Contact

Privacy Policy – Blick Partners AB

Processing of Personal Data – Information pursuant to the General Data Protection Regulation (EU) 2016/679 This privacy policy describes how Karte & Lind Consulting AB processes personal data in accordance with the EU General Data Protection Regulation (EU) 2016/679 (GDPR). Karte & Lind Consulting AB respects your privacy and strives to maintain a high level of data protection. This policy explains what types of personal data we process, why we process them, how long the data are stored and what rights you have as a data subject.

Controller responsible for the processing of personal data:
Blick Partners AB (Company reg. no. 559563-1978)

Email: info@blickpartners.se

Email: info@blickpartners.se

The company has assessed that we are not required to appoint a Data Protection Officer. Questions regarding our processing of personal data may be directed to us using the contact details above. The company’s Chief Executive Officer is ultimately responsible for ensuring that personal data processing is carried out in accordance with applicable legislation.

  1. What personal data we process and from which sources
    We process personal data that you provide to us, that are generated when you use our services, or that we collect from other sources, for example when you enter into an engagement agreement with us, participate in meetings, communicate with us via email, or in connection with our provision of advisory services.

Examples of personal data that may be processed include:

    1. Information you provide to us:
      - Name, title, employer and professional role 
      - Contact details such as email address and telephone number  
    2. Information generated in the course of our business:
      - Business‑related information connected to identifiable individuals, such as involvement in transactions or incentive programs 
      - Engagement‑ and agreement‑related communication 
      - Technical information such as IP address and user data when visiting our website  
    3. Information collected from other sources:
      In certain cases we may supplement your personal data by obtaining information from other sources. These sources may include:
      1. Public registers, such as the Swedish Companies Registration Office (Bolagsverket), in order to verify authorised signatories or company information
      2. Credit reference agencies in order to verify creditworthiness when entering into agreements
      3. Publicly available sources such as company websites or professional networks 
  1. Purpose of processing

Purpose of processing

Categories of personal data

Legal basis

Enter into, administer and perform engagement agreements with you or the company you represent.

Name, title, employer, contact details, communication, billing information.

Performance of a contract (Article 6.1(b) GDPR). Processing is necessary in order for us to fulfil our obligations under the engagement agreement.

Provide advisory services and carry out assignments.

Name, title, professional role, contact details, business-related information.

Performance of a contract (Article 6.1(b) GDPR).

Fulfil legal obligations, for example under accounting legislation, tax legislation or anti-money laundering regulations.

Name, contact details, transaction data, billing information.

Legal obligation (Article 6.1(c) GDPR) and Chapter 2 Section 1 of the Swedish Data Protection Act (2018:218).

Business development and relationship management, such as sending newsletters, invitations to events or other professional communication.

Name, title, employer, contact details (email, phone number).

Legitimate interest (Article 6.1(f) GDPR). Our interest is to maintain and develop professional B2B relationships and to market our services. You always have the right to object to this processing (see section 6).

Ensure and analyse the use of our website in order to improve its functionality and security.

Technical data such as IP address and user data.

Legitimate interest (Article 6.1(f) GDPR). Our interest is to maintain a secure and functional website.

  1. How long we retain your personal data
    We retain your personal data only for as long as necessary to fulfil the purposes for which they were collected. After that, the data are deleted or anonymised. The retention period is determined based on the following criteria:
    1. Data processed for the performance of agreements: Personal data processed in order to perform engagement agreements are stored during the contract period and thereafter for a period necessary to handle potential complaints or legal claims related to the agreement, normally for 7 years in accordance with the Swedish Limitation Act.
    2. Data processed to fulfil legal obligations: Data that must be retained according to law, for example under accounting legislation, are retained for as long as required by law, which is currently 7 years after the end of the financial year.
    3. Data for business development and communication: Personal data processed on the basis of our legitimate interest in marketing are retained for up to 24 months after our most recent interaction with you, or until you object to the processing.
    4. Technical data from the website: IP addresses and other technical data are retained for 3 months for troubleshooting and security analysis.
  1. Recipients and data processors
    1. Personal data may be shared with recipients such as clients, counterparties, banks, auditors and public authorities where this is necessary for the performance of an engagement or required by law
    2. The company also uses external suppliers that process personal data on behalf of the company, for example consultants, IT and cloud service providers and accounting systems. Such suppliers act as data processors and process personal data in accordance with our instructions and data processing agreements.
  2. Transfers to countries outside the EU/EEA (third countries)
    1. Our primary principle is to process your personal data within the EU/EEA. Where we use external suppliers for IT services (for example cloud services such as Microsoft 365 or Google Workspace), personal data may be transferred to a country outside the EU/EEA, for example the United States.
    2. Such transfers are only lawful if they are carried out in accordance with Chapter V of the GDPR. We ensure that your data are protected either by transferring them to a country with an adequate level of protection according to a decision of the European Commission, or by applying appropriate safeguards such as the European Commission’s Standard Contractual Clauses (SCC).
    3. You have the right to obtain a copy of the Standard Contractual Clauses applied by contacting us via email.
  3. Rights of the data subject
    1. Under the General Data Protection Regulation you have several rights regarding the processing of your personal data.
    1. Right of access (data subject access request):You have the right to obtain confirmation of whether we process personal data concerning you and, if so, to receive a copy of the data together with information about the processing.
    2. Right to rectification: If you believe that the information we hold about you is incorrect or incomplete, you may request that it be corrected.
    3. Right to erasure (“right to be forgotten”): In certain circumstances you may request that your personal data be erased, for example if they are no longer necessary for the purposes for which they were collected.
    4. Right to restriction: You have the right to request that the processing of your personal data be restricted under certain conditions, for example while we verify the accuracy of the data.
    5. Right to object: You always have the right to object to processing based on legitimate interest (Article 6.1(f) GDPR). If you object to direct marketing, we will immediately cease such processing.
    6. Right to data portability: Where processing is based on an agreement or consent and carried out by automated means, you have the right to receive the personal data you have provided to us in a structured, commonly used and machine‑readable format.
    7. Right to withdraw consent: If our processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the consent was withdrawn.
    8. Automated decision‑making: You have the right not to be subject to a decision based solely on automated processing, including profiling, if the decision produces legal effects concerning you or similarly significantly affects you. We do not currently use such decision‑making.

To exercise your rights, please contact us at info@blickpartners.se. info@blickpartners.se.

  1. Complaints
    1. If you believe that we process your personal data in violation of applicable regulations, you have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY).
  2. Updates to the policy
    1. We may update this privacy policy from time to time. The most recent version will always be available on our website.