PRIVACY NOTICE FOR THE DIG & HMP GROUP OF COMPANIES.
The DIG & HMP group of companies (“we” or “us”) respects your privacy and values the relationship we have with you. This Privacy Notice describes how we collect, use, disclose and otherwise process personal data, and is aimed for existing and prospective investors, clients, suppliers or other business partners, including their respective representatives, signatories and beneficial owners (“you”).
WHO IS RESPONSIBLE FOR PROCESSING YOUR PERSONAL DATA?
The group company with whom you have contracted or have a business relationship with is the data controller and responsible for the processing of your data. In some circumstances more than one company will be responsible, for example where information is shared with a group company for the purposes set out in this Privacy Notice. You can learn more about our group companies here.
WHAT KIND OF PERSONAL DATA ABOUT YOU WE PROCESS
We mainly process the following types of information about you:
Contact and identification data: name, date of birth, social security no./pers.id., tax id.no., e-mail address, address, phone number, nationality, ID documents, title/employer information, signature and other contact details.
Financial data: source of wealth, shareholdings, investments, commitments, bank account information, payment information, etc.
Agreement and relationship data: agreements between you and us including all types of information linked to such agreements, correspondence and other information as part of our prospective or existing relationship with you.
KYC data: sanction list data, whether you are a politically exposed person, ID documents, beneficial
ownership, etc.
Event and participation data: newsletter requests, event registrations and participation, food preferences, attendance, etc.
LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA
The The legal bases we rely upon to process personal data will depend on the purposes for which we are processing the data and are the following:
Entering into or performing a contract. We will process personal data necessary for entering into, performing and administering our business relationship and agreements with you and to fulfil and enforce the rights and obligations derived from such agreements.
Legitimate interest. We may process your personal data when necessary for our legitimate interests as a business, when these interests do not outweigh your rights and interests. When we process your personal data for legitimate interests, we make sure to consider and balance any potential impact on you. You have the right to object to processing that is based on our legitimate interests.
Legal obligation. In some circumstances, we have a legal obligation to process and also to share your personal data, such as to comply with accounting and bookkeeping laws, anti-money laundering and counter-terrorism financing laws, and complying with requests from authorities.
PURPOSES – HOW WE PROCESS YOUR PERSONAL DATA
We may process your personal data for the following main purposes. The scope of processing will depend on the relationship between you and us.
Managing our business operations
Purpose and processing: managing our services, including handling financial management, planning, corporate governance and audit, handling internal records, performing quality controls, ensuring safety and security, establishing exercising and defending our rights, and other activities to run our business. Categories of data: Contact and identification data, Financial data, Agreement and relationship data, KYC data, Event and participation data.
Legal basis: Legitimate interest, Legal obligation
Administering our relationship
Purpose and processing: preparing, managing and maintaining our relationship with you, handling agreements, providing our services and products, administrating payments, processing subscriptions and redemptions, executing corporate actions, handling client service and answering queries, etc.
Categories of data: Contact and identification data, Financial data, Agreement and relationship data, KYC data, Event and participation data.
Legal basis: Entering into or performing a contract.
Events & networking
Purpose and data processing: to identify and establish new relationships and clients and to stay connected and maintain our relationship with existing investors and clients we may get in touch with you to provide updates, market our services and products, invite you to networking events and similar. For this purpose, and for security reasons, we also keep lists of participants.
Categories of personal data: Contact and identification data, Event and participation data.
Legal basis: we process your personal data for this purpose based on our legitimate interest to nurture our relationship with you, provide and market our services, inform you about events, to organize events and to reach out to you after the event.
Sales & marketing
Purpose and data processing: for purposes of marketing our products and offerings to prospects, investors and business partners.
Categories of personal data: Contact and identification data.
Legal basis: we process your personal data for this purpose based on our legitimate interest in marketing our services and establishing new business relationships.
Addressing compliance and legal obligations
Purpose and processing: complying with applicable laws and regulations as well as internal governance
Categories of personal data: Contact and identification data, Financial data, Agreement and relationship data, KYC data.
Legal basis: Legal obligation
HOW WE COLLECT YOUR PERSONAL DATA
We collect data from different sources, including:
Information that is provided directly to a DIG & HMP group company. We may receive personal data directly from you in connection with you becoming or signing up to becoming an investor, client or otherwise in connection with establishing a business or contractual relationship with you. We also collect personal data directly from you in connection with events and through networking activities.
