Privacy policy
STARDOTS safeguards your integrity
Stardots AB, corp. reg. no. 559036-9814, Kungsängsvägen 31, SE-753 23 Uppsala, Sweden (the ”Company” or “Stardots”) respects your privacy and is committed to maintaining a high level of security and integrity regarding your personal data. The Company is also committed to ensuring that data processing is carried out in accordance with applicable data protection legislation.
This Privacy Policy describes how the Company processes personal data about you in your capacity as:
- a user of Stardots’ products and services, directly or indirectly, where a direct user refers to an individual who submits their own personal data to the Company through their use of Stardots’ products and services, and an indirect user refers to an individual whose personal data is submitted to the Company through another person’s use of Stardots’ products and services, such as a physician (collectively “Users”);
- a representative of a company that is a customer, partner or supplier or a potential customer, partner or supplier to Stardots;
- a participant in studies or clinical trials conducted or supported by the Company, or as a visitor of the Company’s website https://stardots.se;
- an applicant for employment with Stardots; or
- a shareholder or as a representative of a shareholder or as a holder or a representative of a holder of other financial instruments that can be converted to or that entitle to subscribe for shares in Stardots (each a “Shareholder”).
Do not hesitate to contact us should you have any questions regarding the Company’s privacy protection. The Company’s contact information is set out under the section “Contact Information”.
Controller
Stardots is the controller of your personal data and is therefore responsible for ensuring that your personal data is processed correctly and securely in accordance with applicable legislation.
Which personal data does Stardots process?
Personal data means any information that directly or indirectly relates to a natural, living person. Accordingly, personal data is information about you and your person, e.g. your name, your contact information, pictures of you and your IP-address.
Processing means any operation which is performed on personal data, such as collection, storage, use, adaption or disclosure.
Users
Stardots collects and processes the following personal data about you as a User.
- Personal information and contact information, such as name, personal identity number, address, telephone number and email address.
- Health information, such as eye movements and tremors.
- Information provided via Stardots’ products or services.
- Information provided via email, social media or other channels of communication.
- Information provided in User surveys and evaluations.
- In respect of direct Users, payment and purchase history.
- In respect of direct Users, information in license agreements or other customer agreements.
- In respect of direct Users, payment information, such as bank information, account number and, where applicable, IBAN, SWIFT etc.
- In respect of direct Users, information regarding complaints and warranty matters.
- Where applicable, information regarding contacts with the Company’s representatives and customer service.
- Where applicable, information regarding dietary preferences, potential allergies and/or disabilities (e.g. in connection with corporate events or meetings).
Company representatives for e.g. customers, suppliers and partners
Stardots collects and processes the following personal data about you as a company representative for e.g. customers, suppliers and partners to the Company.
- Personal information and contact information, such as name, address, telephone number, email address, title, position and employer.
- Information provided via email, social media or other channels of communication.
- Where applicable, information regarding contacts with the Company’s representatives and customer service.
- Where applicable, information regarding dietary preferences, potential allergies and/or disabilities (e.g. in connection with corporate events or meetings).
Potential Users and company representatives for potential customers, suppliers and partners
Stardots collects and processes the following personal data about you as a potential User or a company representative for a potential customer, supplier or partner.
- Personal information and contact information, such as name, address, telephone number, email address, title, position and employer.
Participants in studies or clinical trials
Stardots collects and processes the following personal data about you as a participant in a study or clinical trial which the Company conducts, supports or otherwise participates in.
- Personal information and contact information, such as name, personal identity number, address, telephone number and email address.
- Health information, such as eye movements and tremors.
- Medical history, particularly in respect of Parkinson’s disease.
- Treatment history, such as medication and dosage.
- Information that you provide in connection with the study or clinical trial.
- Where applicable, information regarding potential allergies and/or disabilities.
Visitors of the Company’s website
In connection with visits to the Company’s website, Stardots collects and processes the following personal data about you.
- Technical data, such as IP address, MAC address, URL, unique device ID, network and device performance, browser, language and identification settings, geographic location, operating system, other information from cookies or similar mechanisms (device information).
Recruitment (job applicants at the Company)
Stardots collects and processes the following personal data about you as a job applicant.
- Personal information and contact information, such as name, address, telephone number, email address, title, position and employer.
- Information in cover letter and CV.
- Where applicable, your picture.
- Other information that you provide to the Company in connection with recruitment.
Shareholders
Stardots collects and processes the following information about you as a Shareholder.
- Personal information and contact information, such as personal identification number, name, address, telephone number, email address, and position.
- Holdings of shares or other financial instruments.
- Information regarding rights relating to your ownership of shares or other financial instruments, such as voting rights at general meetings.
- Other information provided by you or by the organisation that you represent.
