Privacy policy

Our privacy policy ensures that our customers' personal data is handled responsibly and in accordance with the law.

Personal data policy

General  

You should always feel safe when you provide your personal data to Contrast AB ("Contrast"), org. no. 556405-5266. With this privacy policy, Contrast wants to show how Contrast ensures that your personal data is processed in accordance with the EU Data Protection Regulation 2016/679/EC ("GDPR") when you register for or participate in one of Contrast's events, have a customer or supplier relationship with Contrast, or are employed by Contrast. Contrast is committed to your privacy and believes that privacy is of the utmost importance. Contrast therefore takes your privacy very seriously.

What is personal data? 

In this Privacy Policy, "personal data" means any information relating to an identified or identifiable natural person, whereby an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data or online identifiers or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Sensitive data within the meaning of Article 9 of the GDPR are personal data such as health, biometric data, etc.

If you do not share personal data  

In the event that you do not share personal data, Contrast may in some cases not be able to provide its services to you, in whole or in part.

In this privacy policy:

  1. GENERAL 
  2. DATA CONTROLLER 
  3. PERSONAL DATA STORED AND ON WHAT GROUNDS 
  4. STORAGE TIME 
  5. THE PROTECTION AND SHARING OF YOUR PERSONAL DATA 
  6. RIGHTS  

  7. GENERAL 

This privacy policy describes how Contrast processes, stores and shares your personal data. This Privacy Policy also describes your rights and how you can exercise your rights against Contrast.

Contrast may amend this Privacy Policy from time to time in response to Contrast's changing legal, technical or business reasons and developments. If so, Contrast will post the revised Privacy Policy at www.contrast.se with information on when the changes will take effect. If Contrast makes material changes, Contrast will notify you by changing the date at the top of this Privacy Policy and, depending on the specific changes, Contrast may provide you with additional notice.

Contrast encourages you to stay updated on the changes.

  1. DATA CONTROLLER

Contrast is the data controller for the processing of personal data and is therefore responsible for ensuring that the data is processed correctly and securely in accordance with applicable legislation.

If you have any questions about how Contrast processes personal data or when exercising the data subject's rights, please contact Contrast in one of the following ways:

By email to: info@contrast.se

or by post to:

Contrast AB
Honnörsgatan 22
352 36 Växjö, Sweden

  1. PERSONAL DATA PROCESSED AND ON WHAT GROUNDS 

Contrast's policy is to store and process as little personal data as possible, for as short a time as possible.

Contrast may collect the following personal data when registering for or participating in any of Contrast's events, from customers or suppliers, and from those who work at Contrast.

3.1 Participants

Data collected

When registering for or participating in any of Contrast's events, Contrast may collect and process the following personal data:

  • Name
  • E-mail address
  • Mobile phone number
  • Gender
  • Companies
  • Address
  • Billing information
  • Name and contact details of next of kin
  • Passport data
  • Size of clothes / shoes
  • Food preferences and possible food allergies
  • Card details
  • Pictures of
  • Video material
  • Other personal data necessary for the specific event

Purpose and legal basis

Performance of contract: We collect and process personal data necessary for the performance of a contract to which the data subject is a party, such as event registration, invoicing, and communication. Passport data is needed to arrange international travel and to comply with security rules, your size is collected to ensure that you get the right equipment or clothing at events and card data is collected to enable payment transactions in connection with registrations and participation in events.

Legitimate interest: We process personal data for purposes related to our legitimate interests, such as developing business relationships and conducting direct marketing. Contrast has carried out a balancing of interests for direct marketing and ensured that our interest in informing you about our services outweighs your fundamental rights and freedoms. You always have the right to object to such processing. For example, we may use your contact details to inform you about similar services, and you always have the right to object to such processing.

Legal obligations: We process personal data to fulfill legal obligations, such as accounting, tax reporting and compliance with health and safety laws.

Consent: The collection of certain data requires your explicit consent. This consent is freely given, specific, informed and unambiguous. You can withdraw your consent at any time by contacting us at info@contrast.se. Withdrawal does not affect the lawfulness of processing that took place before the withdrawal.

