Privacy Notice
Europe
Latest update October 13, 2024
We are committed to protecting and respecting your privacy. We want you to feel safe when we process your personal data. This privacy notice (“Privacy Notice”) explains how we process information about you in compliance with applicable legislation and it applies to all our processing of such information. This Privacy Notice applies to you if you reside in the EU or UK. If you reside in the US, this version of our Privacy Notice applies to you.
Kindly see this Privacy Notice for further information about our use of personal data and your rights. If you have any questions about this Privacy Notice, our processing of your personal data or if you wish to exercise your rights, please contact us at privacy@gilion.com.
1. Who is responsible for the processing of your personal data?
Gilion AB, reg. no. 559264-9726, (“Gilion”, “we”, “our” or “us”) is the data controller for the processing of your personal data in accordance with the EU General Data Protection Regulation 2016/679 (“GDPR”) and as incorporated into UK domestic law (UK GDPR) and the UK Data Protection Act 2018.
We have a dedicated privacy team that can respond to any questions, concerns, or requests related to your personal data or your privacy rights. To get in touch with our privacy team, please email us at privacy@gilion.com. You will also find our contact details in section 12 at the end of this Privacy Notice.
2. What personal data do we process?
In this section, we describe the categories of personal data that we collect or create. In section 3, we describe for what purposes we use these categories of personal data.We collect the following information directly from you when you register for our platform (“Platform”) or enter into an agreement with us on behalf of the company you represent. We also collect information when you use the Platform, our website, or if you contact us. In addition, we might need to collect information about you from third party sources such as external sanction lists and politically exposed persons (“PEP”) lists.
We process the following information:
● Contact information - Name, title, address, personal identification number, email address, phone number, nationality, job title, profile picture of your email account, and copy of your ID card.
● Company information - Information about the company you represent, such as name, address, annual recurring revenue, company website, invoicing information, and registration certificate.
● Company account information - Information transferred from your company’s bank account such as balance amount, currency of the account, transaction history.
● Device information - IP address, device ID, language settings, browser settings, time zone, operating system, platform, screen resolution, and similar information about your device, and device settings or usage.
● Information about your use of our service - What different features you have used and how you have used them. This includes also technical data such as response time for web pages, or the date and time when you used the service.
● Information from external sanction lists and PEP lists - Sanction lists and lists of persons constituting PEP include information such as name, date of birth, country of citizenship, occupation or position, and the reason why the person is on the list in question. This category may also include sensitive personal data revealing political or philosophical views.
● Information about your contacts with us - Chat conversations and email correspondence.
● Investor criteria - Information about your investment preferences, including usual ticket size, preferred investment stage, target industries, and other relevant criteria.
● Whistleblowing report - the information contained in the reports submitted through our whistleblowing channel, including details of any incident, date and time of the report, any supporting evidence or documents provided, and the relationship of the reporter to the incident (if disclosed).
● Payment information - Credit and debit card details (card number, expiry date, CVV code, card provider), VAT number, bank account number, and bank name.
3. How do we process your personal data?
In this section, we describe:
● Why we process your personal data (the purpose);
● What categories of personal data we use for that purpose, and if the personal data comes directly from you or from another source. In that case, we state the source in brackets;
● What legal rights (also called “legal basis”) we have when processing personal data; and
● When we stop processing the personal data for each purpose.
3.1. How we always use your personal data.
In this section, we describe how we always process your personal data, for instance, if you are a representative of a company that registers for the Platform. These representatives can include the CEO, CFO, founders, investors, or other stakeholders in a company.
The purpose for why we process your personal data.
The categories of personal data we process and where they come from (see Section 2 to read more about the different types of personal data).
The legal basis for our processing of personal data.
The time period for which Gilion processes the personal data for that purpose.
To deliver the Platform and the features included therein in accordance with the Terms of service and our website.
From you:
● Contact information.
● Company information.
From other sources:
● Contact information. (Google, Microsoft when using Single Sign-on)
● Device information. (Your device)
● Company account information. (Open banking provider, when connecting your company bank account information to the platform)
The processing is necessary for Gilion to perform a contract with you (Art 6(1)(b) GDPR).
