Privacy Policy

Updated: 2019-09-08

We at Brain (Digital Brain Nordic AB) are committed to protecting your privacy. This Privacy Policy applies to both our websites, our services and our online applications owned and controlled by Brain. 

We are members of IAB Sweden, IAB is an interest organization that works with online marketing in Sweden. They are a network of highly qualified people who focus on creating transparency and spreading knowledge in the industry. Read more here: www.iabsverige.se 

This Privacy Policy applies to how we handle data, both in terms of how we process and use data. It also describes your choices regarding the use, access and correction of your personal data. If you do not accept the use described in this Privacy Policy, you should not use our websites, services or applications.

We update this policy regularly. These updates can be found here. Although we try to keep you updated on any changes to this policy, we encourage you to stay up to date by reading through this policy from time to time. You can always find the latest version here.

If you have any questions for us about this Privacy Policy or about how we handle and maintain your personal data, please feel free to contact us. Send us an email at: [email protected] or send a letter to: Digital Brain Nordic AB, Kungsportsavenyen 21, 41136 Gothenburg, Attn: DPO. 

1. Brain's or our customers' use of the Service

a) Subscription services

Our service allows for the company that use it (our customers or ourselves) to analyze consumers based on geographical information, cookie information and browser information. 

The service also allows companies to target marketing, commercial content or editorial content to their customers in own and operated channels (owned domains, news letters, mobile messages, direct marketing, etc.) or in bought channels (digital marketing, printed marketing, searches, social media, etc.).

We provide this service to our customers so that they can better understand their customers, their needs and wishes, increase sales and find new customers based on insights about their existing customers. We use the services in a similar fashion to meet our business needs.

b) Use by Brain

We use the services in order to create audiences that can be used for targeting content Online. We also use our services to create consumer analytics for our customers. The information we create and use for marketing purposes belong to us and is used in the fashion described in this privacy policy. 

c) Use by our Customers

Our customers use our services to create consumer analytics, analyze site traffic and target different types of commercial content. Brain does not control what information our customers choose to send into our services or how the results of our services is used by our customers. This information belongs to our customers and is used, shared and protected in accordance with their privacy polices, and that usage is outside of this privacy policy.

We process our customers information in accordance with their instructions to us and in accordance with the service agreement that we have with them. We store the information on our service providers servers, but we do not control our customers data collection or management. Our agreements with our customers prevents us from using this information for other purposes than delivering our services, in accordance with this privacy policy or in accordance with what is required by law. We continuously work with data minimization, to only hold the information necessary to deliver our services. We only hold personally identifiable information (PII) in the case where it is required to deliver our services to our customer, or if our customers expressly ask us to store information in clear text. In all other cases we work with different layers of pseudonymization (one way encryption of information) and anonymization (information that can not be linked to an individual).

We do not have any direct relation to the individuals that provide their PII to our customers. We do however recognize your right to have access to your personal information. Our customers control the information and thereby it is they who are responsible for correcting, deleting or updating information that they have gathered, analyzed or processed, through our services. If we are requested to delete data we will respond in a timely fashion and in accordance with current legal requirements. It may happen that we cooperate with our customers to inform their clients about data processing, collection and use. Our agreements with our customers prevents them from using the service to collect, store or process sensitive information. We are not responsible for our customers use of the information created by or throgh the services we provide. If you wish to check, give or withdraw consent for data processing we ask you to contact the customer that the processing concerns. In some cases we might transfer information to companies that help us deliver our services. Transfer to third parties is covered by the service agreements we have with our customers.

d) “Sensitive information”

This is information such as: payment information, personal bank information, address information, personal identification numbers, drivers license numbers, passport numbers or other information that identifies an individual, as well as ethnical information, health records, religious views, employment records, finance or health information.

2. Information we collect

a) When you visit a website

You may visit a website that use our services without providing any personal information about yourself. We may request information about you when you visit a domain or register for a service, this information about you, in combination with browser data, app-data or geographical information may be collected and processed in that case. 

Through our services to our customers we will collect various data such as but not limited to: browser data and settings (language, browser version, browser type, header referrer, page data), device information (pixel ratio, mobile detection), browser plugins (blocked 3rd party cookies, user agent, version, local storage), performance information (load time, collect time, pixel load time, domain lookup time, connect time) as well as other custom data points on the request of our customers.

b) ”Personal Identifiable Information – PII”

This is information that you voluntarily give up to us or one of our customers that identifies you as an individual, including contact information, such as your name, e-mail, company, company address, home address, phone number or other information about you or the company you work for.

