INCLUSIVE IMPACT PRIVACY POLICY
Privacy Policy
Welcome to our privacy policy. This policy describes how Inclusive Impact Advisory Nordic AB, organization number 559471-9220 (“Inclusive Impact,” “we,” or “us”) processes personal data according to the EU General Data Protection Regulation (“Data Protection Regulation”).
This document outlines how we handle your personal data within our business operations, including our website and services. We believe in transparency and safeguarding your privacy rights. Please take a moment to review this policy. If you have any questions or concerns, feel free to reach out to us using the contact information provided.
Should you have inquiries regarding our privacy protocols, please contact us at gdpr@inclusiveimpact.se.
Purpose, legal basis, and duration of the processing
We collect and process personal data to deliver, enhance, and improve our services. This may include conducting data mappings through surveys and interviews, conducting market analysis, collecting market data, organizing events, sending newsletters, providing downloadable resources, marketing activities, and communicating with our customers. Personal data refers to any information that can directly or indirectly identify you. Examples include name, email address, company, job title, or factors specific to a person's physical, economic, cultural, or social identity. We collect this information through various channels such as our website forms, calls or meetings between you and us, purchase and invoice information, activity on our website, survey tools, service usage, work experience, photographs, CVs, and LinkedIn profiles.
Legal Basis and Duration
We process personal data based on your consent, legitimate interests, or to fulfill contractual obligations. You have the right to withdraw consent at any time. We retain personal data for as long as necessary to fulfill the purposes outlined in this policy and to comply with legal requirements.
How long do we keep personal data?
We adhere to a policy of retaining your personal data solely for the duration necessary to fulfill the purposes for which it was collected, which includes meeting any legal, accounting, or reporting obligations.
In determining the appropriate retention period for personal data, we take into account various factors such as the quantity, nature, and sensitivity of the personal data, the potential risks associated with unauthorized use or disclosure, the specific purposes for which the data is processed, and whether those purposes can be achieved through alternative means. Additionally, we consider the relevant legal requirements applicable to the data processing activities. We are committed to ensuring that your personal data is retained for no longer than necessary, which aligns with these considerations and our obligations.
Categories of Individuals
This policy applies to various individuals, including customers, suppliers, third parties, employees, potential employees, and individuals whose data are obtained from third parties.
Data Collection and Processing Tools
We use the following tools for the collection and processing of personal data:
HubSpot (CRM system),
Squarespace
XX (web tool for cookies)
Google Analytics (a script tracking visitors)
SurveyExact by Ramböll (survey tool)
Teamtailor (recruitment tool)
Scrive/GetAccept (digital signing)
Wint (invoicing and salary partner)
1. You are our customer
As our customer, we collect and securely store your personal data, which includes your name and contact information, to effectively provide you with our services as outlined in our agreement. Depending on the specifics of our agreement or any other arrangements, we gather the necessary personal data to facilitate our services efficiently.
We maintain your personal data and other relevant information about our agreement for the duration that we deem necessary to fulfill our contractual obligations. This includes the ability to assess our performance post-completion of the assignment, especially in the event of complaints or similar matters.
To ensure the integrity of our customer database and adhere to data privacy standards, we monitor customer activity. Periodically, typically every 12 months, we review our marketing lists to remove outdated or unnecessary data of customers who no longer engage with our services or website.
Additionally, we may process your personal data for analytical purposes driven by our legitimate interest in enhancing and refining our services.
In certain instances, we may send you information that we believe could be beneficial or of interest to you. This communication may be telephone calls, emails, or SMS messages. We engage in such communication when it aligns with our legitimate interest in informing you about our services or when you have previously consented to receive such communication. Should you withdraw your consent from participating in any marketing campaigns, you can do so at any time.
2. You are a supplier
If you are a supplier to us, we collect and securely store your personal data, including your contact details, to receive the goods or services you provide under our agreement. We retain and archive information about our agreement for a duration that we deem necessary, particularly to assess your performance in case issues arise following the completion of the assignment.
Furthermore, we may contact you regarding potential new assignments that could lead to continued collaboration and inform you about our projects and business activities. Such communication may occur through telephone calls, emails, or SMS messages. We engage in these communications based on our legitimate interest in fostering business development and only when we believe that contacting you aligns with your expectations and does not adversely affect you.
