Privacy Policy
Introduction
This Privacy Policy refers to the processing of personal data performed by The Nordic Brand Company AB with company registration number 559248–5915 (hereinafter referred to as "the Supplier" and referred to as "we", "our", "us"). The person whose personal data we process is referred to below as "you", "your". The information below is a summary of how we store and process your data in accordance with the EU Data Protection Regulation (GDPR).
We process your personal data that we get access to when you contact us, enter into an agreement with us or when you create a User Account for our Service(s): "Triple Impact Canvas" and/or "Triple Impact Compass" (hereinafter referred to as "the Service(s)"). This Privacy Policy applies to all types of personal data, both in structured and unstructured data.
We protect your privacy and we never sell or pass on your personal data to Third-parties without legal basis.
We review the contents of this Privacy Policy annually to ensure that the information is accurate, and we may update the contents if necessary, without prior notice. The latest version is always published on our Website which is available to the public. You are responsible for reading the contents of this Privacy Policy and keeping up to date on changes.
Definitions
The following definitions have the following meanings in this Privacy Policy:
User: Individuals who use the Service(s).
User Account: Identity in the Service(s) that identifies a User and gives the User access to the Service(s)' features.
Customer: The legal entity who enters into a Customer Agreement with the Supplier.
Customer Account: Identity in the Service(s) that identifies the legal entity who has a valid Customer Agreement with the Supplier regarding the use of the Service(s) for one or more Users.
Third-party: Legal or natural person, other than the Customer, the User or the Supplier.
GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
All references to "personal data", "processing" (of personal data), "data subject", "personal data breach", "supervisory authority" shall have the same meaning as set forth in Article 4 of the GDPR.
SCC: Commission implementing decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council.
Personal Data Controller
The Nordic Brand Company AB is the Personal Data Controller regarding all processing of personal data performed by us or on our behalf and we are responsible for ensuring that the processing takes place in accordance with the GDPR (according to the principle of accountability).
Our contact person for personal data matters:
We have appointed a contact person for personal data matters who you can contact if you have questions regarding our processing of personal data.
Tony Apéria
E-mail: info@thenordicbrand.com
Categories of processed personal data
In accordance with the principle of data minimization, we only process personal data that is relevant, necessary and adequate to fulfill the purpose for which it was collected.
We mainly process the following categories of personal data that we get access from you when you contact us or enter into an agreement with us:
- Identification information: first name, last name.
- Contact information: telephone number, e-mail.
- Other personal information: any other personal information that is provided to us, such as those that are included in a message sent to us or registered in connection with the creation of your User Account.
The purpose of the processing of personal data
We only process personal data for specific, explicitly stated and legitimate purposes (in accordance with the principle of purpose limitation).
All processing of personal data is made carefully and does not share the data with unauthorized persons. Furthermore, each processing is legally based and thus legal in accordance with the provisions of the GDPR.
Below you can read more about the legal basis and purpose of the processing of personal data.
When you contact us:
We process your personal data that we get access to when you contact us through e-mail or in any other way, such as your first name, last name, e-mail and the message content. The purpose of the processing is to enable us to know who we are talking to and to be able to help you in the matter. Legal basis for the processing: Legitimate interest.
Customer matters: In order to be able to handle matters relating to our Customers, we process the following information belonging to the Customer or the Customers contact person / signatory: first name, last name, telephone number, e-mail and order history. Legal basis for the processing: Contract.
When you visit our Website:
We use cookies on our website and through these, we can obtain information about, among other things, visitors' use of the website, location information and other user information provided through for example web analysis and / or traffic measurement providers. Necessary cookies are always stored, as they are necessary for the website to function properly. The use of analytical cookies and advertising cookies, on the other hand, only takes place if you give your consent to it. You can revoke a given consent at any time and manage the storage of cookies yourself through your browser's settings. More information about how we use cookies can be read in our cookie policy: LINK COMING.
Through the use of cookies, we get anonymized information regarding access data and device information, such as: device identification, operating system, operating version, device ID, access time, configuration settings, time zone, country. Legal basis for the processing: Consent.
