Information to you whose personal data we process.
1.1 This privacy policy (the “Privacy Policy”) describes how Rodolfo AB, reg. no 556817-0442 (“Rodolfo”, “we”, “us” and “our”), process your personal data as a data controller.
1.2 We respect and safeguard your personal integrity. We ask that you read this Privacy Policy carefully and familiarize yourself with its content. We may sometimes need to make updates or changes to this Privacy Policy.
1.3 If you would like to know more about our processing of your personal data, you are welcome to contact us via email: privacy@rodolfo.se
2.1 This Privacy Policy applies to processing of personal data of visitors at Rodolfo’s website https://rodolfo.se.
2.2 This Privacy Policy will for example include information on for what purposes we process your personal data, with which parties we share your personal data as well as information on your rights as a data subject.
2.3 If you want to read more about how we manage cookies on our website, please read our cookie policy. (https://rodolfo.se/cookies)
3.1 We process your personal data in the way and for the purposes described below in this Clause 3, and we are accountable in the role as data controller for the processing activities described in each case. It is also described below with which third party recipients we may share your personal data with and if your personal data will be transferred outside the European Union (“EU”)/European Economic Area (“EEA”). You can find more detailed information regarding the third parties we share personal data with under Clause 5 and regarding third country transfers under Clause 6.
3.2 We need to base each purpose on a lawful basis. A lawful basis can for example be (i) your consent to the specific processing activity, (ii) that the processing is necessary for the performance of a contract to which you as data subject is party, (iii) that we, based on weighing of interests, have a legitimate interest to process your personal data, which is not overruled by your interest of not having your personal data processed. In the text below you will find on what lawful basis we process your personal data, for what purpose we process your personal data as well as for what period in time we will keep your personal data.
3.3 Purpose:
To communicate with you via our contact form on our website.
3.3.1 Processing activities:
This includes e.g. communication via email about our business, our services and our ongoing activities, with you who have chosen to contact us via our contact form on our website. It also includes storage and use of such information that occurs in our communication between us.
3.3.2 Categories of personal data:
This includes e.g. communication via email about our business, our services and our ongoing activities, with you who have chosen to contact us via our contact form on our website. It also includes storage and use of such information that occurs in our communication between us.
3.3.2.1 First and last name.
3.3.2.2 Contact information, such as e-mail address and telephone number.
3.3.2.3 Information about the company you represent.
3.3.2.4 Information that you otherwise provide us with in connection with us communicating with you, for example in the message you provide in our contact form.
3.3.3 Lawful basis:
Legitimate interest, where our legitimate interest is to be able to communicate with you and respond to the messages you send to us when you contact us via our contact form on our website.
3.3.4 Retention period:
We process your personal data as above as long as your request is still unanswered or as long as our communication is ongoing, but no longer than six (6) months after the last communication has ceased.
3.3.5 We will share your personal data with:
Suppliers of IT-services.
3.4 Purpose:
In order to maintain, facilitate and improve the functions and user experience of our website, as well as support our work on detecting and counteracting flaws, breaches and incidents.
3.4.1 Processing activities:
In order to fulfill the purpose we use analytic tools offered by third parties. The statistics created and analytic activities pursued with support of these services are conducted with use of data in aggregated form and with de-identified or anonymised data. It also includes collection of statistics and analysis of visitor traffic on our website as well as analysis of other technical information which is generated upon visiting our website.
3.4.2 Categories of personal data:
3.4.2.1 IP-address.
3.4.2.2 Other technical information which is generated upon visiting our website, such as what type of device is used, web browser used, history of visited sites including the time entry (information from used web browser, time zone of the place from which you visited our website and other information on web traffic).
3.4.3 Lawful basis:
Legitimate interest, wherein our legitimate interest is to gather information in order to maintain, facilitate and improve the functionality, content and security on our website. Gathering of information through use of cookies or other similar technologies is done on the basis of your consent, except such use which is strictly necessary to the foundational functions of our website. For more information on how we use cookies and other similar technologies, please see our cookie policy. (https://rodolfo.se/cookies)
3.4.4 Retention period:
We process and keep information on how visitors interact with our website for a period of maximum twelve (12) months. In most cases, the collected data will be transformed into aggregated data (thus anonymised) at an earlier stage, in connection to us creating statistics.
3.4.5 We will share your personal data with:
3.4.5.1 Suppliers of IT-services.
3.4.5.2 Providers of analytic tools (cookies).
3.5 Purpose:
In order to initiate a business relation with you or the firm you represent.
3.5.1 Processing activities:
This includes communication via email regarding our business, services and current activities, with you in the role as contact person of a potential customer, business partner, supplier, investor or business contact in general. It also includes retention and use of data, reports and analytics regarding ownership and internal management matters, organization structures and employees of objects to acquire which are collected from third parties.
