Privacy Policy.

Last updated: March 16, 2024

1. Introduction

Attuned Solutions AB wants all of its website visitors, clients or their representatives, business partners, consultants and suppliers to be confident that we process personal data in accordance with applicable privacy legislation. Our privacy policy describes how we handle and protect your personal data in our capacity as a data controller. It also describes your rights and how to proceed in case you wish to exercise them. Clients buying services or products from us are contractually obligated to comply with the agreement, terms and conditions.

Visits to our website can be made without you having to provide any personal data or accept cookies with the exception of collecting your IP-address, which is categorised as personal data. Knowing your IP-address is necessary for our website to communicate with your device and web browser, and secure our IT systems from spam, phishing, harassment, incorrect logins, illegal acts or malicious conduct that compromise the availability, authenticity, integrity and confidentiality of stored or transferred personal data, and the security of related services.

When sending us e-mail, you may provide us with your IP-address since some e-mail service providers or e-mail clients include the IP-address of the sending computer or mobile device in the e-mail header information.

2. Data controller

Attuned Solutions AB is the data controller of personal data provided to us. You are not obliged to provide any personal data to us. However, if you do not provide us with personal data we cannot undertake any assignment or engagement from you.

3. Website

Our website does not use cookies or similar tracking technologies. We do not collect browsing data for analytics, marketing, or profiling purposes.

When you visit our websites, we collect anonymous information about your computer or mobile device for IT security purposes.

We also collect your IP-address, which is categorised as personal data. Knowing your IP-address is necessary for our website to communicate with your device and web browser, and securing our IT systems from spam, phishing, harassment, incorrect logins, illegal acts or malicious conduct that compromise the availability, authenticity, integrity and confidentiality of stored or transferred personal data, and the security of related services.

The information may be shared with third-party service providers who provide services on our behalf.

3.1. Categories of personal data we collect

• IP-address

3.2. Categories of anonymous data we may collect

• Type of device; computer or mobile device
• Operating system
• Browser type
• Referral source, e.g., Google or Bing
• Length of visits and how you leave the service
• Pages or documents viewed
• Name of your internet service provider
• Geographical location
• If you are a recurring visitor

3.3. Legal basis and retention

These data are processed based on legitimate interest. The retention period is 14 months following collection of the data.

4. General inquiries from digital contact interfaces

If you use any of the contact forms on our website, send an e-mail to us or use other digital contact interfaces, your information will be used to respond to your inquiry. The information may be shared with third-party service providers who provide services on our behalf.

4.1. Categories of personal data we may collect

• Name
• E-mail address
• Phone number
• Address
• Correspondence

4.1. Categories of personal data we may collect

These data are processed based on an agreement with you. Personal data from general inquiries is stored for a period of one year, from the end of our engagement.

5. Online collaboration tools

When using our online collaboration tools such as, Microsoft Teams, SharePoint Online, OneDrive, we may collect anonymous information about your computer or mobile device for analytic purposes, to helps us understand what parts of our services are doing well, we use this information to make our services better. We may also collect personal data you choose to provide, e.g., name, e-mail address provided in Teams chats or meetings. The information may be shared with third-party service providers who provide services on our behalf.

5.1. Categories of personal data we may collect

• Name
• E-mail address
• Phone number
• Correspondence
• IP-address

5.2. Legal basis and retention period

These data are processed based on legitimate interest or on agreement with you. The retention period is 3 years following collection of the data.

6. Clients, business partners and suppliers

When parties such as clients or their representatives, business partners, consultants or suppliers are in contact with us or occur in connection with our assignments, this entails personal data being provided to us or obtained by us.

We collect the personal data provided to us in connection with our assignments or that are otherwise processed during the preparation or administration of an assignment. We primarily collect personal data directly from the individuals concerned, however during assignments we sometimes receive information about individuals involved without the information being provided directly from them. We may also supplement the personal data provided by obtaining information from private and public records and sources. We also process personal data so that we can manage and administrate our relationships with suppliers and other external parties. Normally, there is no obligation to provide us with personal data. However, if we do not receive certain personal data, we will not be able to accept an assignment, since we will not be able to comply with our obligations.

