Privacy Notice

1. General Information

Cparta Cyber Defense AB with company reg. no. 559216-9311, located on Kungsgatan 37, 111 56, Stockholm (“Cparta” or “the company”) process personal data in a variety of settings. Because we determine the purpose for which the data s processed, we are considered to be the controller and as such have the responsibility for how the data is processed. In this processing we strive to maintain a high level of data protection. The purpose of this policy is to explain how and why we collect and process your personal data, what rights you have, and how you can exercise those rights. Personal data is any information that can be directly or indirectly related to an identified or identifiable natural person (i.e you who visit Cparta.se).

2. Responsibilities for processing and sharing of data

2.1 Who is responsible for the personal data we collect?

Cparta is in the capacity as a controller, responsible for the processing of the data collected and processed within the company. Cparta Cyber Defense AB, with company reg. no. 559216-9311, and address Kungsgatan 37, 111 56 Stockholm. In certain cases, Cparta may collaborate with other companies as described in the section “Data sharing”.

2.2 Data sharing (processors and other controllers)

The data collected is not shared with other parties, except where it is necessary to fulfill the purpose of the processing. We normally transfer data to external parties selectively and only when it is needed to fulfill the purpose of the processing (i.e those who help us with recruitment, hosting services, accounting services, event planning, etc). We strive to only work with providers who are located inside the European Union, but we may from time to time use providers who are located outside of the union in a third country (i.e USA). In such cases, the company ensures that the appropriate transfer mechanisms and safeguards are implemented). You are upon request under applicable law entitled to receive a copy of the mechanisms and safeguards taken to protect the data shared with data processors. In the following cases, data is shared with a third party:

Recipient Purpose Legal Basis
Clients To execute agreements, comply with obligations connected to these obligations. To fulfill obligations connected to client relationships.
Travel agencies, airline, trains, hotels, etc To facilitate booking, accommodation requests and to meet regulatory requirements. The legitimate interest of Facilitating business travel.
Government authorities To fulfill obligations (i.e tax, book-keeping, AML and prevent fraud) Fulfill legal obligations required by law.
Courts To exercise, establish or defend legal claims. Settle disputes and defend claims.
Suppliers To conclude supplier agreements. Administrating supplier relations.
Trade unions, employer organizations Fulfill legal obligations in employment law in relation to for example re-organizations. To fulfill legal obligations in employment law.

The third party will normally in these cases be the processor. In certain cases, where they determine the purpose of the processing, they will become the controller. When data is shared with a third party, the company will enter into a data processing agreement with that party.

3. Data processing

3.1 What data and why we process the data

Data may be processed for various reasons. The data processing activities are described below:

Area Purpose Data collected Legal Basis
Recruitment The purpose of finding new employees or to reply to the application (to make contact, recruitment process, conclude the employment contract). ID, gender, age, DOB, health, previous work experience, education, necessary work permit, additional information submitted in your resume i.e photos, e-mail, address, phone number, etc), Being necessary to recruit, enter into an employment agreement, plan staffing issues, review performance.
Events / meetings / conferences / competitions, etc The purpose of hosting and administrating events for example to correspond with participants and suppliers, throughout the event. Name, address, e-mail, phone number, gender, DOB, information voluntarily submitted through your participation (allergies, emergency contact information, etc), photos, videos. The legitimate interest of managing and administrating events, etc organized by Cparta.
Social media To have dialogues with external parties (clients, recruits, etc). Photos, videos from events, conferences, meeting. Our legitimate interest of sharing knowledge, news, etc.
Client assignment To deliver our services in accordance with the agreed expectations by both Cparta’s and the client. ID, gender, age, DOB, company, financial information, scope of assignment, e-mail conversations. Our legitimate interest of fulfilling our obligations towards clients, and where applicable to fulfill certain legal and contractual obligations.
Supplier and client relations To manage relations and correspond with existing and prospective suppliers and clients. Contact details, social security number, information submitted in e-mail conversations, financial information e.g if the client is a sole proprietor. Our legitimate interest of fulfilling our obligations towards clients and suppliers, and where applicable to fulfill certain legal and contractual obligations.
Employees To manage employee relationships. Name, address, e-mail, phone number, personal data in e-mail correspondence, financial information, internet behavior, technical logs, other information necessary for the processing. The legitimate interest of fulfilling our obligation towards our employees and where applicable fulfill certain legal and contractual obligations.
Legal obligations To fulfill obligations (for example book keeping) Contact details, DOB, social Security number, financial information. To fulfill legal obligations.
Internal investigations To conduct internal investigation in case there is a breach of laws or attack on the IT-systems used by the company. Name, address, e-mail, phone number, personal data in e-mail correspondence, internet behavior, CCTV-recordings, technical logs, other information necessary for the processing. To be able to identify, investigate and prevent unlawful actions against Cparta.
Establish, defend or exercise legal claims In order to establish, exercise or defend potential legal claims. Name, address, e-mail, phone number, personal data in e-mail correspondence, internet behavior, technical logs, other information necessary for the processing. Cpartas legitimate interest of establishing, exercising or defending a legal claim.

3.2 For how long do we store the data?

The data will be stored for the period necessary to fulfill the purpose outlined in the table above, unless there is a legitimate reason or required by law to store the data for a longer period. If there is no longer a reason that makes it necessary to store the data it will be deleted.

3.3 Your rights

When we process your data, you have certain rights. They rights are Described in the table below:

Right Description
Access to data You have the right to get access to the data which we process about you.
Rectification You have the right to correct inaccurate data.
Revoke previously given consent with future effect You have the right to revoke your previously given consent.