3.5.2 Categories of personal data:
3.5.2.1 First name and surname.
3.5.2.2 Contact details, such as email address, phone number, residence/location and address.
3.5.2.3 Professional role/title as well as information about the firm you represent.
3.5.2.4 Information which you provide us with when we are communicating with you.
3.5.3 Lawful basis:
Legitimate interest, wherein our legitimate interest is to create a business relation with you or the firm you represent.
3.5.4 Retention period:
We process and keep your personal data for a period of eighteen (18) months from the time of gathering the data. If a business relation is established between Rodolfo and you or the firm you represent during the mentioned time period, then your personal data will be processed in accordance with the purposes mentioned below (with the purpose to maintain and develop our business relation with you or the firm you represent).
3.5.5 We will share your personal data with:
3.5.5.1 Suppliers of IT-services.
3.5.5.2 Providers of analytic tools (cookies).
3.5.5.3 Companies with which we cooperate.
3.5.5.4 Companies and representatives within our investing network.
3.6 Purpose:
In order to maintain and develop our business relation with you or the firm you represent.
3.6.1 Processing activities:
3.6.1.1 Contact and communication with you in the role of a contact person for any of our existing customers, investors, business partners, suppliers or business contacts in general.
3.6.1.2 Administration of our customer-, investor-, partner- and supplier contracts as well as communication regarding contract related matters.
3.6.1.3 Communication via email about the business, services and current activities of our company or the company you represent.
3.6.2 Categories of personal data:
3.6.2.1 First name and surname.
3.6.2.2 Contact details, such as email address, phone number, residence/location and address.
3.6.2.3 Professional role/title as well as information about the firm you represent.
3.6.2.4 Information which you provide us with when we are communicating with you.
3.6.3 Lawful basis:
Legitimate interest, wherein our legitimate interest is to maintain and develop our business relation with you or the firm you represent.
3.6.4 Retention period:
We process and keep your personal data as long as we have a business relationship with you or the firm you represent, however for a maximum of three (3) years from the time we last were in contact because of our business relation.
3.6.5 We may however be required to keep personal data for a longer period of time for other purposes, for example for establishment, exercise or defense of legal claims. We may also need to keep personal data for a longer period of time in order to comply with legal obligations, such as matters including our bookkeeping obligations according to the bookkeeping legislation.
3.6.6 We will share your personal data with:
3.6.6.1 Suppliers of IT-services
3.6.6.2 Providers of analytic tools (cookies).
3.6.6.3 Companies with which we cooperate.
3.6.6.4 Companies and representatives within our investing network.
3.7 Purpose:
In order to enter into or perform contractual obligations between us and you or the firm you represent.
3.7.1 Processing activities:
Administration and communication in order to enter into a contract or perform contractual obligations with/for you or the firm you represent. This includes for example invoicing as well as customary management, follow-up and documentation of contract related questions.
3.7.2 Categories of personal data:
3.7.2.1 First name and surname.
3.7.2.2 Contact details, such as email address, phone number, residence/location and address.
3.7.2.3 Professional role/title as well as information about the firm you represent.
3.7.2.4 Information which you provide us with in contract related matters, such as questions regarding agreed services.
3.7.3 Lawful basis:
Processing is necessary in order for us to enter into agreements and/or perform our contractual obligations with/for you or the firm you represent. If you act on behalf of others, for example in the role of a representative of a customer, investor, business partner or supplier of Rodolfo, then our processing is based on legitimate interest, wherein our legitimate interest is entrance and performance of contracts with the firm you represent.
3.7.4 Retention period:
We process and keep your personal data for as long as the contract is valid and for a maximum of three (3) years thereafter. We may however be required to keep personal data for a longer period of time for other purposes, for example for establishment, exercise or defense of legal claims. We may also need to keep personal data for a longer period of time in order to comply with legal obligations, such as matters including our bookkeeping obligations according to the bookkeeping legislation.
3.7.5 We will share your personal data with:
3.7.5.1 Suppliers of IT-services.
3.7.5.2 Banks, insurance companies and authorities.
3.7.5.3 Companies with which we cooperate.
3.7.5.4 Companies and representatives within our investing network.
3.8 Purpose:
In order for you as an investor or a representative of such an investor to receive relevant information to make an investment decision.
3.8.1 Processing activities:
Retention and use of information about investors.
