FLARIE PRIVACY POLICY (2021:1)


1. GENERAL

1.1 Privacy and data protection is important to us at Flarie AB, reg. no 556856-2747 (“Flarie”, “we”, “us” or “our”). This privacy policy (“Privacy Policy”) aims to inform you about our processing of your personal data, and what rights you have as a data subject. Flarie’s processing of personal data is carried out in accordance with applicable legislation, including the general data protection regulation (“GDPR”).

1.2 This Privacy Policy applies to the personal data we may process in connection with (i) the use of any of our services, including for example, but not limited to, our webpage www.flarie.com, our game manager tool “Flarie Studio studio.flarie.com and our mobile software application “Flarie” (the “Services”, “Platform” or “App”), (ii) customer engagements, (iii) business contacts, and (iv) recruitments.

1.3 In connection with your use of our Services and/or registering for a personal user account on our Platform or in our App, we will collect and process your personal data as a controller in accordance with this Privacy Policy. However, content in our Services is either made available directly by us or by a third-party associated with us (“Flarie Partner”). When accessing content made available by a Flarie Partner, a separate privacy policy provided by such Flarie Partner may apply in addition to this Privacy Policy if such Flarie Partner, in connection with you accessing such content, will process your personal data as a controller for a separate individual purpose. In such event, prior to accessing such content by a Flarie Partner in our Services, you will in each event be separately informed thereof and get the opportunity to review and accept the relevant Flarie Partner’s processing of your personal data.

1.4 Set forth below is a description of how we process your personal data and the table in Appendix A sets out the details hereof. If you wish to receive additional information on the processing of your personal data, you are welcome to contact us at: contact@flarie.com.


2. PERSONAL DATA WE PROCESS

2.1 Personal data refers to information which, directly or indirectly, may be associated with a living natural person. We process the following types of personal data (i) name, (ii) personal identity number, (iii) address, (iv) e-mail address, (v) phone number, (vi) IP-address, (vii) payment details, (viii) job title, (ix) correspondence and feedback, (x) user related data, (xi) gender, (xii) age, (xiii) device information (xiv) location information, (xv) necessary details of our employees, etc.

2.2 We will not specifically ask you to provide us with special categories of personal data, unless we in connection with a recruitment or employment procedure have a legal obligation or legitimate interest to do so. However, when using our Services, you can choose to provide us with any category of personal data. Processing of personal data considered as special categories of personal data, is subject to special security measures, according to GDPR. Special categories of personal data are for example, but not limited to, racial or ethnic origins, sexual orientation, political opinions, religious beliefs etc. By submitting any special category of personal data in the Services, you thereby give us your consent to process such special categories of personal data.

2.3 We process personal data about persons who:

2.3.1 are customers of Flarie, are Flarie Partners or otherwise enter a business or legal relationship with Flarie;

2.3.2 are representatives and/or employees of customers, Flarie Partners or other business partners of Flarie, or such aforementioned potential parties;

2.3.3 are employees of Flarie or applies for a job at Flarie;

2.3.4 use our Services or are otherwise affected by our Services; and/or

2.3.5 receive our newsletters, other communication and/or attend our events.

2.4 The personal data that Flarie processes is either provided (i) directly by you in connection with your use of our Services, (ii) indirectly by you via your Facebook or Google account (subject to your selection), (iii) automatically through your use of our Services, (vi) by the company which you represent, and which uses our Services. We may also collect personal data from private and public registers, publicly accessible sources as well as from public authorities, if necessary.

2.5 You are responsible for any personal data obtained, published or shared with us (whether via the App, Platform or otherwise), including such personal data which you have obtained from a third party. You shall also be able to confirm that you have such third party’s’ consent to provide such personal data to us.

2.6 Depending on the device you use when accessing our Services via our App, the App may request certain permissions that allows the application to access your personal data on your device. Permissions must always be granted by you before such information is accessed and processed by the App and includes, but is not limited to, camera permission, precise location permission (continuous) and reminders permission. In order to revoke these permissions, we refer you to your devices’ settings. Note that revoking of such permissions might impact the proper functioning of the App and the Service.