It is important to note that we do not send out general marketing information through mass email campaigns unless you have previously provided consent to be contacted in such a manner.
3. You are a third party
If you are a third party with whom we interact while delivering our services to a customer or in discussions with a potential customer, we collect and securely store your personal data, including contact details. This data processing is conducted in our legitimate interest to fulfill our contractual commitments or to explore new business opportunities with potential customers. We believe that you can reasonably expect us to handle your personal data this way, and we ensure that such processing does not negatively impact you.
If your personal data is part of a file related to fulfilling a contract with a customer, we retain this information along with other contract-related data for the duration we store the customer file.
We regularly review personal data stored in our cloud-based storage service or internal systems every 12 to 24 months to assess whether we still have a legitimate interest in retaining it. If not, we securely delete your personal data.
We may contact you regarding new potential assignments and to provide updates about our business activities. This communication is based on our legitimate interest in business development, and we only reach out to you when we believe you would reasonably expect such contact and when it does not negatively impact you.
We do not engage in general marketing communications, including mass mailings, email, or telephone campaigns unless you have provided consent for such communication.
4. You are a potential customer or a potential supplier
We gather and securely store potential suppliers' or customers' personal data, such as contact details. This information may be collected when you contact us through our website, email, LinkedIn, or HubSpot.
We may contact you regarding new potential business opportunities and keep you informed about our business activities. This communication is supported by our legitimate interest in directly marketing our services to you and further developing our business. However, such communication will only occur if we believe that you can reasonably expect us to process your personal data in this manner and that such processing does not negatively impact you.
We review the personal data stored in our cloud-based storage service or internal systems periodically, typically every 12 to 24 months. This review helps us determine whether we still have a legitimate interest in retaining your personal data. If not, we will securely delete it.
Please note that we do not send general marketing communications, including mass mailings, emails, or telephone campaigns unless you have provided consent for such communication.
5. We employ you or are related to an employee
We share your personal data (email, telephone number, address, personal number) with our salary partner.
In cases where an employee has shared the personal data of their spouse/partner or another family member/friend with us, it is the employee's responsibility to inform the concerned individual about this disclosure. They should also communicate that we will process their data as an emergency contact in connection with a benefit or for any other reason outlined in this privacy policy. This ensures transparency and compliance with data protection regulations.
6. You are a potential employee
If we have received your personal data in connection with your job application or interest, we will securely store the provided information, whether directly supplied by you, obtained from your LinkedIn profile, or sourced through a third party. We process this personal data as part of our legitimate interest in making informed decisions regarding whether to proceed with your job application or interest, including the possibility of interviewing you and potentially offering you employment. We believe that you can reasonably expect us to process your personal data for this purpose, and we ensure that such processing does not negatively impact you.
When your personal data is part of a file related to potential employees at our company, we retain this information along with other relevant data. This retention enables us to refer to your application history in case of any complaints or issues arising after the recruitment process. Typically, we delete your personal data no later than six months after the recruitment process concludes.
We utilize a recruitment tool called Teamtailor, which incorporates automated decision-making and profiling. However, it's important to note that such activities are not conducted without your explicit consent.
7. We have received your personal data from a third-party
If we have received your personal data from a third party, such as your employer or service provider, it's important to note that the third party is typically responsible for the relevant personal data. In such cases, we process the data on behalf of the third party. We advise you to contact the relevant third party to review its privacy policy for further information.
Inclusive Impact takes responsibility for the personal data in our possession, whether acquired directly from individuals or through third-party sources. When we do not determine the purposes and methods of data processing but solely handle personal data on behalf of others, we function as a personal data processor.
However, if we have received your personal data from a client, we retain the data in our legitimate interest to the client. This enables us to fulfill our commitment to them and maintain a record of our interactions.
Additionally, we utilize various tools listed below, which may process your personal data and/or provide us with information:
SurveyExact by Ramböll (survey tool)
Please note that these tools are used in compliance with data protection regulations, and we take necessary measures to ensure the security and confidentiality of your personal data. If you have any concerns or questions regarding processing your personal data, please don't hesitate to contact us.
Sharing of Personal Data
Personal data may be shared with business partners and third-party providers as required by law.