When the contract between Gilion and you or the company you represent is terminated.
To manage our relationship with you or the company you represent in accordance with our agreements (i.e. Terms of service, Loan agreement, or Referral program terms). This includes creating and sending information to you in electronic format (not marketing).
From you:
● Contact information.
● Company information.
From other sources:
● Device information. (Your device)
The processing is based on a balancing of interests (Article 6(1)(f) GDPR). When balancing interests, Gilion has determined that Gilion has a legitimate interest in managing the relationship, that the processing is necessary to achieve that purpose, and that our interest outweighs your right not to have your data processed for this purpose. If you want to know more about how the assessment was done, contact us.
When the contract between Gilion and you or the company you represent is terminated.
To perform satisfaction surveys and collect user feedback on our services.
● Contact information.
● Company information.
From other sources:
● Information about your use of our service. (Gilion)
● Information about your contacts with us. (Gilion)From you:
The processing is based on a balancing of interests (Article 6(1)(f) GDPR). When balancing interests, Gilion has determined that Gilion has a legitimate interest in being able to perform surveys and collect user feedback on our services, that the processing is necessary to achieve that purpose, and that our interest outweighs your right not to have your data processed for this purpose.
When the contract between Gilion and you is terminated, or if you notify us that you are not interested in this processing.
Based on the investor's criteria, find matches between investors and Gilion customers enrolled in the Gilion Investor Network.
From you:
● Contact information.
● Company information.
● Investor criteria.
The processing is based on a balancing of interests (Article 6(1)(f) GDPR). When balancing interests, Gilion has determined that Gilion has a legitimate interest in collecting investor criteria to find suitable matches between the participants in the Gilion Investor Network, that the processing is necessary to achieve that purpose, and that our interest outweighs your right not to have your data processed for this purpose.
This processing takes place for the entire period during which you stay enrolled in the Gilion Investor Network. For more details about our obligations and rights to keep your personal data, please see section 9.
To anonymize your personal data in order to analyze and improve our services (our internal processes, our website or the Platform).
From you:
● Contact information.
● Company information.
From other sources:
● Device information. (Your device)
● Information about your use of our service. (Gilion)
● Information about your contacts with us. (Gilion)
The processing is based on a balancing of interests (Article 6(1)(f) GDPR). When balancing interests, Gilion has determined that Gilion has a legitimate interest in being able to anonymize your personal data for product development purposes, that the processing is necessary to achieve that purpose, and that our interest outweighs your right not to have your data processed for this purpose. By anonymizing your personal data, we ensure that we limit our processing to the extent possible.
This processing takes place during the time that Gilion retains the data in its systems for example to perform the contract executed with you or to comply with applicable law. For more details about our obligations and rights to keep your personal data, please see section 9.
To perform data analysis and testing to improve our services (e.g. our internal processes, our website, or features available through the Platform). If possible, we first anonymize the data, which means that no personal data is processed afterwards).
From you:
● Contact information.
● Company information.
From other sources:
● Device information. (Your device)
● Information about your use of our service. (Gilion)
● Information about your contacts with us. (Gilion)
The processing is based on a balancing of interests (Article 6(1)(f) GDPR). When balancing interests, Gilion has determined that Gilion has a legitimate interest in being able to analyze your personal data for product development purposes, that the processing is necessary to achieve that purpose, and that our interest outweighs your right not to have your data processed for this purpose. Furthermore, our customers benefit from the processing as it enables us to deliver better and more reliable services.
This processing takes place during the time that Gilion retains the data in its systems for example to perform the contract executed with you or to comply with applicable law. For more details about our obligations and rights to keep your personal data, please see section 9.
To manage and address any queries or requests when you contact us.
From you:
● Contact information.
● Company information.
From other sources:
● Device information. (Your device)
● Information about your use of our service. (Gilion)
● Information about your contacts with us. (Gilion)
The processing is based on a balancing of interests (Article 6(1)(f) GDPR). When balancing interests, Gilion has determined that Gilion has a legitimate interest in providing customer support, that the processing is necessary to achieve that purpose, and that our interest outweighs your right not to have your data processed for this purpose. Furthermore, this processing benefits Gilion’s customers as it enables us to handle any issues and deliver more reliable services.