When you register to receive newsletters from us:
You can agree to receive newsletters from us by giving your voluntary active consent to our processing of your e-mail address for that purpose. You can cancel your subscription at any time by clicking on the link in the newsletter to unsubscribe from the newsletters or email us at info@thenordicbrand.com.
If you revoke your consent, you will be removed from the email list for recipients of the newsletters, but your email address will remain in the database with a block for receiving newsletters. The purpose of this is to ensure that you do not receive any newsletters from us.
If you want your e-mail address to be deleted from the list of blocked e-mail addresses, you can contact us by e-mail and request this. However, if you request that we remove your email address from the list of blocked e-mail addresses, you will be able to receive newsletters from us if you or someone else registers your email address to receive newsletters again.
Identification information: name, e-mail. Legal basis for the processing: Consent.
When you create a User Account:
You need to create a User Account in order to use the Service(s) and you have to register your e-mail when you create your User Account, and also accept the Terms of Use that apply for the Service(s). The Users e-mail address is the only personal data that we process belonging to the User, unless the User provides more personal data when in contact with us. Legal basis for the processing: Contract.
When you enter into a Customer Agreement with us regarding our Service(s):
When we enter into a Customer Agreement regarding our Service(s), we need to process personal data belonging to the Customers contact person and/or signatory, in order to fulfill the Customer Agreement, such as: first name, last name, address, telephone number, e-mail. Legal basis for the processing: Contract.
We also need to process the first name, last name and e-mail belonging to the Customers contact person and/or signatory, in connection with invoicing in order to receive payment for the Service(s). We also process and store receipts and other accounting documents that we are obliged to process and store in accordance with, among other things, the Swedish Tax Agency's requirements and the Accounting Act (1999: 1078). Such documentation is stored for at least seven (7) years or as long as required by law. Legal basis for the processing: Legal obligation.
We must also process some payment information, such as, payment method, order-number/ID, payment-date etc., in order to track the Customers payments to us and link them to the Customers User Account, to enable us to fulfill our contractual obligations. Legal basis for the processing: Contract.
When we have a legitimate interest for the processing:
Based on our legitimate interest, we may process personal data in order to:
- Protect our rights and property.
- Carry out direct marketing of our Service.
- Ensure the technical functionality of our Service.
- Collect statistics etc. regarding the use of the Service.
When a processing of personal data takes place on the basis of a legitimate interest as a legal basis, our assessment is that the processing does not constitute an infringement of your right to privacy. We have come to this conclusion, after having made a balancing between, on the one hand, what the processing in question means for your interests and the right to privacy, and, on the other hand, our legitimate interest in the processing in question. We never process sensitive personal data with legitimate interest as a legal basis.
Storage location and duration
In order to achieve the principle of integrity and confidentiality, we strive to store all personal data that we process within the EU / EEA. In the event that personal data is stored in a country outside the EU / EEA, we shall ensure that such storage site ensures an adequate level of protection in accordance with the provisions of the GDPR, and the SCC where applicable.
We store personal data as long as we have a legal basis to process the data, for example to fulfill the agreement between us or to comply with a legal obligation under, for example, the Accounting Act. In accordance with the principle of storage limitation, personal data that are no longer necessary to fulfill the purposes for which they were collected are erased (deleted) from our storage locations or anonymized.
If a User deletes its User Account, the e-mail address connected to the User Account will be erased from our servers. All data connected to the Users use of the Service(s) will be anonymized.
Any erased data may be retained in our back-up storages for up to three (3) months, before getting deleted permanently.
Sharing of personal data
We hire various service providers to fulfill our contractual and legal obligations, detect and prevent technical, operational or security problems, safeguard our legal interests and to provide, develop and maintain the Service(s).
In some cases, we may need to share personal data with such service providers. Before we share any personal data, we enter into a data processing agreement in accordance with the provisions of the GDPR (alternatively SCC if the personal data processor is located in a country outside the EU / EEA), to ensure a secure and correct processing of personal data.
If you want to know more about which service providers we have hired, you can contact our contact person for personal data matters to request a current overview.