3.8.2 Categories of personal data:
3.8.2.1 Personal identification number.
3.8.2.2 First and surname.
3.8.2.3 Contact details such as email address, phone number, residence/location and address.
3.8.2.4 Professional title as well as information about the firm you represent.
3.8.3 Lawful basis:
Legitimate interest, where our legitimate interest is to be able to contact investors and investors representatives to communicate relevant information in relation to investment decisions.
3.8.4 Retention period:
We process and keep your personal data as long as we have a business relation with you or the firm you represent, however for a maximum of three (3) years from the time we last were in contact because of our business relation.
3.8.5 We may however be required to keep personal data for a longer period of time for other purposes, for example for establishment, exercise or defence of legal claims. We may also need to keep personal data for a longer period of time in order to comply with legal obligations, such as matters including our bookkeeping obligations according to the bookkeeping legislation.
3.8.6 We will share your personal data with:
3.8.6.1 Suppliers of IT-services.
3.8.6.2 Companies with which we cooperate to manage registers for distribution of information.
3.9 Purpose:
Marketing purposes.
3.9.1 Processing activities:
3.9.1.1 Administer and send marketing by email.
3.9.1.2 Arranging events.
3.9.1.3 Storage of your information in connection with, during preparations for, and in the subsequent work with the event.
3.9.1.4 Sharing your information with our subcontractors and partners with whom we collaborate to organize the event.
3.9.2 Categories of personal data:
3.9.2.1 First and last name.
3.9.2.2 Contact information, such as e-mail address, telephone number, place of residence and address.
3.9.2.3 Any member ID relevant for the event.
3.9.2.4 Food preferences.
3.9.2.5 Transport and accommodation information during the event.
3.9.2.6 Professional title and information about the company you represent.
3.9.2.7 The information that you otherwise provide us with in connection with us communicating with you.
3.9.3 Lawful basis:
Consent and Legitimate interest. We will only send you direct marketing via email if you have subscribed and registered for such marketing and thus have consented to receive them. It is our legitimate interest to be able to hold events for you as an investor, if you are part of the management of one of our portfolio companies or are a representative of some of our investors, customers or suppliers.
3.7.4 Retention period:
We process and keep your personal data in order to administer and send out marketing via email as long as you do not unsubscribe (withdraw your consent). Such unsubscription can be done whenever by using the link for unsubscription which is featured in all our marketing emails. For arranging events, we process and save your personal information for as long as necessary to be able to carry out the event and three (3) years after your last participation in one of our events.
3.7.5 We will share your personal data with:
3.7.5.1 Suppliers of IT-services.
3.7.5.2 Companies with whom we cooperate.
3.10 Purpose:
We will select and recruit candidates for our job offerings.
3.10.1 Processing activities:
3.10.1.1 Registering candidates’ personal data
3.10.1.2 Conducting personality and intelligence tests.
3.10.2 Categories of personal data:
3.10.2.1 First- and last name.
3.10.2.2 Contact details.
3.10.2.3 Application documents such as CV and personal letter.
3.10.2.4 Photo (if applicable).
3.10.2.5 Information provided about you during reference taking, such as assessments from previous employers.
3.10.2.6 Test results from personality and intelligence tests.
3.10.2.7 Social media accounts and information collected through internet searches.
3.10.3 Lawful basis:
Legitimate interest and legal obligation: where our legitimate interest is to make it possible for us to evaluate your qualifications and personal qualities in connection with decisions on recruitment, and for fulfillment of a legal obligation to document information about education, professional experience and other qualifications in order to avoid discrimination (in accordance with Discrimination Act (2008: 567)).
3.10.4 Retention period:
Until the recruitment process is completed and two (2) years thereafter.
3.10.5 Recruitment firms.
3.11 To comply with our legal obligations or to exercise legal claims we may process your personal data in order to comply with legal obligations according to legislation which is applicable to our operations and organization, or to comply with a decision by public authority or court which requires us to keep and process your personal data.
3.12 We may also process your personal data because you or the firm you represent, ourselves or the affected third party shall be able to establish, exercise or defend a legal claim, for example upon forthcoming or ongoing dispute.
4.1 We process personal data which are collected directly from you, from the firm you represent, recruitment companies, as well as personal data which are collected via use of cookies.
5.1 Under Clause 3 above we describe for each processing activity, which parties we will share your personal data with. Below you will find a more comprehensive description of the parties of which are mentioned under Clause 3 above:
5.2 Suppliers of IT-services. We use third party suppliers in order to manage parts of our business. We use Glesys AB as our main IT-service provider. We may share personal data with these suppliers in connection to them providing services to us. Whenever using suppliers, we establish data processor agreements as well as take other adequate measures in order to make sure that your personal data is processed in a way that conforms with this Privacy Policy.