PII may also be information about transactions, both free or paid, that you activate through a domain or a service, and information that can be available about you through services such as Facebook, Linkedin, Twitter or Google, or public information about you that can be obtained through 3rd party suppliers. 

PII can also be geographical information and payment information that can identify you as an individual. Geographical information is information that can be linked to your computer and your visits to domains or services, such as your IP-address, geographical position, browser type, URL, time stamps and pages that have been visited. Payment information can include information about payment method, credit card numbers and purchase information. Besides this we do not collect, store or process any information about you.

c) Log files

When you use domains or services that have our systems integrated we automatically collect information about your computers hardware and software. This information may include IP-address, browser type, domain name, ISP, what files you have seen on the domain (HTML-pages, images, etc.), operation system, click-stream data, time stamps and referring web pages. This information is used by Brain to supply our service, to maintain the quality of service, and deliver statistics for the use of our or our customers web sites and domains. For these purposes we automatically link to PII information, if you or our customers have provided such.

d) Information we collect through 3rd party

We may collect information about you from 3rd party sources, including partners that we provide services with or do marketing efforts with, and through public sources of data such as social media websites.

e) Information about underaged

Our website and services is not designed for children under the age of 18, and we do not knowingly collect data about person we know are under 18. If you think we might have collected data about a minor please contact us: [email protected]

3. How do we use the information we collect

a) Application of our Privacy Policy

We only use the information we collect in accordance with the privacy policy. Customers that use our services are by our terms of service obligated to also abide by this privacy policy.

We do not sell your personal information 

We never sell personal information (PII) to third parties. 

Use of Personal Information

Besides usage that is specified in other parts of this privacy policy, we may use your personal information to: 

  • Improve your experience of online through personalization of websites and applications;

  • Send information to you with content we believe may be relevant for you, by mail, e-mail or by other ways of marketing.

  • Market our services and share marketing and information in accordance with your preferences;

  • Provide other companies with statistical information about you, but only in forms that does not allow for you to be identified as an individual;

  • Send information to you about changes to our terms of service, integrity policy, cookie policy or other legal documents;

  • To meet legal requirements from government authorities, local or national, or other parties authorized to make such demands.

    We may contact you on the behest of 3rd parties, but in that case we will not transfer personal information to that 3rd party.

    We use the information collected for the following purposes:

  • In order to provide the service as a whole and prevent or obstruct security- and tech problems.

  • To respond to yours and others support questions and issues.

  • To fulfill our obligations to you under our service agreement.

b) Legal grounds for processing personal information (visitors and customers within the EU)

If you are a visitor or customer within the European Union economic area, Digital Brain Nordic is Data Controller for the data you directly submit to us as a legal entity. You can contact our Data Protection Officer here: [email protected]

Our legal ground for collecting, processing and use above mentioned personal information depends the personal information and what context we collect it in.

But normally we will only collect and process information when we have your consent to do so, when we need your personal information to fulfill a contractual obligation with you or where the processing is in our legitimate interest and does not violate your personal integrity, your rights concerning personal information, your basic rights and freedoms. In certain cases we may have obligations to collect information about you.

If we ask for personal information according to legal requirements or in order to fulfill a contract with you, we will do so by clearly explaining what information that is mandatory and which is not, as well as the consequences of not giving the information. If we collect and process personal information about you under legitimate interest, or a legitimate interest for third party, we will make this clear to you.

In the cases where we deliver our services to our customers and process personal information on behalf of our customers Brain acts in the capacity of data processor to our customers. And in these cases it is our customers that are data controllers and thereby also responsible for establishing legal ground for the purposes for which they use our services. We always deliver our services to our customers under a data processing agreement. 

c) Use of geographical information

We use geographical information in order to manage and improve our domains and applications, and to improve our services. We may use geographical information alone or in combination with personal information in order to provide a personalized experience of our domains and services.

d) Customer reviews and comments

We may publish customer reviews and comments in our digital channels and marketing materials (website, applications, social media, sales documents, etc.) that may contain personal information. We obtain consent for this prior to publication.

e) Use of payment information

If you share your payment details with us (bank account, credit card number, etc.) we will only use this in order to investigate your financial status and charge you for our services. We allow third party services to manage these payments. This service provider is not allowed to store your information for other purposes than processing your payments on our behalf.

f) Security

We apply a wide variety of security measures and technologies in order to protect your personal information from unauthorized access or processing. We secure the protection by storing the information on servers in protected environments, protected from unauthorized access. All personal information is protected through suitable physical, technical and organizational measurements.

g) Social media and third-party suppliers

Our domains and applications may use applications and social media services that is run on our domains and in our applications. These services and functions may collect your IP-address, what page you visit and may set a cookie in order for the functions to work correctly. These services and functions are managed by a third party and this privacy policy does not apply to these services and functions. Your interactions with these services and functions are done under each providers privacy policy.

h) External sites

We may link to external websites. We do not control or are neither responsible for the content on those websites. Just because we link to them does not mean that we endorse, market or agree on the content of those websites, what their owners communicate or how they work.

i) Storage of personal information

How long we store the information we collect about you depends on the type of information; this is described below. We will erase, anonymize and if that is not possible, store your information securely and block usage of it until it can be erased.