Technical and organizational security measures
We follow the seven data protection principles in all processing of personal data. We also implement various technical and organizational security measures with a focus on the integrity of the data subjects. The measures are intended to protect against intrusion, abuse, loss, destruction and other changes that may pose a risk to privacy (according to the principle of privacy and confidentiality).
For example, our databases, internal registers and systems that contain personal data are password protected. Our databases undergo a daily backup. We have also designated certain specific individuals with access to passwords to our systems that contain personal data, to restrict access.
Your rights under the GDPR
If we process your personal data, you have different rights according to the GDPR regarding the processing of personal data. We hereby inform you that some of the rights only apply in certain situations and only if it is legal and possible for us to implement your request.
According to the GDPR, as a data subject, you have the right to:
- access your personal data that we process.
- have incorrect personal data corrected.
- have your personal data that we process erased.
- request a restriction on the processing of your personal data.
- transfer your personal data (data portability).
- receive information about personal data breaches concerning your personal data.
- object to the use of personal data for direct marketing and profiling.
If you would like to invoke any of the above rights regarding your personal data that we process, you are welcome to contact us. We will try to fulfill your wishes as far as it is possible and legal for us to do so and respond to your message without undue delay.
Personal Data Breaches
A personal data breach means a security breach that can occur if, for example, we lose control of the personal data that we process. We document all personal data breaches that occur internally in logbooks and carry out a follow-up work, to minimize the risks of repeated breaches.
We follow the provisions of the GDPR regarding the handling, reporting and documentation of personal data breaches. We will report personal data breaches to the Swedish Authority for Privacy Protection (IMY) within 72 hours and notify the data subjects affected by the personal data breaches, when it is required by the GDPR.
Questions or complaints
If you have any questions or if you are dissatisfied with our processing of your personal data, you are always welcomed to contact our above-mentioned contact person for personal data matters. We will do our best to answer your questions and assist you in the matter. You also have the right to contact the Swedish supervisory authority to file a complaint.
Contact information for the Swedish Authority for Privacy Protection:
Name: Integritetsskyddsmyndigheten (IMY).
Phone: 08-657 61 00.
Email: imy@imy.se
Postal address: Integritetskyddsmyndigheten, Box 8114, 104 20 Stockholm.
Our company information
Company: The Nordic Brand Company AB.
Reg. no.: 559248–5915.
E-mail: info@thenordicbrand.com.
If you wish to get in touch with us, you can contact us through the information provided above.
Terms of Use
Introduction
Contracting parties: These terms of use (hereinafter referred to as the "Terms") apply between The Nordic Brand Company AB with company registration number: 559248–5915 (hereinafter referred to as "the Supplier" and referred to as "we" or "us") and the individual (hereinafter referred to as "User") who uses the services: "Triple Impact Canvas" and/or "Triple Impact Compass" (hereinafter referred to as "the Service(s)". The Supplier and the User are hereinafter collectively referred to as the "Parties" and separately as the "Party".
Acceptance of these Terms: The User certifies that the User agrees to comply with these Terms. The Terms apply throughout the time that the User uses the Service(s) and has a registered User Account to any of the Services.
Definitions
The following definitions have the following meanings in these Terms:
Website: thenordicbrand.com, owned by the Supplier.
User: Individuals who use any of the Services.
User Account: Identity in the Service(s) that identifies a User and gives the User access to the Services' features.
Data: All data that is registered by Users, or that is generated or derived from any of the Services, or otherwise created through Users' use of any of the Services.
Third-party: Legal or natural person, other than the User, the Supplier or the Suppliers customer.
GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
All references to "Personal Data", "Processing" (of personal data), "Data Subject", "Personal Data Breach", "Supervisory Authority" shall have the same meaning as set forth in Article 4 of the GDPR.
SCC: Commission implementing decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council.
Services
The Nordic Brand Company AB has created two different services which are published on the Suppliers Website, that Users can use through computer, mobile and / or tablet.
The User answers a questionnaire. The questions can be addressed internally to the organization's own employees, or externally to its customers. The entire chain is automated and the software outputs and generates automatic compilations and indexes.
