Processing of Personal Data - information in accordance with the data protection regulation (”GDPR”). This Privacy Policy applies to both Practitioners (as defined in Terms of Use) who offer services on the Spirri platform and to users who simply browse and/or purchase services from a Practitioner on the Spirri platform.
Spirri AB (“Spirri” or “we”, “us”, “our”) Process Personal Data in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, General Data Protection Regulation (“GDPR”) and any other Swedish laws and regulations applicable in the field of data protection. This Privacy Policy explains how we use the Personal Data that we collect from you (“Customer” “Practitioner” or “you”) when you use our services as stated in our Terms of Use. It also describes your rights toward us and how you can exercise your rights.
Spirri AB (”Spirri”) hereby informs you of our use of your Personal Data in accordance with GDPR.
Spirri is acting as a Data Processor when it processes Personal Data on behalf of the Practitioners offering services on the Spirri platform. When Spirri uses Personal Data for improvement of its own services and marketing, it is acting as a Data Controller.
Contact details: Spirri AB, org. no.559375-8674, (“Spirri”). Registered address where letters can be sent: Kronobergsgatan 5, 112 38 Stockholm, Sweden.
“Personal Data” means any information relating to an identified or identifiable natural person that, directly or indirectly in combination with other information, can be linked to a living, natural person. Personal Data is a very broad term, and it includes, but is not limited to, the name, contact details and IP addresses of such person.
“Process” or “Processing” of Personal Data means, including but not limited to, collecting, registering, organising, structuring, and storing. Processing also means alteration, production, reading, listing, using, and disclosing Personal Data by transfer, disseminating, changing, removing as well as deletion of Personal Data.
“Data Processor” is the entity that Processes Personal Data on behalf of a Data Controller.
“Data Controller” is the entity that controls how the Personal Data is to be Processed.
“Data subject” means an identified or identifiable person to whom Personal Data relates.
The below represents a list of the Personal Data we collect.
From Practitioners:
From Customers booking services from Practitioners:
From other parties:
Personal Data is collected from third parties such as co-operation parties, authorities, courts and others that Spirri come in contact with when performing its services.
Spirri will only Process Personal Data if we have a lawful basis for doing so. Spirri may Process Personal Data based on the following legal grounds in GDPR:
Consent
In the event Spirri foresees the need to Process your Personal Data for a purpose which, pursuant to applicable laws and regulations, should be based on your consent (on grounds of Art. 6(1)(a) GDPR), we will contact you in advance, to inform you about the Processing for which your consent is required before the consent is collected. You may withdraw your consent at any time.
Fulfilment of the agreement
To fulfil our agreement with you (including to provide our services to you or to respond to your requests, such as a request for customer service). The legal ground for this is that the Processing is necessary for the performance of an agreement or contract to which the Data subject is party or to take steps at the request of the Data subject prior to entering into an agreement or contract (Art. 6(1)(b) GDPR).
Legal obligations
To comply with legal obligations to report to authorities and third parties. The legal ground is that Processing is necessary for compliance of a legal obligation to which the Data Processor and the Data Controller are subject (Art. 6(1)(c) GDPR). Spirri may Process Personal Data in relation to claims handling, debt collection and legal processes. We may also Process Personal Data for the prevention of fraud, misuse of our services and for data, system and network security.
Legitimate interest
Spirri Processes your Personal Data primarily to pursue our legitimate interest to run, maintain and develop our business and to create and maintain customer and other business relationships, such as marketing our services by contacting potential and existing Practitioners and Customers via e-mail, newsletters, or letters, in order to inform you about our services, offers and events. The legal ground for this is that the Processing is necessary and that Spirri has a legitimate interest (Art. 6(1)(f) GDPR) that is not overridden by the fundamental interests and freedoms of the Data subjects.
Spirri is a Data Controller when it Processes Personal Data for the purposes of improving the services and trend analysis. We may send you “customer satisfaction forms” that we will ask you if you would like to complete and submit to us. Wherever possible, we use aggregated, non-personally identifiable data.
We base our use of cookie files, which are not necessary but can be classified as analytical, to provide the services, on your explicit consent, cf. (Art. 6(1)(a) GPDR).
We store cookie files on your computer, telephone (or other digital device which you may use to visit our digital channels) for the purpose of identifying your browser and to recognise your search history, settings and preferences. You will have the right to refuse Spirri's Processing of Personal Data using cookie files. We use various technologies to collect and store analytics data and other information when you visit our website, including cookies, pixel tags and web beacons.
Cookies are small text files sent and saved on your device that allows us to identify visitors of our website and facilitate the use of the website and the services and to create aggregate information of our visitors. By sending the content of the cookie file back with each request to the website, the web server can keep track of the user's identity or preferences. This helps us to improve the services and better serve our users, Customers and Practitioners. The cookie file can have several purposes, e.g., storing information about the users and their use of a website, Customers' buying patterns, or enabling direct individualised advertising to the Customer and/or Practitioner. The cookies will not harm your device or files.
A web beacon is a technology that allows for identifying readers of websites and emails e.g. for identifying whether an email has been read.
You may choose to set your browser to refuse cookies, or to alert when cookies are being sent. For example, the following links provide information on how to adjust the cookie settings on some popular browsers:
Please note that some parts of our services may not function properly if use of cookies is refused.
We will only store cookie files for one (1) year. In addition to us, other third parties will be able to share cookie files.
Spirri may transfer Personal Data to third parties such as courts, authorities and opponents.Spirri uses Amazon Web Services (hosting) and SendGrid for sending emails and confirmation of bookings.
The transfer may only take place if necessary for Spirri to fulfil its engagement and/or to protect the interests of the Customers and Practitioners. Spirri may process Personal Data in order to comply with money laundering regulations. If Spirri is involved in a merge, engages co-operation partners, acquisition or asset sale, we may transfer your Personal Data to the third party involved. Spirri shall ensure that any Personal Data is afforded equivalent protection as prescribed in this Privacy Policy and in accordance with GDPR. Spirri may also transfer Personal Data to others within Spirri's business operation, coordinators, co-operation partners and providers, as well as third parties, including but not limited to suppliers, cloud service providers, consultants, and authorities. Spirri shall, however, only transfer Personal Data if Spirri has a legal ground under GDPR to do so and continue to ensure the confidentiality of all Personal Data.
Spirri may also transfer Personal Data to a third country, i.e., a country outside the EU/EEA, or to international organisations according to applicable laws and data regulations. Third parties may be based anywhere in the world, which could include countries that may not offer the same legal protections for Personal Data as the Data subject's country of residence. Spirri will follow local data protection requirements and its internal global privacy standards and Spirri will apply the necessary safeguards under the applicable law of the country transferring the Personal Data for such transfers. You are encouraged to get further information about the legal aspects of third-party transfers: www.imy.se. More information regarding the transfers of Personal Data may be obtained by contacting us on any of the addresses indicated below.
We ask that you first contact us if you are not satisfied with our way of handling your matter. You may also contact the data protection authority (www.imy.se).
Spirri reserves the right to make amendments in this Privacy Policy to keep up to date with legal requirements.
If you wish to contact us for any reason then please contact us on:
Spirri AB E-post: hello@spirri.se