When the contract between Gilion and you or the company yourepresent is terminated.
To maintain and ensure network and data security in our services and systems.
From you:
● Contact information.
● Company information.
From other sources:
● Device information. (Your device)
● Information about your use of our service. (Gilion)
● Information about your contacts with us. (Gilion)
The processing is based on a balancing of interests (Article 6(1)(f) GDPR). When balancing interests, Gilion has determined that Gilion has a legitimate interest in being able to secure its network and data, that the processing is necessary to achieve that purpose, and that our interest outweighs your right not to have your data processed for this purpose. Furthermore, this processing benefits Gilion’s customers as it enables us to deliver better and more reliable services.
This processing takes place for the entire period during which you use any of our services.
To provide marketing materials about the Platform and Gilion to you as our customer or a prospective customer. If you do not want to receive marketing from us, please contact us to let us know. We will then stop processing your data for sending marketing.
From you:
● Contact information.
● Company information.
From other sources:
● Information about your use of our service. (Gilion)
The processing is based on a balancing of interests (Article 6(1)(f) GDPR). When balancing interests, Gilion has determined that Gilion has a legitimate interest in providing you with marketing about our services, that the processing is necessary to achieve that purpose, and that our interest outweighs your right not to have your data processed for this purpose. We have also considered the fact that marketing is listed as an example of legitimate interest in the GDPR.
When the contract between Gilion and youis terminated, or if you notify us that you are not interested in this processing.
To perform bookkeeping and accounting in accordance with accounting laws and preserve them in compliance with the applicable law.
From you:
● Contact information.
● Company information.
From other sources:
● Information about your use of our service. (Gilion)
To comply with law (Article 6(1)(c) GDPR). (The Swedish Act (1999:1078)).
During the period in which the bookkeeping is recorded and 7 years after the end of the year in which the information was registered.
To investigate, take actions and document what actions have been taken based on the matter you have reported through our whistleblowing channels.
From you:
● Contact information.
● Whistleblowing report.
To comply with law (Article 6(1)(c) GDPR).
(The Swedish Act on the protection of persons who report misconduct (2021:890)).
This processing takes place during the period a matter is ongoing and 2 years after the matter has been closed.
To establish, exercise, or defend Gilion from legal claims and safeguard Gilion’s legal rights.
All categories mentioned in section 2.
The processing is based on a balancing of interests (Article 6(1)(f) GDPR). When balancing interests, Gilion has determined that Gilion has a legitimate interest in being able to protect itself from legal claims, that the processing is necessary to achieve that purpose, and that our interest outweighs your right not to have your data processed for this purpose.
This processing takes place during the time that Gilion retains the data in its systems for example to perform the contract executed with you or to comply with applicable law. For more details about our obligations and rights to keep your personal data, please see section 9.
To share your personal data with the categories of recipients described in section 4.
All categories mentioned in section 2.
It varies depending on the recipient. See section 4.
This processing takes place during the time that Gilion retains the data in its systems for example to perform the contract executed with you or to comply with applicable law. For more details about our obligations and rights to keep your personal data, please see section 9.
3.2. When you are a representative of a company that applies for a loan or has been granted a loan.
In this section, we describe how we process your personal data in addition to what is described above if you are a representative of a company that applies for a loan or has been granted a loan. The representatives can include CEO, CFO, founders, investors or other main stakeholders in a company.
The purpose for why we process your personal data.
The categories of personal data we process and where they come from (see Section 2 to read more about the different types of personal data).
The legal basis for our processing of personal data.
The time period for which Gilion processes the personal data for that purpose.
To deliver the financial services in accordance with the loan agreement between the borrower and the company you represent.
From you:
● Contact information.
● Company information.
