Information on Brighter’s processing of your personal data

1. About this privacy policy

This information describes how Brighter AB (publ) (“Brighter”) processes your personal data and your rights. The information is addressed to anyone that visits our website or communicates with us. This can be via forms on our website, forms on other website or e-mail messages. Additionally, the personal data we process may include data you share with Brighters’ processors, suppliers, business partners, customers or any other third parties.

2. What is personal data?

Personal data means any information which relates to an identified or identifiable natural person, e.g. name, address, telephone number, e-mail address, personal ID number, title, role, photograph and IP address. This can also include special categories of personal data such as genetic, biometric and health data.

3. Data CONTROLLER

Brighter AB (publ), reg. no 556736-8591, Borgarfjordsgatan 18, SE 16440 Kista, Sweden, is the data controller for Brighter’s processing of personal data which means that we are responsible for how your personal data is collected, used or otherwise processed.

4. PERSONAL DATA that WE PROCESS AND WHY

4.1 When you visit our website

We process the following personal data

When you visit our website, we process your IP address, as well as information about your IT equipment (e.g. operating system and whether the visit is done by computer or smartphone). In addition, we also process information about your visit to our website through cookies. For more information on how we use cookies see our cookie section in the Terms & Conditions on our website.

Purpose

We process the personal data in order to ensure technical functionality, establish statistics and evaluate our website and understand the visitor’s behaviour on our website; and improve our website.

Legal basis

We base the processing of personal data for the purposes described above on the legal basis legitimate interest. The processing is necessary for our legitimate interest in providing a secure and user-friendly website with a content relevant to the website-visitor.

For how long do we store the personal data?

We pursue storage limitation, but the storage period depends on the purpose of the specific processing. The personal data is stored as long as necessary for the purpose of the processing.

4.2 When you communicate with us e.g. via forms on our website or via e-mail for example for support, medical queries, partner or investor relations or applying for employment

We process the following personal data

When you communicate with Brighter, we process your name, e-mail and information concerning your question, feedback or matter. If you apply for employment we process your name, e-mail, personal letter, CV, grades etc. that you send to us. It is possible that your email indirectly reveals your health status e.g., sensitive data about your diabetes.

Purpose

We process the personal data to answer your question and to handle your feedback, matter or application.

Legal basis

We base the processing of personal data for the purposes described above on the legal basis consent. The processing is necessary for our (and your) consent in being able to answer your question and handle your feedback, matter or application.

For how long do we store the personal data?

We pursue storage limitation, but the storage period depends on the purpose of the specific processing. We store your personal data as long as necessary for the purpose of the processing.

4.3 When you fill out our questionnaire to see if Actiste fits your needs i.e. the Actiste test form on our or our partners’ website

We process the following personal data

When you fill out our questionnaire to see if Aciste fits your needs, we process your diabetes status including the type of insulin you use, your name, address, phone number, e-mail, age and in some specific cases social media usernames.

Purpose

We process the personal data in order to help you find out if Actiste fits your needs and in order to allow us to contact you regarding Actiste.

Legal basis

We base the processing of your personal data relating to your identity and contact information for the purposes described above on the legal basis legitimate interest. The processing is necessary for our (and your) legitimate interest in being able to guide you through the suitability of Actiste for you and to be able to contact you regarding your interest in Actiste.

We base the processing of your health related data (i.e. your diabetes status including the type of insulin you use) on the legal basis consent. You have the right to withdraw your consent at any time where we are relying on consent to process your Personal Data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

For how long do we store the personal data?

We pursue storage limitation, but the storage period depends on the purpose of the specific processing. We store your personal data as long as necessary for the purpose of the processing.

4.4 In connection with your contacts with Brighter in your work or assignment with any of our customers, suppliers or business partners.

We process the following personal data

We process your name, phone number, mobile number, e-mail address, address, title, role and description of work tasks, as well as other personal data that may need to be processed to achieve the purposes described below, e.g. in documentation related to agreements that Brighter has with your employer or customer, by e-mail contact, or by publication on Brighter’s intranet or in other media in order to make the personal data available primarily to Brighter’s employees.

Purpose

We process the personal data to fulfill obligations under agreements with your employer or customer, administer agreements, negotiations or other cooperation, handle customers’, suppliers’ and business partners’ demands and market Brighter’s products.

