Personal data policy
1. Processing of personal data
Personal data refers to all types of information that may be directly or indirectly attributed to a natural person who is alive (hereinafter ‘Personal Data’). In order for the Service to work and be meaningful to you as a user, we must collect Personal Information. We collect and process the following Personal Information about you:
1.1 Via the Application
1.2 Via the Homepage
2. Sensitive personal data
Sensitive personal data are data that reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union activities, physical or mental health, or sexual life (hereinafter 'Sensitive Personal Data'). Health information may include sick leave, pregnancy and doctor visits. Depending on which images and text material you choose to share with us, we may process Sensitive Personal Data in the context of the Service.
3. What do we use personal data for?
4. Information from others
In some cases, we may supplement the personal data you provide with information from others in order to evaluate and improve the digital channels and the Service.
5. Information to others
6. Transfer to third countries
In the event that we hire suppliers outside the EU / EEA, such as cloud service providers, we will take all reasonable legal, technical and organisational measures to ensure that your personal information is handled securely and with an adequate level of protection.
7. Deletion of data
Your personal data will not be retained for longer than is necessary for the purpose of processing and we will delete personal data in accordance with the applicable laws.
8. Right to request information
You are entitled to request details about what personal information, if any, we are processing about you, as well as to have any incorrect information corrected once per year. If you want to know whether we process any Personal Data about you, you can send a written and signed request to us (see "Contact Information" below).
We take all appropriate technical and organizational security measures required to protect Personal Data against unauthorized access, modification or destruction. However, there is always a risk when disclosing Personal Data through digital channels as it is impossible to completely protect technology systems from intrusion.
12. Personal data incident
In case of a security incident involving Personal Data, such as a data violation or accidental loss of personal data, we must document the incident and report it to the Data Inspectorate within 72 hours. We may also need to inform you, for example, if there is a risk of identity theft or fraud.
14. Invalid provision
15. Applicable law
As a customer of Once Upon, you are responsible for the images and texts you use. To avoid any transgressions, we ask you to please comply with all copyright and privacy laws before developing any other person's images. More information about this can be found in our Terms and Conditions.
17. Data inspection
For more information about applicable legislation, what responsibility we have for the processing of personal data and what rights you have, please visit http://www.datainspektionen.se/dataskyddsreformen/. Questions regarding the processing of personal data, etc. can also be addressed directly to Datainspektionen at email@example.com or +46-(0)8-657 61 00.
18. Contact details