Information provided from other DIG & HMP group companies. We may obtain personal data from other DIG & HMP group companies if considered necessary to fulfil the intended processing purpose, and in particular for administrative purposes, for events & networking and sales & marketing purposes, based on our legitimate interest.
Information obtained from third parties. We sometimes also collect data from third parties, such as the company you work for, commercial registers and online databases. Where we receive your data from a third party, the third party is responsible for informing you that they have shared your data with us.
Data retention
The period we keep your data will vary depending on the purpose for which we process personal data. In general, we keep personal data only as long as reasonably needed to achieve the purposes set out in this Privacy Notice. To determine the appropriate retention period, we consider the nature and sensitivity of the data, the purposes for which we process your personal data, legal requirements or operational retention needs, and whether we can achieve those purposes through other means. Data that is needed for bookkeeping and accounting purposes is generally retained for at least 7 years after the closing of the end of the financial year to which they relate. Personal data processed for KYC purposes will be retained for at least 5 and sometimes 10 years after the end of the business relationship. If any legal claims are brought, we may continue to process the personal data for such additional periods as necessary in connection with such claims.
Data sharing
We may, in certain situations, share data with others. Any such sharing is limited to the data relevant for the purpose.
Sharing within the DIG & HMP group. The DIG & HMP group companies support and interact with each other to run our businesses. As a result, we may for administrative purposes, for reporting and bookkeeping purposes and in connection with sales and networking activities share data with another DIG & HMP group company. Such group company will process the personal data in line with this Privacy Notice.
Data processors. We engage suppliers which process personal data on our behalf and that act as so-called data processors. This is suppliers of IT services and systems, telecommunication providers, CRM system, accounting services, event organizers, logistics providers and similar. Our data processors may only process personal data in accordance with our instructions and are required by law to take appropriate technical and organizational security measures to protect the personal data.
Other data controllers and authorities. We may share personal data with parties who act as independent data controllers and that are independently responsible for their own processing of the personal data, where required by law, where it is necessary to administer the relationship with you or where we have another legitimate interest in doing so. Independent personal data controllers with whom we may share your personal data are:
• Banks and similar payment providers and intermediaries
• Authorities and other recipients where required to comply with applicable law
• Joint event organizers, partner companies and sponsors when we organize events and activities together with external organisers, provided that we have informed you and you have not objected
• Legal, audit firms and other advisers
Reorganizations and other corporate transactions. In the event of a proposed or actual sale, reorganization or similar business transaction involving a DIG & HMP group company, data may be shared with a potential buyer or investor. Actions will be taken to limit any such sharing.
When personal data is shared with a company that is independently responsible for processing the personal data, such company's privacy notice apply.
Where we process personal data
The personal data is mainly processed in Sweden or other EU and EEA countries, but in some cases we may transfer personal data to recipients in countries outside the EU. To ensure that the personal data is adequately protected, we will take necessary measures such as entering into the EU Commission’s standard contractual clauses, or ensuring that there are other appropriate security measures in place.
Your rights
You have certain rights in relation to how we process your personal data, these rights are:
Right of access. You have the right to request information about the personal data we process about you and get a copy of such data.
Right to rectification and completion. If your personal data is inaccurate or incomplete, you have the right to ask us to correct or complete it.
Right to object to processing for direct marketing purposes. You may at any time unsubscribe to send-outs or other direct marketing activities by notifying us, e.g. by clicking on the unsubscription link in the email or otherwise contact us.
Right to object to processing based on our legitimate interest. You have, in certain instances, right to object to our processing, and we will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests.
Right to restriction of the processing. You may request that we restrict the processing of your personal data, e.g. if you consider that the personal data is no longer necessary for the purpose.
Right to erasure. You may in certain instances request us to erase your personal data, e.g. if the personal data is no longer necessary for the purpose of the processing, or if the processing is unlawful.
Right to data portability. In certain cases, you have the right to get a copy of the personal data you have provided to us, transferred to you or to another party.
Right to withdraw consent: If our processing is based on your consent, you have the right to withdraw that consent at any time.
Please note that we are required, due to legal obligations, to retain certain personal data for up to ten years after our relationship has ended.
How to exercise your rights
You can contact us at any time if you have any questions regarding our Privacy Notice or the processing of your data by sending an email to: privacy@hmpfamily.com
Right to complain with a supervisory authority
If you have complaints about how we process your personal data you have the right to make a complaint to the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten - IMY).
Updates to our Privacy Notice
We continuously update our Privacy Notice, the latest version is always available on this site.
Latest update 14th January 2024