At Contrast, we use images and videos from our events and activities to promote our services and business on various platforms, including social media, our website and printed materials. These images and videos may also be used for future marketing purposes, including anniversary campaigns (e.g. the company's 40th anniversary).

The processing of images and videos is based on:

Consent: We obtain your explicit consent to use images and videos where you can be identified for marketing purposes. Consent is voluntary, specific, informed and unambiguous. You have the right to withdraw your consent at any time by contacting us at info@contrast.se. Withdrawal does not affect the lawfulness of processing that took place before the withdrawal.

Legitimate interest: In some cases, we may also process images and videos based on our legitimate interest to promote our services and strengthen our brand. We have carried out a balancing of interests to ensure that our legitimate interest outweighs your rights and freedoms. You always have the right to object to this processing by contacting us at info@contrast.se.

3.2 Customers

Data collected 

  • Name
  • Company name
  • Address
  • E-mail address
  • Telephone number
  • Billing information

Purpose and legal basis

Name, company name, address, email and phone number: Collected and processed for the performance of the contract (e.g. to provide services, customer support, and communication).

Billing information: Collected and processed to process payments and fulfill legal obligations (e.g. accounting laws).

Marketing: Contact details may be used for direct marketing based on our legitimate interest to inform you about our services, provided that this does not infringe your rights and freedoms. You always have the right to object to such processing by contacting us.

We sometimes process your personal data to inform you about our services and activities and to develop and maintain business relationships. This processing is based on our legitimate interest to promote our services and strengthen our business.

To ensure that our processing does not override your rights and freedoms, we have conducted a careful balancing of interests. In this balancing, we have taken into account that:

  • The processing is limited to necessary information (e.g. name and contact details) and is only used to send relevant information about our services.
  • Information is sent at a reasonable level and frequency, so that it is not perceived as intrusive or disruptive.
  • You always have the right to object to us using your data for marketing purposes. If you object, we will stop this processing of your personal data for marketing purposes.

You can exercise your right to object at any time by contacting us at info@contrast.se or by following the instructions in the marketing communications we send out.

3.3 Suppliers

Data collected 

  • Name
  • Companies
  • Address
  • E-mail address
  • Telephone number
  • Billing information

Purposes and legal basis

Name, company, address, email and phone number: Processed to maintain a business relationship, communication, and to fulfill contractual obligations.

Billing information: Processed to handle payments and fulfill legal obligations under the Accounting Act.

Data on suppliers may also be processed to comply with other legal obligations, such as tax legislation.

We sometimes process your personal data to inform you about our services and activities and to develop and maintain business relationships. This processing is based on our legitimate interest to promote our services and strengthen our business.

To ensure that our processing does not override your rights and freedoms, we have conducted a careful balancing of interests. In this balancing, we have taken into account that:

  • The processing is limited to necessary information (e.g. name and contact details) and is only used to send relevant information about our services.
  • Information is sent at a reasonable level and frequency, so that it is not perceived as intrusive or disruptive.
  • You always have the right to object to us using your data for marketing purposes. If you object, we will stop this processing of your personal data for marketing purposes.

You can exercise your right to object at any time by contacting us at info@contrast.se or by following the instructions in the marketing communications we send out.

3.4 Employees & consultants

Data collected

  • Name
  • Personal identification number
  • Address
  • E-mail address
  • Telephone number
  • Bank details
  • Payroll information

 

Purposes and legal basis

Contrast processes personal data of employees and consultants for several different purposes necessary to manage employment relationships and fulfill legal requirements.