3. PURPOSE

3.1 We process personal data for the purposes of:

3.1.1 administrating and performing our Services;

3.1.2 administrating and performing our obligations in accordance with agreements with our customers, Flarie Partners and other business partners;

3.1.3 communicating with you in order to administrating and performing our Services and our business;

3.1.4 recruiting staff, including administering and performing agreements with employees;

3.1.5 sending newsletters, information, offers and marketing of our Services;

3.1.6 fulfilling our legal obligations, strive to prevent crime, investigate whether a crime has been committed towards us, and safeguarding our interests in a dispute;

3.1.7 evaluating and improving our Services, business and systems (including analysing web traffic and keeping track of user behaviour etc.);

3.1.8 establishing and managing customer and partner relationships; and/or

3.1.9 administrating and performing merger, acquisition, reorganization, reconstruction, asset transfer (including our customer database), or similar processes where we (and/or our customer database) are the target.


4. LEGAL BASIS

4.1 We process personal data in accordance with this Privacy Policy (i) in order to fulfil our obligations in accordance with an agreement with you (or with the company which you represent), (ii) in order to fulfil legal obligations pursuant to applicable legislation, (iii) if we have a legitimate interest to process the personal data, and/or (iv) if we have your consent to process your personal data.

4.2 If we process your personal data for any specific purpose which requires your consent under the GDPR, or any other data protection legislation, we will obtain your consent in advance.

4.3 If we process personal data for any specific purpose upon which we have a legitimate interest, we always prior thereto and in each individual case conduct an assessment of interests in order to for example evaluate whether our legitimate interest is overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data in accordance with GDPR. We only process personal data based on our legitimate interest if we make the assessment that our legitimate interest is not overridden by the interests and rights of the relevant data subject.


5. SECURITY MEASURES; EXTERNAL PARTNERS ETC

5.1 Personal data will always be processed confidentially and protected by appropriate security measures. Flarie ensures that companies that process and/or manage personal data on our behalf, use a high level of security measures in order to protect your personal data. However please note that, in relation to any personal data you submit to us online, we cannot guarantee the security of data sent to us in this way. Transmission of data over the internet is at your own risk. You are responsible for keeping any passwords you use to access our platforms safe.

5.2 We may disclose your personal data to external parties with whom we collaborate in order to perform our Service and/or conduct our business e.g., (i) payment service providers, (ii) e-mail service providers, (iii) analyse system providers (iv) marketing agencies and marketing service providers, (v) database- and website service providers (vi) partners associated with us (including Flarie Partners) etc. We may also disclose your personal data when we have a legal obligation to do so, e.g., due to anti-money laundering legislation, tax legislation, court orders or requests from government authorities.

5.3 We transfer and store personal data in countries outside the EU/EEA in order to perform our Services and/or conduct our business. Such transfer could occur for example if (i) we use a personal data processor established outside the EU/EES area, (ii) data is stored on a cloud service or a server based outside the EU/EES area, etc. When Flarie transfers personal data to such countries, we will take reasonable legal, technical and organizational measures to strive to ensure that your personal data is adequately protected, at the same level as it would have been within EU/EES, through the use of relevant safeguards. However, even if we take such security measures as described herein, you acknowledge and agree that transfers and storing of personal data outside the EU/EES area entail a risk that such personal data might not be protected at the same level as it would have been within EU/EES. For the avoidance of doubt, such transfer as referred to herein will only include the type of personal data relevant for the purpose of the processing.

5.4 Subject to Section 5.3 above, in order to perform the Service, Flarie transfers personal data to the following countries outside the EU/EES (based on the referred to transfer tool herein containing appropriate safeguards, in accordance with article 46 of the GDPR):

5.4.1 United States – the country is not subject to an adequacy decision by the European Commission, we therefore rely on standard contractual clauses (SCCs) as the transfer tool for transfers that are regular and repetitive, and furthermore take the additional steps as listed in Section 5.5 below.

5.5 If a transfer of personal data to any of the above third countries can neither be legally based on an adequacy decision nor any of the derogations in article 49 of the GDPR, we always take the following additional steps prior to such transfer:

5.5.1 make an assessment whether the transfer tool we rely on is effective in practice (in light of the law in the relevant third country);

5.5.2 adopt supplementary security measures such as technical, organizational and contractual;

5.5.3 conduct any identified procedural steps (if applicable); and

5.5.4 continuously monitor developments in the relevant third country and re-evaluate the initial assessment and decisions for the transfer to the relevant country accordingly.


