PRIVACY POLICY

At Obeya, we care about privacy. This policy tells you how we collect, use and protect personal data. We do this to provide good services - and to comply with the law, of course.

Do you have any questions? Please contact our CEO and Privacy Officer: Maria Hazard - maria.hazard@obeya.se

1. What personal data do we collect?

We only collect what we really need - for example:

  • Name, email, phone number

  • Title and place of work

  • Food preferences (for example, if you are attending an event)

  • Photos (for example, if you are participating in an event and have given your consent to be photographed)

  • Other information you give us yourself in contact forms, emails or calls

2. Where is the personal data collected from?

Obeya collects personal data from the following sources: 

Data that you provide to us: Obeya collects personal data that you provide to Obeya in connection with your contact with Obeya, including in connection with assignments, general communication, marketing, administration of events and seminars, and administration of applications for employment. 

Third parties: In some cases, Obeya may collect personal data about you from third parties in connection with customer assignments. The data then comes from the customer or their partners. 

Publicly available sources: In some cases, personal data are obtained from publicly available sources.

Automatic collection of data

When you visit our website www.obeya.se we collect certain information automatically via technologies such as cookies, log files and device identifiers. This helps us to understand how the site is used and improve the experience for you as a visitor.

This information may include:

  • Your IP address and approximate geographical location

  • Device information (e.g. browser, operating system, screen size)

  • Language settings and browser preferences

  • How you use the site - for example, what pages you visit, what you click on and when

  • Pages you came from (referrers) and times of visit

We use this data for:

  • Analyzing and improving the functionality and content of the website

  • Understanding which parts of the website are most relevant

  • Occasionally displaying relevant content in other channels, e.g. via advertising

You can manage cookies in your browser if you want to limit or block this type of tracking.

3. When and why we use your data

We use personal data in different situations. Here are some examples:

When you are a customer or contact person

  • Purpose: To deliver our services and keep in touch.

  • Legal basis: Contract.

  • Retention period: Data is stored for 2 years after the end of the cooperation.

When you receive newsletters or invitations

  • Objective: Marketing and events.

  • Legal basis: Legitimate interest or consent.

  • Retention period: Data are stored for 1 year after last contact.

When you participate in an event

  • Purpose: planning, communication and, if necessary, management of special diets.

  • Legal basis: Consent.

  • Retention period: Data is stored for 6 months after the event.

When you apply for a job with us

  • Objective: To carry out the recruitment process.

  • Legal basis: Legitimate interest / legal obligation.

  • Retention period: Data is stored for 2 years after the end of recruitment.

Information we must keep under the Accounting Act

  • Purpose: management of financial transactions.

  • Legal basis: Legal obligation.

  • Retention period: Data are kept for 7 years.

When we collect publicly available contact details (for example journalists and influencers)

  • Purpose: To be able to contact relevant people in the media industry for, for example, press releases, event invitations or pitches of news and cases - which is part of Obeya's core business.

  • Legal basis: Legitimate interest - we have a legitimate interest in communicating with relevant industry professionals in the context of our PR activities. We always strike a balance to ensure that the processing is not intrusive.

  • Retention period: We regularly purge our media lists. Data is deleted when it is no longer relevant or if the person requests it. Maximum 2 years without updating or active use.

4. How long do we keep the data?

We do not keep data longer than necessary - and never without reason. When the data is no longer needed, we delete it. Sometimes this is driven by legal requirements, sometimes by what is reasonable for our cooperation.

5. Who we share your data with

We sometimes share personal data with:

  • Subcontractors (e.g. IT services, newsletter services, event platforms)

  • Authorities, if we are required by law

  • Subcontractors and partners in joint campaigns

Our partners have confidentiality agreements and comply with the GDPR. We never sell your data.

Social media

When you visit or otherwise use Obeya on social media, your personal data is also collected and processed by these companies. In connection with the receipt of personal data by these companies, the personal data may be transferred to the United States. 

Facebook and Instagram: By using the services, your personal data is processed by the company Meta Platforms Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). You can read more about the processing of personal data here. Meta Platforms Ireland Ltd. is covered by the EU-US Data Privacy Framework List and obtains the certificate required to provide the transfer of personal data from the EU. Thus, Meta follows the necessary guidelines to ensure an adequate level of protection for the personal data of data subjects. You can read more about Meta's certification here

LinkedIn: By using the service, your personal data is processed by LinkedIn Ireland Unlimited Company (Wilton Plaza, Wilton Place, Dublin 2, Ireland). You can read more about the processing of personal data here. To read more about LinkedIn's transfer to third countries and to read the standard contractual clauses, you can read more here.

6. Transfers outside the EU

We aim to keep all data within the EU. However, if we use services such as Google or Microsoft, some processing may take place outside the EU, in which case we ensure that it is done in accordance with EU protection rules (e.g. through standard contractual clauses and data protection frameworks).

7. Your rights - you decide

You have full control over your personal data. You can at any time:

  • Request an extract with your details

  • Ask us to correct or delete data

  • Oppose marketing

Just get in touch with us and we will help you quickly and easily.

8. Safety and security

We protect your data with technical and organizational measures - from passwords and encryption to internal procedures. We also work with trusted IT providers.


9. Changes to the policy

We may update this policy. If we make major changes, we will notify you by email or on our website.