Valid from 2021-02-22
How SHARK handles personal data
Shark Communication AB (“SHARK”) cherish your right to protection of personal integrity and awareness of privacy, and integrity are important elements of our business. When we develop SHARK’s services, these are preceded by technical, physical, and organizational measures to ensure both the integrity and accessibility of personal data and other information we handle. As personal data controller, SHARK is constantly working to ensure that our services and internal processes meet the requirements set for the processing of personal data.
This policy describes the categories of personal data that SHARK processes and the reasons behind this processing. Furthermore, information is also given about where we collect personal data, who we share the information with and for how long we store the collected data. We also describe how you can access your personal data, make comments about the treatment of personal data or how to contact us with questions related to our personal data processing.
Personal data processed within SHARK
We have divided personal data into different categories. The personal data we handle relates to the following categories with examples given in brackets:
- Basic personal data (social security number, name, contact details and identification number),
- Agreements (all types of information related to agreements concerning to SHARK’s services, such as account numbers and proxies),
- Information needed for SHARK to be able to, for instance, handle and administer issues related to market abuse in the securities market (such as information about your name, professional role, and title in an insider list), and,
- Communication (both physical and electronic communication).
Purpose and legal basis for processing
Your personal data is primarily used to fulfil agreements that SHARK has or is about to enter into and to enable SHARK to fulfil the legal obligations that are imposed on us. Below is a description of the purposes that SHARK has for processing personal data, what the intent is for the purpose and legal basis for each purpose.
Fulfilling of agreement
SHARK collects, processes and stores personal data in order to prepare, provide and administer SHARK’s services to you – electronically, at the office or by telephone.
SHARK is obliged to comply with securities law and other applicable legislation for our operations, as well as regulatory regulations applicable at all times. In the context of this, we handle your personal data in order to, for example:
- Perform anti-money laundering controls,
- Perform client approvals,
- Establish contractual obligations,
- Establish and maintain insider lists, as well as
- Notify competent authorities, such as the Swedish Tax Agency.
SHARK offers communications services with the goal of creating long and good relationships with our customers. Therefore, wehandle your personal data for the following purposes:
- Conduct marketing activities where we identify and suggest services that may be relevant to you. However, you always have the opportunity to unsubscribe from news releases and offers.
Where we collect your personal data
We collect your personal data directly from you, for example when registering as a client with SHARK, or when using services by SHARK. We also obtain information from public and other registers, such as Bisnode and the Swedish Companies Registration Office.
Who we share your personal data with
By law, SHARK may not disclose information about you unless there is clear support in connection with the fulfilment of the terms of an agreement with you or for a legal purpose that requires or permits it, such as reporting to authorities.
In order to fulfil the terms of our customer agreements and other commitments, we may share information about you internally within SHARK and sometimes even with external companies that provide contracted services to SHARK and our customers. This may include, for example, financial infrastructure partners, suppliers, actors acting on behalf of clients or other parties in the customer agreement.
Situations in which we may share your personal data outside the organization are:
- To approved credit reporting agencies for credit reporting in connection with entering an agreement with us,
- To various external actors to fulfil our contractual obligations, as well as
- To various authorities with the purpose of complying with laws and other regulations concerning, for example, taxes and money laundering or terrorist financing.
Transfer to third countries
Processing of personal data takes place within the EU/EEA and no transfer of data is carried out outside the said area. In rare cases, however, personal data may be transferred to and processed in countries outside the EU/EEA (so-called third countries). Before such transfer takes place, SHARK ensures that the transfer is only carried out provided that appropriate safeguards have been taken and undertaken in accordance with the GDPR and standard contractual clauses approved by the European Commission.
Time of storage
We only storage your personal data for as long as we need to be able to provide the services you have with us. We also store personal data in order to fulfil our legal obligations (e.g., securities law and accounting law obligations) and decisions by authorities.
If you terminate any services with SHARK, we need, due to obligations arising from law, to save some of your personal data that is linked to the relevant service for a period of time. For example, we need to keep certain personal data for seven (7) years to be able to report to the Swedish Tax Agency.
You have several rights regarding your personal data that SHARK handles:
- You have the right to access the personal data we process about you. The information is provided in the form of a copy (through a register extract). Requests for registry extracts are usually free of charge.
- If the information we have about you is incorrect or incomplete, you can request that we correct or supplement it.
- You have, under certain conditions, the right to request that the processing of your personal data be restricted for certain specified purposes.
- You have the right to object to a processing of your personal data that takes place on the basis of a balance of interests.
- You have, under certain conditions, the right to be deleted (“to be forgotten”), i.e., to have the personal data we hold about you permanently deleted. However, in certain situations we have the right to refuse erasure, e.g., if we are required by law to save the data.
- If you do not wish to receive direct marketing from SHARK, you can contact us at any time.
- You have the right to data portability, which means that, under certain conditions, you have the right to have your personal data transferred in a structured, commonly used and machine-readable format to another personal data controller.
You are normally entitled to exercise the above rights free of charge. SHARK will respond to the request without undue delay and usually within one (1) month after receiving the request. However, if the request is unreasonable or unfounded, SHARK has the right to charge a reasonable fee or choose not to comply with your request. In addition, SHARK may request additional information to verify your identity.
We may make changes to this policy and the latest version of the policy is always available on our website.
If you have any questions or comments regarding how we process your personal data, you are welcome to contact SHARK Communication via firstname.lastname@example.org or to the following postal address:
Shark Communication AB
211 19 Malmö
You can also contact The Swedish Data Protection Authority (Integritetsskyddsmyndigheten) with any complaints regarding the processing of your personal data.