Privacy Policy

HomePrivacy Policy

NOTE’s Privacy Policy

NOTE AB (publ) (”NOTE”), corporate identity number 556408-8770 (”we”, ”us” and ”our”), with postal address Box 3691, 103 59 Stockholm, is dedicated to the protection of your personal integrity. Our ambition is to always protect your personal data in the best way possible and to comply with all applicable data protection laws and regulations. Through this privacy policy we wish to inform you of how we process your personal data.

1. Data controller

NOTE is the data controller for the processing of your personal data and is responsible for ensuring that all processing is carried out in accordance with applicable law. In some cases, NOTE’s affiliates are the data controllers, either on their own or together with NOTE.

2. Categories of personal data processed by NOTE

2.1. Personal data from you

When you are in contact with NOTE, you may provide us with personal data. NOTE processes your personal data including name and contact details. When recruiting, CVs are processed.

2.2. Personal data from the Internet, customers and suppliers

NOTE may also collect some personal data from publicly available sources on the Internet and from our customers and suppliers.

2.3. Shareholder’s data

Shareholder’s data, from Euroclear AB and from subscribers of NOTE’s Shareholder service, is processed. The data consists of:

  • Name, personal identity number, address.
  • Other contact information, such as e-mail address and/or phone number provided by Shareholders that subscribe to the Shareholder service and/or want to participate at NOTE’s General Meetings.
  • Holdings of NOTE shares.

2.4. Electronic subscription

NOTE processes name and email address to persons who have subscribed, at www.note-ems.com, to NOTE’s distribution service of financial reports and Press Releases.

2.5. Data according to EU’s Market Abuse Regulation

According to EU’s Market Abuse Regulation (MAR), NOTE maintains:

  • Insider lists including personal data of the persons that have received share price-sensitive, non-disclosed information regarding the company.
  • Lists of the company’s persons discharging managerial responsibility and their related natural persons and legal entities.

2.6. Confidentiality agreements

Personal data in confidentiality agreements, with the purpose of fulfilling NOTE’s legal obligations or relating to students’ degree projects at NOTE, is processed. The data consists of:

  • Name, personal identity number, company, corporate identity number.

2.7. Website and social media platforms

Usage data derived from our website or social media platforms, e.g. LinkedIn.

2.8. Cookies

For information about cookies at NOTE’s website, please read NOTE’s Cookie policy at www.note-ems.com.

2.9. User data

User data for operation, safeguarding, maintenance and development of IT infrastructure and systems for suppliers and customer representatives using our systems.

3. Purpose and legal basis for processing your personal data

NOTE is processing your personal data on the basis of a legitimate interest for the following purposes:

  • Administering the contractual relationship, including invoices and payments.
  • Administering deliveries.
  • Contact and correspondence sent to NOTE.
  • Customer survey information.
  • Expressed interests in our services, product areas or similar in surveys or in communication.
  • Usage data derived from our website or social media platforms, e.g.LinkedIn.
  • Managing business risks, legal or insurance claims or coverage, or obtaining business advice.
  • Shareholder’s data is processed with the purpose of fulfilling NOTE’s legal obligations, and to provide information to Shareholders who have subscribed to NOTE’s Shareholder service, for distribution of printed financial reports.

Our or a third party’s legitimate interest of processing your personal data is to be able to administer our contracts and to fulfill our obligations and perform our rights towards our customers and suppliers.

In some cases, NOTE may have a legal obligation to process your personal data. This includes processing personal data to comply with applicable laws, for instance the Swedish Accounting Act (1999:1078).

4. Who may get access to your personal data?

Your personal data will be processed by NOTE.

We may disclose personal data to any company within the group (this means our subsidiaries, our ultimate holding company and all its subsidiaries) insofar as reasonably necessary for the purposes.

We may further disclose data to insurers and/or professional advisers in order for them to provide services to us to manage risks, obtaining professional advice, legal claims etc.

Furthermore, your personal data may be shared with parties that process personal data on our behalf, i.e. data processors. Such data processors are, amongst others, our IT and system providers.

5. Transfers of personal data to third countries

NOTE has a plant in China, where personal data is processed. NOTE also has IT suppliers, which process personal data on NOTE’s behalf outside the EU/EEA. In cases where personal data are processed outside the EU/EEA, we base the processing either on a decision from the European
Commission that the relevant third country ensures an adequate level of protection, or appropriate safeguards, e.g. standard data protection clauses, binding corporate rules to ensure that your rights are protected. If you wish to receive a copy the safeguards taken by us or information regarding where these safeguards have been made available, please contact us by using the contact details stated below.

6. How do we protect your personal data?

We, and in relevant cases third parties, have taken several security measures to protect the personal data that is being processed. We have firewalls and antivirus software to protect and prevent unauthorised access to our networks and systems. Our employees have strict instructions to process all personal data in accordance with applicable laws and regulations. Only a limited number of employees have access to the facilities and systems where personal data are being stored and passwords and usernames are required to access these systems.

7. How long do we keep your personal data?

We never process your personal data for a longer period than it is allowed by applicable law, regulation, case law or authority decision. Personal data that we process on the basis of a legitimate interest are normally processed for the period that is necessary to administer the contractual
relationship, exercise our rights and fulfill our obligations towards our customers and suppliers.

Generally, we cease to process your personal data when the contractual relationship with our customer or supplier expires or when you end your employment. To comply with legal obligations, e.g. the requirements of the Swedish Accounting Act (1999:1078), we may keep your personal data for a longer period that is necessary for the purposes of the processing. Customer surveys are retained for a maximum period of three years.

Shareholder’s personal data will be retained for as long as the individual is a Shareholder and for as long thereafter as NOTE has an obligation to retain the data according to law.

Shareholder’s data connected to NOTE’s shareholder service, for distribution of printed financial reports, will be retained as long as the subscription continues.

E-mail addresses connected to NOTE’s electronic subscription, for distribution of financial reports and Press Releases, will be retained as long as the subscription continues.

Data in NOTE’s insider lists and lists of persons discharging managerial responsibility will be retained according to EU’s Market Abuse Regulation (MAR).

The period of retention of personal data in confidentiality agreements will be determined based on how long the agreement is valid.

8. Your rights

In accordance with applicable data protection regulation, you have the right of access to the personal data we process regarding you, and have the right to request rectification of your personal data.

Under certain circumstances, you are entitled to request the erasure of your personal data or restriction of the processing of your personal data or object towards our processing of your personal data. Furthermore, under certain circumstances, you are entitled to receive the personal data
concerning you in a structured, commonly used and machine-readable format and have the right to transmit the personal data to another data controller.

You have the right to object towards the processing of your personal data for the purpose of direct marketing.

If you have any complaints regarding our processing of your personal data you have the right to lodge a complaint with the Swedish supervisory authority Datainspektionen or any other competent supervisory authority that monitors enterprises’ processing of personal data.

9. Contact us

If you wish to exercise your rights in accordance with what is stated above or otherwise wish to contact us regarding our processing of your personal data you can contact us by e-mail [email protected], or telephone +46 (0)8 568 990 00.