6.1. Categories of personal data we may collect

• Name
• E-mail address
• Phone number
• Work address
• Date of birth/ID number
• Invoicing information, e.g., account number and tax details
• Correspondence
• IP-address

6.2. Legal basis and retention period for clients

We process personal data provided or obtained in connection with assignments to fulfil our obligations and rights and obligations under the performance of a contract. But also for administration in connection with assignments, as well as obligations which follow from law. The retention period is three years, from the end of our engagement.

6.3. Legal basis and retention period for suppliers and other external parties

Processing of personal data relating to suppliers or their representatives and other external parties is based on our legitimate interest in administrating the relationship and performing our contractual obligations. The retention period is three years, from the end of our engagement.

6.4. Legal basis and retention period for client analyses and business development

We may also use personal data as a basis for our market and client analyses, business and methodology development, as well as for statistical purposes and risk management. When we process personal data in order to analyse and develop our business, processing is based on our legitimate interest in improving our business and for communication. The retention period is three years, from the end of our engagement.

7. Securing our IT systems

Personal data such as your IP-address and anonymous information about your computer or mobile device, collected by our website, online collaboration tools or e-mail, will be used to secure our IT systems from spam, phishing, harassment, incorrect logins, illegal acts or malicious conduct that compromise the availability, authenticity, integrity and confidentiality of stored or transferred personal data, and the security of related services.

7.1. Categories of personal data we may collect

• Type of device; computer or mobile device
• Operating system
• Browser type
• Pages or documents viewed
• IP-address
• Name of your Internet Service Provider
• Geographical location
• Errors
• Malicious activity

7.2. Legal basis and retention period

These data are processed based on legitimate interest. The retention period is one year, following collection of the data.

Our service providers, such as Microsoft and Google may process meta data for security purposes for longer than 1 year. Your interactions with these services are governed by the privacy policies of the companies providing the services.

8. Sensitive personal data and personal identification numbers

We do not collect sensitive personal data. Personal identification numbers are only processed when needed to ensure your identification or if strictly needed.

9. Information shared with third parties

Other than as provided in this privacy policy, we will not knowingly share personal data you provide with any third party, except where:

• It has been agreed between us and the person whose personal data we process.
• It is necessary within the scope of a given assignment.
• It is necessary so we can fulfil a statutory obligation, comply with a decision of a public authority or a court of law.
• It is otherwise permitted by law.
• In cases where it is necessary for us to carry out our services, we may retain external suppliers (processors) for services in connection to our online presence or the services. These suppliers may process personal data and sometimes require limited access to personal data. We use the following types of suppliers:
• Financial services, e.g., banks, external processing of accounts payable and accounts receivable, and book keeping.
• IT services, e.g., cloud services such as Microsoft 365, Google, Cloudflare etc.

10. Transfer to third countries

We strive at all times to keep personal data within the European Economic Area (EEA) but engage suppliers located outside of the EEA such as AWS and Cloudflare for web hosting and IT security.

Data transfers outside the EU/EEA are made in line with applicable data protection laws and for the purposes specified above. Transfers of this type are normally based on the EU Commission’s standard contractual clauses. Transfers to countries outside the EU/EEA may also occur within the scope of a given assignment.

11. Your rights

You have the right to, free of charge, demand information from Attuned Solutions AB about the use of personal data regarding yourself. We will, on your request or on our own initiative, correct, delete or limit the processing of inaccurate personal data in relation to you. You have the right to demand that your personal data is not processed for direct marketing purposes. If you unsubscribe from newsletters or similar, the information will be deleted immediately. You are entitled to take part of the collected personal data, in relation to you, in a machine-readable format.

If you are dissatisfied with our collecting or processing of your personal data you can file a complaint to the Swedish supervisory authority which is the Swedish Authority for Privacy Protection (www.imy.se). You can also turn to the supervisory authority at your habitual residence or place of work.

In case of questions about our processing of personal data, you are welcome to contact us at [email protected].