From other sources:
● Information about your use of our service. (Gilion)
● Information from external sanction lists and PEP lists.(Sanction lists and PEP lists)
The processing is based on a balancing of interests (Article 6(1)(f) GDPR). When balancing interests, Gilion has determined that Gilion has a legitimate interest in being able to deliver the financial services, that the processing is necessary to achieve that purpose, and that our interest outweighs your right not to have your data processed for this purpose. As regards sensitive personal data, the basis is that the processing is necessary for reasons of the public interest (Article 9(2)(g) GDPR).
When the contract between Gilion and you or the company you represent is terminated.
To prevent Gilion from being used for money laundering or terrorist financing, by monitoring and reviewing transactions. Gilion also conducts ongoing risk assessments to counter money laundering and terrorist financing.
From you:
● Contact information.
● Company information.
From other sources:
● Information about your use of our service. (Gilion)
● Information from external sanction lists and PEP lists. (Sanction lists and PEP lists)
To comply with law (Article 6(1)(c) GDPR). (Swedish Law (2017:630) on measures against money laundering and terrorism financing).
As regards sensitive personal data, the basis is that the processing is necessary for reasons of the public interest (Article 9(2)(g) GDPR).
Up to five years from the termination of the contract or after the termination of the customer relationship (up to ten years in cases where law enforcement authorities so request). See section 9 for more information on our obligations and right to retain information according to law.
3.3. When you are a representative of a company that signs up for our premium services.
In this section, we describe how we process your personal data in addition to what is described above if you are a representative of a company that signs up for our premium services.
The purpose for why we process your personal data.
The categories of personal data we process and where they come from (see Section 2 to read more about the different types of personal data).
The legal basis for our processing of personal data.
The time period for which Gilion processes the personal data for that purpose.
To manage payments for our premium services from the company you represent in accordance with the Terms of service.
From you:
● Contact information.
● Company information.
● Payment information.
From other sources:
● Information from external sanction lists and PEP lists. (Sanction lists and PEP lists)
The processing is based on a balancing of interests (Article 6(1)(f) GDPR). When balancing interests, Gilion has determined that Gilion has a legitimate interest in being able to perform the personal data processing, that the processing is necessaryto achieve that purpose,and that our interestoutweighs your rightnot to have your dataprocessed for thispurpose.As regards sensitivepersonal data, the basisis that the processing isnecessary for reasons ofthe public interest (Article 9(2)(g) GDPR).
When the contract between Gilion and you or the company you represent is terminated.
To prevent Gilion from being used for money laundering or terrorist financing, by monitoring and reviewing transactions. Gilion also conducts ongoing risk assessments to counter money laundering and terrorist financing.
From you:
● Contact information.
● Company information.
From other sources:
● Information about your use of our service. (Gilion)
● Information from external sanction lists and PEP lists. (Sanction lists and PEP lists)
To comply with law (Article 6(1)(c) GDPR). (Swedish Law (2017:630) on measures against money laundering and terrorism financing).
As regards sensitive personal data, the basis is that the processing is necessary for reasons of the public interest (Article 9(2)(g) GDPR).
Up to five years from the termination of the contract or after the termination of the customer relationship (up to ten years in cases where law enforcement authorities so request). See section 9 for more information on our obligations and right to retain information according to law.
3.4. When you participate in our Referral program.
In this section, we describe how we process your personal data in addition to what is described above if you choose to participate in our referral program.
The purpose for why we process your personal data.
The categories of personal data we process and where they come from (see Section 2 to read more about the different types of personal data).
The legal basis for our processing of personal data.
The time period for which Gilion processes the personal data for that purpose.
To communicate with you regarding potential collaboration with us if you have consented to be referred to us as part of the Referral program.
From other sources:
● Contact information. (The person who referred you to us)
● Company information. (The person who referred you to us)
The processing is based on a balancing of interests (Article 6(1)(f) GDPR). When balancing interests, Gilion has determined that Gilion has a legitimate interest in being able to communicate with you based on the referral you have agreed to, that the processing is necessary to achieve that purpose, and that our interest outweighs your right not to have your data processed for this purpose.
During the time we have ongoing dialog with you regarding potential collaboration with us and one year after the dialog has ended.
