Privacy Policy

OUR PROCESSING OF YOUR PERSONAL DATA

GO NORTH GROUP AB

It is important to us, Go North Group AB, company registration number 559252-2188, to protect all personal data that we process. Most of the personal data processed by us, we receive through our website, http://www.gonorth.co (the “Website”).

This Privacy Policy includes information on how we process your personal data, and it applies in relation to all processing activities that we conduct in the capacity of data controller. Of course, we only process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (the ”GDPR”) and other applicable laws.

1. INTRODUCTION AND IMPORTANT TERMS

For this Privacy Policy to become easier to read, some of the terms used herein are described below:

The term ”personal data” (or sometimes just ”data” or ”information”) refers to any and all information about you or someone else (i.e., to any identifiable, natural person), even if linking the information to you or someone else would require some effort. This could for instance be information about your phone number or your workplace.

The term ”processing” refers to any action taken, such as use or collection, in relation to personal data. The processing can either be automatic or manual.

The term ”data controller” refers to the person who is responsible for certain processing of personal data, and therefore determines the purpose and means of the processing. We, Go North Group AB, are the data controller in relation to the processing of personal data which we conduct on our own behalf, and such processing is covered by this Privacy Policy. You find our contact details further down in this policy.

The term ”you”, when used herein, refers to a person whose personal data we process in the capacity of data controller. Depending on your relationship with us or actions taken by you, i.e., which type of data subject you are (see the left column below in Section PROCESSING OF PERSONAL DATA), the information in Section PROCESSING OF PERSONAL DATA below may be applicable to you. The different kind of data subjects whose personal data we process in accordance with this Privacy Policy are the following:

  • Persons representing e-merchants that we acquire or evaluate an acquisition of

  • Website visitors

  • Persons who apply for a job or internship with us or who are otherwise subject to a recruitment process of ours

  • Persons representing (or who are themselves) a supplier, partner, or another person within our network

  • Any other persons who contact us for other purposes than as set forth above

2. PROCESSING OF PERSONAL DATA

Below you will find information on how, for how long, and based on what legal ground we process your personal data as well as what kind of personal data we process.

To the extent it is stated that the processing is based on our “legitimate interest”, we have carefully made an assessment of our need to process personal data and your interest of that no such processing takes place considering your integrity, and thereupon come to the conclusion that our interest of the processing prevails.

3. STORAGE PERIOD

We process personal data only for as long as it is necessary to fulfil the purpose of the processing. When we no longer need certain personal data for the processing stated above, we delete it. Depending on the legal ground for the processing, the period during which we process the personal data may be governed by an agreement, be subject to a valid consent, be specified in legislation or be a result of our own assessment based on our legitimate interest or the legitimate interests of others. We review our need to process personal data regularly.

4. SECURITY

We have taken technical and organizational measures to ensure that your personal data is protected in the best possible way (such as introducing passwords, two-step verification, secure networks, instructions, when choosing our systems etc.). We ensure that your personal data is not disclosed other than when necessary (which varies depending on the type of personal data and the purpose of the processing) and otherwise ensure that it is protected from loss and unauthorized access.

5. DISCLOSURE

The personal data that we process is available to persons within our organisation who need it in order to carry out their work duties only (which varies depending on the type of personal data and the purpose of the processing) who are employees or consultants. We also share personal data with our subcontractors and, where applicable, to potential investors and purchasers according to Section PROCESSING OF PERSONAL DATA above, to the extent necessary for us to be able to achieve the purpose of the personal data processing. We might also share personal data with authorities to the extent we are required to do so.

We never share more information than necessary given the purpose of the sharing. We choose our subcontractors with great care and enter into data processing agreements with all of them, meaning that they may only process personal data in accordance with applicable law and our instructions. We use or may use, as from time to time, subcontractors/third-party tools for the following purposes:

  • IT system support and security

  • Electronic contract signing and contract management

  • Cloud storage

  • Payment and financial support

  • Email

  • Analytics

We strive for your personal data to be processed within the EU/EEA. However, some of our subcontractors are domiciled outside the EU/EEA, and therefore personal data may sometimes be transferred and processed outside the EU/EEA where other rules on personal data processing apply. However, we will always take all necessary measures to ensure that your personal data is processed with appropriate safeguards in accordance with the GDPR and other applicable laws (such as standard contractual clauses).

6. YOUR RIGHTS

Due to our processing of your personal data, you have the following rights:

  • You have the right to

    a. access the personal data which concerns you and which is processed by us, and

    b. should it or parts of it be inaccurate and/or incomplete, have it rectified or completed.

  • You have the right to demand

    a. that we erase the personal data which concerns you and which is processed by us,

    b. that we restrict our processing of your personal data, and/or

    c. that we completely discontinue our processing of your personal data.

  • You have the right to exercise your right to data portability (i.e., the right to receive the personal data concerning you in a structured, commonly used, and machine-readable format which may be transmitted to another controller).

  • Should our processing of your personal data be based on your consent, you have the right to withdraw such consent (in relation to future processing).

If you wish to exercise one or several of your rights, you are welcome to contact us via the contact details provided in Section Contact and questions below. If you exercise your rights as described above, we may not be able to cooperate or have continued contact with you (or the company that you represent), provide our services to you (or the company that you represent), include you in a recruitment process etc.

Please note that you in some cases do not have all the rights listed above. This applies, for example, if we have to process your personal data i) for the purpose which it was collected, ii) according to our conclusion after having carefully weighed interests, or iii) otherwise according to EU law or the national law of an EU country. The rights set forth above are not absolute, and you only have the right to exercise them to the extent it would be in accordance with the GDPR and other applicable law, and where we otherwise have the legal/contractual right to comply with them (for instance by disclosing information to you). Further, please note that the rights set forth above apply subject to the duty of confidentiality which we might have in relation to third parties. Such duty of confidentiality may imply that we cannot disclose certain data that we have received.

Further, you have the right to make complaints about how we process your personal data if you believe that this is not done in accordance with applicable laws. You may do this by contacting the Swedish Authority for Privacy Protection (Swedish: Integritetsskyddsmyndigheten), for instance by using the email address imy@imy.se. Other contact information for the Authority for Privacy Protection can be found here: https://www.imy.se/kontakta-oss/.

7. CONTACT AND QUESTIONS

If you have any questions about our personal data processing or want to exercise your rights as set out above, you are welcome to contact us. The easiest way to reach us is to send an email to privacy@gonorth.co. Also, you are always welcome to send us a letter. Our address is:

Go North Group AB
Norra Allégatan 5
413 01 Göteborg, Sweden

8. PRIVACY POLICY UPDATES

We may make changes to this Privacy Policy. The latest version of it is always available upon request. Before any material amendments to this Privacy Policy enter into force, we will inform you about them (for instance through a notice on the Website or an email) before continuing the processing of your personal data.