We share or disclose personal data when it is essential to perform our Services or conduct our business as described above. We ensure that information is shared in compliance with applicable data privacy and security requirements. Here's a breakdown of the parties with whom we may share personal data and the reasons:
Our Business Partners: Occasionally, we collaborate with other organizations to deliver Services, provide content, or organize events. In such instances, personal data is processed by this privacy policy. We encourage you to review our partners' privacy policies to understand how they collect, use, and share personal data.
Our Third-Party Providers: We collaborate with service providers in the European Economic Area (EEA) to support our operations. Personal data is shared with these parties only when necessary to perform the services they provide to us. Our third-party providers are strictly prohibited from sharing or using the personal data provided to them for any purpose other than performing the agreed services. HubSpot is one of our third-party providers for customer relations and Teamtailor is our third-party provider for recruitment processes.
Third Parties for Legal Reasons: Personal data may be shared in certain circumstances, such as:
To comply with legal obligations and respond to subpoenas from government authorities, including law enforcement and other public authorities.
In connection with a merger, sale, restructuring, acquisition, joint venture, assignment, transfer, or other disposition of all or part of our business, assets, or shares, including any bankruptcy or similar proceedings.
To safeguard our rights, users, systems, and Services.
We ensure that personal data shared with these parties is done in accordance with applicable laws and regulations, prioritizing data privacy and security at all times.
How we protect personal data
We prioritize the security of your personal data and have implemented essential measures to prevent its loss, misuse, unauthorized access, alteration, or disclosure. Access to your personal data is restricted to individuals within our organization, including employees, agents, contractors, and other third parties who require this information for business purposes only. Confidentiality obligations bind these individuals and will process your personal data solely based on our instructions.
Moreover, we have established robust procedures to address suspected breaches involving personal data. In the event of such incidents, we will promptly notify you and the relevant regulatory authorities as required by law. Your privacy and data security are paramount to us, and we remain diligent and cautious in safeguarding your personal information.
Your rights
We highly value your right to access and control your personal data. Here's a detailed explanation of your rights:
Access to Personal Data: You can request access to your personal data, also known as a data subject access request. We'll provide you with a copy of the personal data we process about you and ensure that it's being handled legally and with care.
Objecting to Data Processing: If we process your personal data based on our or a third party's legitimate interests, you can object to this processing if you believe it affects your fundamental rights and freedoms. You can also object to processing for direct marketing purposes.
Request to Have Personal Data Deleted: You have the right to request the deletion or transfer of your personal data when there's no longer a reason for us to process it. We'll accommodate your request unless specific legal reasons prevent us from doing so.
Right to Restriction of Data Processing: You can demand that we limit our processing of your personal data in certain cases, such as to verify its accuracy if processing is unlawful but you don't want it deleted, if you need the data to establish, exercise, or defend legal claims, or if you've objected to our processing pending verification of legitimate grounds.
Right to Data Portability: You can request that we transfer your personal data to you or a third party in a structured, commonly used, machine-readable format, provided the processing is based on your consent or to fulfill a contract.
Right to Rectification: If your personal data is incorrect, incomplete, or needs updating, you can request that we correct it.
Right to Withdraw Consent: If we process your personal data based on your consent, you can withdraw it anytime.
Receiving Marketing: You can unsubscribe from our marketing emails at any time.
Submit a Complaint: If you're unsatisfied with how we manage your personal data, you can complain to the Swedish Authority for Privacy Protection (IMY).
To exercise any of these rights or for further information, please contact us at gdpr@inclusiveimpact.se.
Changed purposes
We are committed to processing your personal data only for the purposes we collected them unless we determine that processing them for another purpose is necessary and compatible with the original purpose. If you have any questions about how the new purpose relates to the original one, please don't hesitate to contact us at gdpr@inclusiveimpact.se.
If we need to process your personal data for an unrelated purpose, we will notify you of this change and provide information about the legal grounds that allow us to do so.
However, it's important to note that there may be situations where we are required or permitted by law to process your personal data without your knowledge or consent in accordance with the above principles.
Third-Party Links
This website contains links to third-party websites, plugins, and applications. Clicking on these links or enabling these connections may allow third parties to collect or share your personal data. We do not have control over these third-party websites and cannot be held responsible for their privacy statements. Therefore, we recommend that you review the privacy policies of any other websites you visit as soon as you leave our website.
Contact Information
If you have any questions or concerns regarding this policy, please contact us at gdpr@inclusiveimpact.se.