- Where applicable, information regarding advisors to Shareholders and proxies representing Shareholders.
- Where applicable, information regarding trustees, pledges and pledgees, and other notes in the share register.
Sources of personal data
With respect to direct Users, your personal data is usually collected directly from you, e.g. via Stardots’ products and services, email, social media or other channels of communication or in connection with events or meetings. With respect to indirect Users, your personal data is usually received from partners of the Company (such as physicians). The Company may also use external information services to supplement existing data.
With respect to company representatives for customers, suppliers and partners, as well as for potential customers, suppliers and partners, your personal data is usually collected from the company or organisation that you represent, but also, in certain cases, directly from you. The Company may also use external information services to supplement existing data.
With respect to participants in studies or clinical trials, your personal data is either collected directly from you or received from a partner to the Company (e.g. a hospital, a university or a research organization).
With respect to visitors of the Company’s website, your personal data may be provided to the Company directly from you or from a supplier to the Company (such as Google Analytics).
With respect to job applicants, your personal data may be provided to the Company directly from you or from a staffing agency or recruitment company through which you apply for work. The Company may also use external information services to supplement existing data.
With respect to Shareholders, your personal data is usually provided to the Company directly from you or from the company or organisation that you represent. The Company may also use external information services to supplement existing data.
Stardots´processing of personal data
The purposes for which Stardots intends to process your personal data and the legal basis for each processing activity are stated in the lists below.
Users
- To be able to provide the Company’s products and services.
- The processing is necessary for the Company’s legitimate interest to provide its products and services.
- In respect of direct Users, the processing is necessary for the performance of a contract to which the direct User is a party.
- If and to the extent the processing comprises personal data concerning health, the processing is necessary for reasons of public interest in the area of public health. In addition, processing of such personal data is, in certain cases, based on the data subject’s explicit consent to the processing.
- To be able to conduct research and to develop the Company’s business, products, and services, including analysis and statistical purposes. The processing includes aggregating personal data such that the personal data is considered anonymous (and thus no longer personal data).
- The processing is necessary for the Company’s legitimate interest to develop its business, products and services.
- If and to the extent the processing comprises personal data concerning health, the processing is necessary for reasons of public interest in the area of public health. In addition, processing of such personal data is, in certain cases, based on the data subject’s explicit consent to the processing.
- To enable marketing regarding the Company and its products and services.
- The processing is necessary for the Company’s legitimate interest to market its brand, products and services.
- To prevent unauthorized use of the Company’s products and services.
- The processing is necessary for the Company’s legitimate interest to ensure that its products and services are used in a legitimate manner and in accordance with relevant licenses.
- In respect of direct Users, the processing is necessary for the performance of a contract to which the direct User is a party.
- To fulfil legal requirements, e.g. security and accounting requirements.
- The processing is necessary for compliance with the Company’s legal obligations.
- In respect of direct Users, to carry out surveys regarding the Company’s products and services and Users’ user experience.
- The processing is necessary for the Company’s legitimate interest to evaluate, develop and improve its products and services and marketing.
- In respect of direct Users, to receive payments in connection with purchases of the Company’s products, services and service.
- The processing is necessary for the performance of a contract to which the direct User is a party.
- In respect of direct Users, to improve the quality of the Company’s customer service as well as to be able to respond to and compensate Users in connection with complaints and warranty matters.
- The processing is necessary for the performance of a contract to which the direct User is a party.
- The processing is necessary for the Company’s legitimate interest to ensure the quality and an efficient management of the Company’s customer service as well as to communicate with Users and manage complaints and warranty matters.
Company representatives for e.g. customers, suppliers and partners
- To be able to contact representatives of customers, suppliers or partners (e.g. in connection with the Company’s provision of products or services or the Company’s purchase of products or services).
- The processing is necessary for the Company’s legitimate interest to contact company representatives in order to fulfil its obligations under agreements with its customers, suppliers or partners, i.e. the company that the representative represents.
- To fulfil legal requirements, e.g. security and accounting requirements.
- The processing is necessary for compliance with the Company’s legal obligations.
- To enable communication and marketing regarding the Company’s business, products and services (e.g. mailing of newsletters and other marketing materials, invitations to the Company’s events, meetings and other gatherings etc.).
- The processing is necessary for the Company’s legitimate interest to communicate and market its business, products, and services.
- To carry out surveys regarding the Company’s products and services and customers’ user and purchase experience.
- The processing is necessary for the Company’s legitimate interest to evaluate, develop and improve its products and services.
- To receive payments from customers in connection with purchases of the Company’s products and services.
- The processing is necessary for the Company’s legitimate interest to receive payment for its provision of products and services.
- To improve the quality of the Company’s customer service as well as to be able to respond to and compensate customers in connection with complaints and warranty matters.