Legal basis

We base the processing of personal data for the purposes described above on the legal basis legitimate interest. The processing is necessary for our legitimate interest in being able to fulfill obligations under agreements, administer agreements, negotiations or other cooperation, handle customers’, suppliers’ and business partners’ demands and market Brighter’s products.

For how long do we store the personal data?

We pursue storage limitation, but the storage period depends on the purpose of the specific processing. The personal data is stored as long as necessary for the purpose of the processing.

4.5 When you subscribe our newsletter

We process the following personal data

We process your name and e-mail address.

Purpose

We process the personal data in order to administer your order and send the ordered information to you.

Legal basis

We base the processing of personal data for the purposes described above on the legal basis consent. You have the right to withdraw your consent at any time where we are relying on consent to process your Personal Data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

For how long do we store the personal data?

We pursue storage limitation, but the storage period depends on the purpose of the specific processing. We store your personal data as long as you are subscribed to our e-mail list, and for a period thereafter. You always have the option to unsubscribe from receiving information by unsubscribing to our newsletter by pressing unsubscribe in our newsletters, or by contacting us.

4.6 To fulfill a legal obligation or to exercise, establish or defend our legal rights

In addition to what is described above, there might be other situations, when, we process your personal data to fulfil legal obligations, such as the obligation to maintain accounts, or at the request of an authority. The legal basis for the processing in such case is that the processing is necessary to fulfil a legal obligation. In those cases, we will store the data as long as we are obliged to.

We might also process your personal data to exercise, establish or defend our legal rights. The legal basis for the processing in such case is our legitimate interest to exercise, establish or defend our legal rights. In those cases, we will store the data as long as is necessary to fulfil the purpose of the processing.

5. FROM WHICH SOURCES DO WE COLLECT YOUR PERSONAL DATA?

In addition to the personal data you provide to us, we process the following personal data which is stored regarding visitors to our website, which the visitor to the website provides via their devices, such as computers or smartphones, data which is provided by customers, suppliers and other business partners and data from public records, websites and media.

6. PARTIES WITH WHOM WE MAY SHARE YOUR PERSONAL DATA

Your personal data may be disclosed to affiliates or subsidiaries to Brighter (the “Brighter Group”), auditors, advisors, legal representatives and similar agencies, so-called processors (external suppliers which process personal data on Brighter’s behalf) e.g. suppliers of IT systems, system management and support, or IT infrastructure providers and other recipients as required by law, other constitution or authority decision.

7. TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES

We may transfer your personal data to a third country, i.e. a country outside of the EU/EEA. This may take place, for example, through the storage of personal data on servers located in a third country, or where we retain an IT supplier to provide support and maintenance of IT systems from a third country. In the event we transfer personal data to a third country, we will enter into agreements and take other measures to protect your personal data in accordance with applicable legal requirements.

8. YOUR RIGHTS

You have the right to request information about the use of your personal data. You also have the right to request correction of incorrect personal data. Moreover, in certain cases, you also have the right to erasure of personal data, or restriction of the processing, and you are entitled to object to the processing. In addition, in certain cases, you also have the right to receive your personal data in a machine-readable format (only when you have provided us with the personal data and the processing of your personal data is based on consent or on a contract).

9. BRIGHTERS DATA PROTECTION OFFICER

Brighter has appointed a Data Protection Officer (“DPO”) who, on an overall level, shall ensure that we comply with the GDPR. If you have any questions about this Privacy Policy or our privacy practices, you can contact our DPO on the details listed below. Please mark the subject line or caption as “DPO” or “Data Protection Officer” in your communication.

Email address: info@brighter.se

Postal address: Brighter AB (publ), Borgarfjordsgatan 18, SE-164 40 Kista, Sweden

Telephone number: +46 (0)8-550 088 20

10. COMPLAINTS

In the event you believe that our processing of your personal data is in violation of the data protection legislation, you are asked to firstly contact our DPO at the contact details in section 9. However, you always have the possibility of submitting complaints to the supervisory authority (the Data Protection Authority in Sweden or your local supervisory authority) where you believe that Brighter is processing your personal data in violation of data protection legislation.

Menu