Privacy notice

Summary of the data protection within Bonnier Group AB

This data privacy notice explains how Bonnier Capital AB, with Swedish organization number 556707-0007 (“Bonnier”), manages your personal data as a data controller. We use information that we collect, or that you as a customer, employee, advisor, partner or affiliated person of us or supplier provide to us by, for example, e-mail, or that we obtain from other sources, such as publicly available registers, among other things, in relation to our investments in companies or corporate governance, nomination or other appointment processes, for these main reasons:

In order to fulfill our obligations towards suppliers, partners or customers, we use contact information that we collect through contracts directly with you or your employer or otherwise when we are in contact with you when we receive your contact information in relation with this purpose.
In order to be able to respond to questions or comments received by e-mail from employees of other Bonnier companies or from customers, partners or suppliers, we need to process e-mails, names and any other personal data provided through the e-mail.
In order to fulfill the legal obligations imposed on us by, for example, the Accounting Act (Bokföringslagen), we need to store accounting information, which may contain personal data, for a prescribed period of time
We have security in place in order to protect ourselves against external and internal threats and process technical logs where personal data may exist.
In order to manage and evaluate our investments in other portfolio companies.
For corporate governance, nomination and other appointment purposes in portfolio companies.
To maintain the business relationship with our portfolio companies.
To conduct our operations in compliance with contractual and legal requirements.

For the above processing of your personal data, Bonnier Capital AB is the personal data controller. You will find information on how to contact us under the heading. Contact information below.

Table of content

Our principles
How we collect and use personal information
Reasons for sharing your personal information
Your individual rights
Security for your personal information
Where we store and process personal information
Our retention of personal information
Cookies and similar technology
Changes to this Privacy Notice
Contact us

Our principles

Bonnier is a family-owned company over many generations, and long-term thinking characterizes our processing of personal data. Processing user data in accordance with current regulations and in a safe, efficient manner that adds value is crucial for developing attractive media products for both users and advertisers. Protecting the privacy of the individual user is crucial in maintaining customer confidence and developing the long-term customer relationships we aim for. Bonnier’s management and the management of our subsidiary and affiliated companies are responsible for ensuring that personal data are handled in accordance with relevant legislation and in a manner that maintains customer confidence.

How we collect and use personal information

Bonnier collects data to fulfill agreements with our suppliers, employees, partners and investors. We also collect data in order to conduct our investment business, for example, as part of sourcing and assessing relevant investment opportunities.

We use information related to you as set out above and for the following purposes:

Assessing relevant investment opportunities.
In order to secure your data Bonnier has contracted an IT-security partner who runs a SOC on Bonniers behalf to make sure that Bonnier´s data is secured and to ensure that the data is protected from future threats.
In order to be able to handle requests from data subjects, such as a request to access or delete your data or request any of your other rights in accordance with the GDPR, we will process the personal data we have stored about you in order to fulfill this legal requirement.

Other purposes. If we plan to use personal data for a new purpose outside what is described in this policy, you will be informed of such use before or in connection with the collection of personal data, and we will ask you for your consent. Alternatively, we will ask for your consent after collection, but before we will use your personal information for a new purpose.

Reasons for sharing your personal information

Sometimes it may be necessary for us to share your information with other companies within our group or with companies that provide services on our behalf (such as storing our data or providing support services) so that we can provide you with our services or fulfilling legal requirements.

In cases where we share information about you with others, we have confirmed that these companies comply with our data protection requirements and are not allowed to use the personal data they receive for any other purpose.

We may share personal information with our subsidiaries that we control, or other companies which we are controlled by, or such other companies controlled by our ultimate owner. We also share information with companies that we have hired to provide IT-service support, such as storage, or IT-security with safeguarding and securing our systems and services, who need access to personal data in order to provide these services. We may also disclose personal information as part of a joint venture, investment opportunity or as part of a merger or sale of assets.