We store your personal information that you have shared with us as long as there is a legitimate interest to do so. As an example we will store your contact information as long as it is necessary in order to communicate with you concerning our services. Or to uphold legal requirements, manage disagreements or uphold our agreements with you.

When there no longer is a business need nor a legitimate interest to store your personal information we will erase, anonymize and if that is not possible, store your information securely and block usage of it until it can be erased. We can erase this information prior to this if you request it.

4. How do we share the information we collect

a) Service providers

We use external service providers that supply our visitors and customers with services. We may need to share information with them in order for them to supply you with their information, products and services.

The following 3rd parties might be involved in providing our services to our customers: Amazon AWS, Sentry, Github, Heroku, InsightOne Nordic.

b) Brain Partners

We may share the data and information with our partners that may contact you based on a request from you. This may be a service or add-on products that you request. We may also share information with partners for the following purposes: analytics, support, data enrichment or marketing. These partners may not share your personal information for other purposes than those specified.

c) Business events

If we, or the assets we control were to be bought by another company, through merger, acquisition, bankruptcy or similar event, that company will acquire access to all information that we gathered through our domains and services. In that case you will be notified of this, through e-mail or a clear notification in our service or on our website. We will then communicate the change of ownership of your personal information we collected and the option you have due to this event.

d) Required sharing of information

We reserve the right to use or disclose your Personal Information if required by law or if we reasonably believe that use or disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or comply with a law, court order, or legal process. 

5. International transfer of information

a) International transfer of information within Brain or our subsidiaries

Our business is today based in Sweden and we store all information within the EU, specifically at Amazon Web Services on Ireland. We allow access to information from countries outside of the EU in order to maintain our business and services for the purposes defined in this privacy policy.

This privacy policy will be in effect no matter if we transfer your information to other countries or not. We enforce suitable security measures in order to protect your personal information. 

6. Cookies and similar techniques

a) Cookies

Brain and our partners use cookies and similar technologies to analyze and administrate our domains and services. We track user behavior through cookies in our domains and through our services to our customers, as well as for the purpose of enriching cookies with information from third parties. If you want to know more about how we use cookies please read more on our Cookie Policy page.

b) Geographical information that is used by our customers and visitors

Our customers may use tools and services that we provide, as well as tools and services from third parties, to collect geographical information when you visit their domains. We do not control how they use this information.

c) Tracking technologies from third parties

There are tracking technologies taht are provided by third parties in order to remember settings, preferences and usage such as Adobe Flash Player, but these do not necessarily use cookies but other techniques instead. These techniques can also be used to track you online.

Tracking of your behavior online by third party is not covered by this privacy policy.

d) Marketing

We are partners with third party ad networks and ad platforms that use cookies and enriched data to target advertising to our customers and visitors or through other websites. This targeting of advertising is based on interests or geographical information, if you do not wish information about you to be used for these purposes you may “opt out” from this i.e. choose for us to not use the cookies we placed in your browser for marketing purposes. Please note that this does not mean that you will not see any ads, it just means that they will not be tailored to you.

e) How can you access and manage your personal information?

You have the following rights in term of your personal information:

  • You may request access to-, correction of- or deletion of- your personal information.

  • You may object to the processing of your personal information, ask us to limit the processing or request access to your personal information.

  • If we have gathered and processed your personal information with your consent you are able to withdraw that consent at any time. If you withdraw consent does not change the legality of any processing done prior to withdrawing consent. It will also not affect any processing that is done with other legal ground than consent.

  • You have the right to question the processing of personal information that we do, in that case you should contact the data protection authorities in the country where you are a resident.

In order to exercise these right please contact us by e-mail: [email protected] or by postal services: Digital Brain Nordic AB, Kungsportsavenyen 21 c/o Convendum, 41136 Göteborg, Sverige, Att: DPO. We will respond to your request in reasonable time and in accordance with at the time relevant legislation.

Contact:

Data Protection Officer

Martin Bergqvist – [email protected]

Digital Brain Nordic AB

Kungsportsaveneyen 21, 41136 Göteborg Sverige