6. STORAGE AND DELETION OF PERSONAL DATA

6.1 Personal data will only be stored for a limited period of time and no longer than necessary in order for us to fulfil the purposes of the processing, or for as long as we are required to store the information according to applicable legislation and relevant guidelines. This will depend on a number of factors, including for example (i) the laws and regulations that we are required to follow, (ii) whether we are in a legal or other type of dispute with each other or a third party, (iii) the type of information that we hold about you, (vi) whether we are asked by you or a regulatory authority to keep your personal data for a valid reason. If processing of your personal data is no longer necessary, it will be erased in accordance with our erasure procedure.

6.2 If Flarie is subject to liquidation or bankruptcy or if Flarie’s customer database is transferred to a third party conducting similar activities as Flarie, Flarie shall thereafter erase your personal data, provided however that Flarie is not required to store the information according to applicable legislation and relevant guidelines. If Flarie is subject to a merger, acquisition, reorganization or similar process, Flarie will continue the processing of your personal data pursuant to this Privacy Policy unless otherwise is specifically announced to you in connection with such process.

6.3 You may unsubscribe from our newsletters or similar communication at any time. In such event we will no longer store or process your personal data for such purposes.


7. YOUR RIGHTS AS A DATA SUBJECT

7.1 Flarie is the controller for the processing of your personal data in accordance with this Privacy Policy, and as a data subject you have certain rights as regards your personal data. The rights are however not absolute, meaning that there are exceptions to some of the rights where we cannot proceed and fulfill your request.

7.2 As a data subject, you have the following rights:

7.2.1 Right to withdraw your consent – meaning that you have the right to withdraw your consent where Flarie process your personal data based on consent;

7.2.2 Right to access – meaning that you have the right to request a confirmation of our processing of your personal data, to receive information about the processing, access the personal data in question, and the right to obtain a copy of your personal data;

7.2.3 Right to rectification – meaning that you have the right to have any incorrect personal data about you as a data subject corrected by us;

7.2.4 Right to erasure – meaning that you have the right to have your personal data erased under certain circumstances. This right is limited, and we may be obligated to save your personal data in accordance with applicable law;

7.2.5 Right to object – meaning that you have the right to object to Flarie’s processing of your personal data under certain circumstances (for example you may object to processing of your personal data if we base such processing on our legitimate interest and (ii) you have the right at any time to object to Flarie’s processing of your personal data for direct marketing purposes etc.);

7.2.6 Right to restricted processing – meaning that you have the right to have Flarie restrict the processing of your personal data, but not delete it; and

7.2.7 Right to data portability – meaning that you may request Flarie to transfer your personal data to another data controller.

7.3 If you feel that our processing of your personal data does not comply with GDPR, and applicable data protection legislation, you are entitled to lodge a complaint with the Swedish Authority for Privacy Protection (Sw. Integritetsskyddsmyndigheten).
Any requests by you as a data subject under this Privacy Policy shall be sent to us at: contact@flarie.com. Requests will be handled as soon as possible, but no later than within one (1) month from the date which Flarie received the request.


8. CHILDREN

Our Services are directed to users being eighteen (18) years or older. However, children being thirteen (13) years and older may receive access to our Service provided that they have their legal guardian(s) consent to access our Services. We do not and will not knowingly collect information from any unsupervised person under the age of thirteen (13). In the event that the conditions in this Section 8 are not fulfilled or if you do not accept this Privacy Policy, you may not use the Service. If you are a legal guardian and learns that your child has submitted personal data to Flarie without your consent, we ask that you contact us on the address stated in Section 7.4 above so that you can exercise your rights to, inter alia, rectification or erasure.


9. LINKS TO THIRD PARTY SITES

Our Platform and App may contain links to third party sites. If you click on a third party link, you will be directed to that site. Note that these external sites are not operated by Flarie and, therefore, we strongly advise you to review the privacy policy of these websites. We have no control over, and assume no responsibility for the content, privacy policies, or practices of any third party sites or services.