  1. Performance of an Employment or Assignment Contract
    We process personal data in order to fulfill our obligations under the employment or assignment contract. This includes, but is not limited to:
  • Payroll and Benefits: Data such as name, social security number, bank details and salary information are processed to administer salary payments, taxes, pensions and other benefits.
  • Work Management and Communication: Contact details such as email and phone numbers are used to ensure internal communication, assign tasks and coordinate activities.
  • Occupational Health and Safety: Personal data may be processed to fulfill our obligations under the Occupational Health and Safety Act, such as documentation of sick leave and occupational health measures.
  1. Legal Obligations
    We process personal data to comply with our legal obligations under laws and regulations, including:
  • Accounting and Tax Reporting: Payroll data, tax information and other relevant data are processed and stored in accordance with the Accounting Act and tax rules.
  • Labor Law Rules: We process data to comply with labor law obligations such as employment protection, occupational health and safety laws, and requirements related to sick leave and rehabilitation.
  1. Legitimate Interests
    We also process personal data based on our legitimate interests, for example to
  • Ensuring Effective Operations: Administering the company's human resources, managing recruitment and planning for future needs.
  • Defending Legal Claims: Retain the personal data necessary to defend ourselves in any legal claims or disputes.

  1. STORAGE TIME 

Contrast will retain personal data only for as long as necessary to fulfill the purposes for which the data was collected or for as long as Contrast is required to retain personal data by law.

 

4.1 Participants

Event participant data, such as name, contact information, and food preferences, are stored up to one (1) year after the end of the project to enable event management, invoicing, and follow-up.

For the personal data used for invoicing and payment is stored for up to seven (7) years after the end of each financial year, in accordance with Chapter 7, Section 2 of the Accounting Act.

Images and videos collected for marketing purposes will be stored:

  • Consent-based storage: Images and videos for which you have given consent are stored for the time required for the marketing purpose or until you withdraw your consent.
  • Retention based on legitimate interest: Images and videos stored based on our legitimate interest may be retained for as long as Contrast exists as a company. We will periodically review whether the retention is still necessary for the stated purposes and if not, we will delete the material.

 

4.2 Customers

  • Contact information and business communication: We operate within business cycles that can be long-term, and we need to retain customer and supplier information to effectively maintain, develop and resume business relationships over time. Contact information and business communications are therefore stored for up to ten (10) years to enable business development and long-term customer relationships.
  • Invoicing information and financial transactions: These are stored for up to seven (7) years after the end of the respective financial year, in accordance with the Accounting Act (Chapter 7, Section 2)."
  • Other Factors: In some specific cases, such as in ongoing business relationships or to ensure that we can maintain the necessary contact and history for future business opportunities, it may be necessary to retain information for the specified period of time.

4.3 Suppliers

  • Contact information and business communication: We operate within business cycles that can be long-term, and we need to retain customer and supplier information to effectively maintain, develop and resume business relationships over time. Contact information and business communications are therefore stored for up to ten (10) years to enable business development and long-term customer relationships.
  • Invoicing information and financial transactions: These are stored for up to seven (7) years after the end of the respective financial year, in accordance with the Accounting Act (Chapter 7, Section 2)."
  • Other Factors: In some specific cases, such as in ongoing business relationships or to ensure that we can maintain the necessary contact and history for future business opportunities, it may be necessary to retain information for the specified period of time.

 

4.4 Employees & consultants

Personal data relating to employment is stored for up to seven (7) years after the end of each financial year from the termination of employment, in accordance with Chapter 7, Section 2 of the Accounting Act, and in some cases until the individual's retirement age to meet the requirements for the right to re-employment as well as to be able to report in the event that someone objects to the pension basis. However, most personal data, such as medical certificates and warnings, are deleted during the employment relationship when they no longer have a legitimate reason.

Some personal data related to accounting must be stored longer or information related to salaries. Salary-related documents are stored for ten (10) years, which is based on the fact that a salary claim, as a starting point, is time-barred after ten (10) years according to Section 2 of the Limitation Act. In order to keep track of saved vacation days, documents relating to these are saved two (2) years from the end of the vacation year in which the employee, according to the law, should have received the benefit in question, this in accordance with Section 33 of the Holiday Act.

Certain medical examinations and their results must be retained for ten (10) years under the Work Environment Act. From the date when certain exposure ceases, records of workers exposed to certain substances must be stored for forty (40) years. This is stated in Section 3 of the Work Environment Ordinance.