Finally, we may need to disclose or save your information when we consider it necessary to:

Follow the law or legal process and provide information to the police and other relevant law enforcement authorities.
Protect our data subject from fraud.
Manage and maintain the security of our products, including preventing or stopping an attack on our systems or networks.
Protect the rights or property of Bonnier, including enforcing the terms governing your use of our services; but if we obtain information that someone is using our services to trade stolen intellectual or physical property belonging to Bonnier, we will not investigate a customer’s private data ourselves, rather we would then transfer the matter to a law enforcement authority.

Your individual rights

Bonnier complies with current data protection laws of the European Union, which, where appropriate, include the following rights:

You are free to request access to your data (as defined in the law), and receive confirmation that Bonnier processes your data, and to receive a copy of your personal data.
Your also have the right to request correction if the data we have about you is wrong, and in certain circumstances, deletion of your personal data.
You are entitled to request limiting and to object to the processing of your personal information that we collect for our legitimate interest.
You have the right to file complaints with a data protection authority. Ingegritetsskyddsmyndigheten is the authority in Sweden that oversees how we as a company comply with the legislation.
If the processing of personal data is based on your consent, you are entitled to withdraw your consent for future processing of your personal information at any time.

Security for your personal information

Bonnier uses a range of security techniques and security methods to protect your personal data from unauthorized access, unwanted changes and data loss. We use both technical and organizational measures. As an example we always do due diligence on potential suppliers and we put data processing agreements in place. If we consider a processing to be potentially high risk we perform data protection impact assessments (DPIA). We also apply data minimization and we pseudonymize data where applicable.

As example of technical security, the personal information that you provide is stored on computer systems that have limited access to, and are in protected premises. When transferring very sensitive data (such as credit card number and password) via the internet, these data are protected by encryption.

We also have a Security Operation Center (SOC) setup with an external IT-security organization to monitor the existence of any external threats to our information.

Where we store and process personal information

Personal data managed by Bonnier can be stored and processed in the region in which you live, in Sweden or in other countries where Bonnier, our partners, subsidiaries or suppliers are active. We take steps to ensure that the information we collect in accordance with this Privacy Notice is dealt with in accordance with the provisions of this policy and in accordance with applicable laws where the information is available.

If we would transfer your personal data to a controller or a processor in third countries, i.e. countries outside the EU/EEA, we perform transfer impact assessments (TIAs) and make sure to put additional security measures in place, such as the use of EU standard contractual clauses as appropriate security measures.

Our retention of personal information

Bonnier retains personal information as long as it is necessary to provide the products and services, fulfill the transactions you have requested and approved, or for other necessary purposes, such as complying with our legal obligations, resolving disputes and enforcing our agreements or fulfilling our reasonable business needs. Because these needs may vary for different types of data and for different types of products, services and contexts, actual retention periods may vary. Criteria that determine how long we store data are, for example:

How long are personal data needed to provide the products and services? This includes, among other things, maintaining and improving the performance of products and services, protecting our systems and administering necessary business and accounting information. This is the general rule underlying the calculation of most retention periods.

Is the personal information particularly sensitive? In that case, a shorter retention period is usually used.

Have users approved the use of a longer conservation period? In that case, we store the information in accordance with your consent.

Does Bonnier have legal or contractual obligations or otherwise is committed to storing the information? Examples may be mandatory legislation on retention of information in certain jurisdictions, government orders to preserve data relevant to investigations, or data that must be retained in order to resolve a dispute.

Cookies and similar technology

Bonnier uses a limited amount of cookies in order for the website to function properly. For information about which cookies bonnier.com has on our website, see our separate cookie policy.

Changes to this Privacy Notice

We will update our Privacy Notice as needed to reflect customer feedback and changes to our services. When a policy is updated, the latest update date changes at the top of the policy and the changes are described in the Change History section below. If there are major changes to the policy or to how Bonnier uses your personal data, you will be notified via web or email before the changes come into force to the extent required by law. Please read this Privacy Notice from time to time to stay informed about how Bonnier protects your personal information and privacy.

Contact us

If you have any questions other than what is covered in the FAQ, or if you want to reach Bonnier Group’s DPO or request any of your individual rights, please email Bonnier Group AB:s DPO: carin.wenner@bonnier.se

If you would like to request any of your individual rights against Bonnier Capital AB, please contact charbel.altunkaynak@bonnier.se

Change history

N/A