Triple Impact Canvas:
There is a free version of this Service that Users may use, and there is also a more advanced version of this Service. To use the more advanced version of this Service, a Customer Agreement must be entered into with the Supplier.
The Service is provided by the Supplier through the following website: thenordicbrand.com.
Triple Impact Compass:
There is not a free version of this Service. To use this Service, a Customer Agreement must be entered into with the Supplier.
The Service is provided by the Supplier through the following website: thenordicbrand.com.
General Terms
Equipment: The User is responsible for possessing the equipment, Internet connection and software required for the use of the Service(s). Standard rates for data traffic may apply when using the Service(s).
Login Information: The User shall handle login information to the Service(s) with confidentiality. If the User detects a breach in the User Account, the User shall immediately change the password and notify the Supplier in writing.
Permitted Use: The User may only use the Service(s) in accordance with these Terms and applicable law, and the User may not use the Service(s) contrary to its purpose or in any way that causes us or Third-party damage. The information that Users register in the Service(s) must be correct.
Warranties: The User warrants not to misuse Data that can be retrieved from the Service(s). The User is responsible for ensuring that what the User registers in the Service(s) does not violate any applicable law or regulation.
Reporting: Users who discover violations of these Terms, can report it to us through the following e-mail: info@thenordicbrand.com
Electronic communication: The User hereby agrees that all communication related to the Service(s) may take place electronically by e-mail and through the Service(s).
Terminate User Account: Users as individuals who use the free version Triple Impact Canvas may at any time choose to terminate their User Account through the Service or by sending such a request to us by written notice to the following e-mail: info@thenordicbrand.com.
Prohibition of malicious code, etc.: The User may not make its own copy or installation of the Service(s) (neither by itself nor through Third-parties). The User also has no right to decompile or otherwise attempt to ascertain the function of the software or "hack" the software, introduce Trojan horses, viruses or other unwanted or malicious code in the software.
Violation of the Terms of Use: In the event of violation of these Terms, applicable law or other improper use, we reserve the right to terminate the User Account with immediate effect, without refund or other consequence to our detriment.
Support and Maintenance
Updates: The User accepts that we, from time to time, may publish an updated version of the Service(s). The User hereby agrees that the Terms also apply to the updates, new functions, new services launched in the Service(s) or similar.
Maintenance: We are responsible for technical support and maintenance of the Service(s). Support is offered through email: info@thenordicbrand.com. The Service(s) is continuously updated, and we strive for the Service(s) to be available for use around the clock during all days of the year. However, there may be technical complications and disturbances. We have the right to take measures that affect the availability of the Service(s), or to suspend access to the Service(s) for maintenance, to protect the Service(s) from unauthorized use or to take other measures that are required for technical, operational or safety reasons. We do not need to inform when such interruptions may occur. Lack of access to the Service(s) due to interruptions, errors or the similar does not give the right to compensation, deductions, refunds, damages or other compensation.
Remedy: The Service(s) is continuously updated and delivered in its existing condition. We shall, to the best of our ability and within a reasonable time, try to remedy any errors or deficiencies in the Service(s), if possible. We can not be held responsible for technical errors, viruses, the availability of the Service(s), other errors attributable to the functionality of the Service(s) or similar, except in cases of gross negligence or intent.
Limitation of Liability: Users have no right to claim us for compensation for financial damage or other damage, as a result of circumstances that can be traced to the use (or non-use) of the Service(s).
Intellectual Property Rights, Data M.M.
We own all intellectual property rights, copyrights and trademark rights regarding the Website, the Service(s) and our company (with the exception of intellectual property rights owned by our licensors or other Third-parties). We do not transfer any intellectual property rights to the User / due to these Terms. Nothing in the Terms shall be construed to transfer any or all of our intellectual property rights in whole or in part to the User or any Third-party.
The User may not copy our models, questions, questionnaires or in any way claim ownership over our models or otherwise infringe our intellectual property rights.
The User agrees that we have the right to use all Data registered in, generated or derived from the Service(s) for aggregated analysis and statistical purposes. We have the right to anonymize all Data registered in, generated or derived from the Service(s) and all ownership of anonymized Data accrues to us, and we have the right to use and store anonymized Data without any time limit.