- The processing is necessary for the Company’s legitimate interest to ensure the quality and an efficient management of the Company’s customer service as well as to communicate with its customers and manage complaints and warranty matters.
- To prevent unauthorized use of the Company’s products and services.
- The processing is necessary for the Company’s legitimate interest to ensure that its products and services are used in a legitimate manner and in accordance with relevant licenses.
Potential Users and company representatives for potential customers, suppliers and partners
- To enable marketing and communication about the Company’s brand and the Company’s products and services (e.g. mailing of newsletters and other marketing materials, invitations to the Company’s events, meetings and other gatherings etc.).
- The processing is necessary for the Company’s legitimate interest to market its brand, its products and other similar products to you or to the company that you represent.
Participants in studies or clinical trials
- To be able to contact participants in studies or clinical trials that Company conducts, supports or otherwise participates in.
- The processing is necessary for the Company’s legitimate interest to carry out studies or clinical trials.
- To be able to conduct research and to develop the Company’s business, products, and services, including analysis and statistical purposes. The processing includes aggregating personal data such that the personal data is considered anonymous (and thus no longer personal data).
- The processing is necessary for the Company’s legitimate interest to develop its business, products and services.
- If and to the extent the processing comprises personal data concerning health, the processing is necessary for reasons of public interest in the area of public health. In addition, processing of such personal data is, in certain cases, based on the data subject’s explicit consent to the processing.
- To fulfil the Company’s contractual obligations towards other companies or organizations participating in studies or clinical trials. The processing includes aggregating personal data such that the personal data is considered anonymous (and thus no longer personal data).
- The processing is necessary for compliance with the Company’s legal obligations.
- To be able to manage complaints and matters concerning patient injuries (including compensation therefor).
- The processing is necessary for the Company’s legitimate interest to ensure the quality of studies and clinical trials as well as the efficient management of complaints.
- The processing is necessary for compliance with the Company’s legal obligations.
Visitors of the Company’s website
- To ensure the operation of the Company’s website and application. To be able to develop the Company’s website and to better adapt the website based on how it is used.
- The processing is necessary for the Company’s legitimate interest to provide, develop and improve its website and to attract more customers, suppliers, partners and job applicants as well as to increase the number of recurring visitors.
Recruitment (job applicants at the Company)
- To, in connection with recruitment, be able to evaluate who is best suited for a position with the Company and to ensure that the person has the necessary skills.
- The processing is necessary for the Company’s legitimate interest to recruit employees with relevant skillsets.
Shareholders
- To fulfil the Company’s obligations to you as a Shareholder according to the Company’s articles of association.
- The processing is necessary for the performance of a contract (i.e. the Company’s articles of association) to which the Shareholder is a party.
- In respect of representatives of Shareholders, the processing is necessary for the Company’s legitimate interest to fulfil its contractual obligations towards its Shareholders.
- To fulfil the Company’s obligations under the Swedish Companies Act and other applicable legislation.
- The processing is necessary for compliance with the Company’s legal obligations.
- The processing is necessary for the Company’s legitimate interest to fulfil its obligations towards its Shareholders.
- To be able to distribute Shareholder-related information.
- The processing is necessary for the Company’s legitimate interest to inform Shareholders and other stakeholders in a timely and correct manner about information relevant to the Company.
How long does Stardots retain your personal data?
Your personal data is retained for as long as the data needs to be processed in order for the Company to fulfil the purpose(s) for which the data was initially collected. Following this period, your personal data will be erased.
Some personal data will, for the purpose of complying with applicable accounting legislation, be stored for seven years, counting from the end of the calendar year during which the financial year, to which the information pertained, was terminated.
Contact information regarding company representatives is stored during such time the Company considers that the information is necessary to maintain the relationship with the company or organization that you represent. Erasure shall take place when the Company becomes aware that the information is no longer adequate or relevant for the purpose, or, in certain cases, at the request of the data subject.
For more information about how long the Company retains personal data, please contact the Company. Contact information is provided under the section “Contact Information” below.
With whom does Stardots share your personal data?
Stardots does not disclose personal data to third parties, except when necessary to fulfil a legal obligation or to fulfil the Company’s obligations to you, customers, suppliers and/or partners. Your personal data will not be sold to third parties for marketing purposes. Situations when your personal data may be disclosed to third parties are listed in the table below.
Reason for third-party disclosure
- Companies within the Stardots group.
- The Company is currently not part of a company group. However, if the Company in the future becomes part of a company group, the Company may disclose personal data to other companies within the Stardots group e.g. in connection with the provision of Stardots’ products or services, studies or clinical trials, marketing, business development, and recruitment.