5.3 Analytic tool providers for our website. We use third party suppliers to implement cookies, and similar tools (as specified in our cookie policy (https://rodolfo.se/cookies)) that enable, among other things, the tracking of your activities when you use our website. These tools will be used to improve the functions and user experience of our website, as well as build a profile of your interests and show you relevant adverts on other websites. They are based on uniquely identifying your browser and internet device. More information regarding what specific tools we use, and which data they collect is further specified in our cookie policy./p>
5.4 Banks, insurance companies and authorities. We may disclose your personal data to banks, insurance companies, legal advisers and other companies with which we cooperate in order to fulfill our obligations according to the investor agreement with you, to fulfill legal obligations or because we have a legitimate interest in sharing your personal data that outweighs your interest or your fundamental rights or freedoms.
5.5 Companies with which we cooperate. We may share your personal data with companies with which we cooperate in order to fulfill our obligations according to the investor agreement with you, and to be able to stay in connection with you, for example to be able to organize events.
6.1 We strive to always process your personal data within the EU or EEA. However, we will transfer your personal data, in accordance with what is stipulated under Clause 3 above, to service providers who, either themselves or by their sub-contractors, are located or have business activities in a country outside the EU or EEA. In such cases, we are responsible for ensuring that the transfer is made in accordance with applicable data protection legislation before it occurs, e.g., by ensuring that the country in which the recipient is located ensures an adequate level of data protection according to the European Commission, or by ensuring appropriate safeguards based on the use of standard contractual clauses that the European Commission has adopted and other appropriate measures to safeguard your rights and freedoms.
6.2 You may access a list of the countries that the European Commission has decided provide an adequate level of data protection at https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en
6.3 You may access the European Commission’s standard contractual clauses at EUR-Lex - 32021D0914 - EN - EUR-Lex (europa.eu).
6.4 For information regarding whether we have transferred your personal data to a country outside the EU/EEA, which countries the personal data has been transferred to and which measures and safeguards have been taken in relation to the transfer, please contact us by sending a written request to privacy@rodolfo.se.
7.1 In this section we describe your rights under applicable European data protection legislation. You will not be charged if you want to exercise your rights and you can exercise them by contacting us. Do not hesitate to contact us via privacy@rodolfo.se if you have any questions regarding your rights.
7.2 Please note that we will always do an assessment of a request of exercising a right in order to determine whether the request is legitimate. Not all rights listed below are absolute and there are exemptions which can be valid.
7.3 Your rights are the following:
7.3.1 Right of access. You have the right upon request to get a copy of your personal data which we process and to get complementary information regarding our processing of your personal data.
7.3.2 Right of rectification. You have the right to have your personal data rectified and/or complemented if they are wrong and/or incomplete.
7.3.3 Right to erasure. You have the right to request that we erase your personal data without undue delay in the following circumstances:
7.3.3.1 The personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed.
7.3.3.2 You withdraw your consent on which the processing is based (if applicable) and there is no other legal ground for the processing.
7.3.3.3 You object to our processing of personal data and we do not have any overriding legitimate grounds for the processing.
7.3.3.4 The processed personal data is unlawfully processed
7.3.3.5 The processed personal data has to be erased for compliance with legal obligations.
7.3.4 Right to restriction. You have the right to restrict the processing of your personal data in the following circumstances:
7.3.4.1 You contest the accuracy of the personal data during a period enabling us to verify the accuracy of such data.
7.3.4.2 The processing is unlawful and you oppose erasure of the personal data and request restriction instead.
7.3.4.3 The personal data is no longer needed for the purposes of the processing, but are necessary for the establishment, exercise or defense of legal claims.
7.3.4.4 You have objected to the processing of the personal data, pending the verification whether our legitimate grounds for our processing override your interests, rights and freedoms.
7.3.5 Right to data portability. If your personal data has been provided by you and our processing of your personal data is based on your consent or on the performance of a contract with you, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format in order to transmit these to another service provider where it would be technically feasible and can be carried out by automated means.
7.3.6 Right to object. You have the general right to object to our processing of your personal data when it is based on our legitimate interest. If you object and we believe that we may still process your personal data, we must demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.
7.3.7 Right to object to direct marketing. You have the right to at any time object to processing which is done for the purpose of direct marketing. If you object to such processing, we will no longer process your data for such purposes.
7.3.8 Right to withdraw consent. When our processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. Please note that the lawfulness of any processing based on your consent before its withdrawal is not affected by the withdrawal.
8.1 The data protection authority in Sweden is ‘Integritetsskyddsmyndigheten’ (imy.se/en). If you believe that our processing is performed in breach of applicable data protection legislation, we encourage you first hand to contact us in order for us to oversee your complaints. You may at any time also file a complaint at the supervisory authority.