10. ADS AND SPONSORED CONTENT

Flarie uses the content that you submit in our Services, including your personal data, in order to select and personalize the content and ads that we show you in our Services. However, in order to protect your privacy and personal data in accordance with this Privacy Policy, we will always use anonymized data when we are in contact with marketing agencies and similar third parties.


11. COOKIES

Flarie and our partners may use cookies and similar technologies on the Platform as well as in the App for the purpose of providing and updating its Service and to improve the user experience. For information on how Flarie uses cookies and similar technologies, we refer to our Cookie Policy. The latest version of the Cookie Policy will always be available on the Platform as well as in the App and we advise you to review the Cookie Policy periodically for any changes.Flarie and our partners may use cookies and similar technologies on the Platform as well as in the App for the purpose of providing and updating its Service and to improve the user experience. For information on how Flarie uses cookies and similar technologies, we refer to our Cookie Policy. The latest version of the Cookie Policy will always be available on the Platform as well as in the App and we advise you to review the Cookie Policy periodically for any changes.


12. AMENDMENTS AND ADDITIONS

Flarie has the right to amend this Privacy Policy from time to time without giving prior notice to such change. Should any change affect the processing of personal data, which is based on your consent, Flarie shall collect a new consent from you regarding such processing. The latest version will always be available on the Platform as well as in the App and we advise you to review the Privacy Policy periodically for any changes.

PURPOSE TREATMENT CATEGORY OF PERSONAL DATA LEGAL BASIS
Administrating and performing our Services. • Establishing you as a user of our Services
• Providing you with a personal user account in our Services
• Giving you access to the content and features in our Services
• Communicating with you and administering your requests in the Services etc.
• Customize content and ads in the Service
• Other treatments related to any of the above items
• name
• personal identity number and age
• contact details (e.g., address, e-mail address, phone number)
• profile picture
• Facebook profile (upon your selection)
• gender
• password
• IP-address
• correspondence
• user related data (including data that you post or upload in the Services)
• location information (if activated by you in the App)
• device information (including for example advertising ID from iOS and Android, mobile connection, operation system, etc.)
Consent – when you use our Service and/or create a personal user account on our Platform or in our App, you give your consent to us to process your personal data in accordance with our Privacy Policy.
Administrating and performing our obligations in accordance with agreements with customers, Flarie Partners and other business partners. • Entering into / preparing customer agreements with you / your organization
• Entering into / preparing partner agreements with you / your organization
• Establishing you / your organization as a client in our systems
• Administering payment of fees from you / your organization
• Administering claims with respect to our Services or business
• name
• personal identity number
• contact details (e.g., address, e-mail address, phone number)
• job title
• payment details
• purchase and transaction details
• correspondence
• IP-address
Fulfilment of an agreement – necessary in order to fulfil our obligations pursuant to an agreement with you / your organization.
Communicating with you in order to administrating and performing our Services and our business. • Responding to your / your organization’s queries regarding our Services or our business
• Identifying you / your organization
• Resolving any complaints or disputes with you / your organization
• name
• personal identity number
• contact details (e.g., address, e-mail address, phone number)
• job title
• payment details
• purchase and transaction details
• correspondence
• IP-address
Legitimate interest – necessary in order to fulfil our and your interest of administering customer service queries and being able to resolve any complaints or disputes with you / your organization.
Recruiting staff, including administrating and performing agreements with employees. • Carrying out recruitment processes and recruiting staff
• Verify identity and background
• Establishing relations with staff and communicating with candidates applying for jobs with us
• Carrying out employment administration (e.g., salary payments, benefits, pensions and insurance, training, etc.
• Complying with legal obligations in relation to employer liability (e.g., bookkeeping, reporting to tax authorities and supervisory authorities, sick leave and rehabilitation administration, demonstrating compliance with laws and regulations for example by keeping insider registers etc.)
• Other treatments related to any of the above items
• name
• personal identity number
• contact details (e.g., address, e-mail address, phone number)
• job title and other information regarding the employment
• work experience, education and other information provided to us (in for example CV, personal letters and during interviews)
• information on payment of salary (bank, bank account number etc.)
• communication
• health information (regarding absence disabilities, rehabilitation, absence due to sickness, information on personal injuries, allergies etc.)
• correspondence
• IP-address
Fulfilment of an agreement – necessary in order administrate and perform obligations pursuant to an employment agreement.

