Privacy Notice for Bonnier Books AB

Last revision: 13 February 2019

Introduction

This policy explains how Bonnier Books AB, with Swedish organization number 559080–9090 (“Bonnier Books”, “we” or “us”), manages your personal data.

We may store data about you to conduct our business. We collect and process your personal data if you have a relationship with us where we need to process your personal data. For example: if you are a contact person at one of our suppliers, if you are one of our business partners, if you submit your resumé to us, if you send us an email, or if you are invited to an event.

We are part of the Bonnier Group AB with Swedish organization number 556508–3663 with which we share some administrative systems and therefore we sometimes share certain personal data according to this policy.

When you have contact with one of our group companies, that company is responsible for how they handle your personal data. They provide supplementary privacy policies that apply to the services, websites, and applications they provide. Please read these when you take out a subscription, download an app, buy a product or service, or register an account. For Bonnier-owned companies outside Sweden, the rules and regulations in the country in question apply.

Below you will find information about how we use personal data, how it affects your privacy and how to safeguard your rights.

Our Principles

Bonnier has been a family-owned company for many generations, and long-term thinking characterizes how we process personal data. Processing user data in accordance with current regulations and in a safe, efficient manner that adds value is paramount. Protecting the privacy of the individual is central in maintaining confidence and developing the long-term relationships we aim for.

The Personal Data We Collect

We collect data in order for our business to work efficiently. Personal data is information that can be linked to you as a person, both directly and indirectly through other information. The data we have about you depends on the context of your interactions with us. Examples of data sources are:

  • data you provide us with when you contact us,
  • if we have a business relationship, such as when you sign up for an event,
  • if you are a contact/employee at one of our suppliers/partners,
  • or register as a user for a tool administered by us.

The data collected may include name and contact details as well as device and usage data.

How We Use Your Personal Data

We might use your personal data for the following main purposes:

  • For us to run our business in an efficient way and according to legislation,
  • to communicate with you. For example, to contact you by email, phone or other means,
  • to manage the relationship with suppliers, partners and others.

If we plan to use personal data for a new purpose outside of what is described in this policy, you will be informed of such use before or in connection with the collection of personal data, and we may ask for your consent where required. Alternatively, we will inform and, where required, ask for your consent after collection, but before we will use your personal data for a new purpose.

Reasons for Sharing Your Personal Data

Sometimes it may be necessary for us to share your data with other Bonnier-owned companies or with companies that provide services on our behalf (such as housing our IT services, IT systems, accounting and administration). We may also disclose personal data as part of a joint venture, such as a merger or sale of assets or to follow the law or legal process and provide information to the police and other relevant law enforcement authorities.

In cases where we share personal data about you with others, we will have confirmed that these companies comply with our data protection requirements and are not allowed to use the personal data they receive for any other purpose.

How to Access and Check Your Personal Data

You can review, edit and delete your personal information by contacting us according to the section “Contact us” below.

Your Individual Rights

We comply with current data protection laws of the European Union, which, where appropriate, include the following rights:

  • You are free to request a registry extract (as defined in the law), get a copy of your personal data, request a correction and, in certain circumstances, deletion of your personal data.
  • You are entitled to request limiting and to oppose the processing of your personal information we collect for our legitimate interest.
  • You have the right to file complaints with a data protection authority. Datainspektionen is the authority in Sweden that oversees how we as a company comply with the legislation.
  • If the processing of personal data is based on your consent, you are entitled to withdraw your consent for future processing of your personal information at any time.

When processing your personal information, we do it to operate our business, to meet our contractual and legal obligations, to protect our systems, or to meet the legitimate interests as described in detail in the sections “How We Use Your Personal Information” and “Reasons for Sharing Your Personal Information” above. When we transfer personal data from the European Union, we do it based on several legal mechanisms, as described in the section “Where We Store and Process Personal Information,” below.

Security of Your Personal Data

We use a range of security techniques and security methods to protect your personal data from unauthorized access, unwanted changes and data loss. For example, the personal data you provide is stored on computer systems that have limited access and are in protected premises. When transferring very sensitive data via the internet, these data are protected by encryption.

Where We Store and Process Your Personal Data

Personal data managed by us can be stored and processed in Sweden or in other countries where we, our partners, subsidiaries or suppliers are active. We take steps to ensure that the information we collect in accordance with this Privacy Notice is dealt with in accordance with the provisions of this policy and in accordance with applicable laws where the information is available.

If we transfer your personal data to a personal data controller or a personal data assistant in third countries, i.e. countries outside the EU/EEA, we will enter into agreements and take other measures in accordance with applicable legal requirements. We will use EU standard clauses as appropriate security measures or use companies that are certified under Privacy Shield. For further information, read section “Reasons We Share Your Personal Information”.

Our Retention of Personal Data

We retain personal information for as long as it is necessary to fulfill the transactions you have requested and approved, or for other necessary purposes, such as complying with our legal obligations, resolving disputes and enforcing our agreements. Since these needs may vary for different types of data and for different types of products, services and contexts, actual retention periods may vary.

In general, your personal data is deleted or anonymized when they are no longer relevant to the purposes for which they have been collected. A shorter retention period is usually used when the personal data is particularly sensitive. Sometimes other criteria determine how long we store data, for example, if we have a legal or contractual reason or have otherwise committed ourselves to storing the information. Examples may be mandatory legislation on retention of information in certain jurisdictions, government orders to preserve data relevant to investigations, or data that must be retained to resolve a dispute.

Changes to this Privacy Notice

We will update our Privacy Notice as needed to reflect feedback and changes to our business. When a policy is updated, the “Latest Update” date changes at the top of the policy and the changes are described in the “Change History” section below. If there are major changes to the policy or to how we use your personal data, you will be notified via web or email before the changes come into effect to the extent required by law. Please read this Privacy Notice from time to time to stay informed about how we protect your personal information and privacy.

Contact Us

If you have a question as to what applies to your personal data, a complaint or question about us regarding your privacy, please send an email to info@bonnierbooks.com.

Bonnier Books AB (559080–9090) is responsible for the personal data we collect. Our contact details are:

Bonnier Books AB
Org. no. 559080–9090
Box 3159
SE-103 63 Stockholm, Sweden

E-mail: info@bonnierbooks.com

Change History

February 2019: The policy has been updated to be more concise and clearer and company name has changed from Bonnier Books Nova AB to Bonnier Books AB. No other updates from a legislative perspective.

May 2018: Clarifications due to the new Data Protection Regulation (“GDPR”) coming into force on May 25, 2018. The updated Privacy Notice will automatically come into force for all existing customers and visitors on May 25, 2018. Your continued use of our services from that date will be subject to the new Privacy Notice. The policy has also been revised to be concise, clear and comprehensible, and easier to understand.