our business relation with you.
– IP address and MAC address when you use our networks.
– Video footage from our camera surveillance systems.

Why do we process your personal data?
We may process your personal data for the following purposes:
To provide and improve our Services, such as:
– to have updated information about you;
– to communicate relevant information regarding the Services;
– to administer and deliver requested services to you, including setting up user accounts;
– to administer payment obligations;
– for internal troubleshooting, data analysis, testing, and statistical purposes;
– to ensure that content is presented in the most effective manner for you and for your device;
– to conduct customer satisfaction surveys regarding our Services (for example after you have contacted our customer service) via email, text message, phone, or through other means;
– for general business development purposes;
– to prevent misuse of the Services as part of our effort to keep the Services safe and secure; or
– enter or maintain business relationship with suppliers (or potential suppliers)

For marketing purposes, such as:
– to communicate relevant information regarding us and our Services;

For security related purposes, such as:
– to prevent theft of, or damage to, our or our members’ property;
– to carry out risk analysis, fraud prevention and risk management;
– if we suspect your activity on our site is in violation of our Terms of Service or our other policies for the use of particular products or services.

For compliance with applicable laws, such as regulations on bookkeeping and tax.
– If you provide us with your consent to process your personal data for a specific purpose (which you will be separately informed of).

Where and when do we collect your personal data?
We collect your personal data directly from you for the purposes stated above, under the following circumstances:
– when you provide your data to us directly through our website or other electronical means; or
– when you provide your data to us directly through physical means.

We might also collect your personal data for the purposes stated above from others, under the following circumstances:
– when a Member or a third party provides your data to us directly through our website or other electronical means. For example, when a Member wishes to set up a user account to one of its employees;
– when we, through a third party (including publicly accessible sources), gather information about a Member; or
– when a Member or a third party provide us directly through physical means.

The personal data collected from others will only be processed within the scope of our operations where we have a legitimate interest or if required by applicable laws.

Legal basis of the processing
We will use the following legal bases in our processing of your personal data:
– the processing is necessary for us to carry activities where we have a legitimate interest in processing your personal data (e.g. in our daily operations of providing the Services, for marketing purposes and for security related purposes);
– the processing is necessary for us to fulfil a legal obligation (e.g. bookkeeping and tax legislation); or
– the processing is based on your consent.

Sharing and disclosure of information
We do not sell your personal data to any third parties, but we may share your personal data with authorities to fulfil our legal obligations.

We may also share information when selling unpaid debts to third parties, e.g. to debt collection agencies. In the event that we sell or buy any business or assets, we may disclose your personal data to the prospective seller or buyer of such business or assets. If we or substantially all of our assets are acquired by a third party, personal data attributable to the member’s or suppliers’ contact persons may be disclosed and transferred. Before any divestment disclosure takes place, we will make sure adequate confidentiality obligations are in place.

We also use software and data storage providers that may process your data (e.g. SafeQ, Salto and MultiNet Interactive). However, these providers are only allowed to process data on our behalf and in accordance with our instructions, and the data may only be disclosed to third parties as per above.

Where is your personal data processed?
To the greatest extent possible, we keep your personal data within the internal market, i.e. the EEA. However, in some situations such as when we share your data with for example an IT provider with operations outside the EU/EEA, your personal data may be processed outside the EU/EEA. If and when your data is processed outside the EU/EEA, we ensure that there is an adequate level of protection and that appropriate safeguards are taken.

For how long do we save your personal data?
We retain your personal data for as long as you use our Services or for as long as it is necessary in order to maintain our business relationships. We retain personal data attributable to Members’ (or potential members’) contact persons and Partner Representatives for a period of up to two (2) year thereafter. During this two-year period, personal data may be processed for marketing, statistical and other business development purposes. We retain a User’s personal data for one (1) month after a Member has communicated the User’s last day of being a user to us. Notwithstanding the aforesaid, some personal data is stored longer due to legal obligations (such as bookkeeping) and/or if we have a legitimate interest for the establishment, exercise or defence of legal claims.

Visitors’ and Conference guests’ personal data is processed for as long as required in order to provide our Services.

Your rights
You have rights regarding your personal data which we respect and are happy to help you exercise. We list them below. If you want to exercise any of them, contact info@convendum.se.
– Right of access to your data. You may request a copy of your data if you would like to know what information we have about you.
– Right to rectification. You have the right to correct inaccurate or incomplete information about yourself.
– Right to restriction of processing. You can request that we limit the processing of your personal data. For example, it may be relevant if we have incorrect information about you and you do not want the treatment to continue until we have corrected it.
– Right to erasure (right to be forgotten). You have the right to request the deletion of your personal data from our processing which is based on your consent or legitimate interest.
– Right to data portability. If the processing is based on your consent or a contract, you can request your personal data to be obtained in a machine-readable format so that it can be forwarded to another party.
– Right to object. For processing based on legitimate interest, you have the right to object to our processing of your personal data. We balance your interest in integrity against our legitimate interest and shall your interest be greater, we stop that processing your personal data.
– Right not to be the subject of profiling. You always have the right to request not to be the subject of profiling.

Changes to the Privacy Policy
Please note that we may change this Policy from time to time as required to reflect our Service offerings and associated processing of personal data.

Questions and suggestions
We are the responsible entity (controller) for the processing of your personal data as described above. If you have questions or suggestions regarding the privacy policy or your personal data, please send an e-mail to info@convendum.se.

If you are dissatisfied
Finally, if you think that we fail to take care of your personal data or your rights, you can contact the Swedish Data Protection Authority. You reach them at datainspektionen@datainspektionen.se.

This policy applies from 2020-05-11.