- Suppliers of cloud solutions
- The Company stores certain information in cloud solutions. Accordingly, personal data may be transferred to suppliers of cloud solutions.
- Suppliers and partners
- The Company may disclose your personal data to suppliers and/or partners, if the suppliers and/or partners need your personal data to fulfil their undertakings toward the Company.
- Authorities
- Personal data may be disclosed to authorities when necessary for compliance with the Company’s legal obligations.
- Sale
- If the Company intends to transfer all or part of its business or shares, personal data may be disclosed to potential buyers and their advisors.
- The public
- The Company’s share register is public and held available at the Company for anyone who wishes to take part of it. The information included in the share register is therefore disclosed upon request.
- Minutes and voting list from general meetings of shareholders in the Company may be disclosed to Shareholders present at the meeting as well as to the Swedish Companies Registration Office, auditors and others to whom the Company has a legal obligation to disclose the minutes or otherwise where the Company considers it appropriate to disclose the minutes.
Transfer of your personal data to third countries
The Company may transfer your personal data to countries outside the EU/EEA. If personal data is transferred to a country outside the EU/EEA, the Company will take measures to ensure that the personal data continues to be protected and will also take the measures necessary to ensure a legal transfer of the personal data to countries outside the EU/EEA, e.g. by entering into Standard Contractual Clauses adopted by the European Commission.
Social media
As regards personal data that is published to and processed on social media, such as Facebook, Instagram, Twitter, Youtube and LinkedIn, Stardots refers users to the privacy policies provided by the respective service provider for information on each service provider’s processing of personal data. In the Company’s view, the purpose of the processing is that Users, representatives of companies that are customers, partners or suppliers or potential customers, partners or suppliers to Stardots, participants in studies or clinical trials conducted or supported by the Company, job applicants with the Company, and Shareholders, shall be able to interact and maintain contact with the Company via social media, among other things to establish and maintain good relationships with the Company, and to make the Company’s services widely accessible through several different channels. In the Company’s view, the processing is necessary for the Company’s legitimate interest to establish and maintain good relationships with stakeholders, to market its brand, products and services and to provide service to customers and other stakeholders.
Your rights
A summary of your rights according to applicable data protection legislation is set out in the list below:
- Right of access
- You have the right to access your personal data and to obtain a copy of the personal data concerning you that is processed by the Company.
- Right to rectification
- If the personal data concerning you that is processed by the Company is inaccurate, incomplete or outdated, you have the right to obtain rectification of such personal data.
- Right to erasure
- You have the right to request the erasure of personal data concerning you. Unless the Company has a legal basis to continue the processing of the personal data concerning you, such personal data shall be erased.
- Right to object
- Under certain circumstances you have the right to object against the Company’s processing of your personal data.
- Right to restriction of processing
- Under certain circumstances you have the right to obtain restriction of the processing of your personal data. Where processing has been restricted, the Company may only under certain circumstances carry out other processing activities concerning the personal data than storage.
- Right to data portability
- Where your personal data is processed based on your consent or on a contract with you, you have the right to receive the personal data concerning you in a machine-readable format and request that those data are transmitted to another controller.
- Right to lodge complaints with a supervisory authority
- You have the right to lodge complaints concerning the Company’s processing of the personal data concerning you to the Swedish Authority for Privacy Protection, Box 8114, SE‑104 20 Stockholm, Sweden.
Security of your personal data
You should always feel safe when providing the Company with your personal data. Therefore, the Company has implemented security measures to protect your personal data against unauthorized access, alteration and destruction. The Company will not disclose your personal data to third parties, other than as expressly provided by this Privacy Policy.
Cookies
The Company uses cookie-like techniques on the Company’s website https://stardots.se/ in order to provide certain functions on the website, to improve the website, and to deliver a better and more personal user experience. The information is stored in the form of a file comprising encrypted login data.
If you do not share your personal data with Stardots
If you do not share your personal data with Stardots, Stardots may not be able to fulfil its legal or contractual obligations towards you. For Shareholders, this means that you will not be able to exercise your rights as a Shareholder, including attending and voting at general meetings.
Changes
The Company reserves the right to change this Privacy Policy at any time. In the event of changes to this Privacy Policy, the Company will publish the amended Privacy Policy on https://stardots.se/ with information on when the changes will come into effect. The Company may also notify Users, customers, suppliers, partners and Shareholders in an appropriate manner.
Contact information
Do not hesitate to contact Stardots if you have any questions about this Privacy Policy, the processing of your personal data, or if you wish to exercise your rights under this Privacy Policy or applicable legislation.
Stardots AB
Corp. reg. no. 559036-9814
Postal address Kungsängsvägen 31A
SE-753 23 Uppsala, Sweden
Email address gdpr@stardots.se