During ongoing employment, we store data on rehabilitation during the rehabilitation period and afterwards to be able to ensure that the rehabilitation has been completed, but also to be able to take relevant measures in the event of a new need for rehabilitation. However, an assessment is made in each individual case in relation to the purpose of the rehabilitation. See for example AFS 1994:1 11§ (with 9 §).

 

  1. PROTECTION AND SHARING OF PERSONAL DATA

Contrast has taken appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, alteration or disclosure. Examples of security measures include the use of encryption, backups, authorization controls, and regular review of our security procedures. We regularly carry out risk assessments and update our security measures to ensure that we comply with the latest security standards and protect your data in the best possible way.

Contrast may share personal data with third parties in cases where you have consented, but mainly if there is another legal basis for such processing. However, Contrast recognizes that this should be done restrictively. Examples of sharing may be to a subcontractor or business partner. In such cases, Contrast always takes the necessary measures to ensure that your data is handled in a secure manner, for example with relevant agreements.

Contrast may also share your personal data with authorities if such a legal obligation exists or if, for example, a legal dispute arises where Contrast needs to protect its interests.

Contrast may need to transfer personal data to recipients outside the EU/EEA. Before such a transfer takes place, we conduct a risk assessment and implement the necessary safeguards, such as the use of the European Commission's standard contractual clauses, judicial review, and agreements with the receiving party to ensure that your data is handled with an adequate level of protection. We will nevertheless notify you where such transfers are planned or have taken place.

You can find out more about the standard contractual clauses and obtain a copy at

https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_sv

 

  1. RIGHTS 

Free register extract

Provided that Contrast is the controller, you have the right to obtain, at any time and free of charge, an extract from the register containing information about what personal data is registered about you, the purposes of the processing of this personal data and information about where this personal data has been obtained, as well as to which recipients the data has been or will be disclosed. You also have the right to obtain from the extract from the register information about the envisaged period for which the data will be stored or the criteria used to determine that period. You also have the right to know about the existence of automated decision-making (including profiling). Requests for such information should be made in writing and sent to Contrast at the address indicated under the heading "Data Controller".

Data portability

You have the right to request the transfer of your personal data to another controller (data portability), to rectify inaccurate data or to request the erasure of data. Data portability only applies to data that is processed on the basis of consent or contract and that is processed by automated means. However, Contrast may need to continue processing your data if there are legal grounds to do so, such as statutory requirements.

Correcting and deleting

Contrast will, at your request or on its own initiative, correct, de-identify, complete or delete data that is found to be inaccurate, incomplete or misleading. Contrast is in some cases obliged to process your personal data even if you have requested its deletion, for example in the case of the right to freedom of expression and information, to comply with a legal obligation or to perform a task in the public interest.

Restricting use

In certain cases, you have the right to request that the processing of personal data be restricted. Restriction means that the data is marked so that it can only be processed for certain limited purposes in the future.

Withdrawing consent

Where you have previously given your consent to the processing of your personal data, you have the right to withdraw that consent both orally and in writing. Withdrawing your consent does not affect the lawfulness of the processing before it is withdrawn.

Automated decision-making

You have the right to object to processing based solely on automated decision-making (which includes profiling), where that decision-making has a legal effect on you or otherwise significantly affects you.

Contrast does not use automated decision-making that has a legal or significant effect on you. Automated decision-making means decisions made without human intervention, based on personal data provided, that may have a legal or similarly significant effect on the individual.

Exercise rights, ask questions or make complaints

If you wish to exercise any of the above rights, have any questions about this Privacy Policy or issues relating to personal data held by Contrast, or if you are dissatisfied with Contrast's processing of your personal data, please do not hesitate to contact Contrast, whose contact details are set out in section 2 of this policy.

Please note that even if you object to certain processing of personal data, Contrast may still carry out the relevant processing if it is permitted or required by law, for example to comply with legal or contractual requirements.

You always have the right to lodge a complaint with the relevant supervisory authority where you live, work or where an alleged breach of the GDPR has occurred. You can find information on which authority to contact here:

http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm

In Sweden, you can contact the Swedish Data Protection Authority, for example, by email at imy@imy.se.