Fulfilling a legal obligation – necessary pursuant to applicable employment law (health information and other special categories of personal data, if any, is only processed to the extent necessary to fulfil our obligations and rights in the area of employment law).

Legitimate interest – necessary in order to carry out our interest of for example to train or educate our employees.
Sending newsletters, information, offers and marketing of our Services. • Sending newsletters to you / your organization
• Provide you / your organization with offers relating to our products, Services, systems etc.
• Provide you / your organization with information relating to our Services, products, systems etc.
• name
• contact details (e.g., address, e-mail address, phone number)
• job title
Legitimate interest – necessary in order to carry out our interest to market our Services, provide you with information offers etc. (which you at any time may object to).

Consent – we will obtain your consent to provide you with newsletters, offers etc. if required by us pursuant to applicable marketing legislation.
Fulfilling our legal obligations, strive to prevent crime, investigate whether a crime has been committed towards us, and safeguarding our interests in a dispute. • Complying with our obligations according to applicable laws and regulations, court and/or official decisions (e.g., Tax Act, Accounting Act, Money Laundering and Terrorist Financing (Prevention) Act, etc.)
• Prevent or investigate fraud and other illegal activities
• Prevent unauthorized use of the Services, phishing, spam, other activities not allowed according to our terms of use for the Service
• Improvements of our IT-environment in order to prevent frauds and attacks
• name
• personal identity number
• contact details (e.g., address, e-mail address, phone number)
• IP-address
• user related data
• payment details
• purchase and transaction details
• correspondence
• details of defects, claims, etc.
• necessary details of employment / the employee (if an employee of Flarie)
Fulfilling a legal obligation – necessary pursuant to applicable law. If the relevant personal data is not submitted to us, we cannot fulfil our legal obligations.

Legitimate interest (if the above is not applicable) – necessary in order to prevent abuse or misuse of our Service, prevent and investigate crimes towards us and safeguard our interests in the event of a dispute.
Evaluating and improving our Services, business and systems (including analysing web traffic and keeping track of user behaviour). • Adapting our Services and systems in order to make them more customer friendly and improve the user experience
• reparing data and reports for the purpose of improving our Services, assortment, policies, operations, etc.
• Give our customers the opportunity to influence our Services, systems, assortment, etc.
• name
• contact details (e.g., address, e-mail address, phone number)
• correspondence and feedback
• IP-address
• user related data
Legitimate interest – necessary in order to fulfil our interest of evaluating and improving our Services, business, systems, assortment, etc.
Establishing and managing customer and partner relationships. • Establishing relationships with you / your organization
• Identifying you / your organization
• Managing relationships and negotiating preparing and entering into agreements with you / your organization
• name
• personal identity number
• contact details (e.g., address, e-mail address, phone number)
• payment details
• correspondence
• IP-address
Legitimate interest – necessary in order to establish a relationship with you / your organization.

Fulfilment of an agreement – necessary in order to negotiate and prepare agreements with you / your organization.
Administrating and performing merger, acquisition, reorganization, reconstruction, asset transfer (including our customer database) or similar processes where we and/or our customer data base is the target. • Carrying out a merger, acquisition, reorganization, asset transfer (including our customer database)
• Fulfilling an agreement with a counterparty (providing similar activities as Flarie) in such process
• Ensuring the counterparty in such process continues the processing of your personal for the same purposes and in the same way as described in this Privacy Policy (unless otherwise is announced to you)
• name
• job title
• personal identity number
• contact details (e.g., address, e-mail address, phone number)
• IP-address
• payment details
• purchase and transaction details
• correspondence
• necessary details of employment / the employee (if an employee of Flarie)
Legitimate interest – our interest to facilitate an acquisition or reorganization process, provided however that we prior thereto have assessed that our interest to do so is overridden by your legitimate interests and rights under the Flarie. However, such transfer of your personal data requires the overtaking party is conducting similar activities as Flarie.