4. Who do we share your personal data with?
In this section, we describe the categories of recipients whom we share information with. If you want to know more about the recipients, you can find our contact details in section 12 of this Privacy Notice. When we share personal data with non-governmental third parties, we ensure that we have an agreement in place to ensure that the information is processed in accordance with this Privacy Notice. These agreements include all reasonable contractual, legal, technical, and organizational measures to ensure that your information is processed with an adequate level of protection and in accordance with applicable law. Please note that Gilion does not sell your personal data.
4.1. Categories of recipients with whom Gilion shares your personal information regardless of the service you use.
In this section, we describe the categories of recipients whom we share information with. If you want to know more about the recipients, you can find our contact details in section 12 of this Privacy Notice. When we share personal data with non-governmental third parties, we ensure that we have an agreement in place to ensure that the information is processed in accordance with this Privacy Notice. These agreements include all reasonable contractual, legal, technical, and organizational measures to ensure that your information is processed with an adequate level of protection and in accordance with applicable law. Please note that Gilion does not sell your personal data.
The categories of recipients we share your personal data with
The purpose for why we share your personal data.
The legal basis for sharing your personal data.
Gilion Group companies.
To enable us to conduct our business in an efficient way and to ensure we can provide and maintain our services and functionalities.
The data sharing is based on a balancing of interests (Article 6(1)(f) GDPR). When balancing interests, Gilion has determined that Gilion has a legitimate interest in sharing your data within the group to enable us to run our business in an efficient way, that the processing is necessary to achieve that purpose, and that our interest outweighs your right not to have your data processed for this purpose.
Service providers and subcontractors.
To enable us to access, use, and deliver services and functionalities that we do not have or cannot deliver by ourselves.
The data sharing is based on a balancing of interests (Article 6(1)(f) GDPR). When balancing interests, Gilion has determined that Gilion has a legitimate interest in sharing your data with our service providers to deliver our services, that the processing is necessary to achieve that purpose, and that our interest outweighs your right not to have your data processed for this purpose.
Participants in the Gilion Investor Network when a customer matches the investor’s criteria.
To facilitate communication between the customer and the investor regarding potential equity investments.
The data sharing is based on a balancing of interests (Article 6(1)(f) GDPR). When balancing interests, Gilion has determined that Gilion has a legitimate interest in sharing the contact information between the Gilion Investor Network participants when there is a match, that the processing is necessary to achieve that purpose, and that our interest outweighs your right not to have your data processed for this purpose.
Authorities such as the police, financial authorities, tax authorities or other governmental authorities and courts of law.
To comply with our obligations in relation to any requests from the governmental authorities. As an example, we might need to share personal data to take measures against money laundering and terrorist financing. You can see these laws in section 3 above.
The data sharing is also necessary when Gilion needs to protect itself from being subject to crimes.
The data sharing is necessary to comply with legal obligations (Article 6(1)(c) GDPR). If the data sharing is not necessary to comply with our legal obligations, the data sharing is based on a balancing of interests (Article 6(1)(f) GDPR), where Gilion has determined that we have a legitimate interest in protecting itself against crimes, that the processing is necessary to achieve that purpose, and that our interest outweighs your right not to have your data processed for this purpose.
Third parties as part of a merger, transfer, acquisition or sale, or in the event of a bankruptcy.
To enable potential mergers, divestitures, restructuring, reorganization, dissolution, and other sales or transfers of Gilion’s assets.
The data sharing is based on a balancing of interests (Article 6(1)(f) GDPR). When balancing interests, Gilion has determined that Gilion has a legitimate interest in enabling future divestments or sales of its assets, that the processing is necessary to achieve that purpose, and that our interest outweighs your right not to have your data processed for this purpose.
4.2. Categories of recipients with whom Gilion shares your personal data when you subscribe to Gilion’s premium services.
The categories of recipients we share your personal data with.
The purpose for why we share your personal data.
The legal basis for sharing your personal data.
When you insert your payment information for the premium services, Gilion will share your details with the payment service provider Stripe Payments Europe, Limited. Stripe will process your data in accordance with Stripe’s own Services Agreement and Privacy Policy.