Personal Data Processing
Data Protection Regulation: The Parties shall process personal data in accordance with the GDPR.
Privacy policy: We are Personal Data Controllers for the processing of personal data performed by us and on our behalf. More information about our processing of personal data can be read in our privacy policy which can be found through the following link: thenordicbrand.com/privacypolicy.
Sub-processors: We have the right to hire other personal data processors ("Sub-processors") to be able to fulfill our obligations under law, these Terms and for the Service(s) to be provided. We respect the provisions of Articles 28 (2) and 28 (4) of the GDPR when hiring Sub-processors. The User hereby submits a general prior written consent to such use. We will ensure that hired Sub-processors assume responsibility through a Data Processing Agreement and/or SCC if applicable.
Limitation of Liability
Errors: Incorrect information may appear on our website, the Service or on other sites (other websites, social media, etc.) regarding or relating to the Service we provide, and we reserve the right to correct discovered errors.
No guarantees: The User is hereby informed that we do not make any guarantees of any kind, whether explicit or implied, and that the User uses the Service(s) and relies on the information published there, at the Users own risk and of free will. The User is solely responsible for checking the accuracy and reliability of the information available in the Service(s).
Third-party applications etc.: We are not responsible for Third-party applications, plugins or similar. We are also not responsible for external links or the content within external links that appear on the Website.
Limitation of Liability: Neither Party shall at any time be held liable for indirect damage or lost revenue. We hereby disclaim all liability, to the extent permitted by applicable law. The User hereby agrees that we can not be held liable for either direct or indirect damages and / or losses that arise for the User or Third-parties, regardless of how the damage occurs. However, this disclaimer does not limit our liability to a greater extent than is permitted under current consumer protection legislation.
Grounds for exemption: The Parties are exempt from liability to the other Party if the fulfillment of contractual obligations is hindered due to a force majeure nature situation, such as, but not limited to, epidemic, pandemic, government decision, strike, fire, war, mobilization, natural disasters or other circumstances beyond the Party's control and the consequences of which the Party could not reasonably have avoided or overcome. When the obstacle ceases, the obligation shall be fulfilled in an agreed manner.
Invalidity of Provision
Should any provision of these Terms be found to be invalid by a general court or arbitration, it shall not affect the validity or interpretation of the other provisions. Instead, the Parties shall loyally renegotiate the invalid provision in question and, if possible, make the necessary changes to maintain the structure and purpose of the agreement or to exclude the invalid part.
Cookie Policy
The Website uses cookies and through these we can obtain information about Users' use of the Website, location information and other user information provided through, among other things, a traffic measurement provider. More information about how the Website uses cookies can be read in our cookie policy: thenordicbrand.com/cookie-policy
Amendments etc.
The Services: We have the right to change the design, layout and content of the Service(s) at any time, without prior notice, and the right to change the range of our services by offering additional services, new services or ceasing to provide our services.
Changes to the Terms: We have the right to update and change these Terms at any time if necessary, for example to clarify the content, when offering new services or additional services, if it is required due to changes in the law, government decisions, regulations or if it is required by technical or safety reasons.
Any changes take effect when the changes have been published in the Service(s) and do not need to be notified in advance, unless the changes significantly affect the User's rights or otherwise require the User's consent.
If the changes significantly affect the User's rights or otherwise require the User's consent, such changes to the Terms will take effect thirty (30) days after they have been communicated to the User's. If the User continues to use the Service(s) thirty (30) days after the changes have been communicated, it means that the changes are approved.
Applicable Law and Dispute Resolution
The terms of the agreement shall be interpreted in accordance with Swedish law. Disputes that arise in connection with the interpretation or application of terms of the agreement, as well as related legal matters, shall in the first instance be settled directly between the Parties. If the dispute cannot be resolved through an internal settlement between the Parties, the dispute shall be finally settled by a general court in Stockholm, unless otherwise provided by mandatory legislation.
Company Information
If you wish to get in touch with us, you can contact us through the information provided below:
Company: The Nordic Brand Company AB.
Reg. no.: 559248–5915.
E-mail: info@thenordicbrand.com