To enable us to collect and process your payment in a secure way.
The data sharing is based on a balancing of interests (Article 6(1)(f) GDPR). When balancing interests, Gilion has determined that Gilion has a legitimate interest in sharing your data with the payment service providers to enable us to collect and process your payments, that the processing is necessary to achieve that purpose, and that our interest outweighs your right not to have your data processed for this purpose.
5. Gilion’s automated decision-making and profiling
We do not use automated decision-making, including profiling, in processes in our operations.
6. What data protection rights do I have as a data subject?
As a data controller, Gilion is responsible for ensuring that your information is processed in accordance with the law and that you can exercise your rights. You can reach out to us anytime if you want to exercise these rights. We are committed to resolving your requests to exercise your rights within one month of receiving your request. Sometimes, when we experience a high volume of requests or face complex requests, we have the right to extend this deadline an additional two months. In such a case, we will inform you about the delay within one month of receiving your request.
You will not be charged for exercising any of the below rights unless we find your request manifestly unfounded or excessive. In that case, we may charge an administrative fee for handling your request or refuse to act on your request altogether.
If you want to know more or come in contact with us to exercise your rights, the easiest way is to email us at privacy@gilion.com. If you want to receive information about the data Gilion holds about you through the right of access, or have certain data deleted, you can send a request to us by contacting us through our homepage or the above-mentioned email. Our contact details are also provided in section 12 below.
● Right of access to your personal data
You have the right to know if Gilion processes personal data about you and to receive a copy of such data. If you make a request by electronic means, e.g. via email, we will provide you with the information in a commonly used electronic format. Through the copy, you will receive information about what personal data Gilion holds about you and how we process it.
● Right to rectification
You have the right to request that we rectify any inaccurate information or complete information about you that you consider to be inaccurate or incomplete.
● Right to be informed
You have the right to be informed of how we process your personal data. We do this through this Privacy Notice and by answering any of the questions you might send us.
● Right to deletion
You have the right to ask us to remove your personal information. For instance, the delation shall occur when (i) we no longer need for the purpose it was collected for, or (ii) if you object to the processing of personal data based on our legitimate interests, and there are no compelling reasons that outweigh your interest to have the data deleted. However, there are situations where we may not be able to delete your data. This includes cases where the data is still necessary for the original purpose, where our interest in processing the data outweighs your interest in having it deleted, or when we are legally obligated to retain it. You can find more information about our legal obligations regarding data retention in section 9 of this Privacy Notice. These laws may prevent us from immediately deleting certain data.
● Right to restrict processing
In certain situations, you have the right to request us to temporarily restrict the processing of your data.You can request us to restrict the processing of your personal data if you believe that your personal data is inaccurate and you have requested a correction of your data. While the matter is under investigation, you can also request that the processing of the relevant personal data be restricted. Another situation is if you believe that our processing is unlawful but you don’t want us to remove your personal data or that we do not need the information for a specific purpose but you need them to be able to establish, exercise or defend a legal claim.
● Right to object
You have the right to object to the processing of your personal data if our processing is based upon legitimate interests or public tasks (see Section 3 above). If you object to such processing, we will cease processing of your personal data unless we can demonstrate compelling reasons for the processing that override your interests. In addition, you can object to the processing of your personal data for direct marketing purposes. If you object to processing for direct marketing, we will stop processing your personal data for these purposes immediately. Please note that exercising your right to object may affect our ability to provide certain features to you, where such processing of data is essential for the provision of those features.
● Right to data portability
You have the right to receive your personal data in a structured, commonly used machine-readable format, and to request a transfer of these data to another recipient. The right to data portability only applies when the processing is being carried out by automated means and our lawful basis for processing your data is your consent or for the performance of a contract between you and us.
● Right to lodge a complaint
You have the right to lodge a complaint with Integritetsskyddsmyndigheten, which is the Swedish supervisory authority for Gilion’s personal data processing. You can reach Integritetsskyddsmyndigheten through the following link. You may also lodge a complaint with your national data protection authority, which you can find listed here.
7. Where do we transfer your personal data?
Gilion processes your personal data primarily within the EU/EEA. However, in some cases, we also transfer your personal data to countries outside of the EU/EEA. If personal data is transferred to any such country outside of the EU/EEA, we will ensure that an equivalent level of protection to your data applies in accordance with the GDPR. Please note that your data protection rights described in section 6 will not be affected if your personal data is transferred outside of the EU/EEA.
8. How do we protect your personal data when transferring them outside of EU/EEA?
Data protection laws in countries outside of the EU/EEA may look different compared with the GDPR. Countries may have laws in place that grant government authorities access to data that is located in these countries to combat crimes and to protect national security. When we transfer your personal data outside of the EU/EEA, we ensure that your personal data enjoys a materially equivalent level of protection as it would have if the data were processed within the EU/EEA and that appropriate safeguards have been implemented. We do this by primarily transferring your personal data to countries that have been assessed by the European Commission as providing an adequate level of protection subject to a so-called adequacy decision. You find more information about which countries are deemed to have an “adequate level of protection” on the European Commission’s website.
If a country where we transfer your personal data does not receive the European Commission’s adequacy decision, we ensure that Gilion and the recipient have entered into standard contractual clauses issued by the European Commission instead and assess whether there are laws in the recipient country that affects the protection of your personal data. Where necessary, we take technical and organizational measures so that your data remains protected during the transfer to the relevant country.
You can read more about the European Commission’s Standard Contractual Clauses here.
If you want to know more or to obtain a copy of the Standard Contractual Clauses, contact us via the contact details in section 12 at the end of this Privacy Notice.
9. How long do we store your personal data?
We only keep your personal data for as long as it is necessary to achieve the purposes for which they were collected in accordance with this Privacy Notice. When we no longer need your personal data, we remove the data from our systems, databases, and backups.
In general, when we use your personal data to fulfill the contractual obligations between Gilion and you or the company you represent, Gilion stores such personal data for the duration of the contractual relationship and thereafter for usually 6 months but can be kept for up to 10 years based on statutes of limitations. When your personal data is used to fulfill Gilion’s legal obligations in relation to protection from money laundering, the personal data is normally retained for 5 and up to 10 years if requested by the authorities.
When your personal data is stored to fulfill obligations under the bookkeeping laws, the personal data is retained for 7 years after the end of the year in which the information was registered. When your personal data is stored to fulfill obligations under the whistleblowing regulations, the personaldata is retained for 2 years after a matter has been closed.
Please note that in situations where we have a legal obligation to retain your personal data, Gilion cannot delete such data even if you request us to do so (see more about the right to deletion).
Personal data that is used for other purposes than the fulfillment of legal or contractual obligations is only retained as long as necessary to fulfill the respective purpose for our data processing (usually 6 months). More information can be found in the table in section 3.
10. How do we use cookies and other tracking technologies?
We use cookies and other tracking technologies to ensure that our services and websites function properly and how they are used. You can find more information about the tracking technology that we use, and information about how you accept or decline the tracking technology in our Tracking technology notice available here.
11. Updates to our Privacy Notice
We are constantly working to improve our services, the Platform, and how we provide you with the relevant information so that you feel safe when we process your personal data. This may involve modifications of existing features, as well as adding completely new features. In such a case, we will notify you and give you the opportunity to read through the updates before they become effective. If we do amendments that are purely editorial, such as formatting, typographical error corrections, or other changes that do not materially affect you, we might not notify you.
It is also important that you read this Privacy Notice regularly when you use our services, as the processing of your personal data may differ from your previous use of the service in question.
12. How can you contact us?
Gilion AB is registered with the Swedish Companies Registration Office with registration number 559264-9726 and its registered office is located at Eriksbergsgatan 27, 114 30 Stockholm, Sweden.
If you have any questions or wish to exercise any of your rights, you can reach out to our dedicated privacy team by sending an email to privacy@gilion.com. You can also contact us via our website or via post at our registered office address. Gilion complies with Swedish data protection laws.